aggregator

China's Helicopter Prototype Looks Like a UFO

Slashdot - Your Rights Online - Cz, 2019-10-17 12:00
CNN has a story about a Chinese prototype helicopter that looks like a UFO. Slashdot reader ClickOnThis shares the report: China has been unveiling a lot of new weaponry lately, but one of their latest reveals looks really, well, out of this world. Called the "Super Great White Shark" by Chinese media, the aircraft conjures up images of 1950s sci-fi movies more than 21st century technology. But China says the "armed helicopter" was designed for the "future digital information battlefield." State-tabloid the Global Times published an image gallery of the aircraft, calling it a fusion of modern, proven helicopter designs -- such as the American AH-64 Apache and CH-53 Sea Stallion as well as the Russian Ka-52 and Mi-26 copters. It also has the blended-wing design employed by stealth aircraft, including the US B-2 bomber. [...] The prototype was displayed last week at the China Helicopter Exposition in Tianjin. It was a static display only. The aircraft is landbound -- at least for now.

Read more of this story at Slashdot.

Google Ejects Open-Source WireGuard From Play Store Over Donation Links

Slashdot - Your Rights Online - Cz, 2019-10-17 02:50
Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."

Read more of this story at Slashdot.

The Creators Of Pokemon Go Mapped The World. Now They're Mapping You

Slashdot - Your Rights Online - Cz, 2019-10-17 01:30
Cecilia D'Anastasio and Dhruv Mehrotra report via Kotaku: Today, when you use Wizards Unite or Pokemon Go or any of Niantic's other apps, your every move is getting documented and stored -- up to 13 times a minute, according to the results of a Kotaku investigation. Even players who know that the apps record their location data are usually astonished once they look at just how much they've told Niantic about their lives through their footsteps. For years, users of these technologists' products -- from Google Street View to Pokemon Go -- have been questioning how far they're going with users' information and whether those users are adequately educated on what they're giving up and with whom it's shared. In the process, those technologists have made mistakes, both major and minor, with regards to user privacy. As Niantic summits the world of augmented reality, it's engineering that future of that big-money field, too. Should what Niantic does with its treasure trove of valuable data remain shrouded in the darkness particular to up-and-coming Silicon Valley darlings, that opacity might become so normalized that users lose any expectation of knowing how they're being profited from.

Read more of this story at Slashdot.

Huge Child Porn Ring Busted As Authorities Cite Ability To Crack Bitcoin Privacy

Slashdot - Your Rights Online - Cz, 2019-10-17 00:10
An anonymous reader quotes a report from Gizmodo: Federal authorities in the U.S. have unsealed charges against the South Korean operator of a child porn ring that's been billed as the world's "largest dark web child porn marketplace." The child porn site, known as Welcome to Video, charged some users in Bitcoin and authorities say they successfully unmasked those Bitcoin transactions in order to catch the perpetrators. An additional 337 people from around the world have been charged in relation to the Tor-based site. Welcome to Video contained over 200,000 videos of child sexual abuse and had users from countries like the U.S., UK, Germany, Saudi Arabia, Canada, Ireland, Spain, Brazil, and Australia, according to the indictment, which was uploaded by NBC News reporter Cyrus Farivar. Users could download videos through a system of credits that could be gained by referring new users or by buying those credits with Bitcoin. Charges in the U.S. against the site's operator Jong Woo Son were only unveiled today, but the 23-year-old Korean national was arrested in March of 2018 and is already behind bars in South Korea. The operation was a joint investigation by numerous law enforcement agencies around the globe. Between June 2015 and March 2018, Welcome to Video received Bitcoin transactions totaling over $370,000 in U.S currency. Undercover agents in Washington D.C. monitored the site, filled with images of child rape, and were able to deanonymize the Bitcoin transactions, something that average users often believe is impossible. The investigation uncovered at least two former federal law enforcement officials allegedly involved in the child porn site, a 35-year-old U.S. Border Patrol Agent from Texas, and a former HSI special agent, also from Texas.

Read more of this story at Slashdot.

FCC Votes To Approve T-Mobile-Sprint Merger

Slashdot - Your Rights Online - Śr, 2019-10-16 22:50
The FCC on Wednesday formally approved the merger between T-Mobile and Sprint. The vote comes months after the Justice Department greenlit the deal. The Verge reports: In May, FCC Chairman Ajit Pai first signaled that he would vote to approve the merger after the commission and the companies struck a deal that Republicans believed would help foster a faster 5G rollout. The other Republican commissioners, Brendan Carr and Michael O'Rielly, also voiced support for the merger at the time. The merger was pushed through on a party-line vote with Democrats dissenting, an FCC official told The Verge. Democratic Commissioner Jessica Rosenworcel announced her disapproval in an op-ed for The Atlantic Wednesday morning. In it, she argues that a merged T-Mobile-Sprint would only hurt consumers, driving up prices and staving off competition. "These state officials understand something fundamental: With less competition, rates rise and innovation falls. All the evidence demonstrates that this holds true in the mobile-phone industry too," Rosenworcel said. "If this merger succeeds, consumers will pay the price." The other Democrat, Geoffrey Starks, was the last to vote on the deal. In September, Starks put out a statement calling on the FCC to delay any votes on the merger until Sprint could be fully investigated for allegedly misappropriating Lifeline subsidy funds for around 885,000 ineligible accounts. "There is no credible way that the merger before us can proceed until this Lifeline investigation is resolved and responsible parties are held accountable," Starks said at the time. Before the deal closes, representatives from the two companies said they'll wait until a multistate lawsuit trying to block the deal is resolved.

Read more of this story at Slashdot.

Some Colleges Are Using Students' Smartphones To Track Their Locations on Campus

Slashdot - Your Rights Online - Śr, 2019-10-16 16:10
Lee Gardner, reporting for Chronicle: James Dragna had his work cut out for him when he became "graduation czar" at California State University at Sacramento, in 2016. The university's four-year graduation rate sat at 9 percent. It hadn't moved in about 30 years, he says. Like many student-success experts at public colleges these days, Dragna combed through academic data about students that the university had on hand -- grades, attendance, advising information -- to track how they were doing as each semester wore on. He fed those data into predictive-analytics software to look for potential problems or hurdles that might lead to failing grades or dropping out, and to identify students who might benefit from a little extra support. Three years later, the university's four-year graduation rate is up to 20 percent. Its six-year rate has risen to 54 percent from 47 percent. Stories like that dot the higher-education landscape as more colleges take advantage of burgeoning Big Data technology to keep tabs on their students and find more places where they can successfully intervene. But recently, the practice of tracking students has taken a more literal turn. Sacramento State plans to gather data on where some of its students spend time on the campus and for how long, joining 14 other institutions using software from a company called Degree Analytics. When a tracked student -- a freshman who has opted in -- enters the student union, her smartphone or laptop will connect to the local Wi-Fi router, and the software will make note of it. When the student leaves and her phone connects to the router in the chemistry building, or the library, or the dorm, it will capture that, too, 24 hours a day, seven days a week. It isn't hard to imagine the wealth of observational data such location tracking might produce, and the student-success insights that might arise from it. For example, knowing that A students spend a certain number of hours in the library every week -- and eventually communicating that to students -- might motivate them to study there more often.

Read more of this story at Slashdot.

Google Chief: I'd Disclose Smart Speakers Before Guests Enter My Home

Slashdot - Your Rights Online - Śr, 2019-10-16 12:00
After being challenged as to whether homeowners should tell guests smart devices -- such as a Google Nest speaker or Amazon Echo display -- are in use before they enter the building, Google senior vice president of devices and services, Rick Osterloh, concludes that the answer is indeed yes. The BBC reports: "Gosh, I haven't thought about this before in quite this way," Rick Osterloh begins. "It's quite important for all these technologies to think about all users... we have to consider all stakeholders that might be in proximity." And then he commits. "Does the owner of a home need to disclose to a guest? I would and do when someone enters into my home, and it's probably something that the products themselves should try to indicate." To be fair to Google, it hasn't completely ignored matters of 21st Century privacy etiquette until now. As Mr Osterloh points out, its Nest cameras shine an LED light when they are in record mode, which cannot be overridden. But the idea of having to run around a home unplugging or at least restricting the capabilities of all its voice- and camera-equipped kit if a visitor objects is quite the ask. The concession came at the end of one-on-one interview given to BBC News to mark the launch of Google's Pixel 4 smartphones, a new Nest smart speaker and other products. You can read the full conversation on the BBC's article.

Read more of this story at Slashdot.

Robot War Breaks Out As Roomba Maker Sues Upstart SharkNinja

Slashdot - Your Rights Online - Śr, 2019-10-16 03:30
Roomba robotic vacuum maker IRobot Corp. is suing rival SharkNinja for copying a device of theirs and selling it at "half the price." "Shark is not even shy about being a copycat," iRobot said in a lawsuit filed Tuesday in federal court in Boston, "claiming that the Shark IQ Robot offers the same iRobot technology at 'half the price of iRobot i7+'."Bloomberg reports: The company that unveiled the Roomba robotic vacuum in the early 2000s launched a product last year that takes house cleaning to a new level: It maps your home, schedules sweeps through each room, empties the dust bin itself and even knows where to resume cleaning after has returned to its base for a recharge. After being recognized by Time magazine for one of 2018's inventions of the year, IRobot Corp. says it's no accident that rival SharkNinja Operating LLC came out with a similar device a year later. [...] SharkNinja, a unit of closely held EP Midco LLC, on Friday filed a pre-emptive lawsuit in federal court in Delaware, asking the court to declare that the Shark IQ doesn't infringe six patents cited in iRobot's complaint, nor five others. IRobot had previously demanded that the Shark IQ be pulled off store shelves.

Read more of this story at Slashdot.

YouTube Gets Alleged Copyright Troll To Agree To Stop Trolling YouTubers

Slashdot - Your Rights Online - Śr, 2019-10-16 02:50
Alleged copyright troll Christopher Brady will no longer be able to issue false DMCA takedowns to other YouTubers, according to a lawsuit settlement filed today. The Verge reports: Under the new agreement, Brady is banned from "submitting any notices of alleged copyright infringement to YouTube that misrepresent that material hosted on the YouTube service is infringing copyrights held or claimed to be held by Brady or anyone Brady claims to represent." Brady agreed to pay $25,000 in damages as part of the settlement. He is also prohibited from "misrepresenting or masking their identities" when using Google products, including YouTube. "This settlement highlights the very real consequences for those that misuse our copyright system. We'll continue our work to prevent abuse of our systems," a YouTube spokesperson told The Verge. "I, Christopher L. Brady, admit that I sent dozens of notices to YouTube falsely claiming that material uploaded by YouTube users infringed my copyrights," he said in an apology, shared by YouTube with The Verge. "I apologize to the YouTube users that I directly impacted by my actions, to the YouTube community, and to YouTube itself." YouTube claimed the investigation caused the company to "expend substantial sums on its investigation in an effort to detect and halt that behavior, and to ensure that its users do not suffer adverse consequences from it." YouTube also said that the company may be "unable to detect and prevent similar misconduct in the future," as a result of the various methods Brady took to cover up his identity.

Read more of this story at Slashdot.

Ask Slashdot: What Should I Do About My Landlord Forcing Smart Things Into My Home?

Slashdot - Your Rights Online - Śr, 2019-10-16 01:30
New submitter aaronb1138 writes: So my apartment (UDR) pulled a bit of a blitz last Friday (10/11) to install new "Smart" IoT stuff in my home today (10/15) under the umbrella of SmartRent management. According to a CNET article from earlier this year, this seems to be SmartRent's usual method of attack. UDR is usually pretty miserly, so I suspect the monetization of my apartment usage is being sold at a nice price to advertisers. SmartRent FAQ claims no data sales, but their privacy policy is wide open and gives no such assurances. Further, they won't acknowledge if they also operate in California and as such provide me with their CCPA compliance information (I'm in TX, but figured, take the shot). I asked SmartRent's Project Manager, Steven, as well as SmartRent's support not to plug into the electrical power I pay for, but I doubt that will be respected and instead I'll find them stealing my electricity for their own purposes when I get home. The install list is a smart lock (one of the hackable Yale cheapos), smart thermostat, a couple leak detectors, a dimmer plug -- and the scary part -- SmartRent's own Alloy brand SmartRent Hub with 4G backup (who pays the extra for 4G?). I'll do a full hardware teardown to find out what else is inside the Hub -- hopefully just minimally functional cheap ARM stuff and radios. But what else do I do from here /.? I don't really have time to file a lawsuit, and my gut tells me every step I take against the landlord is going to bring their more onerous leasing agreement line items on my head.

Read more of this story at Slashdot.

Twitter Says It Will Restrict Users From Retweeting World Leaders Who Break Its Rules

Slashdot - Your Rights Online - Śr, 2019-10-16 00:50
The social media giant said it will not allow users to like, reply, share or retweet tweets from world leaders who break its rules. Instead, it will let users quote-tweet to allow ordinary users to express their opinions. The company said the move will help its users stay informed about global affairs, but while balancing the need to keep the site's rules in check. TechCrunch reports: Twitter has been in a bind, amid allegations that the company has not taken action against world leaders who break its rules. "When it comes to the actions of world leaders on Twitter, we recognize that this is largely new ground and unprecedented," Twitter said in an unbylined blog post on Tuesday. "We want to make it clear today that the accounts of world leaders are not above our policies entirely," the company said. Any user who tweets content promoting terrorism, making "clear and direct" threats of violence, and posting private information are all subject to ban. But Twitter said in cases involving a world leader, "we will err on the side of leaving the content up if there is a clear public interest in doing so." "Our goal is to enforce our rules judiciously and impartially," Twitter added in a tweet. "In doing so, we aim to provide direct insight into our enforcement decision-making, to serve public conversation, and protect the public's right to hear from their leaders and to hold them to account."

Read more of this story at Slashdot.

Data For 26 Million Stolen Payment Cards Leaked In Hack of Fraud Bazaar

Slashdot - Your Rights Online - Wt, 2019-10-15 23:30
An anonymous reader quotes a report from Ars Technica: A thriving online bazaar selling stolen payment card data has been hacked in a heist that leaked the records for more than 26 million cards, KrebsOnSecurity reported on Tuesday. The 26 million figure isn't significant only to the legitimate consumers and businesses who own the stolen cards or the financial institutions that issued them. Fortunately for the card owners, the database is now in the hands of affected financial institutions, who can invalidate and replace the cards. The hacked market is called BriansClub, a site available at BriansClub[.]at that, for years, has imitated Krebs' site and likeness. The data taken in the hack shows that BriansClub acquired 1.7 million cards in 2015, 2.9 million in 2016, 4.9 million in 2017, 9.2 million in 2018, and 7.6 million in the first eight months of this year. Most of the pilfered data is composed of "dumps," the term card thieves use to describe data that's stored on the magnetic stripe of payment cards. The stolen dumps can be transferred to new cards that crooks use to buy electronics, gift cards, and other large-ticket items from big-box stores. An analysis based on how many of the cards had expiration dates in the future suggests that more than 14 million of the leaked records could still be valid. Based on the pricing tiers listed on BriansClub, the haul represents about $414 million worth of lost sales, security intelligence firm Flashpoint told Krebs. By tracking the cards that were once available for sale and later removed, Flashpoint estimated that BriansClub has sold data for about 9.1 million cards for about $126 million. Federal prosecutors often value each stolen credit card record at $500, a sum that represents the average cost incurred from each compromised holder. Based on that estimate, the 9.1 million cards translates to about $2.27 billion in losses.

Read more of this story at Slashdot.

Google's Auto-Delete Tools Are Practically Worthless For Privacy

Slashdot - Your Rights Online - Wt, 2019-10-15 21:33
An anonymous reader shares a report: By default, Google collects a vast amount of data on users' behavior, including a lifelong record of web searches, locations, and YouTube views. But amid a privacy backlash and ongoing regulatory threats, the company has started to hype its recently released privacy tools, like the ability to automatically delete some of the data it collects about you -- data that helps power its $116 billion ad business. [...] In reality, these auto-delete tools accomplish little for users, even as they generate positive PR for Google. Experts say that by the time three months rolls around, Google has already extracted nearly all the potential value from users' data, and from an advertising standpoint, data becomes practically worthless when it's more than a few months old. "Anything up to one month is extremely valuable," says David Dweck, the head of paid search at digital ad firm WPromote. "Anything beyond one month, we probably weren't going to target you anyway." Dweck says that in the digital ad industry, recent activity is essential. If you start searching on Google for real estate or looking up housing values, for instance, Google might lump you into a "prospective home buyers" category for advertisers. That information becomes instantly valuable to realtors, appraisers, and lenders for ad targeting, and it could remain valuable for a while as other companies, such as painters or appliance brands, try to follow up on your home buying. Still, it's unusual for advertisers to target users based on their activity from months earlier, Dweck says.

Read more of this story at Slashdot.

Edward Snowden: 'Without Encryption, We Will Lose All Privacy. This is Our New Battleground'

Slashdot - Your Rights Online - Wt, 2019-10-15 16:00
Edward Snowden: In the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world's information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe. [...] Earlier this month the US, alongside the UK and Australia, called on Facebook to create a "backdoor," or fatal flaw, into its encrypted messaging apps, which would allow anyone with the key to that backdoor unlimited access to private communications. So far, Facebook has resisted this. Donald Trump's attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt -- or even roll back -- the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps -- Facebook Messenger and Instagram -- as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia's minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals. If Barr's campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia -- not to mention hackers around the world. End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted -- meaning locked -- messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook.

Read more of this story at Slashdot.

PG&E Should Compensate Customers For Power Shutoffs, California Governor Says

Slashdot - Your Rights Online - Wt, 2019-10-15 12:00
Pacific Gas & Electric should give rebates or credits to each of its nearly 800,000 customers affected by last week's power shutoffs, California Gov. Gavin Newsom said, demanding that the utility "be held accountable." CNN reports: The utility intentionally cut power to almost 800,000 customers in Northern California last week in an effort to prevent downed utility lines and equipment from causing wildfires amid dry and windy conditions. Some customers were without power for days. Newsom is urging PG&E to give credits or rebates of $100 to each residential customer and $250 to small businesses as "some compensation for their hardships," a release from the governor's office said Monday. "Californians should not pay the price for decades of PG&E's greed and neglect," Newsom said in the release. "PG&E's mismanagement of the power shutoffs experienced last week was unacceptable." PG&E CEO Bill Johnson responded by saying it had carried out the shutoffs in accordance with a plan that the California Public Utilities Commission had approved, under the commission's guidelines, and pointed to the fact that no wildfires were started. "While we recognize this was a hardship for millions of people throughout Northern and Central California, we made that decision to keep customers and communities safe," Johnson said in a statement. "That was the right decision." Californians blasted the utility for the move. While PG&E has been blamed for deadly wildfires in the past, critics said it should have invested in improving its infrastructure instead of just cutting off power for days.

Read more of this story at Slashdot.

China Has Gained the Ability To Spy On More Than 100 Million Citizens Via a Heavily Promoted Official App, Report Suggests

Slashdot - Your Rights Online - Wt, 2019-10-15 03:30
Security researchers believe the Chinese Communist Party's official "Study the Great Nation" app has a backdoor that could help monitor use and copy data from those who have it installed on their devices. The BBC reports: Released in February, Study the Great Nation has become the most downloaded free program in China, thanks to persuasive demands by Chinese authorities that citizens download and install it. The app pushes out official news and images and encourages people to earn points by reading articles, commenting on them and playing quizzes about China and its leader, Xi Jinping. Use of the app is mandatory among party officials and civil servants and it is tied to wages in some workplaces. Starting this month, native journalists must pass a test on the life of President Xi, delivered via the app, in order to obtain a press card which enables them to do their jobs. On behalf of the Open Technology Fund, which campaigns on human rights issues, Germany cyber-security firm Cure 53 took apart the Android version of the app and said it found many undocumented and hidden features. In its lengthy report, Cure 53 said Study the Great Nation had "extensive logging" abilities and seemed to try to build up a list of the popular apps an individual had installed on their phone. It was "evident and undeniable that the examined application is capable of collecting and managing vast amounts of very specific data," said the report. The app also weakened encryption used to scramble data and messages, making it easy for a government to crack security. Adam Lynn, research director at the Open Technology Fund, told the Washington Post, which broke the story: "It's very, very uncommon for an application to require that level of access to the device, and there's no reason to have these privileges unless you're doing something you're not supposed to be." The security company didn't find evidence that this high-level access was being used, but said it's not clear why an educational app would need such access to a phone.

Read more of this story at Slashdot.

Microsoft Wants To Use AI To Bleep Out Bad Words In Xbox Live Party Chat

Slashdot - Your Rights Online - Wt, 2019-10-15 00:50
An anonymous reader quotes a report from Ars Technica: Today, Microsoft announced that it's rolling out filters that will let Xbox Live players automatically limit the text-based messages they receive to four maturity tiers: "Friendly, Medium, Mature, and Unfiltered." That's a long-overdue feature for a major communication platform that's well over a decade old now, but not really anything new in terms of online content moderation writ large. What's more interesting is a "looking ahead" promise Microsoft made at the end of the announcement (emphasis added): "Ultimately our vision is to supplement our existing efforts and leverage our company efforts in AI and machine learning technology to provide filtration across all types of content on Xbox Live, delivering control to each and every individual player. Your feedback is more important than ever as we continue to evolve this experience and make Xbox a safe, welcome and inclusive place to game." Microsoft told The Verge that the ultimate goal is a system "similar to what you'd expect on broadcast TV where people are having a conversation, and in real-time, we're able to detect a bad phrase and beep it out for users who don't want to see that." However, instead of live engineers that are doing the censoring, Microsoft is employing machine learning.

Read more of this story at Slashdot.

Study: Many Popular Medical Apps Send User Info To 3rd Or 4th Parties

Slashdot - Your Rights Online - N, 2019-10-13 21:51
dryriver writes: A study in the British Medical Journal that looked at 24 of the 100s of Medical apps available on Google Play found that 79% pass all sorts of user info -- including sensitive medical info like what your reported symptoms are and what medications you are taking in some cases -- on to third and fourth parties. A German-made and apparently very popular medical app named Ada was found to share user data with trackers like Facebook, Adjust and Amplitude for example. [Click here for the article in German.] The New York Times also warned recently about apps that want to retrieve/store your medical records. From the conclusion of the study: "19/24 (79%) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties). 18 (33%) provided infrastructure related services such as cloud services. 37 (67%) provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks. Network analysis revealed that first and third parties received a median of 3 (interquartile range 1-6, range 1-24) unique transmissions of user data. Third parties advertised the ability to share user data with 216 "fourth parties"; within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data."

Read more of this story at Slashdot.

IRS Programmer Stole Identities, Funded A Two-Year Shopping Spree

Slashdot - Your Rights Online - N, 2019-10-13 17:34
A computer programmer at America's tax-collecting agency "stole multiple people's identities, and used them to open illicit credit cards to fund vacations and shop for shoes and other goods," write Quartz, citing a complaint unsealed last week in federal court. An anonymous reader quotes their report: The complaint accuses the 35-year-old federal worker of racking up almost $70,000 in charges over the course of two years, illegally using "the true names, addresses, dates of birth, and Social Security numbers" of at least three people. The US Treasury Department's Inspector General for Tax Administration, which oversees internal wrongdoing at the Internal Revenue Service (IRS), is investigating the crime, although the complaint doesn't specify how the employee obtained the information. The arrest, however, comes just months after the Government Accountability Office -- the federal government's auditor, essentially -- issued a report raising concerns about the security of taxpayer information held at the IRS. The report said that unaddressed shortcomings left taxpayer data "unnecessarily vulnerable to inappropriate and undetected use, modification, or disclosure," which could allow employees or outsiders to illegally access millions of people's personal information. An IRS call center employee in Atlanta pleaded guilty last year to illegally using taxpayer data to file fraudulent tax returns, ultimately collecting almost $6,000. In 2016, another IRS worker in Atlanta admitted to improperly accessing the personal information of two taxpayers, amassing close to half a million dollars from illicit tax refunds.... The IRS employee's alleged scheme took place between January 2016 and February 2018, according to court filings. Investigators say he used a fraudulently obtained American Express card to fly to Sacramento and Miami Beach. He also used the card for some 37 Uber rides, nine payments on his father's Amazon account totaling $1,200, various purchases at Lowe's, the Designer Shoe Warehouse, BJ's Wholesale Club, and a flooring outlet, as well as a $7,400 payment to a business he owned. The complaint says the employee, who works for the tax agency as a software developer, obtained a second fraudulent credit card, which he used to fly to Montego Bay, Jamaica. A third fraudulent card was used to travel to Iceland. In a particularly brazen move, investigators say the suspect linked this card to a phony PayPal account he opened using his official IRS email address. Two of the credit cards were delivered to his home address, while a third was sent to his parents' address, according to the article. "The phone numbers listed on the accounts also belonged to the suspect, and he accessed emails associated with the accounts from his home IP address."

Read more of this story at Slashdot.

Fired EPA Scientists To Release Air Pollution Report They Say Agency Unqualified To Issue

Slashdot - Your Rights Online - So, 2019-10-12 05:30
An anonymous reader quotes a report from NBC News: Nearly one year ago, the Trump administration fired a panel of more than two dozen scientific experts who assisted the Environmental Protection Agency in its review of air quality standards for particulate matter. Now, as the EPA prepares its report on those standards later this month, 20 of those scientists are meeting independently to release their own assessment of current air pollution levels, with a focus on the particles from fossil fuels that can make people sick. These scientists and researchers, former members of the Clean Air Scientific Advisory Committee (CASAC) on particulate matter, said the EPA has stripped the panel down to its core seven members, who are ill-equipped to set air quality standards and don't have the time to do it. "They fired the particulate matter review panel and they said the chartered CASAC would do the review," Chris Zarba, who served as the staff director of the Scientific Advisory Board at the EPA until 2018, said. "In the history of the agency this has never happened. The new panel is unqualified and the new panel has said they were unqualified." The new panel feels their work is necessary for the very reasons that particle pollution is regulated by the EPA: because extended exposure can cause premature death, nonfatal heart attacks, irregular heartbeat, aggravated asthma, decreased lung function and respiratory issues, according to the agency. EPA said it is confident in its own panel and experts and said it "is committed to scientific integrity and transparency." "EPA has the utmost confidence in its career scientist and the members on its science advisory boards and panels," an agency spokesperson said. "EPA routinely takes comments from the public and outside organizations, including those not employed or associated with EPA, and will continue to take into consideration those comments that meet our scientific standards."

Read more of this story at Slashdot.