Apple will now allow push notifications to be used for advertising, so long as users agree to receive the ads first. From a report: Apple updated its App Store guidelines today with a change to its traditionally strict restrictions around push notifications. Apple has long banned apps from using notifications for "advertising, promotions, or direct marketing purposes," but that changes today. Apps can now send marketing notifications when "customers have explicitly opted in to receive them." Users must also be able to opt out of receiving the ads.

An anonymous reader shares a report: After years of avoiding social media, drug companies are growing bolder about advertising on Facebook and other social networks, according to interviews with advertising executives, marketers, health-care privacy researchers and patient advocates. That is exposing loopholes around the way data can be used to show consumers relevant ads about their personal health, even as both social networks and pharmaceutical manufacturers disavow targeting ads to people based on their medical conditions. Ads promoting prescription drugs are popping up on Facebook for depression, HIV and cancer. Spending on Facebook mobile ads alone by pharmaceutical and health-care brands reached nearly a billion dollars in 2019, nearly tripling over two years, according to Pathmatics, an advertising analytics company. Facebook offers tools to help drug companies stay compliant with rules about disclosing safety information or reporting side effects.

But seeing an ad for a drug designed to treat a person's particular health condition in the relatively intimate setting of a social media feed -- amid pictures of friends and links to news articles -- can feel more intrusive than elsewhere online. The same opaque Facebook systems that help place an ad for a political campaign or a new shoe in a user's feed also can be used by pharmaceutical companies, allowing them to target consumers who match certain characteristics or had visited a particular website in the past. The ability of drug companies to reach people likely to have specific health conditions -- a far cry from a magazine or TV ad -- underscores how the nation's health privacy law, the Health Insurance Portability and Accountability Act (HIPAA), has not kept up with the times. HIPAA, which safeguards personal health records, typically does not cover drug companies or social media networks.

J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Coke, Pepsi, Nestle and other large companies are being sued by a California environmental group for creating a plastic pollution "nuisance" and misleading consumers about the recyclability of plastic. From a report: The suit, filed in San Mateo county superior court last week, argues that companies that sell plastic bottles and bags that end up polluting the ocean should be held accountable for damaging the environment. Earth Island Institute, which filed the lawsuit, says a significant amount of the eight to 20m tons of plastic entering the Earth's oceans annually can be traced back to a handful of companies, which rely heavily on single-use plastic packaging. The suit seeks to require these companies to pay to remediate the harm that plastic pollution has caused to the Earth and oceans. It also demands these companies stop advertising products as "recyclable," when they are, in fact, largely not recycled. "These companies should bear the responsibility for choking our ecosystem with plastic," said David Phillips, executive director of Earth Island Institute. "They know very well that this stuff is not being recycled, even though they are telling people on the labels that it is recyclable and making people feel like it's being taken care of." Further reading: Coca-Cola, Nestle, and PepsiCo Are the Top 3 Plastic Polluters on the Planet .

"It's only been a few months since we learned that The Matrix 4 was actually a real movie that was going to actually happen, and was actually going to star Keanu Reeves, and now the movie is actually filming in San Francisco..." writes Cinema Blend. "However, making things real is apparently causing real damage in the city by the bay."

NBC Bay Area reports: Filming of "The Matrix 4" brought helicopters, explosions and cars flipping in the air to San Francisco over the weekend, but it also resulted in some damage. The heat from the explosions was so intense it melted the covers of a couple building lamps and melted the plastic cover of an advertising street sign. Workers who replaced the plastic said it cost about $2,000...

Filming of "The Matrix 4" in San Francisco wraps up on Sunday.
BGR reports that a few locals shared their own videos of the filming online, including one Twitch social media analyst who found prop cars at the old Transbay terminal that "smelled freshly burnt."

One YouTube user also shared footage of what they describe as "Keanu Reeves or Stunt Double Jumping off building in San Francisco."

Amazon's Ring doorbell cameras just added two new privacy and security features "amid rising scrutiny on the company," reports The Hill, including "a second layer of authentication by requiring users to enter a one-time code shared via email or SMS when they try to log in to see the feed from their cameras starting this week...

"Until recently the company did not notify users when their accounts had been logged in to, meaning that hackers could have accessed camera feeds without owners being aware."

But CBS News reports that the changes appeared "two weeks after a study showed the company shares customers' personal information with Facebook, Google and other parties without users' consent." In late January, an Electronic Frontier Foundation (EFF) study found the company regularly shares user data with Facebook, including that of Ring users who don't have accounts on the social media platform... EFF claims the company shares a lot of other user data, including people's names, email addresses, when the doorbell app was being used, the number of devices a user has, model numbers of devices, user's unique internet addresses and more. Such information could allow third parties to know when Ring users are at home or away, and potentially target them with advertising for services based on that info...

The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements "where applicable." The spokesperson declined to clarify what "where applicable" might mean.
Evan Greer, deputy director of digital rights organization Fight for the Future, shared a skeptical response with The Hill.

"No amount of security updates will change the fact that these devices are enabling a nationwide, for-profit, surveillance empire. Amazon Ring is fundamentally incompatible with democracy and human rights."

An anonymous reader quotes a report from CNET: Google on Thursday was hit with a lawsuit by New Mexico Attorney General Hector Balderas, alleging the search giant is illegally collecting data on school children. The suit says Google is collecting the personal information through a program the company has with New Mexico's school districts, in which it provides Chromebooks and access to G Suite for Education apps for free. Those apps include Gmail, Calendar and Google Docs. The practice would run afoul of the Children's Online Privacy Protection Act, or COPPA, a federal law that regulates data collection from sites with users who are under 13 years old. The lawsuit accuses Google of collecting information on students' locations, their passwords, what websites they've visited, what they've searched for on Google and YouTube, their contact lists and voice recordings. Balderas also said in the lawsuit that Google "mined students' email accounts" and "extracted" information for advertising purposes until 2014. Google spokesman Jose Castaneda said in a statement: "These claims are factually wrong. G Suite for Education allows schools to control account access and requires that schools obtain parental consent when necessary. We do not use personal information from users in primary and secondary schools to target ads. School districts can decide how best to use Google for Education in their classrooms and we are committed to partnering with them."

An anonymous reader quotes a report from Fox Business: Facebook is slated to begin a tax trial in a San Francisco court on Tuesday, as the Internal Revenue Service tries to convince a judge the world's largest social media company owes more than $9 billion linked to its decision to shift profits to Ireland. The trial, which Facebook expects will take three to four weeks, could see top executives including hardware chief Andrew Bosworth and Chief Technology Officer Mike Schroepfer called to testify, according to a document the company filed in January. The witness list also includes Naomi Gleit and Javier Olivan, veterans of Facebook's aggressive growth team, and Chief Revenue Officer David Fischer.

The IRS argues that Facebook understated the value of the intellectual property it sold to an Irish subsidiary in 2010 while building out global operations, a move common among U.S. multinationals. Ireland has lower corporate tax rates than the United States, so the move reduced the company's tax bill. Under the arrangement, Facebook's subsidiaries pay royalties to the U.S.-based parent for access to its trademark, users and platform technologies. From 2010 to 2016, Facebook Ireland paid Facebook U.S. more than $14 billion in royalties and cost-sharing payments, according to the court filing. The company said the low valuation reflected the risks associated with Facebook's international expansion, which took place in 2010 before its IPO and the development of its most lucrative digital advertising products.

An anonymous reader shares a report from Wired: In January, all seven of the most-watched YouTube Gaming channels weren't run by happy gamers livestreaming the game du jour. They were instead recorded, autoplaying videos advertising videogame cheats and hacks, sometimes attached to sketchy, credential-vacuuming websites, according to one analytics firm. The trend has continued into this month, with five of the top seven most-watched YouTube Gaming channels last weekend advertising cheats. Take one example: As of this article's writing, a video featuring a cracking teenage boy's voice promoting an unconvincing "money glitch" in Grand Theft Auto 5 boasts 11,000 concurrent viewers. "So basically it's about glitching Rockstar's online servers and makes them send out whatever amount of money," says the voice. The video encourages Grand Theft Auto 5 players to visit a website called "Perfect Glitches," type in their gamer tag and the amount of in-game money they want -- up to $9,999,999,999 a day -- and hit "generate." But, ho -- the user must first prove that they are human by filling in their personal information on two other websites. [...] After you fill in your personal information -- anything from your address to your credit card number -- these types of sites will often turn around and sell it. Other times, sites that promise cheats or in-game money will download malware onto your computer.

While several YouTube Gaming cheat channels have disappeared since January, a couple of long-time users remain and many more keep cropping up. One particularly psychedelic channel features a 3-D cat in a Russian hat advertising free in-game money, against a background of gaudy Russian text and a scrolling chat box. Stitch from Lilo and Stitch dances on the top left corner. With 10,000 live concurrent viewers as of this article's writing, the video buoys the whole category for a somewhat niche shooter game called Standoff 2. It's unlikely that the bulk of those eyebrow-raising view numbers are real humans watching this stuff. Instead, scammers drive bot traffic to them to push the videos to the top of YouTube Gaming directories, where they can get the most exposure for the longest period of time -- a better position from which to dupe unlucky viewers. "The prevalence of these game-cheating YouTube Gaming channels with what appears to be huge numbers of bots complicates the narrative of the so-called 'platform wars' between Twitch, YouTube Gaming, Mixer, and Facebook Gaming," reports Wired in closing. "While Twitch's livestream directory might have a couple pirated sports streams or sketchy gambling streams, its top ranks aren't nearly as dominated by ads for cheats."

"If a chunk of YouTube Gaming's hours watched is due to this sort of behavior, then it may be a little longer until Twitch is knocked off its throne."

An anonymous reader quotes a report from Ars Technica: The broadband industry is suing Maine to stop a Web-browsing privacy law similar to the one killed by Congress and President Donald Trump in 2017. Industry groups claim the state law violates First Amendment protections on free speech and the Supremacy Clause of the US Constitution. The Maine law was signed by Democratic Gov. Janet Mills in June 2019 and is scheduled to take effect on July 1, 2020. It requires ISPs to get customers' opt-in consent before using or sharing sensitive data. As Mills' announcement in June said, the state law "prohibits a provider of broadband Internet access service from using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access. The legislation also prohibits a provider from refusing to serve a customer, charging a customer a penalty or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of their personal information."

Customer data protected by this law includes Web-browsing history, application-usage history, precise geolocation data, the content of customers' communications, IP addresses, device identifiers, financial and health information, and personal details used for billing. Home Internet providers and wireless carriers don't want to seek customer permission before using Web-browsing histories and similar data for advertising or other purposes. On Friday, the four major lobby groups representing the cable, telco, and wireless industries sued the state in US District Court for the District of Maine, seeking an injunction that would prevent enforcement of the law. In the lawsuit, the groups said the state law "imposes unprecedented and unduly burdensome restrictions on ISPs', and only ISPs', protected speech," while imposing no requirements on other companies that deliver services over the internet. The plaintiffs are America's Communications Association, CTIA, NCTA, and USTelecom.

The law allegedly violates the First Amendment because it "limits ISPs from advertising or marketing non-communications-related services to their customers; and prohibits ISPs from offering price discounts, rewards in loyalty programs, or other cost-saving benefits in exchange for a customer's consent to use their personal information," the lawsuit claims. As for how the Maine law violates the Supremacy Clause, the lawsuit says it's "because it allows consumers to dictate (by opting out or declining to opt in) when ISPs can use or disclose information that they must rely on to comply with federal law, rendering 'compliance with both' state and the foregoing federal laws 'impossible.'"

In its latest dystopian stab at curbing the spread of COVID-19, the Chinese government has employed two of the biggest tech giants in Asia to help it roll out a nationwide color-based tracking system to keep tabs on those suffering from coronavirus symptoms, according to a new report. From a report: Companies enlisted for this real-life sci-fi movie endeavor to contain COVID-19 -- the World Health Organization's name for the deadly coronavirus behind this global health emergency -- include Alibaba Group Holdings, Asia's largest digital advertising, e-commerce, and cloud platform as well as Tencent Holdings, one of the world's largest video game companies and the force behind the popular messaging app WeChat. As part of a collaboration with Beijing, Alipay, a payment app operated by Alibaba's subsidiary Ant Financial, recently released a new feature that sends a color-based QR code to individuals via smartphone based on their answers to an online health survey. Depending on what symptoms they've been experiencing or whether they've traveled recently, they're assigned one of three colors that's tied to their ID number. Green means the user can travel freely; yellow prompts instructions for the user to remain quarantined for seven days; and red -- used in the most severe cases -- carries a 14-day quarantine period and instructs users to regularly check-in via an Alibaba chat app.

Brian Krebs sheds light upon a new email-based extortion scheme targeting website owners serving banner ads through Google's AdSense program. "In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense account for suspicious traffic," writes Krebs. From his report: Earlier this month, KrebsOnSecurity heard from a reader who maintains several sites that receive a fair amount of traffic. The message this reader shared began by quoting from an automated email Google's systems might send if they detect your site is seeking to benefit from automated clicks. The message goes on to warn that while the targeted site's ad revenue will be briefly increased, "AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent."

The message demands $5,000 worth of bitcoin to forestall the attack. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate. The reader who shared this email said while he considered the message likely to be a baseless threat, a review of his recent AdSense traffic statistics showed that detections in his "AdSense invalid traffic report" from the past month had increased substantially. "We hear a lot about the potential for sabotage, it's extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding," Google said in a statement. "For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems."

"We have a help center on our website with tips for AdSense publishers on sabotage," the statement continues. "There's also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed."

The Free Software Foundation sent Microsoft a hard drive for Valentine's Day -- along with a petition calling for the release of the source code for Windows 7 (which is no longer supported by Microsoft): It's as easy as copying the source code, giving it a license notice, and mailing it back to us. As the author of the most popular free software license in the world, we're ready to give them all of the help we can. All they have to do is ask.

We want them to show exactly how much love they have for the "open source" software they mention in their advertising. If they really do love free software -- and we're willing to give them the benefit of the doubt -- they have the opportunity to show it to the world. We hope they're not just capitalizing on the free software development model in the most superficial and exploitative way possible: by using it as a marketing tool to fool us into thinking that they care about our freedom.

Together, we've stood up for our principles. They can reject us, or ignore us, but what they cannot do is stop us. We'll go on campaigning, until all of us are free.

Facebook said Friday that political candidates, campaigns and groups can use paid branded content across its platforms, a clarification prompted by a move from Michael Bloomberg's campaign to pay top Instagram influencers to post memes on its behalf. Axios reports: Its policy didn't explicitly state that it was OK for candidates to use branded content posts, but after hearing from various campaigns about the issue, Facebook moved to clarify its stance. Facebook has agreed that branded content should be allowed to be used by candidates, as long as the candidates are authorized and the creators disclose paid partnerships through branded content tools, according to a spokesperson.

Facebook previously prohibited political candidates and campaigns from running branded content by default because it wanted to avoid any risk that such actions could be viewed as accounts giving monetary contributions to campaigns. It's tweaking its approach now -- only in the U.S. -- because it believes that this is no longer a concern, given that it doesn't provide payments as a feature of its branded content tools. If a campaign were to buy ads to boost its branded content, then it would be subject to Facebook's advertising policies. That paid promotion would then need to be included in Facebook public, searchable political ad library for seven years.

YouTube says it paid the music industry more than $3 billion last year. "YouTube offers twin engines for revenue with advertising and subscribers, paying out more than $3 billion to the music industry last year from ads and subscriptions," YouTube CEO Susan Wojcicki wrote in a blog post Friday. From a report: The latest figure hints at how much of the Alphabet-owned company's ad revenue goes back to music industry and creators. The data has been largely unknown to investors who have wondered how much money the company is actually pocketing at the end of the day.

More than 500 browser extensions downloaded millions of times from Google's Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday. Ars Technica reports: The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions. "In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users," Kaya and Duo Security Jacob Rickerd wrote in a report. "This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users' knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store's fraud detection mechanisms."

The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves. The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections. The researchers say the campaign dates back to at least January 2019, but it's possible that the operators were active "as early as 2017."

After capturing the U.S. television market with aggressively priced Roku TVs, China's TCL wants to replicate that success with inexpensive phones, IoT devices and connected appliances -- and in the process, turn its still relatively unknown brand into a household name. In other words: TCL wants to be the next Samsung. From a report: It won't be easy. The phone market, TCL's next target, is firmly dominated by Apple and Samsung and hard to penetrate for newcomers. The company also faces headwinds from the Trump administration's ongoing trade war with China, as well as political resistance to fellow Chinese tech companies like Huawei. And while TCL's partnership with Roku has been key to building its U.S. TV business, it has also forced the company to operate with razor-thin margins as Roku cashes in on a rapidly growing advertising business that's been a newfound source of revenue for other TV manufacturers.

TCL was founded as an audiotape manufacturer in China's Guangdong province in 1981. It has since become a growing force in the consumer electronics industry, manufacturing phones, TVs and appliances that are sold worldwide under a number of brands. In 2019, TCL sold 32 million TVs globally, it recently told investors. Across all of its businesses, TCL's 2018 revenue amounted to $16.3 billion, with a net profit of $586 million. Two-thirds of TCL's TV revenue already comes from overseas, and the company is looking to grow its international business even further. TCL is set to officially enter the U.S. smartphone market under its own brand in the second quarter of this year. After spending the last few years slapping licensed names like BlackBerry on phones it manufactures, the company previewed its first line of TCL-branded handsets at CES in January. It's expected to reveal official launch dates, specs and carrier partnerships at Mobile World Congress in Barcelona later this month.

What happened when conservative activist Tom Fitton issued an inaccurate press release last week about Iowa's voter registration rolls? After being debunked by Republican state officials -- and identified as "false" by the Associated Press -- the false claims simply remained on both Facebook and Twitter.

The Associated Press reports: Fitton, founder of Judicial Watch, tweeted a report claiming that eight Iowa counties have more people registered to vote than are actually eligible to vote. [Republican] Iowa Secretary of State Paul Pate moved quickly to counter the false information... Pate tweeted a link to the secretary of state's website, for those who wanted to check the numbers. "The county population numbers you claim are way too low. Dallas County's population, according to the U.S. Census Bureau, is nearly 9,000+ more than you claim, and Johnson County's is nearly 7,000 higher," Pate tweeted.

But the false information circulated Sunday and throughout the day on social media.
One tweet was retweeted over 40,000 times. But according to another report, that was just the beginning... The claim was amplified on Twitter by Fox TV host Sean Hannity, a close confidant of President Donald Trump... Fitton admitted in an interview that he "used older statistics and census numbers to reach his conclusion," the Associated Press reported. Judicial Watch's posts were still on Twitter and Facebook as of Wednesday afternoon.

A Twitter spokesperson said the Judicial Watch tweet was "not in violation of our election integrity policy as it does not suppress voter turnout or mislead people about when, where, or how to vote." Twitter last year banned political advertising on its platform.

Facebook, which controversially allows politicians to lie in political ads, did not provide a response to this news organization's inquiry about the Judicial Watch post. Facebook's director of product management has said the firm does not fact-check political ads for truthfulness and that those ads should be regulated by the federal government, not social media companies.
The Republican Secretary of State said in a statement that the false claims "erode voter confidence in elections."

"I had an uneasy feeling about the Google commercial," writes Larry Magid in his column for the San Jose Mercury News. "But I couldn't put it into words until I read a blog post from tech strategic adviser Shelly Palmer."

In the post Palmer describes Google's Super Bowl ad as "a three-hanky, heart-tugging spot that has us eavesdropping on an elderly widower hoping that Google Assistant will help him remember the highlights of his life with his late wife." The ad is beautiful, poignant, thoughtful, sentimental, informative and... evil. It may be the most evil advertisement I've ever seen. What Google doesn't tell you about the service is what it will do with all of the extra data this widower has given it: how much better it will be able to target him, who they will be able to "sell" him to, etc., all without any warning. The service is "free" — not because the widower is the "product" that Google is selling, but because this man is a worker in the mines of Google.

Where is the product labeling? Where is the disclaimer that when you tell Google Assistant everything about the best parts of your life, the algorithm enriches your profile and Google becomes more profitable at your expense?

None of this would bother me if the ad had a disclaimer, or if the ad started with a younger relative adjusting the widower's privacy settings in advance of his experience. This was an ad designed to make people who have no idea what Google does for a living (or how Google works) give Google their private data.

I don't remember a non-political television commercial making me this angry — ever. Shame on you, Google, for this invidious attack on the uninitiated. They deserve better from you. We all do!
The ad has now also been viewed over 37 million times on YouTube. The San Jose Mercury News columnist calls it "another indication of the conflicting emotions I have when it comes to what tech companies know about us." I love that I can use Google to bring up important moments in my life, but I hate that this information is being stored in servers and being used to serve me ads, even though I admit that — if I have to look at ads — I prefer those that are relevant to those that I'm completely uninterested in. So, to borrow a word from this commercial, "remember" that free services like Google and Facebook aren't completely free. We pay with our information, our attention and — depending on how the information is used — our privacy.
Ironically, the columnist is CEO of a non-profit internet safety group that "receives financial support from Google, Facebook and other tech companies."

little1973 shares a report from The Verge: Tesla has remotely disabled driver assistance features on a used Model S after it was sold to a customer. The company now claims that the owner of the car, who purchased it from a third-party dealer -- a dealer who bought it at an auction held by Tesla itself -- "did not pay" for the features and therefore is not eligible to use them. The features were enabled when the dealer bought the car, and they were advertised as part of the package when the car was sold to its owner.

The owner in question, who Jalopnik refers to as Alec, purchased the car last December. The dealer bought the car a month earlier from a Tesla auction, with both "Enhanced Autopilot" and "Full Self Driving Mode" features intact, according to Jalopnik, which reviewed documents related to the car's ownership and sale. The dealer then listed the Model S, advertising both features. However, unbeknownst to the dealer, Tesla had independently conducted a software "audit" of the car after selling it, and disabled those features in a December update. The end result: when Alec picked up the car on December 20th, he did not have access to all its advertised features. Here's what a Tesla customer support representative told Alec: "Tesla has recent identified instances of customers being incorrectly configured for Autopilot versions that they did not pay for. Since, there was an audit done to correct these instances. Your vehicle is one of the vehicles that was incorrectly configured for Autopilot. We looked back at your purchase history and unfortunately Full-Self Driving was not a feature that you had paid for. We apologize for the confusion. If you are still interested in having those additional features we can begin the process to purchase the upgrade."

The report notes that the value of the self-driving features comes out to about $8,000.