Privacy

Federal Appeals Court Finds Geofence Warrants Are 'Categorically' Unconstitutional (eff.org) 41

An anonymous reader quotes a report from the Electronic Frontier Foundation (EFF): In a major decision on Friday, the federal Fifth Circuit Court of Appeals held (PDF) that geofence warrants are "categorically prohibited by the Fourth Amendment." Closely following arguments EFF has made in a number of cases, the court found that geofence warrants constitute the sort of "general, exploratory rummaging" that the drafters of the Fourth Amendment intended to outlaw. EFF applauds this decision because it is essential that every person feels like they can simply take their cell phone out into the world without the fear that they might end up a criminal suspect because their location data was swept up in open-ended digital dragnet. The new Fifth Circuit case, United States v. Smith, involved an armed robbery and assault of a US Postal Service worker at a post office in Mississippi in 2018. After several months of investigation, police had no identifiable suspects, so they obtained a geofence warrant covering a large geographic area around the post office for the hour surrounding the crime. Google responded to the warrant with information on several devices, ultimately leading police to the two defendants.

On appeal, the Fifth Circuit reached several important holdings. First, it determined that under the Supreme Court's landmark ruling in Carpenter v. United States, individuals have a reasonable expectation of privacy in the location data implicated by geofence warrants. As a result, the court broke from the Fourth Circuit's deeply flawed decision last month in United States v. Chatrie, noting that although geofence warrants can be more "limited temporally" than the data sought in Carpenter, geofence location data is still highly invasive because it can expose sensitive information about a person's associations and allow police to "follow" them into private spaces. Second, the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search "the entirety" of its reserve of location data "while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result." Therefore, "the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient."

Unsurprisingly, however, the court found that in 2018, police could have relied on such a warrant in "good faith," because geofence technology was novel, and police reached out to other agencies with more experience for guidance. This means that the evidence they obtained will not be suppressed in this case.

Republicans

FBI Investigating After Trump Campaign Says It Was Hacked (thehill.com) 75

Over the weekend, former President Donald Trump's campaign said that it had been hacked, with internal documents reportedly obtained illegally by foreign sources to interfere with the 2024 election. While the Trump campaign claimed that Iran was responsible, it is unclear who exactly was behind the incident. The FBI said it was aware of the allegations and confirmed Monday that it is "investigating this matter." The Hill reports: U.S. agencies have thus far failed to comment on the claims that Iran was responsible for the hack, even as recent intelligence community reports have noted growing Iranian efforts to influence the U.S. election. "This is something we've raised for some time, raised concerns that Iranian cyber actors have been seeking to influence elections around the world including those happening in the United States," John Kirby, the White House's national security communications adviser, told reporters Monday. "These latest attempts to interfere in U.S. elections is nothing new for the Iranian regime, which from our vantage point has attempted to undermine democracies for many years now."

A report from the Office of the Director of National Intelligence released last month noted Iranian efforts designed to "fuel distrust in U.S. political institutions and increase social discord." "The IC has observed Tehran working to influence the presidential election, probably because Iranian leaders want to avoid an outcome they perceive would increase tensions with the United States. Tehran relies on vast webs of online personas and propaganda mills to spread disinformation," the report states, including being particularly active on exacerbating tensions over the Israel-Gaza conflict.

Printer

Stratasys Sues Bambu Lab Over Patents Used Widely By Consumer 3D Printers (arstechnica.com) 36

An anonymous reader quotes a report from Ars Technica: A patent lawsuit filed by one of 3D printing's most established firms against a consumer-focused upstart could have a big impact on the wider 3D-printing scene. In two complaints, (1, 2, PDF) filed in the Eastern District of Texas, Marshall Division, against six entities related to Bambu Lab, Stratasys alleges that Bambu Lab infringed upon 10 patents that it owns, some through subsidiaries like Makerbot (acquired in 2013). Among the patents cited are US9421713B2, "Additive manufacturing method for printing three-dimensional parts with purge towers," and US9592660B2, "Heated build platform and system for three-dimensional printing methods."

There are not many, if any, 3D printers sold to consumers that do not have a heated bed, which prevents the first layers of a model from cooling during printing and potentially shrinking and warping the model. "Purge towers" (or "prime towers" in Bambu's parlance) allow for multicolor printing by providing a place for the filament remaining in a nozzle to be extracted and prevent bleed-over between colors. Stratasys' infringement claims also target some fundamental technologies around force detection and fused deposition modeling (FDM) that, like purge towers, are used by other 3D-printer makers that target entry-level and intermediate 3D-printing enthusiasts.

Crime

Are Banks Doing Enough to Protect Customers from Zelle Scams? US Launches Federal Probe (yahoo.com) 82

"Zelle payments can't be reversed once they're sent," notes the Los Angeles Times — which could be why they're popular with scammers. "You can't simply stop the payment (like a check) or dispute it (like a credit card). Now, the federal regulator overseeing financial products is probing whether banks that offer Zelle to their account holders are doing enough to protect them against scams. Two major banks — JPMorgan Chase and Wells Fargo — disclosed in their security filings in the last week that they'd been contacted by the Consumer Financial Protection Bureau. According to the Wall Street Journal, which reported the filings Wednesday, the CFPB is exploring whether banks are moving quickly enough to shut down scammers' accounts and whether they're doing enough to identify and prevent scammers from signing up for accounts in the first place...

A J.D. Power survey this year found that 3% of the people who'd used Zelle said they had lost money to scammers, which was less than the average for peer-to-peer money transfer services such as Venmo, CashApp and PayPal. The chief executive of Early Warning Services, which runs Zelle, told a Senate subcommittee in July that only 0.1% of the transactions on Zelle involved a scam or fraud; in 2023, the company said, that percentage was 0.05%. But Zelle operates at such a large scale — 120 million users, 2.9 billion transactions and $806 billion transferred in 2023, according to Early Warning Services — that even a tiny percentage of scam and fraud problems translates into a large number of users and dollars... From 2022 to 2023, Zelle cut the rate of scams by nearly 50% even as the volume of transactions grew 28%, resulting in less money scammed in 2023 than in 2022, said Ben Chance, the chief fraud risk management officer for Zelle. The company didn't disclose the amounts involved, but if 0.05% of the $806 billion transferred in 2023 involved scam or fraud, that would translate to $403 million.

Do Zelle users get reimbursed for scams? Only in certain cases, and this is where the banks that offer Zelle have drawn the most heat. If you use Zelle to pay a scammer, banks say, that's a payment you authorized, so they're not obliged under law to refund your money... Some banks, such as Bank of America, say they will put a freeze on transfers by a suspected scammer as soon as a report comes in, then investigate and, if the report is substantiated, seize and return the money. But that works only if the scam is reported right away, before the scammer has the chance to withdraw the funds — which many will do immediately, said Iskander Sanchez-Rola, director of innovation at the cybersecurity company Gen.

Government

Can a Free Business Rent Program Revive San Francisco's Downtown? (yahoo.com) 95

The New York Times visits the downtown of one of America's biggest tech cities to explore San Francisco's "Vacant to Vibrant" initiative, where "city and business leaders provide free rent for up to six months" to "entrepreneurs who want to set up shop in empty spaces, many of which are on the ground floor of office buildings."

The program also offers funding for business expenses (plus technical and business permit assistance) — and it seems to be working. One cafe went on to sign a five-year lease for a space in the financial district's iconic One Embarcadero Center building — and the building's landlord says the program also resulted in another three long leases. Can the progress continue? The hope is that these pop-up operations will pay rent and sign longer leases after the free-rent period is over, and that their presence will regenerate foot traffic in the area. Some 850 entrepreneurs initially applied for a slot, and 17 businesses were chosen to occupy nine storefront spaces in the fall. Out of those businesses, seven extended their leases and now pay rent. Eleven businesses were selected in May for the program's second cohort, which started operating their storefronts this summer...

The city's office vacancy rate hit 33.7%, a record high, in the second quarter this year, according to JLL, a commercial real estate brokerage. That's one of the bleakest office markets in the nation, which has an average vacancy rate of about 22%. For the moment, however, San Francisco has a silver lining in Vacant to Vibrant. Rod Diehl, the BXP executive vice president who oversees its West Coast properties, said the pop-up strategy was good not just for local business owners to test their concepts and explore growth opportunities, but also for office leasing efforts... Beyond free rent, which is typically given for three months with a possibility for another three months, Vacant to Vibrant provides up to $12,000 to the businesses to help cover insurance and other expenses. The program also offers grants up to $5,000 for building owners to cover costs for tenant improvements in the spaces as well as for other expenses like utilities...

In addition to the Vacant to Vibrant program — which received $1 million from the city initially and is set to receive another $1 million for the current fiscal year, which began July 1 — the city is directing nearly $2 million toward a similar pop-up program. This new program would help businesses occupy larger empty spaces along Powell Street, as crime and other retail pressures have driven out several retailers, including Anthropologie, Banana Republic and Crate & Barrel, in the Union Square area.

One business owner who joined "Vacant to Vibrant" in May says they haven't decided yet whether to sign a lease. "It's not as crowded as before the pandemic." But according to the article, "she was hopeful that more businesses opening nearby would attract more people."

"In addition to filling empty storefronts, the program has the opportunity to bring in a fresher and more localized downtown shopping vibe, said Laurel Arvanitidis, director for business development at San Francisco's Office of Economic and Workplace Development." Victor Gonzalez, an entrepreneur who founded GCS Agency to stage showings for artists, is embracing the opportunity to get a foothold downtown despite the city's challenges. When he opened a storefront as part of the first Vacant to Vibrant cohort in the Financial District last year, he immediately knew that he wanted to stay there as long as possible. He has since signed a three-year lease. "San Francisco is no stranger to big booms and busts," he said. "So if we're in the midst of a bust, what's next? It's a boom. And I want to be positioned to be part of it."
Transportation

Kia and Hyundai's New Anti-Theft Software is Lowering Car-Stealing Rates (cnn.com) 43

An anonymous reader shared this report from CNN: More than a year after Hyundai and Kia released new anti-theft software updates, thefts of vehicles with the new software are falling — even as thefts overall remain astoundingly high, according to a new analysis of insurance claim data. The automakers released the updates starting last February, after a tenfold increase in thefts of certain Hyundai and Kia models in just the past three years — sparked by a series of social media posts that showed people how to steal the vehicles. "Whole vehicle" theft claims — insurance claims for the loss of the entire vehicle — are 64% lower among the Hyundai and Kia cars that have had the software upgrade, compared to cars of the same make, model and year without the upgrade, according to the Highway Loss Data Institute. "The companies' solution is extremely effective," Matt Moore, senior vice president of HLDI, an industry group backed by auto insurers, said in a statement...

Between early 2020 and the first half of 2023, thefts of Hyundai and Kia models rose more than 1,000%.

The article points out that HDLI's analysis covered 2023, and "By the end of that year, only about 30% of vehicles eligible for the security software had it installed. By now, around 61% of eligible Hyundai vehicles have the software upgrade, a Hyundai spokesperson said."

The car companies told CNN that more than 2 million Hyundai and Kia vehicles have gotten the update (part of a $200 million class action settlement reached in May of 2023).
Crime

Cyber-Heist of 2.9 Billion Personal Records Leads to Class Action Lawsuit (theregister.com) 18

"A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information," reports the Register, "which was subsequently stolen from the biz and sold on an online criminal marketplace." California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack. According to the suit, filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.

If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.

Hofmann's lawsuit says he 'believes that his personally identifiable information was scraped from non-public sources," according to the article — which adds that Hofmann "claims he never provided this sensitive info to National Public Data...

"The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals' sensitive information." Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future... Additionally, it seeks unspecified monetary relief for the data theft victims, including "actual, statutory, nominal, and consequential damages."
Government

How America's FBI Sabotaged Tech-Stealing Spies from the USSR (politico.com) 27

FBI agent Rick Smith remembered seeing that Austrian-born Silicon Valley entrepreneur one year earlier — walking into San Francisco's Soviet Consulate in the early 1980s. Their chance reunion at a bar "would sow the seeds for a major counterintelligence campaign," writes a national security journalist in Politico, describing the collaboration as "an FBI-led operation that sold the Soviet Bloc millions in secretly sabotaged U.S. hi-tech."

The Austrian was already selling American tech goods to European countries, and "By the early 1980s, the FBI knew the Soviet Union was desperate for cutting-edge American technology, like the U.S.-produced microchips then revolutionizing a vast array of digital devices, including military systems..." Moscow's spies worked assiduously to steal such dual use tech or purchase it covertly. The Soviet Union's ballistic missile programs, air defense systems, electronic spying platforms, and even space shuttles, depended on it.... But such tech-focused sanctions-evasion schemes by America's foes offer opportunities for U.S. intelligence, too — including the opportunity to launch ultra-secret sabotage campaigns to alter sensitive technologies before they reach their final destination... Working under the FBI's direction, the Austrian agreed to pose as a crook, a man willing to sell prohibited technology to the communist Eastern Bloc... [T]he FBI and the Austrian would seed faulty tech to Moscow and its allies; drain the Soviet Bloc's coffers; expose its intelligence officers and secret American conspirators; and reveal to American counterspies exactly what tech the Soviets were after...

[T]he Soviet Bloc would unknowingly purchase millions of dollars' worth of sabotaged U.S. goods. Communist spies, ignorant that they were being played, would be feted with a literal parade in a Warsaw Pact capital for their success in purchasing this forbidden technology from the West... The Austrian's connections now presented a major opportunity. The Bulgarians, and their East German and Russia allies, were going to get that forbidden tech. But not before the FBI tampered with it first...

Some of the tech was subtly altered before the Bulgarians could get their hands on it. Some was rendered completely unusable. Some of it was shipped unadulterated to keep the operation humming — and allay any suspicions from the Eastern Bloc about what might be going on. And some of it never made its way to the Bulgarians at all. In one case, the bureau intercepted a $400,000 order of computer hardware from the San Jose-based firm Proquip and shipped out 6,000 pounds of sandbags instead.... Some suffered what appeared to be "accidental" wear-and-tear during the long journey to the Eastern Bloc, recalled Ed Appel [a former senior FBI official]. Other times, the FBI would tamper with the electronics so they would experience "chance" voltage overloads once Soviet Bloc operatives plugged them in. The sabotage could also be more subtle, designed to degrade machine parts or microchips over time, or to render hi-tech tools that required intense precision slightly, if imperceptibly, inaccurate.

The article concludes that "While the Soviet Union might have imploded over three decades ago... Russia's intelligence services are still scouring the globe for prohibited U.S. tech, particularly since Moscow's February 2022 invasion of Ukraine...

"Russia has reportedly even covertly imported household items like refrigerators and washing machines to rip out the microchips within them for use in military equipment."
Crime

North Korean Group Infiltrated 100-Plus Firms with Imposter IT Pros (csoonline.com) 16

"CrowdStrike has continued doing what gave it such an expansive footprint in the first place," writes CSO Online — "detecting cyber threats and protecting its clients from them."

They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 Threat Hunting Report (released this week at the Black Hat conference). Of seven case studies presented in the report, the most daring is that of a group CrowdStrike calls Famous Chollima, an alleged DPRK-nexus group. Starting with a single incident in April 2024, CrowdStrike discovered that a group of North Koreans, posing as American workers, had been hired for multiple remote IT worker jobs in early 2023 at more than thirty US-based companies, including aerospace, defense, retail, and technology organizations.

CrowdStrike's threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools RustDesk, AnyDesk, TinyPilot, VS Code Dev Tunnels, and Google Chrome Remote Desktop. The workers leveraged these RMM tools with company network credentials, enabling numerous IP addresses to connect to victims' systems.

CrowdStrike's OverWatch hunters, a team of experts conducting analysis, hunted for RMM tooling combined with suspicious connections surfaced by the company's Falcon Identity Protection module to find more personas and additional indicators of compromise. CrowdStrike ultimately found that over 100 companies, most US-based technology entities, had hired Famous Chollima workers. The OverWatch team contacted victimized companies to inform them about potential insider threats and quickly corroborated its findings.

Thanks to Slashdot reader snydeq for sharing the news.
Google

Google Just Lost a Big Antitrust Trial. But Now It Has To Face Yet Another.One (yahoo.com) 35

Google's loss in an antitrust trial is just the beginning. According to Yahoo Finance's senior legal reporter, Google now also has to defend itself "against another perilous antitrust challenge that could inflict more damage." Starting in September, the tech giant will square off against federal prosecutors and a group of states claiming that Google abused its dominance of search advertising technology that is used to sell, buy, and broker advertising space online... Juggling simultaneous defenses "will definitely create a strain on its resources, productivity, and most importantly, attention at the most senior levels," said David Olson, associate professor at Boston College Law School.... The two cases targeting Google have the potential to inflict major damage to an empire amassed over the last two decades.

The second case that begins next month began with a lawsuit filed in the US District Court for the Eastern District of Virginia by the Justice Department and eight states in December 2020... Prosecutors allege that since at least 2015 Google has thwarted meaningful competition and deterred innovation through its ownership of the entities and software that power the online advertising technology market. Google owns most of the technology to buy, sell, and serve advertisements online... Google's share of the US and global advertising markets — when measured either by revenue or impressions — exceeded 90% for "many years," according to the complaint.

The government prosecutors accused Google of siphoning off $0.35 of each advertising dollar that flowed through its ad tech tools.

Thanks to Slashdot reader ZipNada for sharing the article.
Power

DARPA Wants To Bypass the Thermal Middleman In Nuclear Power Systems (ans.org) 45

The Defense Advanced Research Projects Agency (DARPA) is exploring the possibility of directly converting radiation from nuclear reactors into electricity using radiovoltaics, a technology that could potentially revolutionize nuclear power generation by moving beyond traditional steam turbine methods. The agency is requesting information and suggestions on this topic in an RFI released on August 1st. Nuclear News reports: There's got to be a better way": Methods to convert the energy of nuclear fission reactions and the decay of radioisotopes into electricity have not evolved since the invention of radioisotope power systems and fission reactors over 70 years ago and remain unoptimized," the RFI says. They rely on thermal heat transfer, and "in each step of this indirect conversion method neutrons, heat, and energy are lost to the shielding material, working fluid, and other system materials." Advanced reactor designs that use alternative coolants, including helium, sodium, and salts, would still use what DARPA calls "heritage nuclear power conversion technology" with water and steam as the working fluids, as would the fusion power plants being planned today.

Why now? Tabitha Dodson, the program manager for DARPA DSO, which is launching the RFI, told Nuclear News that "two big things" are driving the interest. "One is the extreme surge of investment in small and advanced nuclear technologies, such as in fusion and space reactors, which do not have a concurrent pairing of advanced power generation methods that doesn't involve liquid-based heat transfer," she said. "Next, there has been an order of magnitude improvement in radiation tolerance and efficiency for voltaics in recent years with encouraging performance that indicates radiovoltaics could scale up as an array usable in nuclear reactors." [...]

What is the ask?: The RFI asks: "Is it possible to achieve [a] direct energy conversion nuclear power system, ranging in power from 10s of watts electric (We) to 100s of kWe?" DARPA wants information "on the potential to improve specific power greater than 1 We/kg conversion from watts-thermal per radiation emission product," and information on the potential to improve damage tolerance of the voltaic to nuclear radiation to reach an operating lifetime comparable to the life of its nuclear source, on the scale of decades. "We will learn what our boundary conditions are when respondents tell us what technologies in the field of voltaics are possible, and we'll use that to see if there is sufficient scientific rationale make a case to present for further DARPA investment," Dodson said. "I also hope people are going to start thinking about nuclear systems that use electromagnetic versus thermal-kinetic methods to harvest nuclear energetic reactions."

Censorship

Russia Blocks Signal Messaging App (apnews.com) 47

Russia has blocked access to the encrypted Signal messaging app to "prevent the messenger's use of terrorist and extremist purposes." YouTube is also facing mass outages following repeated slowdowns in recent weeks. The Associated Press reports: Russian authorities expanded their crackdown on dissent and free media after Russian President Vladimir Putin sent troops into Ukraine in February 2022. They have blocked multiple independent Russian-language media outlets critical of the Kremlin, and cut access to Twitter, which later became X, as well as Meta's Facebook and Instagram.

In the latest blow to the freedom of information, YouTube faced mass outages on Thursday following repeated slowdowns in recent weeks. Russian authorities have blamed the slowdowns on Google's failure to upgrade its equipment in Russia, but many experts have challenged the claim, arguing that the likely reason for the slowdowns and the latest outage was the Kremlin's desire to shut public access to a major platform that carries opposition views.

Security

USPS Text Scammers Duped His Wife, So He Hacked Their Operation (wired.com) 61

Security researcher Grant Smith uncovered a large-scale smishing scam where scammers posing as the USPS tricked victims into providing their credit card details through fake websites. Smith hacked into the scammers' systems, gathered evidence, and collaborated with the USPS and a US bank to protect over 438,000 unique credit cards from fraudulent activity. Wired reports: The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she'd inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers. Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people's cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States -- California, the state with the most, had 141,000 entries -- with more than 1.2 million pieces of information being entered in total. "This shows the mass scale of the problem," says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

United Kingdom

UK Regulator To Examine $4 Billion Amazon Investment In AI Startup Anthropic (theguardian.com) 2

An anonymous reader quotes a report from The Guardian: Amazon's $4 billion investment into US artificial intelligence startup Anthropic is to be examined in the latest investigation into technology tie-ups by the UK's competition watchdog. The Competition and Markets Authority (CMA) said on Thursday that it was launching a preliminary investigation into the deal, before deciding whether to refer it for an in-depth review. The deal, announced in March, included a $4 billion investment in Anthropic from Amazon, and a commitment from Anthropic to use Amazon Web Services "as its primary cloud provider for mission critical workloads, including safety research and future foundation model development." The regulator said it was "considering whether it is or may be the case that Amazon's partnership with Anthropic has resulted in the creation of a relevant merger situation." "We are an independent company. Our strategic partnerships and investor relationships do not diminish our corporate governance independence or our freedom to partner with others," said an Anthropic spokesperson said in a statement. "Amazon does not have a seat on Anthropic's board, nor does it have any board observer rights. We intend to cooperate with the CMA and provide them with a comprehensive understanding of Amazon's investment and our commercial collaboration."
Privacy

Paying To Be Removed From People-Search is 'Largely Ineffective,' Says Study 18

Privacy removal services fail to effectively scrub personal data from people-search websites, a Consumer Reports (CR) study [PDF] revealed Thursday. The four-month investigation found these services eliminated only 35% of volunteers' identifying information profiles across 13 people-search sites. Manual opt-outs proved most effective, removing 70% of profiles within a week.
Piracy

Mayor Shows Pirated Movie On Town Square Big Screen In Brazil (torrentfreak.com) 76

An anonymous reader quotes a report from TorrentFreak: In Brazil, there was a [...] unbelievable display of public piracy last week that went on to make national headlines. The mayor of the municipality Acopiara, in the north-east of the country, invited citizens of the small town Trussu to join a screening of the blockbuster "Inside Out 2" at the local town square. With little more than a thousand inhabitants, many of whom have limited means, this appeared to be a kind gesture. The mayor, Anthony Almeida Neto, could use some positive marks too; he was removed from office three times on suspicion of being involved in corruption schemes, and was most recently reinstated in March. The mayor officially announced the public screening of 'Inside Out 2' via Instagram and Facebook, inviting people to join him. That worked well as a sizable crowd showed up, allowing the controversial mayor to proudly boast the event's popularity in public through his social media channels.

Taking place in an outside theater created just for this occasion, the screening was a unique opportunity for the small town's residents. There are no official movie theaters nearby, so locals would normally have to travel for several hours to see a film that's still in cinemas. Thanks to the mayor, people could see 'Inside Out 2' in their hometown instead. The mayor was pleased with the turnout too and proudly broadcasted it through a livestream on Instagram. Amidst all this joy, however, people started to notice a watermark on the film that was clearly associated with piracy. In addition, it was apparent that the copy had been sourced from pirate streaming site, Obaflix. All signs indicate that the public event wasn't authorized or licensed. Instead, it appeared to be an improvised screening of a low-quality TS release of the film, which is widely available through pirate sites. When this 'revelation' was picked up in the Brazilian press, mayor Anthony Almeida was quick to respond with assurances that he only had honest intentions.

United States

EPA Takes Emergency Action To Stop Use of Dangerous Pesticide (thehill.com) 136

An anonymous reader quotes a report from the Washington Post: For the first time in 40 years, the Environmental Protection Agency has taken emergency action to stop the use of a pesticide (source may be paywalled; alternative source) linked to serious health risks for unborn babies. Tuesday's emergency order applies to dimethyl tetrachloroterephthalate, also known as DCPA, a weedkiller used on crops such as broccoli, Brussels sprouts, cabbage and onions. When pregnant farmworkers and others are exposed to the pesticide, their babies can experience changes to fetal thyroid hormone levels, which are linked to low birth weight, impaired brain development, decreased IQ and impaired motor skills later in life.

"DCPA is so dangerous that it needs to be removed from the market immediately," Michal Freedhoff, assistant administrator for the EPA's Office of Chemical Safety and Pollution Prevention, said in a statement. "It's EPA's job to protect people from exposure to dangerous chemicals. In this case, pregnant women who may never even know they were exposed could give birth to babies that experience irreversible lifelong health problems." The European Union banned DCPA in 2009. But the EPA has been slower to act, frustrating some environmental and public health advocates.

In an interview, Freedhoff said that EPA scientists have tried for years to get more information on health risks from the sole manufacturer of the pesticide, AMVAC Chemical. But she said the company refused to turn over the data, including a study on the effects of DCPA on thyroid development and function, until November 2023. "We did make some good-faith efforts to work with the company," Freedhoff said. "But in the end, we didn't think any of the measures proposed by the company would be implementable, enforceable or effective."
"DCPA has been used in the United States since the late 1950s," notes the report. "After the pesticide is applied, it can linger in the soil, contaminating crops later grown in those fields, including broccoli, cilantro, green onions, kale and mustard greens."

"The emergency order Tuesday temporarily suspends all registrations of the pesticide under the Federal Insecticide, Fungicide and Rodenticide Act. The agency plans to permanently suspend these registrations within the next 90 days."
Security

Cyberattack Knocks Mobile Guardian MDM Offline, Wipes Thousands of Student Devices (techcrunch.com) 17

Zack Whittaker reports via TechCrunch: A cyberattack on Mobile Guardian, a U.K.-based provider of educational device management software, has sparked outages at schools across the world and has left thousands of students unable to access their files. Mobile Guardian acknowledged the cyberattack in a statement on its website, saying it identified "unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform." The company said the cyberattack "affected users globally," including in North America, Europe and Singapore, and that the incident resulted in an unspecified portion of its userbase having their devices unenrolled from the platform and "wiped remotely." "Users are not currently able to log in to the Mobile Guardian Platform and students will experience restricted access on their devices," the company said.

Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices used by employees or students. Singapore's Ministry of Education, touted as a significant customer of Mobile Guardian on the company's website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. "Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator," the Singaporean education ministry said in a statement. The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.

Google

Google and Cloudflare Summoned To Explain Their Plans To Defeat Pirate IPTV (torrentfreak.com) 20

Italy's telecoms regulator AGCOM has summoned Google and Cloudflare to a September meeting to discuss strategies for combating online piracy, six months after launching its Piracy Shield blocking system. The move comes as IPTV piracy remains resilient despite new anti-piracy legislation passed in the country last year. The law introduced harsher penalties for providers and consumers of pirated content, including fines for watching pirate streams. It also granted more aggressive site-blocking powers.

Major stream suppliers appear minimally affected by overseas laws. however. AGCOM chief Massimiliano Capitanio seeks commitments from Google to limit pirate services in search results, according to TorrentFreak. The regulator also wants Cloudflare to address IPTV providers using its services to evade blocking.
The Internet

Indonesia Bans Search Engine DuckDuckGo On Gambling, Pornography Concerns (reuters.com) 71

An anonymous reader quotes a report from Reuters: Indonesia said it has banned the privacy-oriented search engine DuckDuckGo, citing concerns that it could be used to access pornography and online gambling websites which are illegal in the country, the communications ministry said on Friday. Indonesia, with the world's biggest Muslim population, has strict rules that ban the sharing online of content deemed obscene. Social media platform Reddit and video-hosting platform Vimeo are blocked.

Usman Kansong, a communications ministry official, told Reuters that DuckDuckGo had been blocked "because of the many complaints made to us about the rampant online gambling and pornography content in its search results." The ministry did not say how DuckDuckGo differs from other search engines such as Alphabet's Google but on its website, DuckDuckGo said it offered several products intended to "help people protect their online privacy" including the search engine, which it said has been praised by privacy advocates.

Slashdot Top Deals