Social Networks

New Book Argues Silicon Valley Will Lead Us to Our Doom (sandiegouniontribune.com) 200

Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission.
The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments."

Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."
Facebook

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

KDE

KDE Plasma 5.11 Beta Released (kde.org) 58

JRiddell writes: The original and best linux desktop has a new version, KDE Plasma 5.11 beta is out. UI improvements include a redesigned System Settings and notification history. Privacy improvements include Plasma Vault, which helps you store your files securely. Progress on Wayland support continues with many people now using it as their daily setup. The full changelog can be viewed here.
Security

ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Microsoft

Windows 10 Will Soon Give Users More Control Over App Permissions (engadget.com) 76

An anonymous reader shares a report: The software giant has revealed that you'll get much more control over what apps are allowed to do with your device. Where you previously only had control over location sharing, the Fall Creators Update will ask you to grant permission before accessing all kinds of potentially sensitive hardware and software features. It'll ask to use your camera and microphone if you have a video recording app, for instance, or check before offering access to your calendar and contacts. You'll only get these prompts for apps installed after you move to the Fall Creators Update; you'll have to dive into your privacy settings to review permissions for apps you already have. Even so, it's an important boost to Windows' privacy security levels. Much as on phones, where fine-grained permissions are already fairly commonplace, you might not have to worry as much about malicious apps spamming your contacts or hijacking the camera.
Privacy

Trump Administration Sued Over Phone Searches at US Borders (reuters.com) 138

The Trump administration has engaged in an unconstitutional practice of searching without a warrant the phones and laptops of Americans who are stopped at the border, a lawsuit filed on Wednesday alleged. From a report: Ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security in federal court, saying the searches and prolonged confiscation of their electronic devices violate privacy and free speech protections of the U.S. Constitution. DHS could not be immediately reached for comment. The lawsuit comes as the number of searches of electronic devices has surged in recent years, alarming civil rights advocates.
Security

Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) 193

Equifax's data breach was colossal -- but what should happen next? The Guardian writes: The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports: Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...": We must create new, secure methods for cryptographically securing our data... These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
AI

AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) 350

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person's sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior "gaydar" when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here.
Businesses

Amazon Was Tricked By a Fake Law Firm Into Removing a Popular Product, Costing the Seller $200,000 (cnbc.com) 98

Eugene Kim, reporting for CNBC: Shortly before Amazon Prime Day in July, the owner of the Brushes4Less store on Amazon's marketplace received a suspension notice for his best-selling product, a toothbrush head replacement. The email that landed in his inbox said the product was being delisted from the site because of an intellectual property violation. In order to resolve the matter and get the product reinstated, the owner would have to contact the law firm that filed the complaint. But there was one problem: the firm didn't exist. Brushes4Less was given the contact information for an entity named Wesley & McCain in Pittsburgh. The website wesleymccain.com has profiles for five lawyers. A Google image search shows that all five actually work for the law firm Brydon, Swearengen & England in Jefferson City, Missouri. The phone number for Wesley & McCain doesn't work while the address belongs to a firm in Pittsburgh called Robb Leonard Mulvihill. The person who supposedly filed the complaint is not registered to practice law in Pennsylvania. One section on Wesley & McCain's site stole language from the website of the Colby Law Office. The owner of Brushes4Less agreed to tell his story to CNBC but asked that we not use his name out of concern for his privacy. As far as he can tell, and based on what CNBC could confirm, Amazon was duped into shutting down the seller's key product days before the site's busiest shopping event ever.
Communications

European Court Rules Companies Must Tell Employees of Email Checks (reuters.com) 103

Companies must tell employees in advance if their work email accounts are being monitored and such checks must not unduly infringe workers' privacy, the European Court of Human Rights ruled on Tuesday. From a report: In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on this issue.
Verizon

Verizon Up Offers Rewards in Exchange For Customers' Personal Information (wsj.com) 74

An anonymous reader shares a report: A new Verizon rewards program, Verizon Up, provides credits that wireless subscribers can use for concert tickets, movie premieres and phone upgrades. But it comes with a catch: Customers must give the carrier access to their web-browsing history, app usage and location data, which Verizon says it uses to personalize the rewards and deliver targeted advertising as its customers browse the web. The trade-off is part of Verizon's effort to build a digital advertising business to compete with web giants Facebook and Google, which often already possess much of the same customer information. Even though Congress earlier this year dismantled tough privacy regulations on telecommunications providers, Verizon still wants customers to opt-in to its most comprehensive advertising program, called Verizon Selects. Data collected under the program is shared with Oath, the digital-media unit Verizon created when it bought AOL and Yahoo. Since access to data from customers could make it easier to tailor ads to their liking, Verizon hopes the information will help it gain advertising revenue to offset sluggish growth in its cellular business.See a current list of Verizon plans here.
Firefox

TechRepublic: Mozilla 'Is Desperately Needed to Save the Web' (techrepublic.com) 317

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more." An anonymous reader quotes TechRepublic: Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.

The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."
Privacy

US Cops Can't Keep License Plate Data Scans Secret Without Reason, Court Rules (theregister.co.uk) 60

An anonymous reader quotes a report from The Register: Police departments cannot categorically deny access to data collected through automated license plate readers, California's Supreme Court said on Thursday -- a ruling that may help privacy advocates monitor government data practices. The ACLU Foundation of Southern California and the Electronic Frontier Foundation sought to obtain some of this data in 2012 from the Los Angeles Police Department and Sheriff's Department, but the agencies refused, on the basis that investigatory data is exempt from disclosure laws. So the following year, the two advocacy groups sued, hoping to understand more about how this data hoard is handled. The LAPD, according to court documents, collects data from 1.2 million vehicles per week and retains that data for five years. The LASD captures data from 1.7 to 1.8 million vehicles per week, which it retains for two years. The ACLU contends [PDF] that indiscriminate license plate data harvesting presents a risk to civil liberties and privacy. It argues that constant monitoring has the potential to chill rights of free speech and association and that databases of license plate numbers invite institutional abuse, not to mention security risks.
Communications

Apple Calls For FCC To Keep 'Strong, Enforceable' Net Neutrality Protections (appleinsider.com) 50

An anonymous reader quotes a report from Apple Insider: Apple has written to the U.S. Federal Communications Commission in support for the concept of net neutrality, with its four-page commentary arguing for the government agency to "retain strong, enforceable open internet protections" instead of rolling back the rules forbidding "fast lane" internet connections. "An open internet ensures that hundreds of millions of consumers get the experience they want, over the broadband connections they choose, to use the devices they love, which have become an integral part of their lives," starts the comment signed by Cynthia Hogan, Apple's Vice President of Public Policy for the Americas. Citing a "deep respect" for its customers' privacy, security, and control over personal information, Apple believes this extends to their internet connection choices as well. "What consumers do with those tools is up to them -- not Apple, and not broadband providers," the statement claims, before urging the FCC to keep advancing the key principles of net neutrality. Based on a belief of consumer choice with regards to connectivity, Apple insists broadband providers should not "block, throttle, or otherwise discriminate against lawful websites and services," and not create "paid fast lanes on the internet." Lifting current FCC bans on these restrictions could allow broadband providers to favor one service over another's, "fundamentally altering the internet as we know it today -- to the detriment of consumers, competition, and innovation." Allowing such fast lanes could result in an internet with heavily distorted competition, caused through online providers being forced to make deals or risk losing customers from providing a hampered service. Apple suggests the practice could "create artificial barriers to entry for new online services, making it harder for tomorrow's innovations to attract investment and succeed," effectively turning broadband providers into a king-maker based on its priorities.
Privacy

Uber Says It'll Stop Tracking Riders After They're Dropped Off (usatoday.com) 69

Uber is revamping privacy settings that it rolled out last fall to allow iOS users the ability to deny Uber the right to track your whereabouts. Similar tweaks are reportedly coming to the Android version of the app. USA Today reports: The new options for Uber app users are: Always (Uber is allowed to collect rider location information from the moment the app is opened until the trip ends), While Using The App (information flows to Uber while the app is visible on the screen) and Never (no info is transmitted but riders have to manually input their pick-up and drop-off locations). One of the old privacy features that gave many users pause was Uber's ability to track the whereabouts of riders up to 5 minutes after a ride was completed. Uber says the 5-minute feature was never activated on the iOS version of its app, and that it was disabled a few months after being initiated on the Android version. The company maintained that the feature was to enhance safety, but for many the option was too reminiscent of some of Uber's more notorious Big Brother tactics.

In 2016, Uber settled an investigation brought by New York's attorney general by agreeing to encrypt rider geo-location. The inquiry was sparked by reports that Uber executives had access to riders' locations, and that Uber displayed rider information in an aerial view known internally as "God View." Earlier this year, federal regulators began investigating an Uber practice known as "greyballing," which allowed engineers to take over an app and create a screen showing cars that did not really exist. The practice was used to steer regulators investigating Uber away from drivers, and was halted by Uber after being reported by The New York Times.

United States

The IRS Decides Who To Audit By Data Mining Social Media (typepad.com) 232

In America the Internal Revenue Service used to pick who got audited based on math mistakes or discrepancies with W-2 forms -- but not any more. schwit1 shares an article from the Vanderbilt Journal of Entertainment and Technology Law describing their new technique: The IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This article argues that current IRS practices, mostly unknown to the general public, are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government's data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be a panacea for the IRS's budget woes, unchecked these activities are a significant threat to privacy [PDF]. Other concerns regarding the IRS's entrance into big data are raised including the potential for political targeting, data breaches, and the misuse of such information.
While tax evasion cost the U.S.$3 trillion between 2000 and 2009, one of the report's authors argues that people should be aware âoethat what they say and do onlineâ could be used against them.
Government

On Internet Privacy, Be Very Afraid (harvard.edu) 149

Cybersecurity expert and Berkman Klein fellow Bruce Schneier talked to the Gazette about what consumers can do to protect themselves from government and corporate surveillance. From the interview: GAZETTE: After whistleblower Edward Snowden's revelations concerning the National Security Agency's (NSA) mass surveillance operation in 2013, how much has the government landscape in this field changed?
SCHNEIER: Snowden's revelations made people aware of what was happening, but little changed as a result. The USA Freedom Act resulted in some minor changes in one particular government data-collection program. The NSA's data collection hasn't changed; the laws limiting what the NSA can do haven't changed; the technology that permits them to do it hasn't changed. It's pretty much the same.
GAZETTE: Should consumers be alarmed by this?
SCHNEIER: People should be alarmed, both as consumers and as citizens. But today, what we care about is very dependent on what is in the news at the moment, and right now surveillance is not in the news. It was not an issue in the 2016 election, and by and large isn't something that legislators are willing to make a stand on. Snowden told his story, Congress passed a new law in response, and people moved on.
GAZETTE: What about corporate surveillance? How pervasive is it?
SCHNEIER: Surveillance is the business model of the internet. Everyone is under constant surveillance by many companies, ranging from social networks like Facebook to cellphone providers. This data is collected, compiled, analyzed, and used to try to sell us stuff. Personalized advertising is how these companies make money, and is why so much of the internet is free to users. We're the product, not the customer.

Privacy

Ask Slashdot: How Much of Your Online Browsing Can Advertisers See? 189

dryriver writes: We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B. Logic suggests that some kind of advertising system is following you from site A to B, and possibly onto subsequent sites C, D and E as well. Logic also suggests that this advertising system can now put together a nice long list of whatever you are looking at online. So here's the question: How much of your online browsing is "monitored" or "logged" this way by advertisers? Can there be any realistic expectation of privacy on the internet if the default behavior of advertisers is to track you as much as they can?
Government

DC Judge Approves Government Warrant For Data From Anti-Trump Website (reuters.com) 142

According to Reuters, a D.C. Superior Court judge on Thursday approved a government warrant seeking data from an anti-Trump website related to Inauguration Day protests, but he added protections to safeguard "innocent users." From the report: Chief Judge Robert Morin said DreamHost, a Los Angeles-based web-hosting company, must turn over data about visitors to the website disruptj20.org, which is a home to political activists who organized protests at the time of Donald Trump's inauguration as U.S. president in January. Morin, who will oversee review of the data, said the government must explain what protocols it will use to make sure prosecutors do not seize the data of "innocent users." Morin said at a hearing on Thursday that he recognized the tension between free speech rights and law enforcement's need to search digital records for evidence. He said he added safeguards to his order granting the government's request for information in an effort to balance those two concerns. Besides reviewing the prosecutors' privacy protocols, Morin also shortened the time frame for records to those generated from October to Inauguration Day and instructed the prosecutors to explain why anything they want to seize is germane to the investigation.
Businesses

AccuWeather Updates Its iOS App To Address Privacy Outcry (techcrunch.com) 54

Taylor Hatmaker, writing for TechCrunch: Responding to privacy concerns, AccuWeather is out with a new version of its iOS app that removes a controversial data sharing behavior. Earlier this week, security researcher Will Strafach called attention to the practice in a post and users took to Twitter to announce their intention to dump the app in droves. "AccuWeather's app employed a Software Development Kit (SDK) from a third party vendor (Reveal Mobile) that inadvertently allowed Wi-Fi router data to be transmitted to this third-party vendor," the company wrote in a statement accompanying the app update. "Once we became aware of this situation we took immediate action to verify the operation and quickly disabled the SDK from the IOS app. Our next step was to update the IOS app and remove Reveal Mobile completely."

Slashdot Top Deals