An anonymous reader quotes a report from Ars Technica: Prison phone company Global Tel*Link leaked the personal information of nearly 650,000 users and failed to notify most of the users that their personal data was exposed, the Federal Trade Commission said today. The company agreed to a settlement that requires it to change its security practices and offer free credit monitoring and identity protection to affected users, but the settlement doesn't include a fine. "Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing," the FTC said.

A security researcher notified Global Tel*Link of the breach on August 13, 2020, according to the FTC's complaint (PDF). This happened just after "the company and a third-party vendor copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services into the cloud but failed to take adequate steps to protect the data," the FTC said. The data was copied to an Amazon Web Services test environment to test a new version of a search software product. For about two days, the data was in the test environment and "accessible via the Internet without password protection or other access controls," the FTC said. After hearing from the security researcher, Global Tel*Link reconfigured the test environment to cut off public access. But a few weeks later, the firm was notified by an identity monitoring vendor that the data was available on the dark web. Global Tel*Link didn't notify any users until May 2021, and even then, it only notified a subset of them, according to the FTC. [...]

The complaint said that Global Tel*Link violated the Federal Trade Commission Act's section on unfair or deceptive acts or practices and charged the firm with unfair data security practices, unfair failure to notify affected consumers of the incident, misrepresentations regarding data security, misrepresentations to individual users regarding the incident, misrepresentations to individual users regarding notice, and deceptive representations to prison facilities regarding the incident. To settle the charges, the company agreed to new security protocols, including "'change management' measures to all of its systems to help reduce the risk of human error, use of multifactor authentication, and procedures to minimize the amount of data it collects and stores," the FTC said. Global Tel*Link also has to notify the affected users who were not previously notified of the breach and provide them with credit monitoring and identity protection products. The product must include $1,000,000 worth of identity theft insurance to cover costs related to identity theft or fraud. The company must also notify consumers and prison facilities within 30 days of future data breaches and notify the FTC of the incidents, the agency said. Violations of the settlement could result in fines of $50,120 for each violation, the FTC said.

An anonymous reader shares a report: In May this year, Alexis Hancock's daughter got a children's tablet for her birthday. Being a security researcher, Hancock was immediately worried. "I looked at it kind of sideways because I've never heard of Dragon Touch," Hancock told TechCrunch, referring to the tablet's maker. As it turned out, Hancock, who works at the Electronic Frontier Foundation, had good reasons to be concerned. Hancock said she found that the tablet had a slew of security and privacy issues that could have put her daughter's and other children's data at risk.

The Dragon Touch KidzPad Y88X contains traces of a well-known malware, runs a version of Android that was released five years ago, comes pre-loaded with other software that's considered malware and a "potentially unwanted program" because of "its history and extensive system level permissions to download whatever application it wants," and includes an outdated version of an app store designed specifically for kids, according to Hancock's report, which was released on Thursday and seen by TechCrunch ahead of its publication. Hancock said she reached out to Dragon Touch to report these issues, but the company never responded. Dragon Touch did not respond to TechCrunch's questions either. After TechCrunch reached out to the company, Walmart removed the listing from its website, while Amazon said it's looking into the matter.

An anonymous reader quotes a report from The Verge: The Federal Communications Commission has approved (PDF) a new set of rules aiming to prevent "digital discrimination." It means the agency can hold telecom companies accountable for digitally discriminating against customers -- or giving certain communities poorer service (or none at all) based on income level, race, or religion. The new rules come as part of the Biden Administration's 2021 Bipartisan Infrastructure Law, which requires the FCC to develop and adopt anti-digital discrimination rules. "Many of the communities that lack adequate access to broadband today are the same areas that suffer from longstanding patterns of residential segregation and economic disadvantage," FCC Chairwoman Jessica Rosenworcel said following today's vote. "It shows that minority status and income correlate with broadband access."

Under the new rules, the FCC can fine telecom companies for not providing equal connectivity to different communities "without adequate justification," such as financial or technical challenges of building out service in a particular area. The rules are specifically designed to address correlations between household income, race, and internet speed. Last year, a joint report from The Markup and the Associated Press found that AT&T, Verizon, and other internet service providers offer different speeds depending on the neighborhood in cities throughout the US. The report revealed neighborhoods with lower incomes and fewer white people get stuck with slower internet while still having to pay the same price as those with faster speeds. At the time, USTelecom, an organization that represents major telecom providers, blamed the higher price on having to maintain older equipment in certain communities.

The FCC was nearly divided on the new set of rules, as it passed with a 3-2 vote. Critics of the new policy argue the rules are an overextension of the FCC's power. Jonathan Spalter, the CEO of USTelecom, says the FCC is "taking overly intrusive, unworkably vague, and ultimately harmful steps in the wrong direction." Spalter adds the framework "is counter" to Congress' goal of giving customers equal access to the internet. Still, supporters of the new rules believe they can go a long way toward improving fractured broadband coverage throughout the US. The FCC will also establish an "improved" customer portal, where the agency will field and review complaints about digital discrimination. It will take things like broadband deployment, network upgrades, and maintenance across communities into account when evaluating providers for potential rule violations, giving it the authority to hopefully finally address the disparities in internet access throughout the US.

An anonymous reader quotes a report from Engadget: A group of lawmakers from a House of Representatives committee wants Apple, like many Jon Stewart enthusiasts, to explain why its streaming arm abruptly canceled the talk show The Problem With Jon Stewart. The current affairs TV series hosted by Jon Stewart briefly made its debut on Apple TV+ in 2021 but its time on air ended when the show received the ax for a third season, reportedly due to "disagreements" over show topics.

According to Reuters, Lawmakers want to know if the show's coverage and criticism of China has anything to do with the show's cancellation. The government officials have asked Apple to speak on the issue by Dec 15, 2023. In a letter to the tech giant, the House members wrote that while Apple has the right to determine what content it deems appropriate for its platform, "the coercive tactics of a foreign power should not be directly or indirectly influencing these determinations." This effort is bipartisan, with members from both Republican and Democratic parties affiliated with the House of Representatives' Select Committee on Competition with the Chinese Communist Party.

An anonymous reader writes: A newspaper run by the Communist Party of Vietnam is reporting the "disappearance" of a number of popular channels from pay TV packages. Citing National Geographic and Nat Geo Wild as examples, the paper notes they're owned by Disney. Vietnam's Ministry of Information and Communications is said to be "concerned" that the withdrawal will allow piracy to run rampant in Vietnam. Multiple high-level trade reports in the U.S. note that piracy has been rampant for years.

Emma Roth reports via The Verge: Meta, ByteDance, Alphabet, and Snap must proceed with a lawsuit alleging their social platforms have adverse mental health effects on children, a federal court ruled on Tuesday. US District Judge Yvonne Gonzalez Rogers rejected the social media giants' motion to dismiss the dozens of lawsuits accusing the companies of running platforms "addictive" to kids. School districts across the US have filed suit against Meta, ByteDance, Alphabet, and Snap, alleging the companies cause physical and emotional harm to children. Meanwhile, 42 states sued Meta last month over claims Facebook and Instagram "profoundly altered the psychological and social realities of a generation of young Americans." This order addresses the individual suits and "over 140 actions" taken against the companies.

Tuesday's ruling states that the First Amendment and Section 230, which says online platforms shouldn't be treated as the publishers of third-party content, don't shield Facebook, Instagram, YouTube, TikTok, and Snapchat from all liability in this case. Judge Gonzalez Rogers notes many of the claims laid out by the plaintiffs don't "constitute free speech or expression," as they have to do with alleged "defects" on the platforms themselves. That includes having insufficient parental controls, no "robust" age verification systems, and a difficult account deletion process.

"Addressing these defects would not require that defendants change how or what speech they disseminate," Judge Gonzalez Rogers writes. "For example, parental notifications could plausibly empower parents to limit their children's access to the platform or discuss platform use with them." However, Judge Gonzalez Rogers still threw out some of the other "defects" identified by the plaintiffs because they're protected under Section 230, such as offering a beginning and end to a feed, recommending children's accounts to adults, the use of "addictive" algorithms, and not putting limits on the amount of time spent on the platforms.

Some of the United States' largest civil liberties groups are urging Senate majority leader Chuck Schumer not to pursue a short-term extension of the Section 702 surveillance program slated to sunset on December 31. From a report: The more than 20 groups -- Demand Progress, the Brennan Center for Justice, American Civil Liberties Union, and Asian Americans Advancing Justice among them -- oppose plans that would allow the program to continue temporarily by amending "must-pass" legislation, such as the bill needed now to avert a government shutdown by Friday, or the National Defense Authorization Act, annual legislation set to dictate $886 billion in national security spending across the Pentagon and US Department of Energy in 2024.

"In its current form, [Section 702] is dangerous to our liberties and our democracy, and it should not be renewed for any length of time without robust debate, an opportunity for amendment, and -- ultimately -- far-reaching reforms," a letter from the groups to Schumer says. It adds that any attempt to prolong the program by rushed amendment "would demonstrate blatant disregard for the civil liberties and civil rights of the American people."

An anonymous reader writes: Two men who allegedly used 65 Google accounts to bombard Google with fraudulent DMCA takedown notices targeting up to 620,000 URLs, have been named in a Google lawsuit filed in California on Monday. Google says the men weaponized copyright law's notice-and-takedown system to sabotage competitors' trade, while damaging the search engine's business and those of its customers.

A person linked to a scam that tricked an elderly victim into transferring more than $100,000 formally requested the FBI give back his seized cryptocurrency, claiming in a petition to the agency that he is a part-time crypto investor and not doing anything illegal, according to a recently filed court record. From a report: 404 Media also reached the person by email and they largely repeated the same story. The request is an unusual sight, and, to be frank, probably not going to work. In the court record, authorities allege that the frozen funds are linked to a scam of a victim in the U.S. The document says authorities seized just under 18,500 Tether, valued at around $18,500, in July with a federal search warrant.

"Hello Sir/Ma'am, My name is Vishal Gautam," the request starts. "The funds which you have on hold that is a very big amount of money for me and my family, I request you to please release it from your custody. Thank You & Regards." The message says that Gautam lives in India and as well as investing in cryptocurrency, he is a "full-time Health Insurance" worker. "In the month of July 2023 suddenly my crypto from Binance got disappeared, I don't know how it happened but then I got to know that the FBI has put hold on my assets," the message continues. "I am not into something illegal and never will be, I will not do any such thing that can harm your country or your people in any manner." U.S. authorities, meanwhile, allege that the seized cash is connected to a fraud scheme that targeted a senior citizen in Knoxville, Iowa. In February, this victim opened an email on her iPad that claimed it had been compromised, and that she needed to contact the sender for assistance, according to the court record.

An anonymous reader quotes a report from TechCrunch: Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken.

McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.

Images and information from social media (and other online sources) are being used by AI to create "create convincing and personalized scam calls, texts and emails," writes the Palm Beach Post, citing a warning from Florida's consumer watchdog agency. In an older version of the scam, a caller would greet "Grandma" or "Grandpa" before saying, "It's me — I know I sound funny because I have a cold," and then make an urgent plea for money to get out of a scrap... Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling...

Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover — wired funds, a gift card or pay app — are also indications of a ripoff in the making.
The consumer watchdog agency suggests this precaution. "Encourage family members to set their social media pages to private."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.

Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people.

But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...

It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

This week the Council of the European Union made an announcement. "With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID)."

The proposed new framework would also require member states "to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification."

"With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity," said Nadia Calviao, acting Spanish first vice-president and minister for economy and digitalisation.

From the announcement: The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared...

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
"When finalised, the text will be submitted to the member states' representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU's Official Journal and enter into force."

An anonymous reader shared this report from security research Brian Krebs: In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account...

The homepage said I needed to provide a Social Security number and mobile phone number, and that I'd soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian's website would not balk.
One user said they recreated their account this week — even though the phone number they'd input was a random number. "The only difference: it asked me FIVE questions about my personal history (last time it only asked three) before proclaiming, 'Welcome back, Pete!,' and granting full access," @PeteMayo wrote. "I feel silly saving my password for Experian; may as well just make a new account every time."

And Krebs points out that "Regardless, users can simply skip this step by selecting the option to 'Continue another way.'" Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. After that, they require you to successfully answer between three to five multiple-choice security questions whose answers are very often based on public records. When I recreated my account this week, only two of the five questions pertained to my real information, and both of those questions concerned street addresses we've previously lived at — information that is just a Google search away...

Experian will send a message to the old email address tied to the account, saying certain aspects of the user profile have changed. But this message isn't a request seeking verification: It's just a notification from Experian that the account's user data has changed, and the original user is offered zero recourse here other than to a click a link to log in at Experian.com. And of course, a user who receives one of these notices will find that the credentials to their Experian account no longer work. Nor do their PIN or account recovery question, because those have been changed also. Your only option at this point is recreate your account at Experian and steal it back from the ID thieves!
Experian's security measures "are constantly evolving," insisted Experian spokesperson Scott Anderson — though Krebs remains unsatisfied. Anderson said all consumers have the option to activate a multi-factor authentication method that's requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

From AaronSwartzDay.com: Aaron Swartz Day was founded, in 2013, after the death of Aaron Swartz, with these combined goals:

To draw attention to what happened to Aaron, in the hopes of stopping it from happening to anyone else.
- This includes clarifying that, although Aaron was a hacker, he didn't hack MIT.

To provide a yearly showcase of many of the projects that were started by Aaron before his death.
- SecureDrop
- Open Library

To provide a yearly showcase of new projects that were directly inspired by Aaron and his work.
A few Aaron-inspired examples from this year's event include:
- The Pursuance Project (by Barrett Brown & Steve Phillips)
- Open Archive (by Natalie Cadranel)
- Jason Leopold's Freedom of Information Act Request (FOIA) activism (article from 2013)
Happening right now is a livestream from 11 a.m. to 6:30 p.m. PST of "intimate virtual talks," including a special presentation by members of Brazil's Aaron Swartz Institute starting in just a few minutes. You can also playback video for talks that happened earlier today.

Other speakers include:

• Scifi novelist/technology activist Cory Doctorow (11 a.m.)
• Signal user support engineer/project manager Riya Abraham (11:30 a.m.)
• EFF executive director Cindy Cohn (12)
• EFF Certbot director of engineering Alexis Hancock (12:20)
• Internet Archive's Brewster Kahle (12:40)
• Anaconda CEO Peter Wang (1)
• The Freedom of the Press Foundation's Kevin O'Gorman (speaking on SecureDrop at 1:30)

With 1.4 billion people, India is the second most-populous country in the world.

But a new article in the Washington Post alleges that India has "set a global standard for online censorship." For years, a committee of executives from U.S. technology companies and Indian officials convened every two weeks in a government office to negotiate what could — and could not — be said on Twitter, Facebook and YouTube. At the "69A meetings," as the secretive gatherings were informally called, officials from India's information, technology, security and intelligence agencies presented social media posts they wanted removed, citing threats to India's sovereignty and national security, executives and officials who were present recalled. The tech representatives sometimes pushed back in the name of free speech...

But two years ago, these interactions took a fateful turn. Where officials had once asked for a handful of tweets to be removed at each meeting, they now insisted that entire accounts be taken down, and numbers were running in the hundreds. Executives who refused the government's demands could now be jailed, their companies expelled from the Indian market. New regulations had been adopted that year to hold tech employees in India criminally liable for failing to comply with takedown requests, a provision that executives referred to as a "hostage provision." After authorities dispatched anti-terrorism police to Twitter's New Delhi office, Twitter whisked its top India executive out of the country, fearing his arrest, former company employees recounted.

Indian officials say they have accomplished something long overdue: strengthening national laws to bring disobedient foreign companies to heel... Digital and human rights advocates warn that India has perfected the use of regulations to stifle online dissent and already inspired governments in countries as varied as Nigeria and Myanmar to craft similar legal frameworks, at times with near-identical language. India's success in taming internet companies has set off "regulatory contagion" across the world, according to Prateek Waghre, a policy director at India's Internet Freedom Foundation...

Despite the huge size of China's market, companies like Twitter and Facebook were forced to steer clear of the country because Beijing's rules would have required them to spy on users. That left India as the largest potential growth market. Silicon Valley companies were already committed to doing business in India before the government began to tighten its regulations, and today say they have little choice but to obey if they want to remain there.
The Post spoke to Rajeev Chandrasekhar, the deputy technology minister in the BJP government who oversees many of the new regulations, who argued "The shift was really simple: We've defined the laws, defined the rules, and we have said there is zero tolerance to any noncompliance with the Indian law...

"You don't like the law? Don't operate in India," Chandrasekhar added. "There is very little wiggle room."

schwit1 shares a report from CNBC: Apple will pay $25 million in back pay and civil penalties to settle a matter over the company's hiring practices under the Immigration and Nationality Act, the Department of Justice announced Thursday. Apple has agreed to pay $6.75 million in civil penalties and establish an $18.25 million fund for back pay to eligible discrimination victims, the DOJ said in a release.

Apple was accused of not advertising positions that it wanted to fill through a federal program called Permanent Labor Certification Program or PERM, which allows U.S. companies to recruit workers who can become permanent U.S. residents after completing a number of requirements. The DOJ said that it believed that Apple followed procedures that were designed to favor current Apple employees holding temporary visas who wanted to become permanent employees. In particular, Apple was accused of not advertising positions on its external website and erecting hurdles such as requiring mailed paper applications, which the DOJ alleges means that some applicants to Apple jobs were not properly considered under federal law.

"These less effective recruitment procedures deterred U.S. applicants from applying and nearly always resulted in zero or very few mailed applications that Apple considered for PERM-related job positions, which allowed Apple to fill the positions with temporary visa holders," according to the settlement agreement between Apple and DOJ. Apple contests the accusation, according to the agreement, and says that it believes it was following the appropriate Department of Labor regulations. Apple also contests that any failures were the result of inadvertent errors and not discrimination, according to the agreement.

An anonymous reader quotes a report from The Record: A federal judge on Tuesday refused to bring back a class action lawsuit alleging four auto manufacturers had violated Washington state's privacy laws by using vehicles' on-board infotainment systems to record and intercept customers' private text messages and mobile phone call logs. The Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors, which are defendants in five related class action suits focused on the issue. One of those cases, against Ford, had been dismissed on appeal previously.

The plaintiffs in the four live cases had appealed a prior judge's dismissal. But the appellate judge ruled Tuesday that the interception and recording of mobile phone activity did not meet the Washington Privacy Act's standard that a plaintiff must prove that "his or her business, his or her person, or his or her reputation" has been threatened. In an example of the issues at stake, plaintiffs in one of the five cases filed suit against Honda in 2021, arguing that beginning in at least 2014 infotainment systems in the company's vehicles began downloading and storing a copy of all text messages on smartphones when they were connected to the system. An Annapolis, Maryland-based company, Berla Corporation, provides the technology to some car manufacturers but does not offer it to the general public, the lawsuit said. Once messages are downloaded, Berla's software makes it impossible for vehicle owners to access their communications and call logs but does provide law enforcement with access, the lawsuit said.

Tim Hardwick reports via MacRumors: WhatsApp has introduced a new privacy feature that lets you hide your IP address from whoever you call over the encrypted communications platform. As it stands, one-to-one calls over WhatsApp are established as a direct peer-to-peer connection between users. While this ensures the best possible voice quality, it means the connected devices must reveal their IP addresses to each other. According to WhatsApp, the new privacy setting introduced today works differently by relaying all of your calls through WhatsApp's servers to obfuscate your location, rather than connecting you directly to the person you are calling.

Meta engineers elaborated on the feature in a blog post: "Most calling products people use today have peer-to-peer connections between participants. This direct connection allows for faster data transfers and better call quality, but it also means that participants need to know each other's IP addresses so that call data packets can be delivered to the correct device -- meaning that the IP addresses are visible to both callers on a 1:1 call. IP addresses may contain information that some of our most privacy-conscious users are mindful of, such as broad geographical location or internet provider. To address this concern, we introduced a new feature on WhatsApp that allows you to protect your IP address during calls. With this feature enabled, all your calls will be relayed through WhatsApp's servers, ensuring that other parties in the call cannot see your IP address and subsequently deduce your general geographical location." WhatsApp notes that call quality might be reduced as a result of using the new setting. The feature can be enabled under "Advanced" privacy settings in the app.

Jason Koebler reports via 404 Media: Voters in Maine overwhelmingly passed a ballot measure Tuesday that enshrines the right to repair cars, a major win for consumers and a blow to auto manufacturers who have spent millions lobbying against similar legislation and fighting against it in the courts. "Question 4," which enshrines consumers' data access to car diagnostics for the purposes of repair, passed by a margin of 84.3-15.7 in Tuesday's election with 94 percent of the votes tallied. The yes/no question was simple: "Do you want to require vehicle manufacturers to standardize on-board diagnostic systems and provide remote access to those systems and mechanical data to owners and independent repair facilities?" "Maine residents have won the right to control their destiny when it comes to car repairs," Tommy Hickey, director of the Maine Automotive Right to Repair Coalition, told 404 Media. "There's a new technology in cars, they've become computers on wheels, and with this law owners in Maine will be the gatekeepers of that information."