aggregator

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned. While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

Read more of this story at Slashdot.

An anonymous reader shares a report: Spanish football league La Liga has defended the privacy policy of its app after admitting it was accessing the microphone and GPS of Android users. It said it had been trying to track down venues illegally broadcasting matches, by matching audio data and phone location. The app, downloaded more than 10 million times on the Google Play Store, has been criticised by fans. La Liga said it wanted to "protect clubs and their fans from fraud." The broadcasting of football matches in public places without a paid licence cost the game an estimated 150 million euros ($177m) a year, it said. The new function was enabled on Friday, 8 June.

Read more of this story at Slashdot.

Vietnamese legislators approved a cybersecurity law on Tuesday that tightens control of the internet and global tech companies operating in the Communist-led country, raising fears of economic harm and a further crackdown on dissent. From a report: The cyber law, which takes effect on Jan. 1, 2019, requires Facebook, Google and other global technology firms to store locally "important" personal data on users in Vietnam and open offices there. The vote in the National Assembly came a day after lawmakers delayed a decision on another controversial bill that had sparked violent protests in parts of the country on the weekend. Thousands of demonstrators in cities and provinces had denounced a plan to create new economic zones for foreign investment that has fueled anti-Chinese sentiment. Some protesters had also derided the cybersecurity bill, which experts and activists say could cause economic harm and stifle online dissent.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Washington Post: Facebook pledged to continue refining its privacy practices and investigating its entanglement with Cambridge Analytica in nearly 500 pages of new information supplied to Congress and published Monday (Warning: source may be paywalled; alternative source) -- though the social giant sidestepped some of lawmakers' most critical queries. Much as it did during the hearing, Facebook told lawmakers on the Senate Judiciary Committee and the Senate Commerce Committee that it is reviewing all apps available on its platform that had access to large queries of data, a process that already has resulted in 200 suspensions. Facebook did acknowledge that its consultants embedded in 2016 presidential campaigns, including President Trump's team, "did not identify any issues involving the improper use of Facebook data in the course of their interactions with Cambridge Analytica." In another exchange, Facebook said it had provided "technical support and best practices guidance to advertisers, including Cambridge Analytica, on using Facebook's advertising tools." Facebook also pointed to new tools meant to address its privacy practices, including a feature called Clear History, which "will enable people to see the websites and apps that send us information when they use them, delete this information from their accounts, and turn off our ability to store it associated with their accounts going forward," the company said. The social network did continue to sidestep many of the lawmakers' questions and concerns. The Washington Post provides a couple examples: "Delaware Sen. Christopher A. Coons (Del.), for example, probed whether Facebook had ever learned of any application developer 'transferring or selling user data without user consent' and in violation of Facebook's policies. In response, Facebook only committed in writing that it would 'investigate all apps that it had access to large amounts of data.'" Facebook also didn't address Democratic Sen. Patrick J. Leahy's concerns. He asked Facebook to detail if the Obama campaign in 2012 had violated "any of Facebook's policies, and thereby get banned from the platform." Facebook said: "Both the Obama and Romney campaigns had access to the same tools, and no campaign received any special treatment from Facebook." You can view the nearly 500 pages of new information here.

Read more of this story at Slashdot.

Rob Riggs writes: Jarek Duda, the inventor of a compression technique called asymmetric numeral systems (ANS), dedicated the invention to the public domain. Since 2014, Facebook, Apple, and Google have all created software based on his breakthrough. Google is now trying to patent a video encoding scheme using the compression technique. The inventor is fighting Google in the European courts and has won a preliminary ruling. The fight's not over and Google is also seeking a patent with the USPTO. A Google spokesperson says Duda came up with a theoretical concept that isn't directly patentable, "while Google's lawyers are seeking to patent a specific application of that theory that reflects additional work by Google's engineers," reports Ars Technica. "But Duda says he suggested the exact technique Google is trying to patent in a 2014 email exchange with Google engineers."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: A key committee of Swedish lawmakers wants to force the country's biggest banks to handle cash in an effort to halt the nation's march toward complete cashlessness. Parliament's Riksbank committee, which is in the process of reviewing the central bank law, proposed making it mandatory for banks to offer cash withdrawals and handle daily receipts. The requirement would apply to banks that provide checking accounts and have more than 70 billion kronor ($8 billion) in deposits from the Swedish public, according to a report. The lawmakers said there needs to be "reasonable access to those services in all of Sweden," and that 99 percent of Swedes should have a maximum distance of 25 kilometers (16 miles) to the nearest cash withdrawal. The requirement doesn't state how banks should offer those services, and lenders can choose whether to use a third party, machines or over-the-counter services. The move is a response to Sweden's rapid transformation as it becomes one of the most cashless societies in the world. That's led to concerns that some people are finding it increasingly difficult to cope without access to mobile phones or bank cards. There are also fears around what would happen if the digital payments systems suddenly crashed.

Read more of this story at Slashdot.

A CNET report provides some insight on an elite K-9 search class that trains dogs to sniff out electronics, including phones, hard drives and microSD cards smaller than your thumb. From the report: Only one out of every 50 dogs tested qualifies to become an electronic storage detection, or ESD, dog, says Kerry Halligan, a K-9 instructor with the Connecticut State Police. That's because it's a lot harder to detect the telltale chemical in electronics than it is to sniff out narcotics, bombs, fire accelerants or people, she says. But Labrador retrievers like Harley, with their long snouts and big muzzles, can pick up even the faintest olfactory clues. These tech-seeking dogs are helping law enforcement find child pornography stashed in hidden hard drives, uncover concealed phones, nab white-collar evidence kept on hard drives and track calls stored on SIM cards. The most famous case occurred in 2015, when a Labrador retriever named Bear found a hidden flash drive containing child pornography in the home of former Subway spokesman Jared Fogle. The district attorney called the discovery vital to Fogle's conviction.

Read more of this story at Slashdot.

The state-run Tanzania Communications Regulatory Authority (TCRA) ordered all unregistered bloggers and online forums on Monday to suspend their websites immediately or face criminal prosecution. Several sites, including popular online discussion platform Jamiiforums, have reportedly shut down to avoid prosecution. Reuters reports: Regulations passed in March made it compulsory for bloggers and owners of other online forums such as YouTube channels to register with the government and pay up to $900 for a license. Per capita income in Tanzania is slightly below $900 a year. Digital activists say the law is part of a crackdown on dissent and free speech by the government of President John Magufuli, who was elected in 2015. Government officials argue the new rules are aimed at tackling hate speech and other online crimes, including cyberbullying and pornography. "All unregistered online content providers must be licensed before June 15. Starting from today June 11 until June 15, they are prohibited from posting any new content on their blogs, forums or online radios and televisions," the regulator said in a statement on Monday. The statement said legal action would be taken against any unregistered websites posting new content. Anyone convicted of defying the new regulations faces a fine of at least 5 million shillings ($2,200), imprisonment for a minimum 12 months, or both.

Read more of this story at Slashdot.

The U.S. Treasury imposed sanctions on three Russian individuals and five companies on Monday, saying they had worked with Moscow's military and intelligence services on ways to conduct cyber attacks against the United States and its allies. From a report: "The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russiaâ(TM)s offensive cyber capabilities," Treasury Secretary Steven Mnuchin said in a statement. "The entities designated today have directly contributed to improving Russia's cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies," Mnuchin said, using an acronym for Russia's Federal Security Service.

Read more of this story at Slashdot.

Anonymous readers share a report: As President Trump prepares to meet Kim Jong-un of North Korea to negotiate denuclearization, a challenge that has bedeviled the world for years, he is doing so without the help of a White House science adviser or senior counselor trained in nuclear physics. Mr. Trump is the first president since 1941 not to name a science adviser, a position created during World War II to guide the Oval Office on technical matters ranging from nuclear warfare to global pandemics. As a businessman and president, Mr. Trump has proudly been guided by his instincts. Nevertheless, people who have participated in past nuclear negotiations say the absence of such high-level expertise could put him at a tactical disadvantage in one of the weightiest diplomatic matters of his presidency. "You need to have an empowered senior science adviser at the table," said R. Nicholas Burns, who led negotiations with India over a civilian nuclear deal during the George W. Bush administration. "You can be sure the other side will have that." The lack of traditional scientific advisory leadership in the White House is one example of a significant change in the Trump administration: the marginalization of science in shaping United States policy. There is no chief scientist at the State Department, where science is central to foreign policy matters such as cybersecurity and global warming. Nor is there a chief scientist at the Department of Agriculture: Mr. Trump last year nominated Sam Clovis, a former talk-show host with no scientific background, to the position, but he withdrew his name and no new nomination has been made.

Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: As Facebook's privacy debacle rages on, it's interesting to look back at Mark Zuckerberg's 2012 visit to the Facebook Moscow Hack (photos, video), at which Facebook provided training in how to access the data of app users' friends and awarded prizes for apps that did so. In a 2012 video, Facebook's Simon Cross shows the Moscow crowd how they can "get a ton of other information" on Facebook users and their friends. "We now have an access token, so now let's make the same request again and see what happens," Cross explains (YouTube). "We've got a little bit more data, but now we can start doing really interesting stuff. We can get my friends. We can get some more information about one of my friends. Here's Connor, who you'll meet later. Say 'hello,' Connor. He's waving. And we can also get a ton of other information as well." Cross, ironically, was the spokesperson Facebook later tapped in 2015 to explain to the press why giving friends' data to apps was a horrible idea that had to be curtailed lest Facebook lose its users' trust. Cross told reporters that Mark Zuckerberg said one of Facebook's new slogans was 'People First', because "if people don't feel comfortable using Facebook and specifically logging in Facebook and using Facebook in apps, we don't have a platform, we don't have developers."

Read more of this story at Slashdot.

An anonymous reader quotes the Tampa Bay Times For more than a year, the state of Florida failed to conduct national background checks on tens of thousands of applications for concealed weapons permits, potentially allowing drug addicts or people with a mental illness to carry firearms in public... The employee in charge of the background checks could not log into the system, the investigator learned. The problem went unresolved until discovered by another worker in March 2017 -- meaning that for more than a year applications got approved without the required background check. During that time, which coincided with the June 12, 2016 shooting at Pulse nightclub that left 50 dead, the state saw an unprecedented spike in applications for concealed weapons permits. There were 134,000 requests for permits in the fiscal year ending in June 2015. The next 12 months broke a record, 245,000 applications, which was topped again in 2017 when the department received 275,000 applications... There are now 1.8 million concealed weapon permit holders in Florida. The employee with the login issue, who has since been fired, "told the Times she had been working in the mailroom when she was given oversight of the database in 2013. 'I didn't understand why I was put in charge of it.'"

Read more of this story at Slashdot.

Quantum computing has made it to the United States Congress. "Quantum computing is the next technological frontier that will change the world, and we cannot afford to fall behind," said Senator Kamala Harris (D-California) in a statement passed to Gizmodo. "We must act now to address the challenges we face in the development of this technology -- our future depends on it." From the report: The bill introduced by Harris in the Senate focuses on defense, calling for the creation of a consortium of researchers selected by the Chief of Naval Research and the Director of the Army Research Laboratory. The consortium would award grants, assist with research, and facilitate partnerships between the members. Another, yet-to-be-introduced bill, seen in draft form by Gizmodo, calls for a 10-year National Quantum Initiative Program to set goals and priorities for quantum computing in the US; invest in the technology; and partner with academia and industry. An office within the Department of Energy would coordinate the program. Another group would include members from the National Science Foundation, the National Institute of Standards and Technology, the Department of Energy, the office of the Director of National Intelligence to coordinate research and education activity between agencies. Furthermore, the draft bill calls for the establishment of up to five Quantum Information Science research centers, as well as two multidisciplinary National Centers for Quantum Research and Education.

Read more of this story at Slashdot.

Facebook granted a select group of companies special access to its users' records even after the point in 2015 that the company has claimed it stopped sharing such data with app developers. USA Today reports: According to the Wall Street Journal, which cited court documents, unnamed Facebook officials and other unnamed sources, Facebook made special agreements with certain companies called "whitelists," which gave them access to extra information about a user's friends. This includes data such as phone numbers and "friend links," which measure the degree of closeness between users and their friends. These deals were made separately from the company's data-sharing agreements with device manufacturers such as Huawei, which Facebook disclosed earlier this week after a New York Times report on the arrangement. Facebook said following the WSJ report it inked deals with a small number of developers that gave them access to users' friends after the more restrictive policy went into effect.

Read more of this story at Slashdot.

jwhyche writes: Beth Brunton walks around Seattle with a magenta umbrella. At 75 degrees and there not being a cloud in the sky, it gets peoples attention. What she is attempting to do is get people to sign a petition supporting Initiative 1631, known as the "Protect Washington Act." If this was to pass, Washington state would become the first state to adopt anything like a carbon tax. "The initiative proposes a 'fee on pollution' that would put a $15 charge on each metric ton of carbon dioxide emitted in Washington starting in 2020," reports Wired. "That charge would rise by $2 plus inflation every year until the state meets its climate goals, which include cutting its carbon footprint 36 percent below 2005 levels by 2035. The revenue raised would go toward investing in clean energy; protecting the air, water, and forests; and helping vulnerable communities prepare for wildfires and sea-level rise." The report mentions Washington's previous attempt at a "carbon tax" initiative, which was ultimately rejected. It would have initially charged businesses $25 per metric ton of emissions before ramping up over time.

Read more of this story at Slashdot.

Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.

Read more of this story at Slashdot.

According to The New York Times, the Department of Justice seized a New York Times reporter's phone and email records this year in an effort to probe the leaking of classified information, the first known instance of the DOJ going after a journalist's data under President Trump. The Hill reports: The Times reported Thursday that the DOJ seized years' worth of records from journalist Ali Watkins's time as a reporter at BuzzFeed News and Politico before she joined The Times in 2017 as a federal law enforcement reporter, according to the report Thursday. Watkins was alerted by a prosecutor in February that the DOJ had years of records and subscriber information from telecommunications companies such as Google and Verizon for two email accounts and a phone number belonging to her. Investigators did not receive the content of the records, according to The Times. The newspaper reported that it learned of the letter on Thursday.

Read more of this story at Slashdot.

The lower house of parliament in France has passed what it called a "detox" law for a younger generation increasingly addicted to screens. As a result, French school students will be banned from using mobile phones anywhere on school grounds starting in September. The Guardian reports: The new law bans phone-use by children in school playgrounds, at breaktimes and anywhere on school premises. Legislation passed in 2010 already states children should not use phones in class. During a parliamentary debate, lawmakers from Macron's La Republique En Marche party said banning phones in schools meant all children now had a legal "right to disconnect" from digital pressures during their school day. Some in Macron's party had initially sought to go even further, arguing that adults should set an example and the the ban should be extended to all staff in schools, making teachers surrender their phones on arrival each morning. But Macron's education minister, Jean-Michel Blanquer, brushed this aside, saying it wasn't necessary to extend the ban to teachers and staff.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: According to a paywalled survey of 1,000 UK residents by anti-piracy outfit MUSO first spotted by Torrent Freak, 60 percent of those surveyed admitted that they had illegally streamed or downloaded music, film, or TV shows sometime in the past. But the study also showed that 83 percent of those questioned try to find the content they are looking for through above board services before trying anything else. And while the study found that 86 percent of survey takers subscribe to a streaming subscription service like Netflix, that total jumped to 91 percent among those that admit to piracy. The survey found that the top reason that users pirate is the content they were looking for wasn't legally available (34 percent) was too cumbersome or difficult to access (34 percent), or wasn't affordable (35 percent). "The entertainment industry tends to envisage piracy audiences as a criminal element, and writes them off as money lost -- but they are wrong to do so," MUSO executive Paul Briley said of the study's findings. "The reality is that the majority of people who have gone through the effort of finding and accessing such unlicensed content are, first and foremost, fans -- fans who are more often than not trying to get content legally if they can," Briley added.

Read more of this story at Slashdot.

Earlier this month, we reported of a "cyber incident" that compromised the systems of Ticketfly, a large ticket distribution service. We have now learned that roughly 27 million user accounts were compromised during the attack. The information includes names, addresses, email addresses and phone numbers; thankfully, no credit/debit card info and passwords were stolen. Billboard reports: Ticketfly's website is fully back online a week after being targeted by what it describes as a "malicious cyber attack," though its mobile app for iOS remains offline "as we continue to prioritize bringing up the most critical parts of the platform first." Following the hack, the company rolled out a network of temporary venue and promoter websites so that events, including Riot Fest and Celebrate Brooklyn, could continue selling tickets. The "vast majority" of the temporary sites are now live, the firm said. All passwords for both ticket buyers and venue/promoter clients were reset following the hack, though they found no evidence that they were accessed. "It is possible, however, that hashed values of password credentials could have been accessed," the site warned. "Hashing is a way of scrambling a piece of data, making it generally incomprehensible."

Read more of this story at Slashdot.