aggregator

Web Scraping Doesn't Violate Anti-Hacking Law, Appeal Court Rules

Slashdot - Your Rights Online - Wt, 2019-09-10 00:10
An anonymous reader quotes a report from Ars Technica: Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs. HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law. This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering. A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public. [...] By contrast, hiQ is only scraping information from public LinkedIn profiles. By definition, any member of the public has authorization to access this information. LinkedIn argued that it could selectively revoke that authorization using a cease-and-desist letter. But the 9th Circuit found this unpersuasive. Ignoring a cease-and-desist letter isn't analogous to hacking into a private computer system. "The CFAA was enacted to prevent intentional intrusion onto someone else's computer -- specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with -- something website owners typically signal with a password requirement. The court notes that when the CFAA was first enacted in the 1980s, it only applied to certain categories of computers that had military, financial, or other sensitive data. "None of the computers to which the CFAA initially applied were accessible to the general public," the court writes. "Affirmative authorization of some kind was presumptively required."

Read more of this story at Slashdot.

Purism Finally Starts Shipping Its Privacy-Focused 'Librem 5' Smartphone

Slashdot - Your Rights Online - Pn, 2019-09-09 00:34
"It's here! Purism announces shipment of the Librem 5," writes long-time Slashdot reader Ocean Consulting: Librem 5 is a landmark mobile device with a dedicated platform, runs PureOS Linux, and is the first mobile phone to seek hardware certification from the Free Software Foundation. Initially a crowd sourced funding campaign, the phone embraces principles of free software and user privacy. IP native communication is supported via Matrix. Privacy features include hardware kill switches for camera, microphone, cellular, wifi, Bluetooth and GPS. "The Librem 5 phone is built from the ground up to respect the privacy, security, and freedoms of society," reads the site's official announcement. "It is a revolutionary approach to solving the issues that people face today around data exploitation -- putting people in control of their own digital lives." They're adopting an "iterative" shipping schedule -- publishing a detailed schedule defining specific batches and their features with corresponding shipping dates. "Each iteration improves upon the prior in a rapid rolling release throughout the entire first version of the phone... As slots in a particular early batch free up, we will open it up for others in a later batch to join in, according to the date of the order."

Read more of this story at Slashdot.

One of America's Biggest Markets for AI-Powered Security Cameras: Schools

Slashdot - Your Rights Online - N, 2019-09-08 19:34
New video analytics systems can "identify people, suspicious behavior and guns" in real-time, and the technology is being used by Fortune 500 companies, stadiums, retailers, and police departments, reports the Los Angeles Times. But schools are "among the most enthusiastic adopters," they note, citing an interview with Paul Hildreth, the "emergency operations coordinator" at an Atlanta school district A year after an expelled student killed 17 people at Marjory Stoneman Douglas High School in Parkland, Florida, Broward County installed cameras from Avigilon of Canada throughout the district in February. Hildreth's Atlanta district will spend $16.5 million to put the cameras in its roughly 100 buildings in coming years. In Greeley, Colo., the school district has used Avigilon cameras for about five years, and the technology has advanced rapidly, said John Tait, security manager for Weld County School District 6... Schools are the largest market for video surveillance systems in the U.S., estimated at $450 million in 2018, according to IHS Markit, a London data and information services company. The overall market for real-time video analytics was estimated at $3.2 billion worldwide in 2018 -- and it's expected to grow to $9 billion by 2023, according to one estimate... Shannon Flounnory, executive director for safety and security for Fulton County Schools, said no privacy concerns have been heard there. "The events of Parkland kind of changed the game," he said. "We have not had any arguments or any pushback right now...." One company, Athena Security, has cameras that spot when someone has a weapon. And in a bid to help retailers, it recently expanded its capabilities to help identify big spenders when they visit a store... Both ZeroEyes and Athena Security in Austin, Texas, say their systems can detect weapons with more than 90% accuracy, but acknowledge their products haven't been tested in a real-life scenario. And both systems are unable to detect weapons if they're covered -- a limitation the companies say they are working to overcome.

Read more of this story at Slashdot.

YouTube's Fine Criticized As Proof US Government Is 'Not Serious' About Big Tech Crackdown

Slashdot - Your Rights Online - N, 2019-09-08 18:34
YouTube's $170 million fine for illegally collecting data on children "shows the US government is not serious about a Big Tech crackdown," argues an article at CNBC: The FTC's new settlement with YouTube over alleged violations of child privacy rules is just a fraction of the revenue its parent company generates in a single day. Shares of Google parent company Alphabet were up following news of the settlement, just like shares of Facebook after its record FTC fine. The action shows the U.S. government is not prepared for a Big Tech crackdown that will fundamentally alter the business. Momentum is building in Washington to crack down on Big Tech's most free-wheeling practices: the Department of Justice is conducting a broad review of tech companies in addition to a reported antitrust investigation of Google, and Facebook disclosed a new antitrust probe by the Federal Trade Commission in July. But the meager penalties imposed on these companies in recent years, when compared with their size, shows the U.S. government is not yet prepared to take actions that will fundamentally alter the industry... Wednesday's announcement marks the third agreement the FTC has reached with Google since 2011, when it charged the company with using "deceptive" privacy practices at the launch of its now-defunct social network. In 2012, the agency hit Google with a $22.5 million penalty, its highest ever for a violation of a commission order at the time, over charges that it misrepresented its ad-targeting practices to consumers. But in 2019, Google appears none the worse for wear. Google's stock price has grown more than 260% since the time of its historic 2012 FTC penalty and the company's now worth more than $800 billion. Revenue and profits have both more than doubled. The article also notes that "Despite the penalties and noise from politicians about cracking down, Facebook's stock is up more than 40% so far this year," arguing that "the agencies that have so far had the power to force Big Tech to make real changes have opted for more incremental adjustments." Long-time Slashdot reader AndrewFlagg has another suggestion: Stop the madness of fines. Just sentence the leadership to jail and prison time... Don't fine the companies. That just hurts the stockholders who really don't know whats going on in the board room...

Read more of this story at Slashdot.

Firefox Will Soon Encrypt DNS Requests By Default

Slashdot - Your Rights Online - N, 2019-09-08 15:34
This month Firefox will make DNS over encrypted HTTPS the default for the U.S., with a gradual roll-out starting in late September, reports Engadget: Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring. Not every request will use HTTPS. Mozilla is relying on a "fallback" method that will revert to your operating system's default DNS if there's either a specific need for them (such as some parental controls and enterprise configurations) or an outright lookup failure. This should respect the choices of users and IT managers who need the feature turned off, Mozilla said. The team is watching out for potential abuses, though, and will "revisit" its approach if attackers use a canary domain to disable the technology. Users will be given the option to opt-out, explains Mozilla's official announcement. "After many experiments, we've demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic." "We feel confident that enabling DNS-over-HTTPS by default is the right next step."

Read more of this story at Slashdot.

'It Shouldn't Be This Hard To Responsibly Fly a Drone'

Slashdot - Your Rights Online - N, 2019-09-08 12:34
The B4UFLY app from America's Federal Aviation Administration tells you where you can and can't fly your drone. But a senior writer for IEEE Spectrum reports that in fact the app "ignores both local and national regulations," and concludes after some field-testing in Oregon that it's "in many situations, worse than useless." Buried in a PDF FAQ (now offline) about the app is this: "Additionally, there may be local laws or ordinances about flying unmanned aircraft affecting your intended flight that are not reflected in this app. It is the responsibility of the operator to know the rules and fly safely at all times." And oh boy is that a huge responsibility that the app itself doesn't even mention, and that enormous loophole means that the B4UFLY app's "good to go" indicator is not just meaningless but in fact giving you the wrong idea entirely.... You could argue that this is worse than no app at all, because the app is actively giving you bad information. You are not, in fact, good to go, and if you're already going, you should stop immediately... When the FAA itself presents the B4UFLY app as a tool that can be used so that "recreational flyers know whether it is safe to fly their drone," that's exactly what it should do. Instead, the app provides only one very limited kind of information about recreational drone safety, without telling the user that it's on them to somehow dig up all the rest of the information that may or may not affect their flight... At the absolute minimum, the B4UFLY app should not tell users that they're "good to go" unless they are flying from an area where drone use is explicitly permitted, like national forests. Anywhere else, users should be instructed to verify that their local laws allow drone use. Is that going to be a huge annoyance that drives users away from the app? Of course. But it's the truth, and if the FAA doesn't like that, they should work with local governments to put the necessary information into the app instead. This article inspired a suggestion from long-time Slashdot reader gurps_npc. "What should be done is that every park that is not too close to an airport or other forbidden zone should set aside a location and a time where they allow and encourage people to use drones."

Read more of this story at Slashdot.

'Google's Chrome Has My Dead Grandpa's Data and He Never Used the Internet'

Slashdot - Your Rights Online - N, 2019-09-08 06:34
schwit1 shares a Forbes article by Joe Toscano, a former experience design consultant for Google who in 2017 "decided to step away from my role consulting with Google, due to ethical concerns." This summer he got a big surprise when he looked in Chrome's "addresses" panel at chrome://settings/addresses It turns out Google has info connecting me to my grandma (on my dad's side) who's alive and well but has never had the internet, and my grandpa (on my mom's side), who recently passed away in March 2019 and also never had the internet. This was disturbing for several reasons, the biggest of which being that neither of them had ever logged onto the internet in their lives. Neither even had the internet in their homes their entire lives! Beyond that, Google knew their exact addresses and their middle initials. I couldn't even have told you those things about my grandparents... [T]he data wasn't manually entered by me or anyone using my account, but yet the data is associated with my account? How did that happen? The only thing I can think of is that at one point in history my grandpa gave his information to someone or some company in real life and his information was sold to Google at one point or another... But then that led me to another question: How did his data get associated with my Google account...? Other questions I have: What other information does Google have about me/my family/others that I don't know about...? He's now asking readers if they have any idea how Google connected him to his dead grandpa -- and whether Google is somehow creating an ancestry database. Toscano also discovered Chrome has been creating a list of "Never Saved" passwords at chrome://settings/passwords?search=credentials even though "At no point did I tell Google to create and store a list of websites I had logged into that they didn't get access to but would like access to at some point in the future. Maybe in the Terms of Service/Privacy Policy I agreed to this, but who knows? Not the majority of us, and it's just creepy." And in an update Toscano writes that he hopes the article will "provoke thought" about "why we willingly allow this to happen": Why is it okay that the internet is designed to be a surveillance machine? Why isn't it designed to be private by design? Is this how we want to carry on? Just because something is legal doesn't mean it's right. What would you like to see done? How would you like to see things changed?

Read more of this story at Slashdot.

MIT Media Lab Chief Joi Ito Resigns Following Ronan Farrow's New Yorker Expose

Slashdot - Your Rights Online - N, 2019-09-08 03:34
Long-time Slashdot reader theodp writes: It was beginning to look like Joi Ito, the director of the MIT Media Lab, might weather a scandal over accepting donations from the financier and convicted sex offender Jeffrey Epstein. But less than a day after a scathing new expose in the New Yorker by Ronan Farrow alleged the Media Lab had a deeper fund-raising relationship with Epstein than previously acknowledged and attempted to conceal the extent of its contacts with him, Ito resigned from his position. "After giving the matter a great deal of thought over the past several days and weeks, I think that it is best that I resign as director of the media lab and as a professor and employee of the Institute, effective immediately," Ito wrote in an internal e-mail. In a message to the MIT community, MIT President L. Rafael Reif wrote, "Because the accusations in the story are extremely serious, they demand an immediate, thorough and independent investigation," and announced that MIT's general counsel would engage an outside law firm to oversee that investigation. Ronan's damning New Yorker story began: "Dozens of pages of e-mails and other documents obtained by The New Yorker reveal that, although Epstein was listed as 'disqualified' in MIT's official donor database, the Media Lab continued to accept gifts from him, consulted him about the use of the funds, and, by marking his contributions as anonymous, avoided disclosing their full extent, both publicly and within the university. Perhaps most notably, Epstein appeared to serve as an intermediary between the lab and other wealthy donors, soliciting millions of dollars in donations from individuals and organizations, including the technologist and philanthropist Bill Gates and the investor Leon Black." "The effort to conceal the lab's contact with Epstein was so widely known," reports the New Yorker, that some of Ito's staff "referred to Epstein as Voldemort or 'he who must not be named.'"

Read more of this story at Slashdot.

Hong Kong Protesters Using Mesh Messaging App China Can't Block: Usage Up 3685%

Slashdot - Your Rights Online - So, 2019-09-07 22:34
An anonymous reader quotes Forbes: How do you communicate when the government censors the internet? With a peer-to-peer mesh broadcasting network that doesn't use the internet. That's exactly what Hong Kong pro-democracy protesters are doing now, thanks to San Francisco startup Bridgefy's Bluetooth-based messaging app. The protesters can communicate with each other — and the public — using no persistent managed network... While you can chat privately with contacts, you can also broadcast to anyone within range, even if they are not a contact. That's clearly an ideal scenario for protesters who are trying to reach people but cannot use traditional SMS texting, email, or the undisputed uber-app of China: WeChat. All of them are monitored by the state. Wednesday another article in Forbes confirmed with Bridgefy that their app uses end-to-end RSA encryption -- though an associate professor at the Johns Hopkins Information Security Institute warns in the same article about the possibility of the Chinese government demanding that telecom providers hand over a list of all users running the app and where they're located. Forbes also notes that "police could sign up to Bridgefy and, at the very least, cause confusion by flooding the network with fake broadcasts" -- or even use the app to spread privacy-compromising malware. "But if they're willing to accept the risk, Bridgefy could remain a useful tool for communicating and organizing in extreme situations."

Read more of this story at Slashdot.

South Africa, UK Acknowledge Mass Surveillance By Tapping Undersea Internet Cables

Slashdot - Your Rights Online - So, 2019-09-07 21:34
The South African government has been conducting mass surveillance on all communications in the country, reports Reclaim the Net:, citing a report from Privacy International as well as recently-revealed affidavits and other documents from former State Security Agency (SSA) director-general Arthur Fraser: Interestingly, the mass surveillance has been happening since 2008... The surveillance was supposedly designed to cover information about organized crime and acts of terrorism. It even involves surveillance on food security, water security, and even illegal financial flows. The report also revealed that the South African government has done bulk interception of Internet traffic by way of tapping into fiber-optic cables under the sea. What is not clear though is whether the surveillance covers all Internet traffic or limited only to some of the fiber cables. The SSA said that the automated collection of data was specifically geared for foreign communications that pose threats to state security only. However, even the SSA admits to the fact that it will require human intervention to determine whether any communications that pass through the fiber cables are foreign or not. Hence, it would be difficult to distinguish between foreign and local communications. The iAfrikan site interviewed a digital rights researcher at South Africa's amaBhungane Centre for Investigative Journalism, whose legal filings helped bring this information to light. "We had details of the state's mass surveillance activities at least as early as 2006...." he tells the site, adding later that "The government has been quite upfront that it's collecting data from a vast number of people who are not suspected of any wrongdoing... Essentially, the State Security Agency is collecting as much haystack as it can, just in case it needs to look for a needle." Privacy International reports that the U.K. government has also recently acknowledged their "bulk interception of internet traffic by tapping undersea fibre optic cables." The site describes the work of the two countries as "some of the most pervasive surveillance programmes in human history."

Read more of this story at Slashdot.

COBOL Turns 60. Why It Will Outlive Us All

Slashdot - Your Rights Online - So, 2019-09-07 20:34
ZDNet remembers when the only programming languages "were machine and assembler," until Burroughs Corporation programmer Mary Hawes proposed a vendor-neutral language with an English-like vocabulary. (Grace Hopper suggested they approach the Department of Defense, leading to a summit of 41 computer users and manufacturers at the Pentagon in 1959.) But ZDNet argues that 60 years later, COBOL isn't done yet. In 2016, the Government Accountability Office reported the Department of Homeland Security, Department of Veterans Affairs, and the Social Security Administration, to name just three, were still using COBOL. According to a COBOL consulting company, which goes by the delightful name, COBOL Cowboys, 200 billion lines of COBOL code are still in use today and 90% of Fortune 500 companies still having COBOL code keeping the lights on. And, if you've received cash out of an ATM recently, it's almost certain COBOL was running behind the scenes. ZDNet explains that's the largest number of businesses using COBOL are financial institutions, which, according to Micro Focus includes "banking, insurance and wealth management/equities trading. Second is government services (federal, provincial, local)." Micro Focus is the company that now maintains COBOL, and their global director of marketing and "application modernization" tells ZDNet that "the number of organizations running COBOL systems today is in the tens of thousands. It is impossible to estimate the tens of millions of end users who interface with COBOL-based applications on a daily basis, but the language's reliance is clearly seen with its use in 70 percent of global transaction processing systems. Any time you phone a call center, any time you transfer money, or check your account, or pay a mortgage, or renew or get an insurance quote, or when contacting a government department, or shipping a parcel, or ordering some flowers, or buying something online at a whole range of retailers, or booking a vacation, or a flight, or trading stocks, or even checking your favorite baseball team's seasonal statistics, you are interacting with COBOL. ZDNet notes that some people are even moving their COBOL applications into the cloud, concluding "At this rate, COBOL programs will outlive us all."

Read more of this story at Slashdot.

Facebook Accused of 'Deliberately Vague' Announcement About Face Recognition

Slashdot - Your Rights Online - So, 2019-09-07 18:34
Facebook is "bringing" facial recognition to all users, the company announced Tuesday. But the EFF's surveillance litigation director and a senior staff attorney warn that despite media reports, Facebook's announcement "definitely does not say that face recognition is now opt-in for all users." Throughout Facebook's deliberately vague announcement, it takes great pains to note that the change applies only to new Facebook users and people who currently have the "tag suggestions" setting. However, Facebook migrated many, if not most, existing users from "tag suggestions" to "face recognition" in December 2017... That means this safeguard does not apply to the billions of current Facebook users who have already been moved... Facebook should not subject any of its users to face surveillance, absent their informed opt-in consent. And Facebook should clear up the uncertainties in in its announcement before it gets any more credit than it's due for this change. Facebook's announcement didn't even include links to the "Settings" menu where users can opt out of Facebook's facial recognition, so the EFF's article helpfully provides both mobile and desktop links. According to Facebook's own help pages, the left-side menu should include a "Face Recognition" choice where users can turn off Facebook's face recognition features. But three different Facebook users I know have also reported that that menu choice just isn't there...

Read more of this story at Slashdot.

Feds Order Apple and Google To Hand Over Names of 10,000+ Users of Gun Scope App

Slashdot - Your Rights Online - Pt, 2019-09-06 22:50
An anonymous reader quotes a report from Forbes: Own a rifle? Got a scope to go with it? The government might soon know who you are, where you live and how to reach you. That's because Apple and Google have been ordered by the U.S. government to hand over names, phone numbers and other identifying data of at least 10,000 users of a single gun scope app, Forbes has discovered. It's an unprecedented move: never before has a case been disclosed in which American investigators demanded personal data of users of a single app from Apple and Google. And never has an order been made public where the feds have asked the Silicon Valley giants for info on so many thousands of people in one go. According to a court order filed by the Department of Justice (DOJ) on 5 September, investigators want information on users of Obsidian 4, a tool used to control rifle scopes made by night vision specialist American Technologies Network Corp. The app allows gun owners to get a live stream, take video and calibrate their gun scope from an Android or iPhone device. According to the Google Play page for Obsidian 4, it has more than 10,000 downloads. Apple doesn't provide download numbers, so it's unclear how many iPhone owners have been swept up in this latest government data grab. The Immigration and Customs Enforcement (ICE) department is seeking information as part of a broad investigation into possible breaches of weapons export regulations. It's looking into illegal exports of ATN's scope, though the company itself isn't under investigation, according to the order. As part of that, investigators are looking for a quick way to find out where the app is in use, as that will likely indicate where the hardware has been shipped. ICE has repeatedly intercepted illegal shipments of the scope, which is controlled under the International Traffic in Arms Regulation (ITAR), according to the government court filing. They included shipments to Canada, the Netherlands and Hong Kong where the necessary licenses hadn't been obtained. The two companies must hand over names, telephone numbers and IP addresses of anyone who downloaded the scope app from August 1, 2017, to the current date. The government also wants to know when users were operating the app.

Read more of this story at Slashdot.

Huawei Eyes ProtonMail as It Searches for Gmail Alternative

Slashdot - Your Rights Online - Pt, 2019-09-06 18:51
ProtonMail is in talks with Huawei about including its encrypted email service in future mobile devices, part of the Chinese phone maker's plan to develop an alternative to Google ecosystem. From a report: The Swiss company's service could come preloaded on future Huawei mobile devices or be offered inside its app store, AppGallery, said Andy Yen, ProtonMail's chief executive officer. The company hasn't made a final decision about offering its service on Huawei's channel, he said. Huawei may lose access to Google's programs after the U.S. added it to a trade blacklist in May, meaning American businesses need a special license to do business with the Chinese company. The restrictions also affect updates for the Google Android operating system that powers all its smartphones abroad, and without which Huawei can't offer critical apps like Gmail. As a result, Huawei has been racing to build out its own mobile operating system, HarmonyOS, and enlisting developers to offer services on its app store. "What they see from us is having an alternative to Google in case they can't offer Google anymore," Yen said in an interview.

Read more of this story at Slashdot.

Why Phones That Secretly Listen To Us Are a Myth

Slashdot - Your Rights Online - Pt, 2019-09-06 18:09
A mobile security company has carried out a research investigation to address the popular conspiracy theory that tech giants are listening to conversations. From a report: The internet is awash with posts and videos on social media where people claim to have proof that the likes of Facebook and Google are spying on users in order to serve hyper-targeted adverts. Videos have gone viral in recent months showing people talking about products and then ads for those exact items appear online. Now, cyber security-specialists at Wandera have emulated the online experiments and found no evidence that phones or apps were secretly listening. Researchers put two phones -- one Samsung Android phone and one Apple iPhone -- into a "audio room". For 30 minutes they played the sound of cat and dog food adverts on loop. They also put two identical phones in a silent room. The security specialists kept apps open for Facebook, Instagram, Chrome, SnapChat, YouTube, and Amazon with full permissions granted to each platform. They then looked for ads related to pet food on each platform and webpage they subsequently visited. They also analyzed the battery usage and data consumption on the phones during the test phase. They repeated the experiment at the same time for three days, and noted no relevant pet food adverts on the "audio room" phones and no significant spike in data or battery usage.

Read more of this story at Slashdot.

DMVs Are Selling Your Data to Private Investigators

Slashdot - Your Rights Online - Pt, 2019-09-06 16:01
Departments of Motor Vehicles in states around the country are taking drivers' personal information and selling it to thousands of businesses, including private investigators who spy on people for a profit, Motherboard reported Friday. From the report: DMVs sell the data for an array of approved purposes, such as to insurance or tow companies, but some of them have sold to more nefarious businesses as well. Multiple states have made tens of millions of dollars a year selling data. Motherboard has obtained hundreds of pages of documents from DMVs through public records requests that lay out the practice. Members of the public may not be aware that when they provide their name, address, and in some cases other personal information to the DMV for the purposes of getting a driver's license or registering a vehicle, the DMV often then turns around and offers that information for sale. Many of the private investigators that DMVs have sold data to explicitly advertise that they will surveil spouses to see if they're cheating.

Read more of this story at Slashdot.

Connecticut Governor Calls For 100 Percent Carbon-Free Power By 2040

Slashdot - Your Rights Online - Pt, 2019-09-06 09:00
Connecticut Gov. Ned Lamont, D, signed an executive order Tuesday directing state regulators to lay out a plan to reach 100% carbon-free electricity by 2040. Utility Dive reports: Eight other states and the District of Columbia have taken legislative or executive action toward 100% clean energy in the past few years. While environmental advocates and state lawmakers were overall pleased with the directive, they said more concrete action would be needed to get the state to those goals, and that some policies seemed to be moving backwards. Specifically, advocates and lawmakers were disappointed by the administration's commitment to building a new natural gas plant. "It's not a bridge fuel. It's a fossil fuel," Senior Policy Advocate and Connecticut Director at Acadia Center Amy McLean Salls told Utility Dive. "And if we're going to be meeting our goals, then we have to be not building new gas infrastructure." During the forum the administration said it was committed to building its Killingly Energy Center, a 650 MW natural gas-fired plant, expected to begin commercial operation in 2022, which frustrated some in the audience. "Apparently, it's just a bridge energy source we're resigned to depend on until we approach 2040 and our carbon-free goal," Rep. Jonathon Steinberg, D, who serves on the House Energy and Technology Committee, told Utility Dive in an email. "There weren't even promises to scale back residential hookup expansion, saving pipeline capacity for industry use and electric generation, which surprised me a little." Much of the conversation in Connecticut was focused on solar and net metering in the last legislative session.

Read more of this story at Slashdot.

600,000 GPS Trackers Left Exposed Online With a Default Password of '123456'

Slashdot - Your Rights Online - Pt, 2019-09-06 00:03
According to Avast security researchers, over 600,000 GPS trackers manufactured by a Chinese company are using the same default password of "123456. "They say that hackers can abuse this password to hijack users' accounts, from where they can spy on conversations near the GPS tracker, spoof the tracker's real location, or get the tracker's attached SIM card phone number for tracking via GSM channels," reports BleepingComputer. From the report: Avast researchers said they found these issues in T8 Mini, a GPS tracker manufactured by Shenzhen i365-Tech, a Chinese IoT device maker. However, as their research advanced, Avast said the issues also impacted over 30 other models of GPS trackers, all manufactured by the same vendor, and some even sold as white-label products, bearing the logos of other companies. All models shared the same backend infrastructure, which consisted of a cloud server to which GPS trackers reported, a web panel where customers logged in via their browsers to check the tracker's location, and a similar mobile app, which also connected to the same cloud server. But all this infrastructure was full of holes. While Avast detailed several issues in its report, the biggest was the fact that all user accounts (either from the mobile app or web panel) relied on a user ID and a password that were easy to guess. The user IDs were based on the GPS tracker's IMEI (International Mobile Equipment Identity) code and was sequential, while the password was the same for all devices -- 123456. This means that a hacker can launch automated attacks against Shenzhen i365-Tech's cloud server by going through all user ID's one by one, and using the same 123456 password, and take over users' accounts. While users can change the default after they log into their account for the first time, Avast said that during a scan of over four million user IDs, it found that more than 600,000 accounts were still using the default password.

Read more of this story at Slashdot.

Federal Judge Says Terrorist Watchlist Is Unconstitutional

Slashdot - Your Rights Online - Cz, 2019-09-05 23:25
An anonymous reader quotes a report from Ars Technica: A federal judge in Virginia has ruled that the government's terrorism screening database (TSDB) is unconstitutional because people on the list are not given an adequate opportunity to contest their inclusion. The ruling is a victory for a group of almost 20 Muslim Americans who sued the government over the list in 2016. "There is no independent review of a person's placement on the TSDB by a neutral decisionmaker," Judge Anthony Trenga wrote on Wednesday. "Individuals are not told whether or not they were or remain on the TSDB watchlist and are also not told the factual basis for their inclusion." As a result, the judge concluded, the watchlist system is unconstitutional. The government maintains several different lists for suspected terrorists. These include the no-fly list, which, as its name implies, prohibits certain people from flying in the US. The TSDB is a larger list believed to hold more than a million names. People on the list aren't prohibited from flying, but they can face unpleasant consequences when they travel, especially internationally. The current system "provides no notice concerning whether a person has been included or remains in the TSDB, what criteria was applied in making that determination, or the evidence used to determine a person's TSDB status." The judge concludes that the current system "does not provide to a United States citizen a constitutionally adequate remedy under the Due Process Clause." Judge Trenga ordered both sides in the lawsuit to propose changes that could address the system's constitutional defects.

Read more of this story at Slashdot.

Trusted Face Smart Unlock Method Has Been Removed From Android Devices

Slashdot - Your Rights Online - Cz, 2019-09-05 22:47
The not-so-widely-used trusted face smart unlock feature has officially been removed from Android, news blog Android Police reported this week. From the report: Trusted face was added in 2014 and has been accessible to users on all Android devices until recently. Now, it's completely gone from stock and OEM devices, running Android 10 or below. The feature was accessible under Settings -> Security -> Smart Lock -> Trusted face. It didn't use any biometric data for security, instead just relying on your face to unlock your device. A photo could easily fool it. The writing was on the wall for its removal: It was broken on Android Q Beta 6 and we know Google has been working on a more secure face authentication method. But it's not only Android 10 that no longer has the Trusted face option. We've verified that the option is gone from the OnePlus 6T, Samsung Galaxy S9 and S10, Nokia 3.2, all of which are running Android Pie stable.

Read more of this story at Slashdot.