aggregator

A change Apple is making to improve privacy in an upcoming version of its iPhone operating system has alarmed an unlikely group of software makers: developers of privacy-focused encrypted messaging apps. The Information (paywalled): They warn the change, which is already available in public test versions of iOS 13, could end up undermining the privacy goals that prompted it in the first place. The Information previously reported that the technical change Apple is making to its next operating systems, iOS 13, has sparked concern at Facebook, which believes it will have to make significant modifications to encrypted messaging apps like Facebook Messenger and WhatsApp to comply. But a much wider group of developers of encrypted messaging apps -- including Signal, Wickr, Threema and Wire -- is scrambling to overhaul their software so that key privacy features continue to work. Apple told The Information on Wednesday in a statement that it is working with the developers to resolve their concerns. "We've heard feedback on the API changes introduced in iOS 13 to further protect user privacy and are working closely with iOS developers to help them implement their feature requests," an Apple spokesperson said.

Read more of this story at Slashdot.

Hackers working for the Chinese government have broken into telecoms networks to track Uighur travelers in Central and Southeast Asia, Reuters reported, citing two intelligence officials and two security consultants who investigated the attacks. From a report: The hacks are part of a wider cyber-espionage campaign targeting "high-value individuals" such as diplomats and foreign military personnel, the sources said. But China has also prioritized tracking the movements of ethnic Uighurs, a minority mostly Muslim group considered a security threat by Beijing. China is facing growing international criticism over its treatment of Uighurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls "vocational training" centers and widespread state surveillance. Beijing's alleged cyberspace attacks against Uighurs show how it is able to pursue those policies beyond its physical borders.

Read more of this story at Slashdot.

BoogieChile writes: "Nuanced" in this case meaning: they don't need it. A discussion paper on Australia's Data Sharing and Release Legislative Reforms "tweaks" proposed new Data Sharing and Release legislation by removing the requirement for people to consent to the sharing of personal information. "Instead, we are placing the responsibility on Data Custodians and Accredited Users to safely and respectfully share personal information where reasonably required for a legitimate objective," it says. The paper says that following feedback, the government has "nuanced" its position on consent. "While consent is important in certain situations, the societal outcomes of fair and unbiased government policy, research, and programs can outweigh the benefits of consent, provided privacy is protected," it says. "The Office of the National Data Commissioner will encourage the use of consent where appropriate when applying the Data Sharing Principles, although the legislation will not require it in all circumstances." According to the government, requiring consent for all data sharing will lead to biased data that delivers the wrong outcomes. "The Data Sharing and Release legislation is about improving government policy and research by helping government and researchers use a better evidence base. If we required consent, then data would only be shared where consent was given," the paper says. "This will skew the data which is shared, leaving it unfit for many important purposes in the public benefit; it also runs the risk of leading to flawed policy and research which impacts negatively on society."

Read more of this story at Slashdot.

Google and its industry allies are making a late bid to water down the first major data-privacy law in the U.S., seeking to carve out exemptions for digital advertising, according to documents obtained by Bloomberg and people familiar with the negotiations. Bloomberg reports: A lobbyist for Google recently distributed new language to members of California's state legislature that would amend the California Consumer Privacy Act. As currently drafted, the law limits how Google and other companies collect and make money from user data online, threatening a business model that generates billions of dollars in ad revenue. It's due to kick in next year and there are only a few more days to amend the law. The lobbying push seeks legislative approval to continue collecting user data for targeted advertising, and in some cases, the right to do so even if users opt out, according to the documents and the people familiar with the negotiations. It's unclear if the language circulating in the state capitol's corridors was drafted by Google, and other lobbyists are likely asking for similar changes. Industry groups, such as the California Chamber of Commerce and the Internet Association, often help write legislation and have been the face of industry during two years of debate over the CCPA. It's also common for interested parties to suggest late changes to bills. The Google representative, who distributed the revised language in recent weeks, has yet to find a lawmaker to sponsor the amendments, according to people familiar with negotiations. The proposal must be in a bill by Sept. 10 to be eligible for lawmakers to vote on it before they adjourn for the year on Sept. 13. One of the proposals would let Google and others use data collected from websites for their own analysis, and then share it with other companies that may find it useful. Currently, the CCPA prohibits the sale or distribution of user data if the user has opted out, with limited exceptions. Another proposal would loosen the definition of "business purpose" when it comes to selling or distributing user data. The law currently defines this narrowly and has a list of specific activities, such auditing and security, that will be allowed. Google's lobbyist shared new language that significantly broadens the rule by replacing the phrase "Business purposes are" with "Business purposes include," before the list of approved activities.

Read more of this story at Slashdot.

England is introducing a mandatory electric car charging point for each newly built home. "This means that every brand new home, by law, will have to have a charging port for your electric vehicle -- even if you don't yet own one," reports CleanTechnica. From the report: This would make it easier on both fully electric and plug-in hybrid owners in England who use the government's home charger subsidy, which has funded the installation of almost 100,000 wall boxes, as home chargers are commonly called. In the Forward written by the Secretary of Transport, Rt Hon. Chris Grayling, he states that in the previous year the government set out a "bold and integrated Industrial Strategy" that was designed to create a "high-growth, high productivity green economy across the UK." It would be an economy ready for the 21st century and a huge part of this is a plan for solving the problem of roadside nitrogen dioxide concentrations. The goal is to cut exposure to air pollutants, reduce greenhouse gas emissions, and improve the UK's energy security. One of these polices states that they will support the development of one of the best electric vehicle infrastructure networks in the world.

Read more of this story at Slashdot.

In a recent interview with the Willamette Week, Sen. Ron Wyden (D-OR) said that Facebook CEO Mark Zuckerberg should face the possibility of a prison term for Facebook's privacy violations. Zuckerberg has Mark "repeatedly lied to the American people about privacy," said Wyden. "I think he ought to be held personally accountable, which is everything from financial fines to -- and let me underline this -- the possibility of a prison term." Zuckerberg, Wyden said, has "hurt a lot of people." Ars Technica reports: Wyden was talking to the Willamette Week about Section 230 of the Communications Decency Act, a 1996 law that gives online platforms like Facebook broad immunity for content posted by their users. Wyden was the co-author of the law and has been one of its most ardent defenders ever since. The law has come under increasing criticism as concern has grown about toxic online content. Wyden isn't ready to scrap it, but he says that he's "looking for more ways to create market pressure on the big tech companies to take moderation more seriously." Wyden worries that more aggressive efforts to root out toxic content online would effectively "throw the First Amendment in the trash can." "I still think the basic frame of the shield -- particularly for the little guy -- is essential," Wyden said of Section 230's immunity provisions. "And I'm looking very aggressively for ways to shore up the sword, to get at the slime." Technology companies, Wyden argued, have "done practically everything wrong since the 2016 election." He said he recently told technology companies: "If you don't get serious on moderation, you're going to have a lot of people coming after you."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The New York Times: The Trump administration announced new rules on Wednesday to roll back requirements for energy-saving light bulbs, a move that could contribute to the greenhouse gas emissions that cause climate change. The Energy Department's filing in the Federal Register will prevent new efficiency standards from going into effect on Jan. 1 under a law passed in 2007. The changes are likely to be challenged in court. "We will explore all options, including litigation, to stop this completely misguided and unlawful action," said Noah Horowitz, director of the Center for Energy Efficiency Standards at the Natural Resources Defense Council, last week in anticipation of the move. "One part of the new standards would have required the adding of four kinds of incandescent and halogen light bulbs to the energy-efficient group: three-way, the candle-shaped bulbs used in chandeliers; the globe-shaped bulbs found in bathroom lighting; reflector bulbs used in recessed fixtures; and track lighting," the report adds. "A rule that will be published Thursday in the Federal Register will eliminate the requirement for those four categories of bulbs." "The Department of Energy was also supposed to begin a broader upgrade concerning energy efficiency in pear-shaped bulbs, scheduled to go into effect Jan. 1, 2020. The department is proposing a new rule that would eliminate that requirement, subject to a 60-day comment period."

Read more of this story at Slashdot.

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. TechCrunch: The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn't protected with a password, anyone could find and access the database. Each record contained a user's unique Facebook ID and the phone number listed on the account. A user's Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account's username. But phone numbers have not been public in more than a year since Facebook restricted access to users' phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account.

Read more of this story at Slashdot.

New evidence submitted for an investigation into Google's collection of personal data in the European Union reportedly accuses the search giant of stealthy sending your personal user data to advertisers. The company allegedly relays this information to advertisers using hidden webpages, allowing it to circumvent EU privacy regulations. From a report: The evidence was submitted to Ireland's Data Protection Commission, the main watchdog over the company in the European Union, by Johnny Ryan, chief policy officer for privacy-focused browser maker Brave, according to a Financial Times report Wednesday. Ryan reportedly said he discovered that Google used a tracker containing web browsing information, location and other data and sent it to ad companies via webpages that "showed no content," according to FT. This could allow companies buying ads to match a user's Google profile and web activity to profiles from other companies, which is against Google's own ad buying rules, according to the FT. In response, Google said Wednesday it doesn't serve "personalized ads or send bid requests to bidders without user consent."

Read more of this story at Slashdot.

Google and YouTube will pay $170 million to settle allegations by the Federal Trade Commission and the New York Attorney General that YouTube illegally collected personal information from children without their parents' consent, the FTC announced. From a report: The fine is a record in a case related to alleged violations of the Children's Online Privacy Protection Act (COPPA), according to the FTC. "YouTube touted its popularity with children to prospective corporate clients," said FTC Chairman Joe Simons. "Yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids. There's no excuse for YouTube's violations of the law." Under the settlement, YouTube is required to develop and maintain a system that lets channel owners to identify "child-directed content" so that YouTube can ensure it is complying with COPPA. In addition, Google and YouTube must notify channel owners that their child-directed content may be subject to COPPA's obligations and provide annual training about complying with COPPA for employees who deal with YouTube channel owners.

Read more of this story at Slashdot.

Independent Scottish developer Muirhall Energy announced on Monday that construction has begun at the Crossdykes Wind Farm, an important step in the company's effort to deliver Scotland's first subsidy-free onshore wind project. CleanTechnica reports: The 46 megawatt (MW) Crossdykes Wind Farm, being developed at Dumfries and Galloway, in the western Southern Uplands of Scotland, is expected to produce first power in September 2020. Muirhall Energy and its partners WWS Renewables reached financial close on the project in August -- believed to be the first subsidy-free development to be project-financed, thanks to funding from Close Brothers Leasing and wind turbines to be supplied by Nordex. Muirhall has also offered the local Dumfries and Galloway community the opportunity to buy up to 10% of the project via a community share offer. "We are delighted to be starting construction on what will be one of the first subsidy-free developments to come online in the UK," said Chris Walker, Managing Director of Muirhall Energy. "That is testament to the work we have done as a company, but also the flexibility shown by all our partners as we finalized our plans for the project." "We are now very much focused on working to our tight construction timeline and progressing a number of the other projects in our portfolio which we believe can be made to work on a similar model. With more than 300 MW to begin construction over the next three years, this an exciting time for Muirhall Energy."

Read more of this story at Slashdot.

PatentlyApple has spotted several patents that suggest Apple is playing with the idea of making the Apple Watch's band identify users via their wrist's skin texture and arm hair. TechCrunch reports: The first patent describes a sensor built into the Watch or the watch's band that could use infrared to build a thermal image of your wrist and its identifying traits (like skin texture/arm hair) to identify who is wearing it -- sort of like a fingerprint, but from your wrist. Unlike most of Apple's other devices, the Apple Watch doesn't currently have any sort of built-in biometrics for unlocking -- there's no thumbprint sensor for Touch ID, or camera for Face ID. Unlocking your Apple Watch means poking at the screen to punch in a PIN (or, if you've configured it to unlock when you unlock your phone, doing that). A sensor setup like this could make the unlocking process automatic without the need to unlock your phone. The second granted patent describes a Watch band that can adjust itself on the fly -- think Nike's self-tightening shoes, but on your wrist. If the Watch detects that it's sliding while you're running (or if the aforementioned thermal sensors need a closer look at your wrist skin) tensioners in the device could tighten or loosen the band on command. Finally, a third granted patent tinkers with the idea of a Watch band with built-in light-up indicators -- like, say, a notification light for incoming texts, or a meter that fills up to tell you at-a-glance how much distance you've got left on your run, or a stripe that glows yellow when you've got something on your calendar in the next hour. All of this can already be done on the Watch's screen, of course -- this would just allow for it without having to power up the entire display.

Read more of this story at Slashdot.

Facebook said on Tuesday its face recognition technology will now be available to all users with an option to opt out, while deciding to discontinue a related feature called 'Tag Suggestions.' From a report: Face recognition, which was available to some Facebook users since December 2017, notifies an account holder if their profile photo is used by someone else or if they appear in photos where they have not been tagged. Tag Suggestions, which used face recognition only to suggest a user to tag friends in photos, has been at the center of a privacy related lawsuit since 2015. The lawsuit by Illinois users accused the social media company of violating the state's Biometric Information Privacy Act, claiming it illegally collected and stored biometric data of millions of users without their consent.

Read more of this story at Slashdot.

Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of $243,000 in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking. From a report: The CEO of a U.K.-based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm's German parent company, who asked him to send the funds to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour, according to the company's insurance firm, Euler Hermes Group. Law enforcement authorities and AI experts have predicted that criminals would use AI to automate cyberattacks. Whoever was behind this incident appears to have used AI-based software to successfully mimic the German executive's voice by phone. The U.K. CEO recognized his boss' slight German accent and the melody of his voice on the phone, said Rudiger Kirsch, a fraud expert at Euler Hermes, a subsidiary of Munich-based financial services company Allianz.

Read more of this story at Slashdot.

A Chinese app that lets users convincingly swap their faces with film or TV characters has rapidly become one of the country's most downloaded apps, triggering a privacy row. From a report: Released on Friday, the Zao app went viral as Chinese users seized on the chance to see themselves act out scenes from well-known movies using deepfake technology, which has already prompted concerns elsewhere over potential misuse. Users provide a series of selfies in which they blink, move their mouths and make facial expressions, which the app uses to realistically morph the person's animated likeness on to movies, TV shows or other content. The company was forced to issue a statement on Sunday pledging changes after critics attacked the app's privacy policy, which it had "free, irrevocable, permanent, transferable, and relicenseable" rights to all user-generated content. There has been growing concern over deepfakes, which use artificial intelligence to appear genuine. Critics say the technology can be used to create bogus videos to manipulate elections, defame someone, or potentially cause unrest by spreading misinformation on a massive scale. "We understand the concerns about privacy. We've received the feedback, and will fix the issues that we didn't take into consideration, which will take some time," a statement released by Zao said. Zao is owned by Momo Inc, a Tinder-like dating service that is listed on the US Nasdaq.

Read more of this story at Slashdot.

"More than 10 million Ring doorbells have been installed worldwide, and BuzzFeed News found evidence that the company is working to develop facial recognition technology for its devices in Ukraine." An anonymous reader quotes their report: While Ring devices don't currently use facial recognition technology, the company's Ukraine arm appears to be working on it. "We develop semi-automated crime prevention and monitoring systems which are based on, but not limited to, face recognition," reads Ring Ukraine's website. BuzzFeed News also found a 2018 presentation from Ring Ukraine's "head of face recognition research" online and direct references to the technology on its website... In November 2018, Ring filed two patent applications that describe technology with the ability to identify "suspicious people" and create a "database of suspicious persons..." In December 2018, the Information reported that Ring gave its Ukraine-based research team access to customer videos in order to train image recognition software, potentially for use in Ring cameras. This use of customer videos is, in fact, allowed by the company's terms of service, which says that Ring has the right to unilaterally "access and use your User Recordings" for "developing new Products and Services" -- like facial recognition... As BuzzFeed News previously reported, Ring's terms of service gives the company an irrevocable, perpetual license to the video content users post on Neighbors. Buzzfeed News also quotes their op-ed last month by the deputy director of the digital rights group Fight for the Future. "We are on the verge of an unprecedented increase in state and private spying that will be built in plain sight."

Read more of this story at Slashdot.

Federal investigators asked Google for help finding two men who'd robbed a Wisconsin bank in October of 2018: They left the bank at 9:09AM, just seven minutes after they entered, carrying the bag full of cash, three drawers from the vault and teller station, and the keys to the bank vault itself. In the months since, police and federal agents have struggled to track down the bank robbers. Local media sent out pictures from the bank's security cameras, but it produced no leads. Finally, police hit on a more aggressive strategy: ask Google to track down the bank robbers' phones. In November, agents served Google with a search warrant, asking for data that would identify any Google user who had been within 100 feet of the bank during a half-hour block of time around the robbery. They were looking for the two men who had gone into the bank, as well as the driver who dropped off and picked up the crew, and would potentially be caught up in the same dragnet. It was an aggressive technique, scooping up every Android phone in the area and trusting police to find the right suspects in the mess of resulting data. But the court found it entirely legal, and it was returned as executed shortly after. That kind of warrant, known as a reverse location search, has become increasingly common in recent years... In each case, police weren't tracking the location of a specific suspect -- where normal standards of reasonable suspicion would apply -- but instead pulling the names of every individual who had been in the vicinity when a crime took place. For civil liberties groups, it's a dangerous and potentially unconstitutional overreach of police power. But those concerns haven't been enough to keep police from filing reverse location search warrants when a case runs dry, or to convince judges to reject them. The Verge reports that Minnesota over 20 of the same kind of warrants have been served just in the state of Minnesota -- though in the Wisconsin case, it's not even clear that it did any good. "When The Verge reached out to the FBI's Milwaukee division to ask if any charges had been brought, officers said the case was ongoing and they could not provide any additional information as a result. With nearly a year elapsed since the warrant was served, that suggests this particular reverse location search may not have been as fruitful as investigators hoped."

Read more of this story at Slashdot.

Amazon isn't just partnering with hundreds of America's police departments. They're also "directing the departments' press releases, social media posts and comments on public posts," according to the Guardian: Ring says the program gives police more resources to solve crimes, while critics fear the company is quietly building up a for-profit private surveillance network. Ring's power over police departments' communications with the citizens they serve is just the latest question about the company's operations. Andrew Ferguson, a law professor and the author of The Rise of Big Data Policing said there has been a rise of tech company influence on police work over the past decade, but shaping marketing language within police departments represents a new level of "distortion of public safety rule". "Police should not have dual loyalty to a private company and the public -- their loyalty should be to the public," he said. "Any sort of blurring of that line causes us to question that loyalty...." Advocates fear that the cameras will allow police access to surveillance footage while bypassing the public process to approve more traditional security cameras. They have pointed out that contracts between police and Ring often face little public scrutiny and experts have raised concerns over requests from Ring to get access to police department's computer-aided dispatch feeds. Advocates have also questioned how comfortable users feel in denying law enforcement requests. When one Kansas police department announced their partnership with Ring, Amazon "sent the department a press release template and noted the final communique would have to be approved by Ring before release," according to the article. And for one police department in Georgia, Amazon's Ring "heavily edited the press release about the program," removing a sentence about their $15,920 donation of video doorbells and the fact that Amazon would even help install them in homes. "Ring also changed wording from the police department that said the department 'will be able to access videos submitted by subscribers of Ring' to say the department will 'join existing crime and safety conversations with local residents'." CNET also reports that Amazon "spent more than a year offering discounts and applying peer pressure with constant reminders and emails to convince officers to sign up.... When police didn't respond, Ring would follow up by noting neighboring law enforcement agencies that have joined, pushing for the Chula Vista police to join them."

Read more of this story at Slashdot.

schwit1 shared this thought-provoking article from Fast Company: Many Westerners are disturbed by what they read about China's social credit system. But such systems, it turns out, are not unique to China. A parallel system is developing in the United States, in part as the result of Silicon Valley and technology-industry user policies, and in part by surveillance of social media activity by private companies. Here are some of the elements of America's growing social credit system. - The New York State Department of Financial Services announced earlier this year that life insurance companies can base premiums on what they find in your social media posts... - Airbnb can disable your account for life for any reason it chooses, and it reserves the right to not tell you the reason... - You can be banned from communications apps, too. For example, you can be banned on WhatsApp if too many other users block you. You can also get banned for sending spam, threatening messages, trying to hack or reverse-engineer the WhatsApp app, or using the service with an unauthorized app... The most disturbing attribute of a social credit system is not that it's invasive, but that it's extralegal. Crimes are punished outside the legal system, which means no presumption of innocence, no legal representation, no judge, no jury, and often no appeal. In other words, it's an alternative legal system where the accused have fewer rights. Social credit systems are an end-run around the pesky complications of the legal system. Unlike China's government policy, the social credit system emerging in the U.S. is enforced by private companies. If the public objects to how these laws are enforced, it can't elect new rule-makers... If current trends hold, it's possible that in the future a majority of misdemeanors and even some felonies will be punished not by Washington, D.C., but by Silicon Valley. It's a slippery slope away from democracy and toward corporatocracy. In other words, in the future, law enforcement may be determined less by the Constitution and legal code, and more by end-user license agreements.

Read more of this story at Slashdot.

An EFF analysis looks at the problems with some of Google's new "Privacy Sandbox" proposals, a few of which it calls "downright dangerous": Perhaps the most fleshed-out proposal in the Sandbox is the conversion measurement API. This is trying to tackle a problem as old as online ads: how can you know whether the people clicking on an ad ultimately buy the product it advertised....? Google's ID field can contain 64 bits of information -- a number between 1 and 18 quintillion. This will allow advertisers to attach a unique ID to each and every ad impression they serve, and, potentially, to connect ad conversions with individual users. If a user interacts with multiple ads from the same advertiser around the web, these IDs can help the advertiser build a profile of the user's browsing habits. Even worse is Google's proposal for Federated Learning of Cohorts (or "FLoC").... FLoC would use Chrome users' browsing history to do clustering. At a high level, it will study browsing patterns and generate groups of similar users, then assign each user to a group (called a "flock"). At the end of the process, each browser will receive a "flock name" which identifies it as a certain kind of web user. In Google's proposal, users would then share their flock name, as an HTTP header, with everyone they interact with on the web. This is, in a word, bad for privacy. A flock name would essentially be a behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate... If the Privacy Sandbox won't actually help users, why is Google proposing all these changes? Google can probably see which way the wind is blowing. Safari's Intelligent Tracking Prevention and Firefox's Enhanced Tracking Protection have severely curtailed third-party trackers' access to data. Meanwhile, users and lawmakers continue to demand stronger privacy protections from Big Tech. While Chrome still dominates the browser market, Google might suspect that the days of unlimited access to third-party cookies are numbered. As a result, Google has apparently decided to defend its business model on two fronts. First, it's continuing to argue that third-party cookies are actually fine, and companies like Apple and Mozilla who would restrict trackers' access to user data will end up harming user privacy. This argument is absurd. But unfortunately, as long as Chrome remains the most popular browser in the world, Google will be able to single-handedly dictate whether cookies remain a viable option for tracking most users. At the same time, Google seems to be hedging its bets. The "Privacy Sandbox" proposals for conversion measurement, FLoC, and PIGIN are each aimed at replacing one of the existing ways that third-party cookies are used for targeted ads. Google is brainstorming ways to continue serving targeted ads in a post-third-party-cookie world. If cookies go the way of the pop-up ad, Google's targeting business will continue as usual. The Sandbox isn't about your privacy. It's about Google's bottom line. At the end of the day, Google is an advertising company that happens to make a browser.

Read more of this story at Slashdot.