Facebook

Facebook Accused of Conducting Mass Surveillance Through Its Apps (theguardian.com) 39

A court case in California alleges that Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones. The Guardian reports: The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years. The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

"Facebook continued to explore and implement ways to track users' location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls," one court document says. But all details about the mass surveillance scheme have been redacted on Facebook's request in Six4Three's most recent filings. Facebook claims these are confidential business matters. It has until next Tuesday to submit a claim to the court for the documents to remain sealed from public view.

The Courts

Samsung Must Pay Apple $539 Million For Infringing iPhone Design Patents, Jury Finds (cnet.com) 84

Samsung must pay Apple $539 million for infringing five patents with Android phones it sold in 2010 and 2011, a jury has found in a legal fight that dates back seven years. "The unanimous decision, in the U.S. District Court in San Jose in the heart of Silicon Valley, is just about halfway between what the two largest mobile phone makers had sought in a high-profile case that reaches back to 2011," reports CNET. From the report: The bulk of the damages payment, $533,316,606, was for infringing three Apple design patents. The remaining $5,325,050 was for infringing two utility patents. Samsung already had been found to infringe the patents, but this trial determined some of the damages. The jury's rationale isn't clear, but the figure is high enough to help cement the importance of design patents in the tech industry. Even though they only describe cosmetic elements of a product, they clearly can have a lot of value.

Samsung showed its displeasure and indicated the fight isn't over. "Today's decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages. We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers," Samsung said.

China

First Cuba, Now China? A Worker In US Embassy In China Experienced 'Abnormal' Sounds, Brain Damage (reuters.com) 118

amxcoder writes: An American citizen working at a U.S. consulate located in the Chinese city of Guangzhou has reported experiencing "abnormal" sounds (and pressures) for the past several months, starting in late 2017 until April of 2018. Upon medical evaluation, the worker has been diagnosed with mild traumatic brain injury symptoms. The U.S. embassy is conducting an investigation into the issue, and is issuing warnings to all U.S. citizens in China. The symptoms and several other similarities has drawn comparison to a similar event last year in a different U.S. embassy in Cuba. Officials can not link the two events together at this point, but the U.S. State Department is working with Chinese authorities to investigate the issue further. As a result of the Cuba acoustic "attacks," the U.S. government in October expelled 15 Cuban diplomats from the U.S. for what it said was Cuba's failure to protect staff at the U.S. embassy in Havana. Staff there reported symptoms including hearing loss, dizziness, fatigue, and cognitive issues. Canadian personnel also reported similar health symptoms.
Bug

T-Mobile Bug Let Anyone See Any Customer's Account Details (zdnet.com) 37

An anonymous reader writes: A bug in T-Mobile's website let anyone access the personal account details of any customer with just their cell phone number, ZDNet reported Thursday. The flaw, since fixed, could have been exploited by anyone who knew where to look -- a little-known T-Mobile subdomain that staff use as a customer care portal to access the company's internal tools. The subdomain -- promotool.t-mobile.com, which can be easily found on search engines -- contained a hidden API that would return T-Mobile customer data simply by adding the customer's cell phone number to the end of the web address.

Although the API is understood to be used by T-Mobile staff to look up account details, it wasn't protected with a password and could be easily used by anyone. The returned data included a customer's full name, postal address, billing account number, and in some cases information about tax identification numbers. The data also included customers' account information, such as if a bill is past-due or if the customer had their service suspended.

Privacy

Woman Says Alexa Device Recorded Her Private Conversation and Sent It To Random Contact; Amazon Confirms the Incident (kiro7.com) 255

Gary Horcher, reporting for KIRO7: A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list. "My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name. Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system. But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. '"You're being hacked.'" That person was one of her husband's employees, calling from Seattle. "We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too. In a statement, an Amazon spokesperson said, "Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."

Further reading: Amazon Admits Its AI Alexa is Creepily Laughing at People.
Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 67

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Government

Trump Cancels Singapore Summit With North Korean Leader Kim Jong Un (cnbc.com) 458

President Donald Trump has cancelled his much anticipated meeting with North Korean leader Kim Jong Un that was scheduled to take place in Singapore on June 12, he announced moments ago. In a letter to Kim, the president said; "I was very much looking forward to being there with you. Sadly, based on the tremendous anger an open hostility displayed in your most recent statement, I feel it is inappropriate, at this time to have this long-planned meeting. Therefore, please let this letter to serve to represent that the Singapore summit, for the good of both parties, but to the detriment of the world, will not take place." He added, "You talk about your nuclear capabilities, but ours are so massive and powerful that I pray to God they will never have to be used."
Crime

Gamers Involved In Fatal Wichita 'Swatting' Indicted On Federal Charges (kansas.com) 395

bricko shares a report from Kansas: A federal grand jury has indicted the man accused in Wichita's fatal swatting as well as the two gamers involved in the video game dispute that prompted the false emergency call. The 29-page indictment was unsealed Wednesday in U.S. District Court for the District of Kansas. It charges 25-year-old Tyler Barriss, who is facing state court charges including involuntary manslaughter, with false information and hoaxes, cyberstalking, threatening to kill another or damage property by fire, interstate threats, conspiracy and several counts of wire fraud, according to federal court records. One of the gamers -- 18-year-old Casey S. Viner of North College Hill, Ohio -- is charged with several counts of wire fraud, conspiracy, obstruction of justice and conspiracy to obstruct justice. The other gamer -- 19-year-old Shane M. Gaskill of Wichita -- is charged with several counts of obstruction of justice, wire fraud and conspiracy to obstruct justice.
Space

Ariane Chief Seems Frustrated With SpaceX For Driving Down Launch Costs (arstechnica.com) 152

schwit1 shares a report from Ars Technica: Like United Launch Alliance, the [France-based] Ariane Group faces pricing pressure from SpaceX, which offers launch prices as low as $62 million for its Falcon 9 rocket. It has specifically developed the Ariane 6 rocket to compete with the Falcon 9 booster. But there are a couple of problems with this. Despite efforts to cut costs, the two variants of the Ariane 6 will still cost at least 25 percent more than SpaceX's present-day prices. Moreover, the Ariane 6 will not fly until 2020 at the earliest, by which time Falcon 9 could offer significantly cheaper prices on used Falcon 9 boosters if it needed to. (The Ariane 6 rocket is entirely expendable). With this background in mind, the chief executive of Ariane Group, Alain Charmeau, gave an interview to the German publication Der Spiegel. The interview was published in German, but a credible translation can be found here. During the interview, Charmeau expressed frustration with SpaceX and attributed its success to subsidized launches for the U.S. government.

When pressed on the price pressure that SpaceX has introduced into the launch market, Charmeau's central argument is that this has only been possible because, "SpaceX is charging the U.S. government 100 million dollar per launch, but launches for European customers are much cheaper." Essentially, he says, launches for the U.S. military and NASA are subsidizing SpaceX's commercial launch business. However, the pay-for-service prices that SpaceX offers to the U.S. Department of Defense for spy satellites and cargo and crew launches for NASA are below those of what other launch companies charge. And while $100 million or more for a military launch is significantly higher than a $62 million commercial launch, government contracts come with extra restrictions, reviews, and requirements that drive up this price.

Botnet

FBI Seizes Control of Russian Botnet (thedailybeast.com) 173

The Daily Beast reports that the FBI has seized control of a key server in the Kremlin's global botnet of 500,000 hacked routers. "The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow's ability to reinfect its targets," writes Kevin Poulsen. From the report: The FBI counter-operation goes after "VPN Filter," a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim's Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The Courts

ACLU Sues ICE For License Plate Reader Contracts, Records (sfgate.com) 80

An anonymous reader quotes a report from SFGate: The American Civil Liberties Union on Wednesday sued U.S. Immigration and Customs Enforcement for records about the agency's use of license plate reader technology, after ICE apparently failed to turn over records following multiple requests. In December, ICE purchased access to two databases of ALPR data, the complaint reads. One of those databases is managed by Vigilant Solutions, which has contracts with more than two dozen Bay Area law enforcement agencies. "We believe the other is managed by Thomson Reuters," ACLU laywer Vasudha Talla said. The ACLU and other privacy advocates have expressed concern about how this data will be stored and used for civil immigration enforcement. The ACLU filed two requests under the Freedom of Information Act in March seeking records from ICE, including contracts, memos, associated communications, training materials and audit logs. Since then, ICE has not provided any records, the ACLU said in the complaint, which was filed Tuesday morning in the Northern District Court for the Northern District of California. "The excessive collection and storing of this data in databases -- which is then pooled and shared nationally -- results in a systemic monitoring that chills the exercise of constitutional rights to free speech and association, as well as essential tasks such as driving to work, picking children up from school, and grocery shopping," the complaint said. "We have essentially two concerns: one that is general to ALPR databases, and one that's specific to this situation with ICE," Talla said. "The ACLU has done a lot of work around surveillance technology and ALPR, and we're generally concerned about the aggregation of all this data about license plates paired with a time and location, stretching back for so many months and years."
Piracy

Singapore ISPs Block 53 Pirate Sites Following MPAA Legal Action (torrentfreak.com) 45

53 piracy websites, including The Pirate Bay and KickassTorrents, have been blocked in Singapore following the most sweeping action taken by copyright holders in the country in more than a decade. From a report: A new wave of blocks announced this week are the country's most significant so far, with dozens of 'pirate' sites targeted following a successful application by the MPAA earlier this year. [...] "In Singapore, these sites are responsible for a major portion of copyright infringement of films and television shows," an MPAA spokesman told The Straits Times. "This action by rights ïowners is necessary to protectï the creative industry, enabling creators to create and keep their jobs, protect their works, and ensure the continued provision of high-quality content to audienceïsï."
Facebook

Facebook Asks British Users To Submit Their Nudes as Protection Against Revenge Porn (betanews.com) 294

Mark Wilson writes: Following on from a trial in Australia, Facebook is rolling out anti-revenge porn measures to the UK. In order that it can protect British users from failing victim to revenge porn, the social network is asking them to send in naked photos of themselves. The basic premise of the idea is: send us nudes, and we'll stop others from seeing them .
Government

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks (thedailybeast.com) 119

The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

United States

NYC Transit Boss Unveils Sweeping 10-Year Subway Modernization Plan (nbcnewyork.com) 61

The Metropolitan Transportation Authority (MTA) on Wednesday unveiled a sweeping plan to modernize the city's subway system over the next 10 years. From a report: The proposal, which new New York City Transit President Andy Byford called "Fast Forward," centers on overhauling the mass transit network's signaling system -- some of which dates back to the early 20th century -- 30 years sooner than current Subway Action Plan.

But it won't come without a good bit of pain: sources told News 4 that Byford's plan would require entire lines to be taken out of service during overnight and weekend hours for extended periods. Byford -- who took over the task of running the city's subways and buses earlier this year -- said in an MTA meeting Wednesday that the work would be split into two five-year chunks. Over the first five years parts or all of the 4,5, 6, E, F, M, R, A, C, E and G lines would receive modern signaling systems. That would include the entirety of the Lexington Avenue line, which carries the 4, 5 and 6 trains and is the most-used mass transit line in the United States.

Social Networks

President Trump Can't Block People On Twitter, Court Rules (knightcolumbia.org) 365

Reader drunken_boxer777 writes: US District Judge Buchwald issued a 75-page ruling today clearly articulating why Donald Trump cannot block Twitter users, as it violates their First Amendment rights.

"Turning to the merits of plaintiffs' First Amendment claim, we hold that the speech in which they seek to engage is protected by the First Amendment and that the President and Scavino exert governmental control over certain aspects of the @realDonaldTrump account, including the interactive space of the tweets sent from the account. That interactive space is susceptible to analysis under the Supreme Court's forum doctrines, and is properly characterized as a designated public forum. The viewpoint-based exclusion of the individual plaintiffs from that designated public forum is proscribed by the First Amendment and cannot be justified by the President's personal First Amendment interests."
Further reading: Bloomberg.
United States

The US Military is Funding an Effort To Catch Deepfakes and Other AI Trickery (technologyreview.com) 70

The Department of Defense is funding a project that will try to determine whether the increasingly real-looking fake video and audio generated by artificial intelligence might soon be impossible to distinguish from the real thing -- even for another AI system. From a report: This summer, under a project funded by the Defense Advanced Research Projects Agency (DARPA), the world's leading digital forensics experts will gather for an AI fakery contest. They will compete to generate the most convincing AI-generated fake video, imagery, and audio -- and they will also try to develop tools that can catch these counterfeits automatically. The contest will include so-called "deepfakes," videos in which one person's face is stitched onto another person's body.

Rather predictably, the technology has already been used to generate a number of counterfeit celebrity porn videos. But the method could also be used to create a clip of a politician saying or doing something outrageous. DARPA's technologists are especially concerned about a relatively new AI technique that could make AI fakery almost impossible to spot automatically. Using what are known as generative adversarial networks, or GANs, it is possible to generate stunningly realistic artificial imagery.

Encryption

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 155

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

The Courts

Yelp Files New EU Complaint Against Google Over Search Dominance (ft.com) 71

Yelp has filed a complaint with the EU's antitrust watchdog against Google, arguing that the search company has abused its dominance in local search and pressuring Brussels to launch new charges against the tech giant, Financial Times reported Tuesday. From the report: European antitrust authorities fined Google $2.8B in June 2017 for favouring its own shopping service over rival offerings in its search results. Google denied wrongdoing and has appealed that decision. Now Yelp, which provides user ratings, reviews and other information about local businesses, wants Margrethe Vestager, the EU Competition Commissioner, to take action against Google for similar alleged abuse in the local search market, according to a copy of the complaint seen by the Financial Times. The move comes days after Yelp founder Jeremy Stopplelman appeared on 60 Minutes to talk about Google's search monopoly. Here's the exchange he had with reporter Steve Kroft: Jeremy Stoppelman: If I were starting out today, I would have no shot of building Yelp. That opportunity has been closed off by Google and their approach.
Steve Kroft: In what way?
Jeremy Stoppelman: Because if you provide great content in one of these categories that is lucrative to Google, and seen as potentially threatening, they will snuff you out.
Steve Kroft: What do you mean snuff you out?
Jeremy Stoppelman: They will make you disappear. They will bury you.

Businesses

Amazon Pushes Facial Recognition to Police, Prompting Outcry Over Surveillance (nytimes.com) 143

Nick Wingfield, reporting for The New York Times: In late 2016, Amazon introduced a new online service that could help identify faces and other objects in images, offering it to anyone at a low cost through its giant cloud computing division, Amazon Web Services. Not long after, it began pitching the technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos. It used a couple of early customers, like the Orlando Police Department in Florida and the Washington County Sheriff's Office in Oregon, to encourage other officials to sign up.

But now that aggressive push is putting the giant tech company at the center of an increasingly heated debate around the role of facial recognition in law enforcement. Fans of the technology see a powerful new tool for catching criminals, but detractors see an instrument of mass surveillance. On Tuesday, the American Civil Liberties Union led a group of more than two dozen civil rights organizations that asked Amazon to stop selling its image recognition system, called Rekognition, to law enforcement. The group says that the police could use it to track protesters or others whom authorities deem suspicious, rather than limiting it to people committing crimes.

Slashdot Top Deals