EU

Facebook To Put 1.5 Billion Users Out of Reach of New EU Privacy Law (reuters.com) 95

An anonymous reader quotes a report from Facebook: If a new European law restricting what companies can do with people's online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company's international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union's General Data Protection Regulation (GDPR), which takes effect on May 25. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook's case could mean billions of dollars.
Censorship

Google Is Shuttering Domain Fronting, Creating a Big Problem For Anti-Censorship Tools (theverge.com) 59

"The Google App Engine is discontinuing a practice called domain fronting, which lets services use Google's network to get around state-level internet blocks," reports The Verge. While the move makes sense from a cybersecurity perspective as domain fronting is widely used by malware to evade network-based detection, it will likely frustrate app developers who use it to get around internet censorship. From the report: First spotted by Tor developers on April 13th, the change has been rolling out across Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and Psiphon's VPN services. Reached by The Verge, Google said the changes were the result of a long-planned network update. "Domain fronting has never been a supported feature at Google," a company representative said, "but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."

Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper.
We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.
Facebook

'Login With Facebook' Data Hijacked By JavaScript Trackers (techcrunch.com) 91

An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.
The Internet

Russia Admits To Blocking Millions of IP Addresses (sfgate.com) 72

It turns out, the Russian government, in its quest to block Telegram, accidentally shut down several other services as well. From a report: The chief of the Russian communications watchdog acknowledged Wednesday that millions of unrelated IP addresses have been frozen in a so-far futile attempt to block a popular messaging app. Telegram, the messaging app that was ordered to be blocked last week, was still available to users in Russia despite authorities' frantic attempts to hit it by blocking other services. The row erupted after Telegram, which was developed by Russian entrepreneur Pavel Durov, refused to hand its encryption keys to the intelligence agencies. The Russian government insists it needs them to pre-empt extremist attacks but Telegram dismissed the request as a breach of privacy. Alexander Zharov, chief of the Federal Communications Agency, said in an interview with the Izvestia daily published Wednesday that Russia is blocking 18 networks that are used by Amazon and Google and which host sites that they believe Telegram is using to circumvent the ban.
The Internet

Chrome 66 Arrives With Autoplaying Content Blocked By Default (venturebeat.com) 88

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 66 for Windows, Mac, Linux, and Android. The desktop release includes autoplaying content muted by default, security improvements, and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. In our tests, autoplaying content that is muted still plays automatically. Autoplaying content with sound, whether it has visible controls or not, and whether it is set to play on loop or not, simply does not start playing. Note that this is all encompassing -- even autoplaying content you are expecting or is the main focus of the page does not play. YouTube videos, for example, no longer start playing automatically. And in case that's not enough, or if a page somehow circumvents the autoplaying block, you can still mute whole websites.
Facebook

Facebook Admits To Tracking Users, Non-Users Off-Site (theguardian.com) 147

Facebook said in a blog post yesterday that they tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company's own site, and "improving our products and services." The statement comes as the company faces a U.S. lawsuit over a controversial facial recognition feature launched in 2011. The Guardian reports: "When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account. This is because other apps and sites don't know who is using Facebook," Facebook's product management director, David Baser, wrote. "Whether it's information from apps and websites, or information you share with other people on Facebook, we want to put you in control -- and be transparent about what information Facebook has and how it is used."

But the company's transparency has still not extended to telling non-users what it knows about them -- an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its "download your data" feature, Zuckerberg had responded he believed that to be the case. Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company's off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.

United States

Online Tax Filers Will Get Extension After IRS Payment Website Outage (cnbc.com) 39

An anonymous reader quotes a report from CNBC: The IRS will give last-minute filers additional time to file their tax returns after the page for paying their tax bills using their bank accounts crashed, Treasury Secretary Steven Mnuchin told the Associated Press. The IRS "Direct Pay" page allows filers to transfer funds from their checking or savings account to pay what they owe. As of 5 p.m. ET on April 17 -- Tax Day -- the page was still unavailable. Direct Pay is a free service. The "Payment Plan" page, where filers can pay their tax bill in installments also appears to have crashed. "I'd strongly advise folks who owe any federal taxes and cannot pay online to mail a check or money order to the IRS to the appropriate address," said Patrick Thomas, director of Notre Dame Law School's Tax Clinic. According to a TurboTax spokesperson, the IRS's technical difficulties are affecting all tax preparers and tax returns. "Taxpayers should go ahead and continue to prepare and file their taxes as normal with TurboTax," the spokesperson said. "TurboTax has uninterrupted service and is available and accepting e-filed returns," she said. "We will hold returns until the IRS is ready to begin accepting them again." H&R Block said it will continue to accept returns from filers.
Communications

What It's Like To Live in America Without Broadband Internet (vice.com) 139

Motherboard has an interesting piece which serves as a reminder that even today in every single state, a portion of the population doesn't have access to broadband, and some have no access to the internet at all. From the piece: Wilfong (an anecdote used in the story) is one of the more than 24 million Americans, or about 8 percent of the country, who don't have access to high-speed internet, according to the Federal Communications Commission (FCC) -- and that's a conservative estimate. Most of them live in rural and tribal areas, though the problem affects urban communities, too. In every single state, a portion of the population doesn't have access to broadband.

The reasons these communities have been left behind are as diverse as the areas themselves. Rural regions like Wilfong's hometown of Marlinton are not densely populated enough to get telecom companies to invest in building the infrastructure to serve them. Some areas can be labeled as "served" by telecoms even if many homes don't actually have internet access, as in Sharon Township, Michigan, just a short drive from the technology hub of Ann Arbor. Others are just really far away. These places are so geographically remote that laying cable is physically and financially prohibitive, so towns like Orleans, California, have started their own nonprofit internet services instead.

Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Movies

MPAA Silently Shut Down Its Legal Movies Search Engine (techdirt.com) 62

Back in 2015, the Motion Picture Association of America (MPAA) released its own search engine to combat the argument that people pirate films because there are too few legal alternatives. According to TorrentFreak, the search engine, WhereToWatch.com, has since been quietly shut down by the movie industry group, stating that there are plenty of other search options available today. From the report: The MPAA pulled the plug on the service a few months ago. And where the mainstream media covered its launch in detail, the shutdown received zero mentions. So why did the site fold? According to MPAA Vice President of Corporate Communications, Chris Ortman, it was no longer needed as there are many similar search engines out there. "Given the many search options commercially available today, which can be found on the MPAA website, WheretoWatch.com was discontinued at the conclusion of 2017," Ortman informs TF. "There are more than 140 lawful online platforms in the United States for accessing film and television content, and more than 460 around the world," he adds. "That is all absolutely true today, though it was also true three years ago when the site was launched," adds Techdirt. "The simple fact of the matter is that the site did little to serve any real public customer base. Yes, legal alternatives to piracy exist. Everyone knows that, just as they know that there are far too many hoops and restrictions around which to jump that have nothing to do with price. The MPAA and its client organizations have long asserted strict control over their product to the contrary of public demand. That is, and has always been, the problem. On top of all that, the MPAA showed its no better at promoting its site than it was at promoting the legal alternatives to pirating movies."
Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 421

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
The Courts

Supreme Court Set To Hear Landmark Online Sales Tax Case (gizmodo.com) 246

An anonymous reader quotes a report from Gizmodo: On Tuesday, the U.S. Supreme Court will hear arguments in a case that could at least somewhat clarify Donald Trump's complaints about Amazon "not paying internet taxes." It will also decide if those cheap deals on NewEgg are going to be less of a steal. The case concerns the state of South Dakota versus online retailers Wayfront, NewEgg, and Overstock.com in a battle over whether or not state sales tax should apply to all online transactions in the U.S., regardless of where the customer or retailer is located. It promises to have an impact on the internet's competition with brick-and-mortar retailers, as well as continue to address the ongoing legal questions surrounding real-world borders in the borderless world of online.
Businesses

New Child Protection Nonprofit Strikes Back At Sex-Negative Approach of FOSTA-SESTA (youcaring.com) 212

qirtaiba writes: When the FOSTA-SESTA online sex trafficking bill passed last month, it sailed through Congress because there were no child protection organizations that stood against it, and because no member of Congress (with the brave exceptions of Ron Wyden and Rand Paul) wanted to face re-election having opposed a bill against sex trafficking, despite its manifest flaws. In the wake of the law's passage, its real targets -- not child sex traffickers, but adult sex workers and the internet platforms used by them -- have borne the brunt of its effects. Websites like the Erotic Review and Craigslist's personals section have either shut down entirely or for U.S. users, while Backpage.com has been seized, leaving many adult sex workers in physical and financial peril.

A new child protection organization, Prostasia Foundation, has just been announced, with the aim of taking a more sex-positive approach that would allow it to push back against laws that really target porn or sex work under the guise of being child protection laws. Instead, the organization promotes a research-based approach to the prevention of child sexual abuse before it happens. From the organization's press release: "Prostasia Director Jaylen MacLaren is a former child prostitute who used a website like this to screen her clients. She now recognizes those clients as abusers, but she does not blame the website for her suffering. 'I am committed to preventing child sexual abuse, but I don't believe that this should come at the cost of civil liberties and sexual freedom,' Jaylen said. 'I have found ways to express my sexuality in consensual and cathartic ways.'" Nerea Vega Lucio, a member of the group's Advisory Council, said, 'Child protection laws need to be informed by accurate and impartial research, and ensuring that policy makers have access to such research will be a top priority for Prostasia.'"

Businesses

California Bill Would Restore, Strengthen Net Neutrality Protections (mercurynews.com) 83

An anonymous reader quotes a report from The Mercury News: With the FCC order to repeal net neutrality rules set to take effect next week, a bill that would restore those regulations in California will get its first hearing Tuesday (Warning: source may be paywalled; alternative source). SB 822, written by State Sen. Scott D. Wiener, D-San Francisco, is backed by big names including Tom Wheeler, the Obama-appointed former Federal Communications Commission chairman who wrote the 2015 Open Internet Order. Wheeler is joined by former FCC commissioners Michael Copps and Gloria Tristani in advocating for SB 822, which would in some ways be stronger than the net neutrality rules put in place under President Obama's administration after more than a decade of legal and political wrangling. Those rules required equal treatment of all internet traffic, and prohibited the establishment of internet slow and fast lanes. Wiener's bill would also prohibit "zero rating," in which internet providers exempt certain content, sites and services from data caps. In addition, it would prohibit public agencies in the state from signing contracts with ISPs that violate net neutrality principles, and call for internet service providers to be transparent about their practices and offerings.
United Kingdom

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say (bbc.com) 170

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say. BBC reports: The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign. The alert details methods used to take over essential network hardware. The attacks could be an attempt by Russia to gain a foothold for use in a future offensive, it said. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC in a statement. The alert said attacks were aimed at routers and switches that directed traffic around the net. Compromised devices were used to look at data passing through them, so Russia could scoop up valuable intellectual property, business information and other intelligence.
Security

Hackers Stole a Casino's High-Roller Database Through a Thermometer in the Lobby Fish Tank (businessinsider.com) 245

From a report: Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."

Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium. "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.

Open Source

Ask Slashdot: How Can I Make My Own Vaporware Real? 128

Long-time Slashdot reader renuk007 is a retired Unix/Linux systems programmer with the ultimate question: After retiring I started a second career as a teacher -- and I'm loving it. My problem: I designed a (I feel) wonderful new language compiler, but implementing it will take me another ten years if I have to do it part-time.

Linus Torvalds was able to leverage the enthusiasm of the Internet to make Linux exist, but 1990 was a more innocent time. How does it work today? Any thoughts?

Or, to put it another way, how can you build a community to bring your ideas to light? Leave your best thoughts and suggestions in the comments. How can you make your own vaporware real?
Social Networks

'An Apology for the Internet -- from the People Who Built It' (nymag.com) 180

"Those who designed our digital world are aghast at what they created," argues a new article in New York Magazine titled "The Internet Apologizes". Today, the most dire warnings are coming from the heart of Silicon Valley itself. The man who oversaw the creation of the original iPhone believes the device he helped build is too addictive. The inventor of the World Wide Web fears his creation is being "weaponized." Even Sean Parker, Facebook's first president, has blasted social media as a dangerous form of psychological manipulation. "God only knows what it's doing to our children's brains," he lamented recently...

The internet's original sin, as these programmers and investors and CEOs make clear, was its business model. To keep the internet free -- while becoming richer, faster, than anyone in history -- the technological elite needed something to attract billions of users to the ads they were selling. And that something, it turns out, was outrage. As Jaron Lanier, a pioneer in virtual reality, points out, anger is the emotion most effective at driving "engagement" -- which also makes it, in a market for attention, the most profitable one. By creating a self-perpetuating loop of shock and recrimination, social media further polarized what had already seemed, during the Obama years, an impossibly and irredeemably polarized country... What we're left with are increasingly divided populations of resentful users, now joined in their collective outrage by Silicon Valley visionaries no longer in control of the platforms they built.

Lanier adds that "despite all the warnings, we just walked right into it and created mass behavior-modification regimes out of our digital networks." Sean Parker, the first president of Facebook, is even quoted as saying that a social-validation feedback loop is "exactly the kind of thing that a hacker like myself would come up with, because you're exploiting a vulnerability in human psychology. The inventors, creators -- it's me, it's Mark [Zuckerberg], it's Kevin Systrom on Instagram, it's all of these people -- understood this consciously. And we did it anyway."

The article includes quotes from Richard Stallman, arguing that data privacy isn't the problem. "The problem is that these companies are collecting data about you, period. We shouldn't let them do that. The data that is collected will be abused..." He later adds that "We need a law that requires every system to be designed in a way that achieves its basic goal with the least possible collection of data... No company is so important that its existence justifies setting up a police state."

The article proposes hypothetical solutions. "Could a subscription model reorient the internet's incentives, valuing user experience over ad-driven outrage? Could smart regulations provide greater data security? Or should we break up these new monopolies entirely in the hope that fostering more competition would give consumers more options?" Some argue that the Communications Decency Act of 1996 shields internet companies from all consequences for bad actors -- de-incentivizing the need to address them -- and Marc Benioff, CEO of Salesforce, thinks the solution is new legislation. "The government is going to have to be involved. You do it exactly the same way you regulated the cigarette industry. Technology has addictive qualities that we have to address, and product designers are working to make those products more addictive. We need to rein that back."
Yahoo!

Yahoo's New Privacy Policy Allows Data-Sharing With Verizon (cnet.com) 38

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."
Crime

Jailed Kansas 'Swat' Perpetrator Sneaks Online, Threatens More 'Swats' (kansas.com) 285

An anonymous reader quotes the Wichita Eagle: Tyler Barriss -- the man charged in a swatting hoax that led to the death of an innocent Wichita man -- apparently got access to the internet from jail for at least 28 minutes [last] Friday and threatened to swat again. "How am I on the Internet if I'm in jail? Oh, because I'm an eGod, that's how," a tweet posted at 9:05 a.m. said.
Other developments in the case:
  • Another tweet from the Barriss account 19 minutes later asked who was "talking shit," warning "your ass is about to get swatted." And nine minutes later his final tweet from jail bragged, "Y'all should see how much swag I got in here." The county sheriff's office blamed an outside vendor's improper software upgrade to an inmate kiosk, arguing that 14 inmates potentially had full internet access "for less than a few hours."
  • 25-year-old Barris is still in jail facing an 11-year prison sentence, noted a Twitter user who responded to the tweets. "This will play well at sentencing when you're pretending to be remorseful and asking the judge for mercy."
  • Meanwhile, the Wichita police officer who mistakenly fired the fatal shot that killed a 28-year-old father of two will not face charges. The district attorney concluded that several of the officers closest to victim Andrew Finch thought he reached down to pull up his pants, leaving his right arm hidden from the officers, the Wichita Eagle reports. "The officer who fired the shot, along with some others, thought Finch was reaching for a gun."
  • "This shooting should not have happened," said the district attorney. "But this officer's decision was made in the context of the false call." Finch was shot 10 seconds after opening his front door, and his family's civil case against the police department is still going forward.
  • Two other gamers involved in the shooting -- including one who allegedly hired Barriss over a $1.50 bet in the game Call of Duty -- have not been charged with a crime.

Slashdot Top Deals