aggregator

Google Play Gets Mandatory App Privacy Labels In April 2022

Slashdot - Your Rights Online - So, 2021-07-31 15:00
An anonymous reader quotes a report from Ars Technica: In iOS 14, Apple added a "privacy" section to the app store, requiring app developers to list the data they collect and how they use it. Google -- which was one of the biggest targets of Apple's privacy nutrition labels and delayed app updates for months to avoid complying with the policy -- is now aping the feature for Google Play. Google posted a demo of what the Google Play "Data privacy & security" section will look like, and it contains everything you'd expect if you've looked at the App Store lately. There's information on what data apps collect, whether or not the apps share the data with third parties, and how the data is stored. Developers can also explain what the data is used for and if data collection is required to use the app. The section also lists whether or not the collected data is encrypted, if the user can delete the data, and if the app follows Google's "Families" policy (meaning all the usual COPPA stuff). Google Play's privacy section will be mandatory for all developers in April 2022, and starting in October, Google says developers can start populating information in the Google Play Console "for review." Google also says that in April, all apps will need to supply a privacy policy, even if they don't collect any data. Apps that don't have an "approved" privacy section by April may have their app updates rejected or their app removed. Google says, "Developers are responsible for providing accurate and complete information in their safety section." All of this information is basically just running on the honor system, and on iOS, developers have already been caught faking their privacy labels.

Read more of this story at Slashdot.

Government Denies Blue Origin's Challenge To NASA's Lunar Lander Program

Slashdot - Your Rights Online - So, 2021-07-31 09:00
The U.S. Government Accountability Office on Friday denied protests from companies affiliated with Jeff Bezos that NASA wrongly awarded a lucrative astronaut lunar lander contract solely to Elon Musk's SpaceX. CNBC reports: "NASA did not violate procurement law or regulation when it decided to make only one award ... the evaluation of all three proposals was reasonable, and consistent with applicable procurement law, regulation, and the announcement's terms," GAO managing associate general counsel Kenneth Patton wrote in a statement. The GAO ruling backs the space agency's surprise announcement in April that NASA awarded SpaceX with a contract worth about $2.9 billion. SpaceX was competing with Blue Origin and Dynetics for what was expected to be two contracts, before NASA only awarded a single contract due to a lower-than-expected allocation for the program from Congress. NASA, in a statement, said that the GAO decision will allow the agency "to establish a timeline for the first crewed landing on the Moon in more than 50 years." "As soon as possible, NASA will provide an update on the way ahead for Artemis, the human landing system, and humanity's return to the Moon. We will continue to work with the Biden Administration and Congress to ensure funding for a robust and sustainable approach for the nation's return to the Moon in a collaborative effort with U.S. commercial partners," the U.S. space agency said. A Blue Origin spokesperson told CNBC that the company still believes "there were fundamental issues with NASA's decision, but the GAO wasn't able to address them due to their limited jurisdiction." "We'll continue to advocate for two immediate providers as we believe it is the right solution," Blue Origin said. "The Human Landing System program needs to have competition now instead of later -- that's the best solution for NASA and the best solution for our country."

Read more of this story at Slashdot.

New Android Malware Uses VNC To Spy and Steal Passwords From Victims

Slashdot - Your Rights Online - So, 2021-07-31 04:10
A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. The Hacker News reports: Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the common HTML overlay development we usually see in other Android banking Trojans: this approach usually requires a larger time and effort investment from the actors to create multiple overlays capable of tricking the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result." Vultur [...] takes advantage of accessibility permissions to capture keystrokes and leverages VNC's screen recording feature to stealthily log all activities on the phone, thus obviating the need to register a new device and making it difficult for banks to detect fraud. What's more, the malware employs ngrok, a cross-platform utility used to expose local servers behind NATs and firewalls to the public internet over secure tunnels, to provide remote access to the VNC server running locally on the phone. Additionally, it also establishes connections with a command-and-control (C2) server to receive commands over Firebase Cloud Messaging (FCM), the results of which, including extracted data and screen captures, are then transmitted back to the server. ThreatFabric's investigation also connected Vultur with another well-known piece of malicious software named Brunhilda, a dropper that utilizes the Play Store to distribute different kinds of malware in what's called a "dropper-as-a-service" (DaaS) operation, citing overlaps in the source code and C2 infrastructure used to facilitate attacks. These ties, the Amsterdam-based cybersecurity services company said, indicate Brunhilda to be a privately operating threat actor that has its own dropper and proprietary RAT Vultur.

Read more of this story at Slashdot.

Estonia Says a Hacker Downloaded 286,000 ID Photos From Government Database

Slashdot - Your Rights Online - Pt, 2021-07-30 03:40
Estonian officials said they arrested last week a local suspect who used a vulnerability to gain access to a government database and downloaded government ID photos for 286,438 Estonians. From a report: The attack took place earlier this month, and the suspect was arrested last week on July 23, Estonian police said in a press conference yesterday, July 28. The identity of the attacker was not disclosed, and he was only identified as a Tallinn-based male. Officials said the suspect discovered a vulnerability in a database managed by the Information System Authority (RIA), the Estonian government agency which manages the country's IT systems.

Read more of this story at Slashdot.

Mexico Says Officials Spent $61 Million On Pegasus Spyware

Slashdot - Your Rights Online - Pt, 2021-07-30 03:00
Mexico's top security official said Wednesday that two previous administrations spent $61 million to buy Pegasus spyware that has been implicated in government surveillance of opponents and journalists around the world. PBS reports: Public Safety Secretary Rosa Icela Rodriguez said records had been found of 31 contracts signed during the administrations of President Felipe Calderon in 2006-2012 and President Enrique Pena Nieto in 2012-18. Some contracts may have been disguised as purchases of other equipment. The government said many of the contracts with the Israeli spyware firm NSO Group were signed with front companies, which are often used in Mexico to facilitate kickbacks or avoid taxes. Last week, the government's top anti-money laundering investigator said officials from the two previous administrations had spent about $300 million in government money to purchase spyware. But that figure may reflect all spyware and surveillance purchases, or may include yet-unidentified contracts. Santiago Nieto, the head of Mexico's Financial Intelligence Unit, said the bills for programs like the Pegasus spyware appear to have included excess payments that may have been channeled back to government officials as kickbacks. Nieto said the amounts paid, and the way they were paid, suggested government corruption in an already questionable telephone tapping program that targeted journalists, activists and opposition figures, who at the time included now President Andres Manuel Lopez Obrador and his inner circle. The report notes that Mexico "had the largest list -- about 700 phone numbers -- among the thousands reportedly selected by NSO clients for potential surveillance."

Read more of this story at Slashdot.

48 Advocacy Groups Call On the FTC To Ban Amazon Surveillance

Slashdot - Your Rights Online - Cz, 2021-07-29 23:00
An anonymous reader quotes a report from Motherboard: On Thursday, a coalition of 48 civil rights and advocacy groups organized by Athena asked the Federal Trade Commission to exercise its rulemaking authority by banning corporate facial surveillance technology, banning continuous corporate surveillance of public spaces, and protecting the public from data abuse. "The harms caused by this widespread, unregulated corporate surveillance pose a direct threat to the public at large, especially for Black and brown people most often criminalized using surveillance," the coalition wrote in an open letter. "Given these dangers, we're calling on the Federal Trade Commission (FTC) to use its rulemaking authority to ban corporate use of facial surveillance technology, ban continuous surveillance in places of public accommodation, and stop industry-wide data abuse." While a number of firms offer networked surveillance devices to try and make homes "smart," the coalition uses Amazon as a case study into how dangerous corporate surveillance can become (and the sorts of abuses that can emerge) when in the hands of a dominant and anti-competitive firm. From Amazon's Ring -- which has rolled out networked surveillance doorbells and car cameras that continuously surveil public and private spaces -- to Alexa, Echo, or Sidewalk, the company has launched numerous products and services to try and convince consumers to generate as much data as possible for the company to eventually capitalize on. "Pervasive surveillance entrenches Amazon's monopoly. The corporation's unprecedented data collection feeds development of new and existing artificial intelligence products, further entrenching and enhancing its monopoly power," the coalition letter argues. From this nexus of monopolistic power and unchallenged power, the coalition draws a long list of abuses committed by Amazon that have harmed consumers, communities, and total bystanders. Ring's surveillance devices have been hacked multiple times, have leaked owners' Wi-Fi passwords, and shared locations over the Neighbors App. Vulnerabilities in Alexa risked revealing personally identifiable information, and all this takes place within the context of a lack of transparency around security protocols that force consumers to opt out of surveillance conducted without their consent. On Ring's Neighbors App, racial profiling has been gamified to encourage and escalate surveillance of "suspicious" people. The company collects personal information on children -- a potential violation of the Children's Online Privacy Protection Act -- but has also seen the adoption of its various surveillance devices increase in schools, libraries, and communities across the country. Paired with Amazon's development of deeply biased facial surveillance technology and its partnerships with the police and fire departments of over 2,000 cities, the group argues the potential for abuse outstrips a threshold anyone should be comfortable with. "This type of surveillance is illegal under the FTC Act in Section 5 and in particular the section that talks about unfair and deceptive practices," said Jane Chung, the Big Tech Accountability Advocate at Public CItizen, in an interview. "There's a list of three things that have to be true in order for a practice to be unfair and deceptive according to the FTC. Number 1: it has to cause substantial injury. Number 2: the injury can't be avoidable. And number 3: the injury isn't outweighed by benefits." "Rulemaking is needed to stop widespread systematic surveillance, discrimination, lax security, tracking of individuals, and the sharing of data. While Amazon's smart home ecosystem, facial surveillance technology, and e-learning devices provide a good case study, these rules must extend beyond this one technology corporation to include any entity collecting, using, selling, and/or sharing personal data."

Read more of this story at Slashdot.

Scarlett Johansson Sues Disney Over 'Black Widow' Streaming Release

Slashdot - Your Rights Online - Cz, 2021-07-29 20:05
Black Widow has a new enemy: the Walt Disney. From a report: Scarlett Johansson, star of the latest Marvel movie "Black Widow," filed a lawsuit Thursday in Los Angeles Superior Court against Disney, alleging her contract was breached when the media giant released the film on its Disney+ streaming service at the same time as its theatrical debut. Ms. Johansson said in the suit that her agreement with Disney's Marvel Entertainment guaranteed an exclusive theatrical release, and her salary was based in large part on the box-office performance of the film. "Disney intentionally induced Marvel's breach of the agreement, without justification, in order to prevent Ms. Johansson from realizing the full benefit of her bargain with Marvel," the suit said. The suit could be a bellwether for the entertainment industry. Major media companies are prioritizing their streaming services in pursuit of growth, and are increasingly putting their high-value content on those platforms. Those changes have significant financial implications for actors and producers, who want to ensure that growth in streaming doesn't come at their expense.

Read more of this story at Slashdot.

Nikola Founder Trevor Milton Indicted on Three Counts of Fraud

Slashdot - Your Rights Online - Cz, 2021-07-29 18:05
A federal grand jury on Thursday indicted Nikola's founder and former executive chairman, Trevor Milton, and charged the former executive three counts of fraud, the company confirmed. The grand jury charged Milton with two counts of securities fraud and wire fraud while allegedly lying about "nearly all aspects of the business." From a report: "Today's government actions are against Mr. Milton individually, and not against the company," a Nikola spokesperson said in a statement. "Nikola has cooperated with the government throughout the course of its inquiry. We remain committed to our previously announced milestones and timelines and are focused on delivering Nikola Tre battery-electric trucks later this year from the company's manufacturing facilities." The US Attorney's Office in Manhattan did not immediately return Roadshow's request for comment, but CNBC reports that Milton surrendered to authorities and will appear in court later today. Milton resigned as executive chairman of Nikola last September following an in-depth financial investigation report from Hindenburg Research. Hindenberg confirmed it took a short position on the company's stock when revealing numerous allegations against the company, including a number of falsehoods Milton presented.

Read more of this story at Slashdot.

UK Government Backs Scheme For Motorway Cables To Power Lorries

Slashdot - Your Rights Online - Śr, 2021-07-28 05:30
An anonymous reader quotes a report from The Guardian: The government will fund the design of a scheme to install overhead electric cables to power electric lorries on a motorway near Scunthorpe, as part of a series of studies on how to decarbonize road freight. The electric road system -- or e-highway -- study, will draw up plans to install overhead cables on a 20km (12.4 miles) stretch of the M180 near Scunthorpe, in Lincolnshire. If the designs are accepted and building work is funded the trucks could be on the road by 2024. The e-highway study is one of several options that will be funded, along with a study of hydrogen fuel cell trucks and battery electric lorries, the Department for Transport said on Tuesday. On the e-highway, lorries fitted with rigs called pantographs -- similar to those used by trains and trams -- would be able to tap into the electricity supply to power electric motors. Lorries would also have a smaller battery to power them over the first and last legs of the journey off the motorway. The project is led by Costain, an infrastructure construction company that also operates some UK motorways, using trucks built by Sweden's Scania and electric technology from Germany's Siemens that is already in use in smaller-scale trials there, Sweden and the US.

Read more of this story at Slashdot.

EFF Sues US Postal Office For Records About Covert Social Media Spying Program

Slashdot - Your Rights Online - Śr, 2021-07-28 04:02
The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the U.S. Postal Service and its inspection agency seeking records about a covert program to secretly comb through online posts of social media users before street protests, raising concerns about chilling the privacy and expressive activity of internet users. From the press release: Under an initiative called Internet Covert Operations Program, analysts at the U.S. Postal Inspection Service (USPIS), the Postal Service's law enforcement arm, sorted through massive amounts of data created by social media users to surveil what they were saying and sharing, according to media reports. Internet users' posts on Facebook, Twitter, Parler, and Telegraph were likely swept up in the surveillance program. USPIS has not disclosed details about the program or any records responding to EFF's FOIA request asking for information about the creation and operation of the surveillance initiative. In addition to those records, EFF is also seeking records on the program's policies and analysis of the information collected, and communications with other federal agencies, including the Department of Homeland Security (DHS), about the use of social media content gathered under the program. Media reports revealed that a government bulletin dated March 16 was distributed across DHS's state-run security threat centers, alerting law enforcement agencies that USPIS analysts monitored "significant activity regarding planned protests occurring internationally and domestically on March 20, 2021." Protests around the country were planned for that day, and locations and times were being shared on Parler, Telegram, Twitter, and Facebook, the bulletin said. "We're filing this FOIA lawsuit to shine a light on why and how the Postal Service is monitoring online speech. This lawsuit aims to protect the right to protest," said Houston Davidson, EFF public interest legal fellow. "The government has never explained the legal justifications for this surveillance. We're asking a court to order the USPIS to disclose details about this speech-monitoring program, which threatens constitutional guarantees of free expression and privacy."

Read more of this story at Slashdot.

Activision Blizzard Employees To Walk Out Following Sexual Harassment Lawsuit

Slashdot - Your Rights Online - Śr, 2021-07-28 02:02
An anonymous reader quotes a report from The Verge: Activison Blizzard employees are staging a walkout on Wednesday, July 28th in response to the company's handling of sexual harassment allegations brought by the state of California. Employees will meet outside Blizzard's main campus in Irvine at 10AM PST. "We believe that our values as employees are not being accurately reflected in the words and actions of our leadership," the organizers said in a statement. The news comes after California sued the renowned gaming studio and its publisher, saying women were subjected to constant sexual harassment and discrimination at work. One female employee allegedly died by suicide after having nude photos of her passed around the office. Following the suit, numerous employees took to Twitter to detail additional examples of harassment and discrimination. Former Blizzard president Mike Morhaime also issued a statement saying "I am extremely sorry that I failed you." The company denied the allegations, saying the lawsuit was merely "irresponsible behavior from unaccountable State bureaucrats that are driving many of the State's best businesses out of California." Employees are putting forward four demands as part of the walkout: end forced arbitration clauses in all employee contracts; implement new hiring and promotion processes to increase representation across the company; publish salary and promotion data "for all employees of all genders and ethnicities at the company"; and allow a diversity, equity, and inclusion task force to hire a third-party organization to audit the executive staff.

Read more of this story at Slashdot.

'Pharma Bro' Martin Shkreli's One-of-a-Kind Wu-Tang Clan Album Sold By US Government

Slashdot - Your Rights Online - Śr, 2021-07-28 01:20
H_Fisher writes: Only one copy exists of the Wu-Tang Clan album Once Upon a Time in Shaolin, and it was owned by "Pharma Bro" Martin Shkreli. Now, NPR reports that this album has been sold by the U.S. government to an unnamed buyer in order to pay Shkreli's civil forfeiture judgment following his conviction for securities fraud. The album, which was originally sold for $2 million, exists only as one physical CD copy. It was seized along with other assets in 2018, and while the sale price and buyer weren't identified, Shkreli's attorney says that his client has now repaid the $7.4 million forfeiture judgement.

Read more of this story at Slashdot.

Former eBay Supervisor Sentenced To 18 Months in Prison For Cyberstalking Case Targeting Natick Couple

Slashdot - Your Rights Online - Wt, 2021-07-27 22:42
A former security supervisor at eBay received an 18-month federal prison sentence Tuesday for his role in a bizarre campaign of cyberstalking aimed at a Natick couple that ran an online newsletter often critical of the e-commerce giant, authorities said. The Boston Globe: The ex-supervisor, Philip Cooke, 56, of San Jose, Cali., had pleaded guilty in US District Court in Boston in October 2020 to conspiracy to commit cyberstalking and conspiracy to tamper with a witness, legal filings show. On Tuesday, prosecutors said, he was sentenced to 18 months in prison, as well as three years of supervised release including a 12-month period of home detention. He was also ordered to pay a $15,000 fine and perform 100 hours of community service, according to the US attorney's office. Cooke was one of seven former eBay employees charged in connection with the stalking, which authorities said targeted Ina and David Steiner, a Natick couple who recently filed a federal lawsuit against the company and other parties linked to the harrassment. Rosemary Scapicchio, a prominent Boston attorney representing the couple in their civil suit, said via phone after Monday's hearing that her clients "were relieved" that Cooke received time behind bars, calling it "the first step in their pursuit of accountability" for all those involved. "There needs to be corporate accountability" as well, Scapicchio said.

Read more of this story at Slashdot.

A Grandfather Died in 'Swatting' Over His Twitter Handle, Officials Say

Slashdot - Your Rights Online - Wt, 2021-07-27 18:52
Mark Herring had a fatal heart attack after the police swarmed his house after a fake emergency call. A Tennessee man was sentenced to five years in prison in connection with the episode. From a report: Mark Herring was at home in Bethpage, Tenn., one night in April 2020 when the police swarmed his house. Someone with a British accent had called emergency services in Sumner County and reported having shot a woman in the back of the head at Mr. Herring's address. The caller had threatened to set off pipe bombs at the front and back doors if officers came, according to federal court records. When the police arrived, they drew their guns and told Mr. Herring, a 60-year-old computer programmer and grandfather of six, to come out and keep his hands visible. As he walked out, he lost his balance and fell. He was pronounced dead that same night at a nearby hospital. The cause of death was a heart attack, according to court records. Mr. Herring had been a victim of "swatting," the act of reporting a fake crime in order to provoke a heavily armed response from the police. The caller was a minor living in the United Kingdom, according to federal prosecutors. But the caller knew Mr. Herring's address because Shane Sonderman, 20, of Lauderdale County, Tenn., had posted the information online, prosecutors said. On Wednesday, Mr. Sonderman was sentenced to five years in prison after he pleaded guilty to one count of conspiracy. "The defendant was part of a chain of events," federal prosecutors said in court documents. The police "arrived prepared to take on a life and death situation," prosecutors said. "Mr. Herring died of a heart attack at gunpoint." Mr. Sonderman's lawyer, Bryan R. Huffman, said he had argued for a lesser sentence but believed five years "was fair in light of Shane's culpability." "Mr. Sonderman has expressed his remorse on multiple occasions. He has expressed his regret regarding Mr. Herring's death," Mr. Huffman said in an email on Saturday. "Mr. Sonderman's family had also expressed their remorse. There are many families affected by Shane's actions, including his own family." Mr. Herring was targeted because he refused to sell his Twitter handle, @Tennessee, according to his family and prosecutors. Smart, blunt and plain-spoken, Mr. Herring had loved computers since he was a teenager and joined Twitter in March 2007, less than a year after it started, his family said. He knew people wanted his handle, which he chose because of his love for the state, where he had been born and raised, and had rebuffed offers of $3,000 to $4,000 to sell it, his daughter Corinna Fitch, 37, said in an interview.

Read more of this story at Slashdot.

Is Your Phone Infected With Pegasus?

Slashdot - Your Rights Online - Wt, 2021-07-27 04:02
Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT. First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located. Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs. After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Read more of this story at Slashdot.

Tether Executives Said To Face Criminal Probe Into Bank Fraud

Slashdot - Your Rights Online - Wt, 2021-07-27 02:02
An anonymous reader quotes a report from Bloomberg: A U.S. probe into Tether is homing in on whether executives behind the digital token committed bank fraud, a potential criminal case that would have broad implications for the cryptocurrency market. Tether's pivotal role in the crypto ecosystem is now well known because the token is widely used to trade Bitcoin. But the Justice Department investigation is focused on conduct that occurred years ago, when Tether was in its more nascent stages. Specifically, federal prosecutors are scrutinizing whether Tether concealed from banks that transactions were linked to crypto [...]. Criminal charges would mark one of the most significant developments in the U.S. government's crackdown on virtual currencies. That's because Tether is by far the most popular stablecoin -- tokens designed to be immune to wild price swings, making them ideal for buying and selling more volatile coins. The token's importance to the market is clear: Tethers in circulation are worth about $62 billion and they underpin more than half of all Bitcoin trades. Federal prosecutors have been circling Tether since at least 2018. In recent months, they sent letters to individuals alerting them that they're targets of the investigation, one of the people said. The notices signal that a decision on whether to bring a case could be made soon, with senior Justice Department officials ultimately determining whether charges are warranted. A hallmark of Tether is that its creators have said each token is backed by one U.S. dollar, either through actual money or holdings that include commercial paper, corporate bonds and precious metals. That has triggered concerns that if lots of traders sold stable coins all at once, there could be a run on assets backstopping the tokens. Fitch Ratings has warned that such a scenario could destabilize short-term credit markets. In the course of its years-long investigation, the Justice Department has examined whether traders used Tether tokens to illegally drive up Bitcoin during an epic rally for cryptocurrencies in 2017. While it's unclear whether Tether the company was a target of that earlier review, the current focus on bank fraud suggests prosecutors may have moved on from pursuing a case tied to market manipulation. [...] Tether has already drawn the ire of regulators. In February, Bitfinex and several Tether affiliates agreed to pay $18.5 million to settle claims from New York Attorney General Letitia James that the firms hid losses and lied that each token was supported by one U.S. dollar. The companies had no access to banking in 2017, making it impossible that they had reserves backing the tokens, James said. The firms settled without admitting or denying the allegations.

Read more of this story at Slashdot.

Google Updates Timeline For Unpopular Privacy Sandbox, Which Will Kill Third-Party Cookies In Chrome By 2023

Slashdot - Your Rights Online - Wt, 2021-07-27 01:20
Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies. The Register reports: The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023." Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 -- just a couple of months away -- and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as "harmful to the web in its current form," is scheduled to end around mid-November. Google said that "extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly," so the dates are not set in stone. There is no suggestion that any of the proposals will be withdrawn; the company appears to believe it can alleviate concerns by tweaking rather than abandoning its proposals. Discussion of the various pieces is set to take place in the W3C Web Incubator Community Group (WICG), though at a FLEDGE WICG Call last week, Google's Michael Kleber, tech lead for Privacy Sandbox, suggested that the W3C would not be deciding which technologies are implemented, at least in the context of FLEDGE (formerly TURTLEDOVE), which enables auctions for personalized ads in a more private manner than today. FLEDGE is competing for attention with the Microsoft-devised PARAKEET and MaCAW. Asked by Julien Delhommeau, staff system architect at adtech company Xandr, if the WICG would get a say in whether FLEDGE or PARAKEET/MaCAW would be adopted, Kleber said: "The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers. The goal isn't to have one winner and everyone else losing -- the goal of W3C is to put out a bunch of ideas, understand the positives of each, and come to a chimera that has the most necessary features. Every browser seems to want convergence, long term, so figuring out how to make convergence happen is important." [...] According to Kleber, when asked if personalized advertising could be removed from the web, he said "while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." He made this claim on the basis that "Google makes most of its money from the ads that appear on Google Search," which do not require tracking technology.

Read more of this story at Slashdot.

Japan Pitches 'Society 5.0' To Keep Its Edge In Tech and Science

Slashdot - Your Rights Online - Wt, 2021-07-27 00:02
The Cabinet Office of Japan is co-hosting an event dedicated to "Society 5.0," a future society the government believes Japan should aspire to. Defined by the Cabinet Office as "a human-centered society [helped] by a system that highly integrates cyberspace and physical space," Society 5.0 is a concept intended to broaden the discussion of innovation from science and technology to all of socioeconomic activity. Nikkei Asia Review reports: The government has also established multiple large-scale programs to encourage companies, involved in everything from health care and mobility to energy, to invest in research and development, not only at the level of pure technology but also to bring it to a pilot level. The exhibition includes some achievements from these programs, including Cyberdyne's HAL, standing for "hybrid assistive limb," which the company claims to be the world's first "wearable cyborg." A HAL exoskeleton autonomously walks on a treadmill at the venue. When worn on a leg, HAL can read faint signals sent to muscles from the brain thanks to electrodes attached to the wearer's skin, determining the wearer's desired movements. "Even if your nerves are not connected at first, they gradually recover through the wearing of HAL, and you can eventually move your own body parts without wearing it," said a person from Cyberdyne. SkyDrive's "flying car" also attracts the attention of visitors, who can observe a full-scale model of the SD-03, which performed the first successful public manned flights of a flying car in Japan in August 2020. Co-founded by former Toyota Motor engineer Tomohiro Fukuzawa, the startup plans to offer commercial mobility service during Expo 2025, to be held in Osaka. "It is as if we are traveling to the future," said Shinji Inoue, a minister of state who heads science and technology policy, when he visited the exhibition last week. Asked by reporters how to make these cutting-edge tools an everyday reality, Inoue spoke of a need to deregulate the market when it comes to obtaining operating permits for such items. Indeed, the government acknowledges challenges in keeping up with the country's capabilities in implementing scientific progress. Digitalization initiatives, the premise for achieving Society 5.0, "could not sufficiently create new business models through data collaboration, like what we see in other countries," said a report from the Cabinet Office analyzing the previous five-year plan through fiscal 2020. Instead, the initiatives aimed at improving the efficiency of existing operations, failing to drive innovation.

Read more of this story at Slashdot.

Police Are Telling ShotSpotter To Alter Evidence From Gunshot-Detecting AI

Slashdot - Your Rights Online - Pn, 2021-07-26 23:25
An anonymous reader quotes a report from Motherboard: On May 31 last year, 25-year-old Safarain Herring was shot in the head and dropped off at St. Bernard Hospital in Chicago by a man named Michael Williams. He died two days later. Chicago police eventually arrested the 64-year-old Williams and charged him with murder (Williams maintains that Herring was hit in a drive-by shooting). A key piece of evidence in the case is video surveillance footage showing Williams' car stopped on the 6300 block of South Stony Island Avenue at 11:46 p.m. - the time and location where police say they know Herring was shot. How did they know that's where the shooting happened? Police said ShotSpotter, a surveillance system that uses hidden microphone sensors to detect the sound and location of gunshots, generated an alert for that time and place. Except that's not entirely true, according to recent court filings. That night, 19 ShotSpotter sensors detected a percussive sound at 11:46 p.m. and determined the location to be 5700 South Lake Shore Drive - a mile away from the site where prosecutors say Williams committed the murder, according to a motion filed by Williams' public defender. The company's algorithms initially classified the sound as a firework. That weekend had seen widespread protests in Chicago in response to George Floyd's murder, and some of those protesting lit fireworks. But after the 11:46 p.m. alert came in, a ShotSpotter analyst manually overrode the algorithms and "reclassified" the sound as a gunshot. Then, months later and after "post-processing," another ShotSpotter analyst changed the alert's coordinates to a location on South Stony Island Drive near where Williams' car was seen on camera. "Through this human-involved method, the ShotSpotter output in this case was dramatically transformed from data that did not support criminal charges of any kind to data that now forms the centerpiece of the prosecution's murder case against Mr. Williams," the public defender wrote in the motion. The document is what's known as a Frye motion - a request for a judge to examine and rule on whether a particular forensic method is scientifically valid enough to be entered as evidence. Rather than defend ShotSpotter's technology and its employees' actions in a Frye hearing, the prosecutors withdrew all ShotSpotter evidence against Williams. The case isn't an anomaly, and the pattern it represents could have huge ramifications for ShotSpotter in Chicago, where the technology generates an average of 21,000 alerts each year. The technology is also currently in use in more than 100 cities. Motherboard's review of court documents from the Williams case and other trials in Chicago and New York State, including testimony from ShotSpotter's favored expert witness, suggests that the company's analysts frequently modify alerts at the request of police departments - some of which appear to be grasping for evidence that supports their narrative of events.

Read more of this story at Slashdot.

Citizen is Now Paying New Yorkers To Livestream Crimes

Slashdot - Your Rights Online - Pn, 2021-07-26 21:27
Citizen, otherwise known as "the worst kind of hyperlocal app ever created," is now willing to pay people to livestream crimes around New York City. The company is reportedly hiring people in the Big Apple at a starting rate of $25 per hour to run around the city and start streaming crimes to the web in real-time. From a report: The exact nature of these hires -- including their very existence -- is being kept mostly quiet by Citizen. Any public-facing recruiting for these positions is being done on the DL; one post on JournalismJobs.com from last week sought "field team members" to work for "a tech company with user-generated content." "You will be live-streaming from your phone straight to the app, covering the event as news," the job posting read. Citizen's name was not included anywhere in the now-deleted posting, according to the New York Post. The company does not post these positions on its website, either.

Read more of this story at Slashdot.