aggregator

With 25 days until Joe Biden becomes America's next president, Politico writes that throughout the US government, "From lawmakers on Capitol Hill to antitrust enforcers at the Federal Trade Commission, Washington is training its sights on the world's largest social network like never before." Biden's antitrust enforcers will take ownership of a lawsuit the FTC filed this month threatening to dismantle the sprawling company. And his staff will negotiate legislative proposals with congressional leaders who have hammered Facebook for mishandling its users' personal data and spreading hate speech and dangerous falsehoods. It's a historic moment of legislative and regulatory upheaval with profound consequences for Facebook and its Silicon Valley brethren. The Trump era opened the floodgates for Facebook detractors, who accused the world's largest social network of silencing conservatives on one side, and abetting disinformation about the U.S. election on the other. Now, under Biden, the company's critics see a prime opportunity to finally tame Facebook — for the sake of election integrity, privacy and fair play in the digital era... "It's just not a great business strategy to piss off the incoming president," said Sally Hubbard, the director of enforcement strategy at the Open Markets Institute, which has advocated for antitrust enforcement against Facebook, Google and other big tech firms. She and other tech critics are putting pressure on Biden to take a different approach than past administrations, and they already have several allies advising the transition as it prepares to take over next month... The now-president-elect has called for the internet industry's sacred legal liability protections to be revoked, specifically citing Facebook's handling of election-related misinformation. He turned heads in January when he said bluntly, "I've never been a fan of Facebook," a company whose digital reach helped propel the Obama-Biden ticket to the White House in past elections... "[I]t's certainly possible that skepticism about Facebook from the Biden team could result in a greater likelihood of antitrust scrutiny by the Justice Department and the FTC," said Matt Perault, a former Facebook public policy director who now leads Duke University's Center on Science and Technology Policy. "And it's possible that a Biden White House could use their bully pulpit to try to force changes that they can't achieve through executive action or legislation...." Republicans, too, have gripes about Facebook's handling of political speech, with some saying its lack of meaningful competition gives it the leverage to censor users' political views. After the FTC and state attorneys general announced their Facebook lawsuits this month, lawmakers from both sides of the aisle expressed support... But bipartisan frustration with tech has yet to mean lawmakers will set aside partisan differences. Both sides have been frustrated with how Facebook, Twitter and Google-owned YouTube police political content, for instance, but Democrats want more moderation and Republicans have called for less... Even with such divisions, the general animosity toward Facebook could help the anti-Facebook advocates to gain traction with the new administration. And they're pushing their agenda hard ahead of the inauguration.

Read more of this story at Slashdot.

CNN reports: US officials and private sector experts investigating the massive data breach that has rocked Washington increasingly believe the attackers were ultimately discovered because they took a more aggressive "calculated risk" that led to a possible "unforced error" as they tried to expand their access within the network they had penetrated months earlier without detection, according to a US official and two sources familiar with the situation... FireEye was tipped off to the hackers' presence when they attempt to move laterally within the firm's network, according to the sources, a move that suggested the hackers were targeting sensitive data beyond emails addresses or business records. Whether that exposure was the result of a mistake by the attackers or because they took a calculated risk remains unclear, the sources said. "At some point, you have to risk some level of exposure when you're going laterally to get after the things that you really want to get. And you're going to take calculated risks as an attacker," one source familiar with the investigation said... Now, the hackers are attempting to salvage what access they can as the US government and private sector are "burning it all down," sources said, referring to their complete overhaul of networks, which will force the attackers to find new ways of getting the information they seek. Meanwhile, US officials continue to grapple with the fallout and assess just how successful the operation was, the US official said, noting that it is clear the nation-state responsible invested significant time and resources into the effort. While the scope of the hacking campaign remains unclear, government agencies that have disclosed they were impacted have said there is no evidence to date that classified data was compromised. But the way the hackers were discovered suggests the operation was intended to steal sensitive information beyond what was available on unclassified networks and sought to establish long-standing access to various targeted networks, the sources said. The fact that FireEye — not the federal government — discovered the breach has also raised questions about why the attack went undetected at US government agencies. The article also notes FireEye's acknowledgement that the breach "occurred when the hackers, who already had an employee's credentials, used those to register their own device to FireEye's multi-factor authentication system so they could receive the employee's unique access codes."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The value of one of the world's most valuable cryptocurrencies is crashing and a recently filed SEC complaint is at the root of the free fall. According to CoinMarketCap, the XRP token's value has declined more than 42% in the past 24 hours and is down more than 63% from its 30-day high of $0.76. It now sits at just $0.27. XRP's price volatility has rivaled the most capricious of cryptocurrencies. Since reaching an all-time-high of $3.84 back in January of 2018, the coin has spent much of the past two years drifting closer and closer to pennies. In the past month, on the back of major rallies from other cryptocurrencies, XRP has seen its biggest rally in years, but those gains were all erased this week by the Ripple CEO Brad Garlinghouse's admission that the SEC was planning to file a sweeping lawsuit against the company during the current administration's final days. The SEC's fundamental argument is that XRP has always been a security and that it should have been registered with the commission from the beginning more than seven years ago. The SEC claims that the defendants in the case -- namely the company Ripple, CEO Bran Garlinghouse and executive chairman Chris Larsen -- generated more than $1.38 billion from sales of the XRP token. The company's line has been that XRP is not a security but is, in fact, a tool for financial institutions, though the coin's volatility has discouraged banks from actually adopting the token. Meanwhile, XRP is present on a number of cryptocurrency exchanges, a fact which could expand the scope of this legal complaint and affect more players in the space.

Read more of this story at Slashdot.

On Tuesday, the American Civil Liberties Union filed a new lawsuit demanding information about the FBI's Electronic Device Analysis Unit (EDAU) -- a forensic unit that the ACLU believes has been quietly breaking the iPhone's local encryption systems. The Verge reports: "The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments," the ACLU said in a statement announcing the lawsuit, "and it refuses to even acknowledge that it has information about these efforts." The FBI has made few public statements about the EDAU, but the lawsuit cites a handful of cases in which prosecutors have submitted a "Mobile Device Unlock Request" and received data from a previously locked phone. The EDAU also put in public requests for the GrayKey devices that found success unlocking a previous version of iOS. In June 2018, the ACLU filed a FOIA request for records relating to the EDAU, but the FBI has refused to confirm any records even exist. After a string of appeals within the FOIA process, the group is taking the issue to federal court, calling on the attorney general and FBI inspector general to directly intervene and make the records available. "We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said in a statement.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Intercept: Facebook is currently waging a PR campaign purporting to show that Apple is seriously injuring American small businesses through its iOS privacy features. But at the same time, according to allegations in recently unsealed court documents, Facebook has been selling them ad targeting that is unreliable to the point of being fraudulent. The documents feature internal Facebook communications in which managers appear to admit to major flaws in ad targeting capabilities, including that ads reached the intended audience less than half of the time they were shown and that data behind a targeting criterion was "all crap." Facebook says the material is presented out of context. They emerged from a suit currently seeking class-action certification in federal court. The suit was filed by the owner of Investor Village, a small business that operates a message board on financial topics. Investor Village said in court filings that it decided to buy narrowly targeted Facebook ads because it hoped to reach "highly compensated and educated investors" but "had limited resources to spend on advertising." But nearly 40 percent of the people who saw Investor Village's ad either lacked a college degree, did not make $250,000 per year, or both, the company claims. In fact, not a single Facebook user it surveyed met all the targeting criteria it had set for Facebook ads, it says. The complaint features Facebook documents indicating that the company knew its advertising capabilities were overhyped and underperformed. A "February 2016 internal memorandum" sent from an unnamed Facebook manager to Andrew Bosworth, a Zuckerberg confidant and powerful company executive who oversaw ad efforts at the time, reads, "[I]nterest precision in the US is only 41% -- that means that more than half the time we're showing ads to someone other than the advertisers' intended audience. And it is even worse internationally. We don't feel we're meeting advertisers' interest accuracy expectations today." The lawsuit goes on to quote unnamed "employees on Facebook's ad team" discussing their targeting capabilities circa June 2016. "Interest" and "behavior" are two key facets of the data dossiers Facebook compiles on us for advertisers; according to the company, the former includes things you like, "from organic food to action movies," while the latter consists of "behaviors such as prior purchases and device usage." The complaint also cites unspecified internal communications in which "[p]rivately, Facebook managers described important targeting data as 'crap' and admitted accuracy was 'abysmal.'" Facebook has said in its court filings that these quotes are presented out of context.

Read more of this story at Slashdot.

Dozens of people who say they were subjected to death threats, racial slurs, and blackmail after their in-home Ring smart cameras were hacked are suing the company over "horrific" invasions of privacy. From a report: A new class action lawsuit, which combines a number of cases filed in recent years, alleges that lax security measures at Ring, which is owned by Amazon, allowed hackers to take over their devices. Ring provides home security in the form of smart cameras that are often installed on doorbells or inside people's homes. The suit against Ring builds on previous cases, joining together complaints filed by more than 30 people in 15 families who say their devices were hacked and used to harass them. In response to these attacks, Ring "blamed the victims, and offered inadequate responses and spurious explanations," the suit alleges. The plaintiffs also claim the company has also failed to adequately update its security measures in the aftermath of such hacks.

Read more of this story at Slashdot.

Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients' before and after photos, among other details. From a report: The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack. It said it had informed the Information Commissioner of the breach. On its darknet webpage, the hacker group known as REvil said the "intimate photos of customers" were "not a completely pleasant sight." It claimed to have obtained more than 900 gigabytes of patient photographs. The Hospital Group, which is also known as the Transform Hospital Group, claims to be the UK's leading specialist weight loss and cosmetic surgery group. It has 11 clinics specialising in bariatric weight loss surgery, breast enlargements, nipple corrections and nose adjustments. The company has previously promoted itself via celebrity endorsements, although it has not done so for several years. Former Big Brother contestant Aisleyne Horgan-Wallace told Zoo magazine about her breast enhancement surgery with The Hospital Group in 2009. Atomic Kitten singer Kerry Katona, Shameless actress Tina Malone and reality TV star Joey Essex from The Only Way is Essex are also previous patients who have endorsed the clinic.

Read more of this story at Slashdot.

BMW has told Motoring Research its targeted billboard warranty adverts -- which are claimed to use number plate registration technology to tailor public adverts to BMW drivers -- do not actually draw upon vehicle warranty status. From a report: Rather, only publically available information is used. "There is no personalisation visible on the advert and no vehicle or customer data is stored or retained." The new initiative was originally claimed to focus on BMW drivers with an expired new or Approved Used warranty. Owners will receive personalised messages on electronic roadside billboards highlighting the fact they no longer have a valid warranty. They will be warned their vehicle is not covered for the cost of repairs, and invited to 'consider purchasing a BMW Insured warranty online.' The electronic billboards use Vehicle Detection Technology to pick out BMW owners with expired warranties.

Read more of this story at Slashdot.

The California Bar released data last week confirming that during its use of ExamSoft for the October Bar exam, over one-third of the nearly nine-thousand online examinees were flagged by the software. The Electronic Frontier Foundation is concerned that the exam proctoring software is incorrectly flagging students for cheating "due either to the software's technical failures or to its requirements that students have relatively new computers and access to near-broadband speeds." From the report: This is outrageous. It goes without saying that of the 3,190 applicants flagged by the software, the vast majority were not cheating. Far more likely is that, as EFF and others have said before, remote proctoring software is surveillance snake oil -- you simply can't replicate a classroom environment online, and attempting to do so via algorithms and video monitoring only causes harm. In this case, the harm is not only to the students who are rightfully upset about the implications and the lack of proper channels for redress, but to the institution of the Bar itself. While examinees have been searching for help from other examinees as well as hiring legal counsel in their attempt to defend themselves from potentially baseless claims of cheating, the California Committee of Bar Examiners has said "everything is going well" and called these results "a good thing to see" (13:30 into the video of the Committee meeting). That is not how we see it. These flags have triggered concern for hundreds, if not thousands, of test takers, most of whom had no idea that they were flagged until recently. Many only learned about the flag after receiving an official "Chapter 6 Notice" from the Bar, which is sent when an applicant is observed (supposedly) violating exam conduct rules or seen or heard with prohibited items, like a cell phone, during the exam. In a depressingly ironic introduction to the legal system, the Bar has requested that students respond to the notices within 10 days, but it would appear that none of them have been given enough information to do so, as Chapter 6 Notices contain only a short summary of the violation. These summaries are decidedly vague: "Facial view of your eyes was not within view of the camera for a prolonged period of time"; "No audible sound was detected"; "Leaving the view of the webcam outside of scheduled breaks during a remote-proctored exam." Examinees do not currently have access to the flagged videos themselves, and are not expected to receive access to them, or any other evidence against them, before they are required to submit a response. The report goes on to say that some of these flags are technical issues with ExamSoft. For example, Lenovo laptops appear to have been flagged en masse for an issue with the software's inability to access the internal microphone. Other flags are likely due to the inability of the software to correctly recognize the variability of examinees' demeanors and expressions. "We implore the California Bar to rethink its plans for remotely-proctored future exams, and to work carefully to offer clearer paths for examinees who have been flagged by these inadequate surveillance tools," the EFF says in closing. "Until then, the Bar must provide examinees who have been flagged with a fair appeals process, including sharing the videos and any other information necessary for them to defend themselves before requiring a written response."

Read more of this story at Slashdot.

Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. TorrentFreak reports: During the past 24 hours, various Twitter accounts (1,2) have been posting snippets from documents that were recently leaked from Nintendo. While there are numerous items of interest, the most shocking revelations involve Neimod, a hacker who several years ago developed exploits for the 3DS handheld console. [T]he scale of the operation, which is revealed in detail in the leaked documents, shows just how far the gaming giant was prepared to go to stop his work. For example, the leak reveals personal profiling that dug deeply into Neimod's education status, listed details of his working life, while offering evidence of physical snooping on his daily lifestyle. What time he could be found at home, who came to see him there, and even when he visited places like banks and restaurants are all included. While this kind of surveillance is creepy in its own right, additional documents reveal a detailed plan to use the gathered intelligence to physically confront Neimod in order to pressurize him into complying with the company's demands. According to Nintendo's planning, the operation would begin around April 15, 2013, with its team meeting at a local hotel to discuss and finalize their plans. Following a review of Neimod's movements of the previous week, the team would then decide where and when contact would be made -- after work or at home, for example. With an undercover investigator monitoring Neimod to discover what time he left work, Neimod was to be approached by a 'contact team,' who were instructed to approach their target "in a friendly, non-threatening, professional, and courteous manner." "Provide a business card," the instructions read. After Neimod had been engaged in conversation, the team was instructed to flatter the hacker by "acknowledging his engineering/programming aptitude." They were also told to reference his stated aim of not "facilitating piracy" with his hacks but point out Nintendo's concerns that a release of his hack could do just that. Whether Neimod complied or resisted, Nintendo prepared for both eventualities. The following slide, posted to Twitter by Eclipse-TT, shows a flow chart that begins with instructions for the "Knock and Talk Team," details a staging area, rules of engagement, and plans for what should happen when things go to plan -- or otherwise. The Nintendo "Final Enforcement Proposal" document describes a "carrot and stick" approach, with the stick being a laundry list of potential offenses committed by Neimod under Belgian law and the carrot representing a number of sweeteners that might be of interest to the hacker. If cooperation was achieved, Nintendo suggested it could refrain from filing a criminal complaint. It may also enter into a "bounty" contract with Neimod with payments made for finding and documenting exploits. Within certain parameters, his discoveries could still be announced to the public, allowing him to retain "bragging rights." This could help Nintendo's image, the company wrote.

Read more of this story at Slashdot.

Russian lawmakers have approved a range of new measures that could further stifle dissent and allow tighter restrictions on online content -- including blocking websites like YouTube and Twitter. NPR reports: One bill would allow for the blocking of foreign websites that it says "discriminate" against Russian media. A second law would allow it to levy large fines against companies that don't take down content banned in the country. A third law would establish jail terms for those convicted of making slanderous comments online or in the media. A person found guilty of slander could face up to two years in jail and be fined up to 1 million rubles (about $13,300), Reuters reports. The bills were passed by Russia's lower house, the State Duma. If they become law, as expected, they would mean that Russia could block websites like YouTube, Facebook and Twitter that label content produced by Russian state media outlets as being just that. Under the legislation, Russian authorities will be able to block or slow down such sites.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off. Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

Read more of this story at Slashdot.

chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company "back door" access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is "reviewing entities such as the Chinese manufacturer TCL." "This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world," Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled "Homeland Security and the China Challenge." As reported last month, independent researchers John Jackson -- an application security engineer for Shutter Stock -- and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL's account, the patched vulnerability was linked to a feature called "Magic Connect" and an Android APK by the name of T-Cast, which allows users to "stream user content from a mobile device." T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was "updated to resolve this issue," the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability. In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader "business advisory" cautioning against using data services and equipment from firms linked to the People's Republic of China (PRC). This advisory will highlight "numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals," Wolf said. "DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result," he said.

Read more of this story at Slashdot.

France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris. The BBC reports: The Council of State said Paris police prefect Didier Lallement should halt "without delay" drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police. Privacy rights group La Quadrature du Net (LQDN) has argued that the bill's main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was "serious doubt over the legality" of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing "impossible proof" that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities' drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France's strict lockdown rules.

Read more of this story at Slashdot.

oort99 writes: MIT Electrical Engineering graduate and California Secretary of State Alex Padilla has been selected by California governor Gavin Newsom to replace Kamala Harris. He will join Steve Daines and Martin Heinrich as one of three U.S. Senators with engineering credentials currently serving in the Senate. "Padilla, 47, the son of Mexican immigrants, will be the first Latino from the state to hold the position," notes NPR. "Padilla has been California's secretary of state since 2015. Previously, he was a state senator and Los Angeles city councilman." Since Harris was first elected in 2016, Padilla will fill the seat by appointment until 2022 when an election will be held for the next full six-year term.

Read more of this story at Slashdot.

U.S. securities regulators on Tuesday sued cryptocurrency giant Ripple, and both its CEO and executive chairman, for allegedly selling over $1.3 billion in unregistered securities. Axios reports: Ripple on Monday had publicly disclosed that the lawsuit was to be filed imminently, and said it does not believe its tokens needed to be registered. XRP, the cryptocurrency created by Ripple in 2012, has the crypto industry's third-largest market cap at around $22 billion, behind only Bitcoin and Ether. In a separate article, Axios' Dan Primack writes that this lawsuit "could put a chill on some crypto industry investment, as Ripple has no interest in settling fast and moving on." He adds: "It also could mildly complicate the upcoming IPO for Coinbase, where XRP-to-dollar activity made up 15% of trading volume over the past 30 days (per Nomics)."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday. In a written statement, Wyden's office said that Senate Finance Committee staff were briefed that the hack of the Treasury Department appears to have been a significant one, "the full depth of which isn't known." Wyden, the most senior Democrat on the committee, said that Microsoft notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury's Departmental Offices division, which is home to its top officials. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen," the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected. A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure -- a service used in many organizations so that employees can access a variety of services with a single username and password. The aide quoted Treasury officials as saying Mnuchin's inbox was not among those affected. Wyden's statement contrasts Treasury Secretary Steven Mnuchin, who told CNBC earlier in the day that "the good news is there has been no damage, nor have we seen any large amounts of information displaced." He added: "I can assure you, we are completely on top of this."

Read more of this story at Slashdot.

Gov. Andrew M. Cuomo signed a bill Tuesday suspending the use of facial recognition and other kinds of biometric technology in schools in New York, also directing a study of whether its use is appropriate in schools. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the state Education Department commissioner authorizes its use. The rule applies to both public and private schools in New York. In a statement, ACLU said. "This is a victory for student privacy and students of color, who are disproportionately harmed by this flawed and biased technology. New York has led the way, and now other states should follow."

Read more of this story at Slashdot.

Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

Read more of this story at Slashdot.

Digital rights group Fight for the Future has unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware." From a report: As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio, offer technologies that claim to fight cheating by tracking head and eye movements, without any evidence that their algorithms do anything but make students anxious (and thus perform worse). Others rely on facial recognition technology, which is itself rife with racial bias, and have regularly failed to verify the identities of students of color at various points while taking state bar exams, forcing the test to end. Proctorio is one of a few companies that has come under scrutiny from privacy groups not only for invasive surveillance, but exhaustive data extraction that collects sensitive student data including biometrics. The company is perhaps unique in its attempts to silence critics of its surveillance programs. Proctorio has deployed lawsuits to silence critics, forcing one University of British Columbia learning technology specialist to exhaust his personal and emergency savings due to a lawsuit meant to silence his online criticisms of the company. Proctorio has also targeted students and abused Twitter's DMCA takedown process to further suppress valid criticisms of its proctoring software. Further reading: Proctoring Software Company Used DMCA To Take Down a Student's Critical Tweets; and Cheating-Detection Software Provokes 'School-Surveillance Revolt'.

Read more of this story at Slashdot.