aggregator

AT&T Users Whose 'Unlimited Data' Was Throttled Get $60 Million In Refunds

Slashdot - Your Rights Online - Śr, 2019-11-06 02:45
After dragging out the case for five years, AT&T has finally agreed to pay $60 million back to customers for throttling mobile data plans advertised as "unlimited." Ars Technica reports: The FTC, which sued AT&T in 2014, announced the settlement today. The deal ends a long saga in which AT&T unsuccessfully tried to cripple the FTC's regulatory authority over telecoms. A court loss last year basically forced AT&T to settle the case. "AT&T promised unlimited data -- without qualification -- and failed to deliver on that promise," FTC Bureau of Consumer Protection Director Andrew Smith said in the announcement. "While it seems obvious, it bears repeating that Internet providers must tell people about any restrictions on the speed or amount of data promised." Under the settlement, AT&T did not admit or deny any of the allegations made by the FTC. AT&T's current and former customers who were affected by the throttling won't have to do anything to get their refunds, according to the FTC. The commission said: "The $60 million paid by AT&T as part of the settlement will be deposited into a fund that the company will use to provide partial refunds to both current and former customers who had originally signed up for unlimited plans prior to 2011 but were throttled by AT&T. Affected consumers will not be required to submit a claim for the refunds. Current AT&T customers will automatically receive a credit to their bills while former customers will receive checks for the refund amount they are owed." "AT&T must pay the $60 million within seven days after the settlement is approved by the US District Court for the Northern District of California," adds Ars. "AT&T would have to identify each eligible consumer within 30 days and give bill credits and refund checks to existing and former customers within 90 days. If there is any leftover money, it must be paid to the FTC, which would try to provide further relief to customers."

Read more of this story at Slashdot.

Facebook Says 100 Software Developers May Have Improperly Accessed User Data

Slashdot - Your Rights Online - Śr, 2019-11-06 01:20
Facebook on Tuesday said that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network. CNBC reports: The company recently discovered that some apps retained access to this type of user data despite making changes to its service in April 2018 to prevent this, Facebook said in a blog post. The company said it has removed this access and reached out to 100 developer partners who may have accessed the information. Facebook said that at least 11 developer partners accessed this type of data in the last 60 days. "Although we've seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted," the company said in the blog post. The company did not say how many users were affected.

Read more of this story at Slashdot.

T-Mobile Says It Owns Exclusive Rights To the Color Magenta

Slashdot - Your Rights Online - Śr, 2019-11-06 00:10
An anonymous reader quotes a report from AdAge: Startup insurance provider Lemonade is trying to make the best of a sour situation after T-Mobile parent Deutsche Telekom claimed it owns the exclusive rights to the color magenta. New York-based Lemonade is a 3-year-old company that lives completely online and mostly focuses on homeowners and renter's insurance. The company uses a similar color to magenta -- it says it's "pink" -- in its marketing materials and its website. But Lemonade was told by German courts that it must cease using its color after launching its services in that country, which is also home to T-Mobile owner Deutsche Telekom. Although the ruling only applies in Germany, Lemonade says it fears the decision will set a precedent and expand to other jurisdictions such as the U.S. or Europe. "If some brainiac at Deutsche Telekom had invented the color, their possessiveness would make sense," Daniel Schreiber, CEO and co-founder of Lemonade, said in a statement. "Absent that, the company's actions just smack of corporate bully tactics, where legions of lawyers attempt to hog natural resources -- in this case a primary color -- that rightfully belong to everyone." A spokesman for Deutsche Telekom confirmed that it "asked the insurance company Lemonade to stop using the color magenta in the German market," while adding that the "T" in "Deutsche Telekom" is registered to the brand. "Deutsche Telekom respects everyone's trademark rights but expects others to do the same," the spokesman said in an emailed statement to Ad Age. The report says Lemonade has complied with the ruling by removing its pink color from marketing materials in Germany. It's also trying to open up a larger discussion on the legal matter by using the hashtag "#FreeThePink," although it's gained little traction thus far. Lemonade also filed a motion today with the European Union Intellectual Property Office, or EUIPO, to invalidate Deutsche Telekom's magenta trademark, and they released a color chart with which it asserts are the hues at issue.

Read more of this story at Slashdot.

Little-known Companies Are Amassing Your Data and Selling the Analysis To Clients

Slashdot - Your Rights Online - Wt, 2019-11-05 22:10
As consumers, we all have "secret scores": hidden ratings that determine how long each of us waits on hold when calling a business, whether we can return items at a store, and what type of service we receive. A low score sends you to the back of the queue; high scores get you elite treatment. From a report: Every so often, journalists lament these systems' inaccessibility. They're "largely invisible to the public," The New York Times wrote in 2012. "Most people have no inkling they even exist," The Wall Street Journal said in 2018. Most recently, in April, The Journal's Christopher Mims looked at a company called Sift, whose proprietary scoring system tracks 16,000 factors for companies like Airbnb and OkCupid. "Sift judges whether or not you can be trusted," he wrote, "yet there's no file with your name that it can produce upon request." As of this summer, though, Sift does have a file on you, which it can produce upon request. I got mine, and I found it shocking: More than 400 pages long, it contained all the messages I'd ever sent to hosts on Airbnb; years of Yelp delivery orders; a log of every time I'd opened the Coinbase app on my iPhone. Many entries included detailed information about the device I used to do these things, including my IP address at the time. Sift knew, for example, that I'd used my iPhone to order chicken tikka masala, vegetable samosas and garlic naan on a Saturday night in April three years ago. It knew I used my Apple laptop to sign into Coinbase in January 2017 to change my password. Sift knew about a nightmare Thanksgiving I had in California's wine country, as captured in my messages to the Airbnb host of a rental called "Cloud 9." This may sound somewhat comical, but the companies gathering and paying for this data find it extremely valuable for rooting out fraud and increasing the revenue they can collect from big spenders. Sift has this data because the company has been hired by Airbnb, Yelp, and Coinbase to identify stolen credit cards and help spot identity thieves and abusive behavior. Still, the fact that obscure companies are accumulating information about years of our online and offline behavior is unsettling, and at a minimum it creates the potential for abuse or discrimination -- particularly when those companies decide we don't stack up.

Read more of this story at Slashdot.

Alcohol Breath Tests, a Linchpin of the Criminal Justice System, Are Often Unreliable

Slashdot - Your Rights Online - Wt, 2019-11-05 20:50
A million Americans a year are arrested for drunken driving, and most stops begin the same way: flashing blue lights in the rearview mirror, then a battery of tests that might include standing on one foot or reciting the alphabet. What matters most, though, happens next. From a report: By the side of the road or at the police station, the drivers blow into a miniature science lab that estimates the concentration of alcohol in their blood. If the level is 0.08 or higher, they are all but certain to be convicted of a crime. But those tests -- a bedrock of the criminal justice system -- are often unreliable, a New York Times investigation found. The devices, found in virtually every police station in America, generate skewed results with alarming frequency, even though they are marketed as precise to the third decimal place. Judges in Massachusetts and New Jersey have thrown out more than 30,000 breath tests in the past 12 months alone, largely because of human errors and lax governmental oversight. Across the country, thousands of other tests also have been invalidated in recent years. The machines are sensitive scientific instruments, and in many cases they haven't been properly calibrated, yielding results that were at times 40 percent too high. Maintaining machines is up to police departments that sometimes have shoddy standards and lack expertise. In some cities, lab officials have used stale or home-brewed chemical solutions that warped results. In Massachusetts, officers used a machine with rats nesting inside.

Read more of this story at Slashdot.

Warehouses Are Tracking Workers' Every Muscle Movement

Slashdot - Your Rights Online - Wt, 2019-11-05 16:40
Unions and researchers who study workplace surveillance worry that employers who begin gathering data on workers for whatever reason will be unable to resist using it against them. From a report: Productivity tracking is already widespread throughout the industry -- and workers can be fired or punished if their performance dips. The opacity of data-analysis tools can make it difficult for workers to fully understand how much employers can see. StrongArm, a company that makes such devices, says it has about 30 clients, including Heineken NV and Toyota Motor, and is also establishing relationships with insurance companies interested in ways to reduce workers compensation costs. Walmart says it's testing StrongArm in eight distribution centers and adds it has no plans to use them in stores. StrongArm says about 15,000 workers have worn its devices, and most of them use it daily. The Brooklyn, New York-based startup expects to have 35,000 daily active users by the end of next year. StrongArm acknowledges that concerns about workplace surveillance surround its work, but the company says its products are designed solely to improve safety and cites a recent study it commissioned that found users wearing them suffered 20% to 50% fewer injuries. It says it's not tracking individual productivity and that its products aren't used to punish individual workers or to contest workers compensation claims. But ergonomic tracking isn't happening in isolation.

Read more of this story at Slashdot.

Undercover Reporter Reveals Life In a Polish Troll Farm

Slashdot - Your Rights Online - Wt, 2019-11-05 05:30
An anonymous reader quotes a report from The Guardian: It is as common an occurrence on Polish Twitter as you are likely to get: a pair of conservative activists pouring scorn on the country's divided liberal opposition. "I burst out laughing!" writes Girl from oliborz, a self-described "traditionalist" commenting on a newspaper story about a former campaign adviser to Barack Obama and Emmanuel Macron coming to Warsaw to address a group of liberal activists. "The opposition has nothing to offer. That's why they use nonsense to pull the wool over people's eyes," replies Magda Rostocka, whose profile tells her almost 4,400 followers she is "left-handed with her heart on the right." In reality, neither woman existed. Both accounts were run by the paid employees of a small marketing company based in the city of Wrocaw in southwest Poland. But what the employee pretending to be Magda Rostocka did not know is that the colleague pretending to be Girl from oliborz was an undercover reporter who had infiltrated the company, giving rare insight into the means by which fake social media accounts are being used by private firms to influence unsuspecting voters and consumers. The undercover reporter, Katarzyna Pruszkiewicz, spent six months this year working at Cat@Net, which describes itself as an "ePR agency comprising specialists who build a positive image of companies, private individuals and public institutions -- mostly in social media." "One of Pruszkiewicz's responsibilities was to operate anonymous accounts with instructions to promote content produced by TVP, Poland's state broadcaster, which is widely reviled by critics for its extreme partisanship and hate speech directed against minority groups," the report says. "'It would be great if you posted positive comments about the government's subsidy for TVP and the television license fee,' read an email from her manager." A London-based thinktank found that Cat@Net accounts created up to 10,000 posts in defense of TVP, with a potential reach of 15 million views. The agency also helped a recently elected member of the Polish parliament for the leftwing Democratic Left Alliance party. "Cat@Net's leftwing accounts promoted the politician's candidacy to the European Parliament in elections held in May this year, with at least 90 different accounts circulating and responding to his social media posts," reports The Guardian. "The company's rightwing accounts would then oppose the leftwing accounts, generating conflict and traffic, thereby drawing attention to the candidate." In response to the article, Cat@Net strongly denied it was a "troll farm": "The company's field of activity is the outsourcing of marketing operations to social media. We communicate accurate information, speak for our clients, and promote their products and services like any other agency of its kind."

Read more of this story at Slashdot.

US Begins Formal Withdrawal From Paris Climate Accord

Slashdot - Your Rights Online - Wt, 2019-11-05 04:12
The Trump administration is formally withdrawing the U.S. from the Paris climate accord, "the first step in a year-long process to leave the landmark agreement to reduce emissions of planet-warming gases," reports CNN. President Trump first announced the intent to officially withdraw from the agreement in June 2017. From the report: "Today the United States began the process to withdraw from the Paris Agreement," Secretary of State Mike Pompeo said in a statement. "Per the terms of the Agreement, the United States submitted formal notification of its withdrawal to the United Nations. The withdrawal will take effect one year from delivery of the notification." Under the framework of the agreement, Monday is the earliest date that the administration can notify the United Nations that the U.S. plans to leave. But the process cannot be completed until exactly one year later on November 4, 2020, which happens to be one day after the 2020 presidential election. Should Trump lose the 2020 election, a new president could rejoin the agreement, but would have to put forth new climate commitments to the UN.

Read more of this story at Slashdot.

GitLab Considers Ban On New Hires In China and Russia Due To Espionage Fears

Slashdot - Your Rights Online - Wt, 2019-11-05 03:20
GitLab is considering blocking new hires from countries such as China and Russia over espionage fears. "There is a general train of thought that both Russian and Chinese intelligence agencies might use the same blueprint and plant agents or coerce GitLab staff into handing over data belonging to western companies," reports ZDNet. An anonymous reader shares an excerpt from the report: Eric Johnson, VP of Engineering at GitLab, said discussions on banning new hires from the two countries began after enterprise customers expressed concerns about the geopolitical climate of the two countries. If approved, the hiring ban will apply to two positions; namely Site Reliability Engineer and Support Engineer, the two positions that handle providing tech support to GitLab's enterprise customers. Johnson said these two support staff positions have full access to customers' data, something that companies had an issue with, especially if tech support staff was to be located in countries like China and Russia, where they could be compromised or coerced by local intelligence services. Johnson said GitLab does not have "a technical way" to support data access permission systems for employees based on their country of origin. "Doing so would also force us to confront the possibility of creating a 'second class of citizens' on certain teams who cannot take part in 100% of their responsibilities," Johnson said. The new "hiring ban" is not yet final. Open conversations on the topic started last month, and are scheduled to end November 6.

Read more of this story at Slashdot.

Facebook Rebrands To 'FACEBOOK' As Calls For Government-Led Breakup Continue

Slashdot - Your Rights Online - Wt, 2019-11-05 00:40
Facebook introduced a new brand Monday as the company faces calls from politicians and consumer advocates for the government to break it up into various pieces. NBC News reports: The company announced in a blog post that the new brand, which retains the name of the social network, would have a new logo to better indicate all the various products and services it now offers, including Instagram and WhatsApp. "Today, we're updating our company branding to be clearer about the products that come from Facebook," Antonio Lucio, the company's chief marketing officer, wrote in the blog post. "We're introducing a new company logo and further distinguishing the Facebook company from the Facebook app, which will keep its own branding." "This brand change is a way to better communicate our ownership structure to the people and businesses who use our services to connect, share, build community and grow their audiences," Lucio wrote. The new logo features Facebook in capitalized letters with "custom typography." The company said the new brand would appear on Instagram, WhatsApp and its other offerings.

Read more of this story at Slashdot.

ISPs Lied To Congress To Spread Confusion About Encrypted DNS, Mozilla Says

Slashdot - Your Rights Online - Wt, 2019-11-05 00:03
An anonymous reader quotes a report from Ars Technica: Mozilla is urging Congress to reject the broadband industry's lobbying campaign against encrypted DNS in Firefox and Chrome. The Internet providers' fight against this privacy feature raises questions about how they use broadband customers' Web-browsing data, Mozilla wrote in a letter sent today to the chairs and ranking members of three House of Representatives committees. Mozilla also said that Internet providers have been giving inaccurate information to lawmakers and urged Congress to "publicly probe current ISP data collection and use policies." DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making. This can make it more difficult for ISPs or other third parties to monitor what websites you visit. "Unsurprisingly, our work on DoH [DNS over HTTPS] has prompted a campaign to forestall these privacy and security protections, as demonstrated by the recent letter to Congress from major telecommunications associations. That letter contained a number of factual inaccuracies," Mozilla Senior Director of Trust and Security Marshall Erwin wrote. This part of Erwin's letter referred to an Ars article in which we examined the ISPs' claims, which center largely around Google's plans for Chrome. The broadband industry claimed that Google plans to automatically switch Chrome users to its own DNS service, but that's not what Google says it is doing. Google's publicly announced plan is to "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider." If the user-selected DNS service is not on that list, Chrome would make no changes for that user.

Read more of this story at Slashdot.

Are Amazon's 'Ring' Cameras Exacerbating Societal Inequality?

Slashdot - Your Rights Online - Pn, 2019-11-04 06:34
In one of America's top cities for property crime, the Atlantic examines the "porch pirate" of San Francisco's Potrero Hill. It's an 8,000-word long read about how one of the neighborhood's troubled long-time residents "entered a vortex of smart cameras, Nextdoor rants, and cellphone surveillance," in a town where the public hospital she was born in is now named after Mark Zuckerberg. Her story begins when a 30-something product marketing manager at Google received a notification on his iPhone from his home surveillance camera, sharing a recording of a woman stealing a package from his porch. He cruises the neighborhood, spots her boarding a city bus, and calls 911, having her arrested. The article notes that 17% of America's homeowners now own a smart video surveillance device. But it also seems to be trying to bring another perspective to "the citizen surveillance facilitated by porch cams and Nextdoor to the benefit of corporations and venture capitalists." From the article: Under the reasoning that more surveillance improves public safety, over 500 police departments -- including in Houston and a stretch of Los Angeles suburbs -- have partnered with Ring. Many departments advertise rebates for Ring devices on government social-media channels, sometimes offering up to $125. Ring matches the rebate up to $50. Dave Maass, a senior investigative researcher at the Electronic Frontier Foundation, a nonprofit focused on digital civil liberties, said it's unseemly to use taxpayer money to subsidize the build-out of citizen surveillance. Amazon and other moneyed tech companies competing for market share are "enlisting law enforcement to be their sales force, to have the cops give it their imprimatur of credibility," said Maass, a claim echoed in an open letter to government agencies from more than 30 civil-rights organizations this fall and a petition asking Congress to investigate the Ring partnerships. (Ring disputes this characterization....) In some cities, the relationship between the police and companies has gone beyond marketing. Amazon is helping police departments run "bait box" operations, in which police place decoy boxes on porches -- often with GPS trackers inside -- to capture anyone who tries to steal them... Amazon sent police free branded boxes, and even heat maps of areas where the company's customers suffer the most thefts... Stings and porch-pirate footage attract media attention -- but what comes next for the thieves rarely gets the same limelight. Often, perpetrators face punishments whose scale might surprise the amateur smart-cam detectives and Nextdoor sleuths who help nail them... In December, the U.S. attorney for the Eastern District of Arkansas announced an enforcement campaign called Operation Porch Pirate. Two suspects were arrested and charged with federal mail theft. One pleaded guilty to stealing $170.42 worth of goods, including camouflage crew socks and a Call of Duty video game from Amazon, and was sentenced to 14 months of probation. Another pleaded guilty to possession of stolen mail -- four packages, two from Amazon -- and awaits sentencing of up to five years in prison and a $250,000 fine... While porch cams have been used to investigate cases as serious as homicides, the surveillance and neighborhood social networking typically make a particular type of crime especially visible: those lower-level ones happening out in public, committed by the poorest. Despite the much higher cost of white-collar crime, it seems to cause less societal hand-wringing than what might be caught on a Ring camera, said W. David Ball, a professor at Santa Clara University School of Law. "Did people really feel that crime was 'out of control' after Theranos?" he said. "People lost hundreds of millions of dollars. You would have to break into every single car in San Francisco for the next ten years to amount to the amount stolen under Theranos." In the article the EFF's investigative researcher also asks if police end up providing more protection to affluent communities than the ones that can't afford Amazon's Ring cameras. But W. David Ball, the law professor, also asks whether locking up low-level criminals is just ignoring the larger issue of poverty in increasingly expensive cities. "Everyone assumes that jail works to deter people. But I don't know if I were hungry, and had no other way of eating, that that would deter me from stealing."

Read more of this story at Slashdot.

Waymo Complains California's Government Says Its Robotaxi Service Must Be Free For Now

Slashdot - Your Rights Online - Pn, 2019-11-04 00:04
"Waymo wants to deploy a robotaxi service for the general public in parts of California as soon as possible," reports the Los Angeles Times. "But that's unlikely, the company says, because California says it has to offer the service for free." Last year, the California Public Utilities Commission allowed driverless "robotaxi" pilot programs in the state but banned permit-holders from charging fares. The ban is considered temporary but has no timeline. Some industry analysts say the uncertainty could put California's reputation as the world leader in driverless technology at risk. The free-or-nothing mandate makes no sense to Waymo, the driverless vehicle arm of Google's Alphabet, or to other driverless vehicle start-ups hoping to establish themselves in a new industry that could produce the biggest change in ground transportation since the invention of the automobile. Waymo requires a "commercial path forward" before it can offer Californians the kind of driverless taxi service it's already running across 100 square miles in Phoenix, according to George Ivanov, Waymo's head of policy development and regulatory initiatives... In July, Waymo began a commission-approved pilot program to ferry Waymo and Google employees and guests through parts of Silicon Valley in driverless cars for free. Waymo doesn't need fare money to fund operations -- Alphabet is an enormous profit machine, and holds more than $100 billion in cash. But Ivanov explained that experimenting with customer response to different fare structures is essential to building out the robotaxi business, which would be like Uber or Lyft but without a human driver.

Read more of this story at Slashdot.

Florida Police Are Using Amazon Echo Recordings For a Murder Investigation

Slashdot - Your Rights Online - N, 2019-11-03 01:34
"Police in Hallandale Beach believe there may have been a witness to the July murder of Silvia Galva, and 'her' name was Alexa," reports the South Florida Sun-Sentinel. Slashdot reader PolygamousRanchKid tipped us off to the story: According to a search warrant, investigators want to know what the popular voice-controlled smart speakers overheard during a fatal altercation between Galva, 32, and her boyfriend, Adam Reechard Crespo, 43, on July 12.. A month after Galva's death, police obtained a search warrant for anything recorded by the two devices that were found in the apartment between July 11 at 12 a.m. and July 12 at 11:59 p.m. "It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom... may be found on the server maintained by or for Amazon," police wrote in their probable cause statement seeking the warrant. Whether police stumbled across a silent witness or are overestimating the eavesdropping capacity of smart technology remains to be seen. Amazon turned over multiple recordings, but neither the company, police, nor the State Attorney's Office will say at this point what was on them. "We did receive recordings, and we are in the process of analyzing the information that was sent to us," said Hallandale Beach Police Department spokesman Sgt. Pedro Abut... "Amazon does not disclose customer information in response to government demands unless we're required to do so to comply with a legally valid and blinding order," Amazon spokesman Leigh Nakanishi said. "Amazon objects to overbroad or otherwise inappropriate demands as a matter of course."

Read more of this story at Slashdot.

Privacy Concerns Are Jeopardizing Investigations Into Facebook Disinformation

Slashdot - Your Rights Online - So, 2019-11-02 19:34
"An unprecedented investigation into disinformation on Facebook has hit turbulence over questions about how much data to release to outside researchers," reports Fast Company, "curtailing efforts to stem one of social media's most pernicious threats ahead of the 2020 elections." Slashdot reader tedlistens writes: Social Science One, an unprecedented, Mark Zuckerberg-backed plan to open up Facebook's data to outside researchers -- with the aim of fighting disinformation and propaganda ahead of elections in 2020 -- has run up against privacy concerns at Facebook. A month after the funders' deadline, Facebook continues to work on treating the data with differential privacy techniques and says it hopes to publish more datasets soon. But researchers are frustrated and confused, and the backers are reconsidering their support. And lawmakers like Sen. Mark Warner, the vice chair of the Senate Intelligence Committee, are growing impatient too. "In Congress, we need to require greater accountability from social media platforms on everything from the transparency of political ad funding, to the legitimacy of content, to the authenticity of user accounts," Warner tells Alex Pasternack at Fast Company. "And if platforms refuse to comply, we need to be able to hold them responsible."

Read more of this story at Slashdot.

Data Breaches Reported at NetworkSolutions, Register.com, and Web.com

Slashdot - Your Rights Online - So, 2019-11-02 17:34
"Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed," reports security researcher Brian Krebs: "On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed," Web.com said in a written statement. "No credit card data was compromised as a result of this incident." The Jacksonville, Fla.-based Web.com said the information exposed includes "contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder...." Both Network Solutions and Register.com are owned by Web.com. Network Solutions is now the world's fifth-largest domain name registrar, with almost seven million domains in its stable, according to domainstate.com; Register.com listed at #17 with 1.7 million domains.... Web.com said it has reported the incident to law enforcement and hired an outside security firm to investigate further, and is in the process of notifying affected customers through email and via its website.... Web.com wasn't clear how long the intrusion lasted, but if the breach wasn't detected until mid-October that means the intruders potentially had about six weeks inside unnoticed. That's a long time for an adversary to wander about one's network, and plenty of time to steal a great deal more information than just names, addresses and phone numbers.

Read more of this story at Slashdot.

New Russian 'Sovereign Internet' Law Gives Government Sweeping Power Over Internet

Slashdot - Your Rights Online - So, 2019-11-02 15:00
An anonymous reader quotes a report from NPR: A Russian law has taken effect that, in theory, would allow the Russian government to cut off the country's Internet from the rest of the world. The "sovereign Internet law," as the government calls it, greatly enhances the Kremlin's control over the Web. It was passed earlier this year and allows Russia's government to cut off the Internet completely or from traffic outside Russia "in an emergency," as the BBC reported. But some of the applications could be more subtle, like the ability to block a single post. It requires Internet service providers to install software that can "track, filter, and reroute internet traffic," as Human Rights Watch stated. Such technology allows the state telecommunications watchdog "to independently and extrajudicially block access to content that the government deems a threat." The equipment would conduct what's known as "deep packet inspection," an advanced way to filter network traffic. Such widespread control is alarming to human rights groups, which fear it could be used to silence dissent. The Russian government has justified the law by saying it is needed to prevent U.S. cyberattacks. And, as the BBC reported, Kremlin spokesman Dmitry Peskov has rejected the idea the law could be used to cut off Russia from the rest of the world: "No-one is suggesting cutting the Internet."

Read more of this story at Slashdot.

Gaggle Knows Everything About Teens And Kids In School

Slashdot - Your Rights Online - So, 2019-11-02 04:10
Gaggle monitors the work and communications of almost 5 million students in the U.S., and schools are paying big money for its services. Hundreds of company documents unveil a sprawling surveillance industrial complex that targets kids who can't opt out. Caroline Haskins writes via BuzzFeed News: Using a combination of in-house artificial intelligence and human content moderators paid about $10 an hour, Gaggle polices schools for suspicious or harmful content and images, which it says can help prevent gun violence and student suicides. It plugs into two of the biggest software suites around, Google's G Suite and Microsoft 365, and tracks everything, including notifications that may float in from Twitter, Facebook, and Instagram accounts linked to a school email address. Gaggle touts itself as a tantalizingly simple solution to a diverse set of horrors. It claims to have saved hundreds of lives from suicide during the 2018-19 school year. The company, which is based in Bloomington, Illinois, also markets itself as a tool that can detect threats of violence. But hundreds of pages of newly revealed Gaggle documentation and content moderation policies, as well as invoices and student incident reports from 17 school districts around the country obtained via public records requests, show that Gaggle is subjecting young lives to relentless inspection, and charging the schools that use it upward of $60,000. And it's not at all clear whether Gaggle is as effective in saving lives as it claims, or that its brand of relentless surveillance is without long-term consequences for the students it promises to protect. [...] [S]tudent surveillance services like Gaggle raise questions about how much monitoring is too much, and what rights minors have to control the ways that they're watched by adults. "My sense about this particular suite of products and services is that it's a solution in search of a problem," said Sarah Roberts, a UCLA professor and a scholar in digital content moderation, "which is to say that the only way that the logic of it works is if we first accept that our children ought to be captured within a digital system, basically, from the time they're sentient until further notice." While Gaggle claims that its tool promotes a sense of "digital citizenship," BuzzFeed News says the newly revealed documents show that students often don't understand that their work and communications are being surveilled until they violate the rules.

Read more of this story at Slashdot.

Senator Introduces Bill Banning Facial Recognition Tech In Public Housing

Slashdot - Your Rights Online - So, 2019-11-02 02:50
Senator Cory Booker (D-N.J.) on Friday introduced a bill banning the use of facial recognition technology in public housing, mirroring legislation proposed in the House in July. The Hill reports: The No Biometric Barriers to Housing Act would block the tech from being installed in housing units that receive funding from the Department of Housing and Urban Development (HUD). "Using facial recognition technology in public housing without fully understanding its flaws and privacy implications seriously harms our most vulnerable communities," Booker, a 2020 presidential candidate, said in a statement. "Facial recognition technology has been repeatedly shown to be incomplete and inaccurate, regularly targeting and misidentifying women and people of color. We need better safeguards and more research before we test this emerging technology on those who live in public housing and risk their privacy, safety, and peace of mind." There is currently no federal law dictating when, how, where or why facial recognition technology can be used.

Read more of this story at Slashdot.

DNA Databases Are a National Security Leak Waiting To Happen

Slashdot - Your Rights Online - So, 2019-11-02 01:20
schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information. "You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches." "The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."

Read more of this story at Slashdot.