An anonymous reader quotes a report from MacRumors: An Apple Store at the Alderwood Mall was burgled last weekend, with thieves infiltrating the location through a nearby coffee shop. According to Seattle's King 5 News, thieves broke into Seattle Coffee Gear, went into the bathroom, and cut a hole in the wall to get to the Apple Store backroom. The burglars were able to bypass the Apple Store's security system by using the adjacent coffee shop, stealing a total of 436 iPhones that were worth around $500,000.

According to Seattle Coffee Gear manager Eric Marks, the coffee shop is not noticeably adjacent to the Apple Store because of the way that the store is laid out. "I would have never suspected we were adjacent to the Apple Store, how it wraps around I mean," Marks told King 5 News. "So, someone really had to think it out and have access to the mall layout." Police were able to obtain surveillance footage of the theft, but as it is part of an active investigation, it has not yet been released. Nothing was stolen from the coffee shop, but it will cost $1,500 to replace locks and repair the bathroom wall.

Decentralized finance (DeFi) services that aren't compliant with anti-money laundering and terrorist financing rules pose "the most significant current illicit finance risk" in that corner of the crypto sector, according to the U.S. Department of the Treasury's first analysis of hazards from the technology. From a report: In an expected risk assessment, published Thursday, the Treasury Department said thieves, scammers, ransomware cyber criminals and actors for the Democratic People's Republic of Korea (DPRK) are using DeFi to launder proceeds from crime. On the basis of its findings, the department recommends an assessment of "possible enhancements" to U.S. anti-money laundering (AML) requirements and the rules for countering the financing of terrorism (CFT) as they should be applied to DeFi services. It also calls for input from the private sector to inform the next steps. "Clearly, we can't do this alone," said Brian Nelson, Treasury's undersecretary for terrorism and financial intelligence, in a Thursday webcast hosted by ACAMS, a global organization focused on preventing financial crime. "We call on the private sector to use the findings of the risk assessment to inform your own risk-mitigation strategies." The 40-page report warns that "DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously."

India amended its IT law on Thursday to prohibit Facebook, Twitter and other social media firms from publishing, hosting or sharing false or misleading information about "any business" of the government and said the firms will be required to rely on New Delhi's own fact-check unit to determine the authenticity of any claim in a blow to many American giants that identify the South Asian market as their largest by users. From a report: Failure to comply with the rule, which also impacts internet service providers such as Jio and Airtel, risks the firms losing their safe harbour protections. The rule, first proposed in January this year, gives a unit of the government arbitrary and overbroad powers to determine the authenticity of online content and bypasses the principles of natural justice, said New Delhi-headquartered digital rights group Internet Freedom Foundation.

The recently introduced RESTRICT Act, otherwise known as the "TikTok ban," is a dangerous substitute for comprehensive data privacy legislation, writes the Electronic Frontier Foundation in a blog post. From the post: As we wrote in our initial review of the bill, the RESTRICT Act would authorize the executive branch to block 'transactions' and 'holdings' of 'foreign adversaries' that involve 'information and communication technology' and create 'undue or unacceptable risk' to national security and more. We've explained our opposition to the RESTRICT Act and urged everyone who agrees to take action against it. But we've also been asked to address some of the concerns raised by others. We do that here in this post. At its core, RESTRICT would exempt certain information services from the federal statute, known as the Berman Amendments, which protects the free flow of information in and out of the United States and supports the fundamental freedom of expression and human rights concerns. RESTRICT would give more power to the executive branch and remove many of the commonsense restrictions that exist under the Foreign Intelligence Services Act (FISA) and the aforementioned Berman Amendments. But S. 686 also would do a lot more.

EFF opposes the bill, and encourages you to reach out to your representatives to ask them not to pass it. Our reasons for opposition are primarily that this bill is being used as a cudgel to protect data from foreign adversaries, but under our current data privacy laws, there are many domestic adversaries engaged in manipulative and invasive data collection as well. Separately, handing relatively unchecked power over to the executive branch to make determinations about what sort of information technologies and technology services are allowed to enter the U.S. is dangerous. If Congress is concerned about foreign powers collecting our data, it should focus on comprehensive consumer data privacy legislation that will have a real impact, and protect our data no matter what platform it's on -- TikTok, Facebook, Twitter, or anywhere else that profits from our private information. That's why EFF supports such consumer data privacy legislation. Foreign adversaries won't be able to get our data from social media companies if the social media companies aren't allowed to collect, retain, and sell it in the first place. EFF says it's not clear if the RESTRICT Act will even result in a "ban" on TikTok. It does, however, have potential to punish people for using a VPN to access TikTok if it is restricted. In conclusion, the group says the bill is similar to a surveillance bill and is "far too broad in the power it gives to investigate potential user data."

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.

An anonymous reader quotes a report from TechCrunch: For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients' information in a data breach notification filed with California's attorney general last week, blaming their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest. When reached for comment, Monument CEO Mike Russell confirmed more than 100,000 patients are affected.

In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share with tech giants information about visitors to their websites, and often used for analytics and advertising. The data shared with advertisers includes patient names, dates of birth, email and postal addresses, phone numbers and membership numbers associated with the companies and patients' insurance provider. The data also included the person's photo, unique digital ID, which services or plan the patient is using, appointment information and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment.

Monument's own website says these survey answers are "protected" and "used only" by its care team. Monument confirmed that it shared patients' sensitive data with advertisers since January 2020, and Tempest since November 2017. Both companies say they have removed the tracking code from their websites. But the tech giants are not obligated to delete the data that Monument and Tempest shared with them.

An anonymous reader quotes a report from MIT Technology Review: When computer science students and faculty at Carnegie Mellon University's Institute for Software Research returned to campus in the summer of 2020, there was a lot to adjust to. Beyond the inevitable strangeness of being around colleagues again after months of social distancing, the department was also moving into a brand-new building: the 90,000-square-foot, state-of-the-art TCS Hall. The hall's futuristic features included carbon dioxide sensors that automatically pipe in fresh air, a rain garden, a yard for robots and drones, and experimental super-sensing devices called Mites. Mounted in more than 300 locations throughout the building, these light-switch-size devices can measure 12 types of data -- including motion and sound. Mites were embedded on the walls and ceilings of hallways, in conference rooms, and in private offices, all as part of a research project on smart buildings led by CMU professor Yuvraj Agarwal and PhD student Sudershan Boovaraghavan and including another professor, Chris Harrison. "The overall goal of this project," Agarwal explained at an April 2021 town hall meeting for students and faculty, is to "build a safe, secure, and easy-to-use IoT [Internet of Things] infrastructure," referring to a network of sensor-equipped physical objects like smart light bulbs, thermostats, and TVs that can connect to the internet and share information wirelessly.

Not everyone was pleased to find the building full of Mites. Some in the department felt that the project violated their privacy rather than protected it. In particular, students and faculty whose research focused more on the social impacts of technology felt that the device's microphone, infrared sensor, thermometer, and six other sensors, which together could at least sense when a space was occupied, would subject them to experimental surveillance without their consent. "It's not okay to install these by default," says David Widder, a final-year PhD candidate in software engineering, who became one of the department's most vocal voices against Mites. "I don't want to live in a world where one's employer installing networked sensors in your office without asking you first is a model for other organizations to follow." All technology users face similar questions about how and where to draw a personal line when it comes to privacy. But outside of our own homes (and sometimes within them), we increasingly lack autonomy over these decisions. Instead, our privacy is determined by the choices of the people around us. Walking into a friend's house, a retail store, or just down a public street leaves us open to many different types of surveillance over which we have little control. Against a backdrop of skyrocketing workplace surveillance, prolific data collection, increasing cybersecurity risks, rising concerns about privacy and smart technologies, and fraught power dynamics around free speech in academic institutions, Mites became a lightning rod within the Institute for Software Research.

Voices on both sides of the issue were aware that the Mites project could have an impact far beyond TCS Hall. After all, Carnegie Mellon is a top-tier research university in science, technology, and engineering, and how it handles this research may influence how sensors will be deployed elsewhere. "When we do something, companies [and] other universities listen," says Widder. Indeed, the Mites researchers hoped that the process they'd gone through "could actually be a blueprint for smaller universities" looking to do similar research, says Agarwal, an associate professor in computer science who has been developing and testing machine learning for IoT devices for a decade. But the crucial question is what happens if -- or when -- the super-sensors graduate from Carnegie Mellon, are commercialized, and make their way into smart buildings the world over. The conflict is, in essence, an attempt by one of the world's top computer science departments to litigate thorny questions around privacy, anonymity, and consent. But it has deteriorated from an academic discussion into a bitter dispute, complete with accusations of bullying, vandalism, misinformation, and workplace retaliation. As in so many conversations about privacy, the two sides have been talking past each other, with seemingly incompatible conceptions of what privacy means and when consent should be required. Ultimately, if the people whose research sets the agenda for technology choices are unable to come to a consensus on privacy, where does that leave the rest of us?

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market's slogan has long been, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. [...]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. "While some infostealers are designed to remove themselves after execution, others create persistent access," reads a March 2023 report from cybersecurity firm SpyCloud. "That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems' fingerprints up to date. "According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year -- and there are many other marketplaces like this one," the SpyCloud report concludes.

A German court has ordered hosting provider Uberspace to take the website of the open-source youtube-dl software offline. The ruling is the result of a copyright infringement lawsuit, filed by Sony, Warner and Universal last year. Uberspace will appeal the verdict and, meanwhile, youtube-dl's code remains available on GitHub. TorrentFreak reports: After hearing both sides, the district court of Hamburg ruled on the matter last week, handing a clear win to the music companies. The verdict wasn't immediately made available to the public but the music companies were quick to claim the win in a press release, stating that Uberspace must take youtube-dl's website offline. According to Frances Moore, CEO of the global music industry group IFPI, the court's decision once again confirms that stream-ripping software is illegal.

"YouTube-DL's services have enabled users to stream rip and download copyrighted music without paying. The Hamburg Regional Court's decision builds on a precedent already set in Germany and underscores once again that hosting stream-ripping software of this type is illegal. "We continue to work globally to address the problem of stream ripping, which is draining revenue from those who invest in and create music," Moore adds. Interestingly, the open source youtube-dl code remains available on the Microsoft-owned developer platform GitHub. Whether the music companies have any plans to target the problem at this source is unknown.

Uberspace's legal representative German Society for Civil Rights (GFF) informs TorrentFreak that the decision doesn't come as a total surprise since the court already declared YouTube's "rolling cipher" to be an effective technical protection measure in an earlier case. That said, the defense believes that the order, which effectively amounts to a blanket ban on youtube-dl, failed to take the software's potentially legitimate uses into account. In addition, GFF believes that the court's decision severely restricts the hosting provider's freedom to operate. "If web hosts have to delete an entire website on demand of the rightsholders even in complex situations with no legal precedent, this poses a threat to the business model of web hosts and ultimately to the free flow of information on the Internet." Uberspace says it will appeal the judgement and GFF is confident the hosting provider will ultimately prevail.

An anonymous reader quotes a report from the Washington Post: Amazon has branded itself as a climate crusader, touting its commitment to renewable energy and sustainable practices. But in Oregon, it helped quietly quash a climate bill that would have regulated its data centers. The bill would have set a 100 percent carbon emissions reduction deadline of 2040 for high energy users. Its goal was to rein in industries with outsize carbon footprints, like cryptocurrency mines and data centers, of which Amazon is planning three more in the state that would be powered by fossil fuels. Though the bill would have matched the timeline of Amazon's own "Climate Pledge," which promises net-zero carbon emissions by 2040, the company helped kill it, said Oregon state Rep. Pam Marsh.

"Amazon's representatives were in the Capitol lobbying against the bill from the very first moment of discussion," said Marsh, chair of the Oregon House climate committee and sponsor of the bill, HB2816. Though Amazon did not testify publicly, Marsh said the company's lobbyists helped organize the opposition and "successfully nurtured fear that our energy requirements would drive away the development of data centers." "No one wants that," Marsh continued, "but we do want them to use energy in a responsible, sustainable manner."

In addition to the Climate Pledge, Amazon has set a goal of moving entirely to renewable energy by 2025; the company has spent millions on solar and wind energy projects and is the largest private purchaser of clean energy. From its $2 billion climate fund to the Climate Pledge, Amazon has invested heavily in creating the perception that it's an environmental leader. But its dealings in Oregon show that, behind the scenes, it wants to call the shots on how that transition happens. Amazon spokesperson David Ward said in a statement that "a number of organizations, including Amazon, oppose HB2816 because the bill does not address the build-out of electric infrastructure that is needed to bring more clean energy to the grid."

"Building new renewable projects requires infrastructure investments in the grid and today there are hurdles in key areas like permitting and interconnection," he continued. "Accelerating energy infrastructure permitting and interconnections for renewables like solar and wind would have a greater impact on reducing emissions, bringing more clean energy to the grid, and helping achieve our goal of accessing more clean energy in Oregon."

Oregon's biggest business organizations are all opposed to the bill, reports Government Technology. "That includes Oregon Business & Industry and the Technology Association of Oregon, and the national trade group TechNet." Aside from Amazon and its lobbying behind the scenes, no other major tech company has taken a position on the bill.

An anonymous reader quotes a report from The Guardian: The federal government is considering a "roadmap" on how to restrict access to online pornography to those who can prove they are 18 or older, but there are warnings that any system could come at the cost of Australians' privacy online. On Friday, the eSafety commissioner provided a long-awaited roadmap to the government for how to verify users' ages online, which was commissioned by the former Morrison government nearly two years ago. The commissioner's office said the roadmap "explores if and how age verification and other measures could be used to prevent and mitigate harm to children from online pornography" but that any action taken will be a decision of government.

There were a variety of options to verify people's ages considered during the consultation for the roadmap, such as the use of third-party companies, individual sites verifying ages using ID documents or credit card checks, and internet service providers or mobile phone operators being used to check users' ages. Digital rights groups have raised concerns about the potential for any verification system to create a honeypot of people's personal information. But the office said any technology-based solution would need to strike the right balance between safety, privacy and security, and must be coupled with education campaigns for children, parents and educators. [...]

It comes as new industry codes aimed at tackling restricted-access content online, developed by groups representing digital platforms, and software, gaming and telecommunications companies were submitted to the eSafety commissioner for approval. The content covered includes child sexual abuse material, terrorism, extreme crime and violence, and drug-related content. The commissioner, Julie Inman Grant, will now decide whether the voluntary codes meet her expectations or whether she needs to enforce mandatory codes. [...] The second phase of the codes will set out how the platforms restrict access to pornography on their sites -- separate from the use of age verification systems.

The Tor Project, the organization behind the anonymous network and browser, is helping launch a privacy-focused browser that's made to connect to a VPN instead of a decentralized onion network. From a report: It's called the Mullvad browser, named after the Mullvad VPN company it's partnered with on the project, and it's available for Windows, Mac, or Linux. The Mullvad browser's main goal is to make it harder for advertisers and other companies to track you across the internet. It does this by working to reduce your browser's "fingerprint," a term that describes all the metadata that sites can collect to uniquely identify your device.

"Connecticut police have charged two people with cutting more than 2,000 fiber optic cables" on March 24, reports the Associated Press — leaving more than 15,000 people without internet access. Norwalk police said they arrested Asheville, North Carolina, residents Jillian Persons and Austin Geddings on Saturday during a surveillance operation. Both were charged with larceny and criminal mischief crimes, as well as interfering with police. Persons also was accused of giving a false statement to police. Both were detained on $200,000 bail....The outages caused by the cable cutting have since been restored, according to Optimum's website.
The Stamford Advocate investigated how many people were affected: Norwalk Deputy Police Chief Terry Blake said Sunday more than 40,000 customers in the area were left without internet service as a result of the vandalism. However, an Optimum spokesperson claimed at the time the outages only affected roughly 16,000 customers and the inflated numbers were inaccurate because of an issue with the company's online outage map.

U.S. states are now "doling out more cash than ever to lure multibillion-dollar microchip, electric vehicle and battery factories," reports the Associated Press, "inspiring ever-more competition as they dig deeper into their pockets to attract big employers and capitalize on a wave of huge new projects." Georgia, Kansas, Michigan, New York, North Carolina, Ohio and Texas have made billion-dollar pledges for a microchip or EV plant, with more state-subsidized plant announcements by profitable automakers and semiconductor giants surely to come. States have long competed for big employers. But now they are floating more billion-dollar offers and offering record-high subsidies, lavishing companies with grants and low-interest loans, municipal road improvements, and breaks on taxes, real estate, power and water....

The projects come at a transformative time for the industries, with automakers investing heavily in electrification and chipmakers expanding production in the U.S. following pandemic-related supply chain disruptions that raised economic and national security concerns. One of the driving forces behind them are federal subsidies signed into law last summer that are meant to encourage companies to produce electric vehicles, EV batteries, and computer chips domestically. Another is that states are flush with cash thanks to inflation-juiced tax collections and federal pandemic relief subsidies. The number of big projects and the size of state subsidy packages are extraordinary, said Nathan Jensen, a University of Texas professor who researches government economic development strategies.

"It is kind of a Wild West moment," Jensen said. "It's wild money and every state seems to be in on it."

Many of the companies drawing the biggest subsidy offers — such as Intel, Hyundai, Panasonic, Micron, Toyota, Ford and General Motors — are profitable and operate around the globe. Some lesser-known names in the nascent EV field are getting big offers too, such as Rivian, Volkswagen-backed Scout Motors and Vietnamese automaker VinFast. The subsidy offers are generally embraced by politicians from both major parties and the business elite, who point to promises of hundreds or thousands of jobs, massive investments in construction and equipment, and what they contend are immeasurable trickle-down benefits.

Still, academics who study such subsidies find them to be a waste of money and rarely decisive in a company's choice of location.

"A Texas truck theft ended in gun fire after the suspected thief was tracked down by thevehicle's owner's AirTag," reports AppleInsider: San Antonio police received a stolen vehicle report at around 1 pm from a Braesview home. However, before police could recover the stolen truck, the owners of the vehicle decided to perform their own investigation, using an AirTag left in the truck to do so. The unnamed owners tracked the truck to a shopping center in Southeast Military Drive, reports KSAT. However, rather than wait for police to arrive, the truck owners decided to approach the vehicle and confront the suspect.

While it is unknown exactly what happened, Police say it seems the suspected thief may have pulled out their own firearm. The vehicle owner responded by shooting and killing the suspect while they were inside the truck. It is unclear whether the vehicle owner will face charges over the matter, and an investigation is ongoing into whether the suspect actually had a weapon in the first place.
The San Antonio police department's public information officer offered these remarks (in a video from KSAT):

"Most importantly is, to the public, SAPD is urging you if you are to get your vehicle stolen: I know that it's frustrating, but please do not take matters into your own hands like this. Our police department has plenty of resources that could go into finding your vehicle, i.e. our drone system, trackers ourselves, very good patrolmen that look for these kind of things. It's never safe to take matters into your own hands, as you can see today by this incident.... That's why I urge the public, wait for police in this matter. Let us go with you. We have the training. We know exactly how to determine what's going to happen, these kind of factors and situations, and we know how to handle them."

Today a warning was published from the editorial board of the San Francisco Chronicle. "Experts say post-pandemic woes stemming from office workers staying home instead of commuting into the city could send San Francisco into a 'doom loop' that would gut its tax base, decimate fare-reliant regional transit systems like BART and trap it in an economic death spiral...." Despite our housing crisis, it was years into the COVID pandemic before our leaders meaningfully questioned the logic of reserving some of the most prized real estate on Earth for fickle suburbanites and their cars. Downtown, after all, was San Francisco's golden goose. Companies in downtown offices accounted for 70% of San Francisco's pre-pandemic jobs and generated nearly 80% of its economic output, according to city economist Ted Egan. And so we wasted generous federal COVID emergency funds trying to bludgeon, cajole and pray for office workers to return downtown instead of planning for change. We're now staring down the consequences for that lack of vision.

The San Francisco metropolitan area's economic recovery from the pandemic ranked 24th out of the 25 largest regions in the U.S., besting only Baltimore, according to a report from the Bay Area Council Economic Institute. In the first quarter of 2023, San Francisco's office vacancy rate shot up to a record-high 29.4% — the biggest three-year increase of any U.S. city. The trend isn't likely to end anytime soon: In January, nearly 30% of San Francisco job openings were for hybrid or fully remote work, the highest share of the nation's 50 largest cities. Amid lower property, business and real estate transfer taxes, the city is projecting a $728 million deficit over the next two fiscal years. Transit ridership remains far below pre-pandemic levels. In January, downtown San Francisco BART stations had just 30% of the rider exits they did in 2019, according to a report from Egan's office. Many Bay Area transit agencies, including Muni, are rapidly approaching a fiscal cliff.

San Francisco isn't dead; as of March, it was home to an estimated 173 of the country's 655 companies valued at more than $1 billion. Tourism is beginning to rebound. And new census data shows that San Francisco's population loss is slowing, a sign its pandemic exodus may be coming to an end. But the city can't afford to wait idly for things to reach equilibrium again. It needs to evolve — quickly. Especially downtown. That means rebuilding the neighborhood's fabric, which won't be cheap or easy. Office-to-housing conversions are notoriously tricky and expensive. Demolishing non-historic commercial buildings that no longer serve a purpose in the post-pandemic world is all but banned. And, unlike New York after 9/11, San Francisco is a city that can't seem to stop getting in its own way.
So what's the solution? The CEO of the Bay Area Council suggests public-private partnerships that "could help shift downtown San Francisco's focus from tech — with employees now accustomed to working from home — to research and development, biotech, medical research and manufacturing, which all require in-person workers."

And last week San Francisco's mayor proposed more than 100 changes to streamline the permitting process for small businesses, and on Monday helped introduce legislation making it easier to convert office buildings to housing, expand pop-up business opportunities, and fill some empty storefronts. This follows a February executive order to speed housing construction. The editorial points out that "About 40% of office buildings in downtown San Francisco evaluated in a study would be good candidates for housing due to their physical characteristics and location and could be converted into approximately 11,200 units, according to research from SPUR and the Urban Land Institute San Francisco."

But without some action, the editorial's headline argues that "Downtown San Francisco is at risk of collapsing — and taking much of the Bay Area with it."

ProPublica looks at "a booming underground community of Instagram scammers and hackers who shut down profiles on the social network and then demand payment to reactivate them." While they also target TikTok and other platforms, takedown-for-hire scammers like OBN are proliferating on Instagram, exploiting the app's slow and often ineffective customer support services and its easily manipulated account reporting systems. These Instascammers often target people whose accounts are vulnerable because their content verges on nudity and pornography, which Instagram and its parent company, Meta, prohibit.... In an article he wrote for factz.com last year, OBN dubbed himself the "log-out king" because "I have deleted multiple celebrities + influencers on Meta & Instagram... I made about $300k just off banning and unbanning pages," he wrote.

OBN exploits weaknesses in Meta's customer service. By allowing anyone to report an account for violating the company's standards, Meta gives enormous leverage to people who are able to trick it into banning someone who relies on Instagram for income. Meta uses a mix of automated systems and human review to evaluate reports. Banners like OBN test and trade tips on how to trigger the system to falsely suspend accounts. In some cases OBN hacks into accounts to post offensive content. In others, he creates duplicate accounts in his targets' names, then reports the original accounts as imposters so they'll be barred for violating Meta's ban on account impersonation. In addition, OBN has posed as a Meta employee to persuade at least one target to pay him to restore her account.

Models, businesspeople, marketers and adult performers across the United States told ProPublica that OBN had ruined their businesses and lives with spurious complaints, even causing one woman to consider suicide. More than half a dozen people with over 45 million total followers on Instagram told ProPublica they lost their accounts temporarily or permanently shortly after OBN threatened to report them. They say Meta failed to help them and to take OBN and other account manipulators seriously. One person who said she was victimized by OBN has an ongoing civil suit against Meta for lost income, while others sent the company legal letters demanding payment....

A Meta spokesperson acknowledged that OBN has had short-term success in getting accounts removed by abusing systems intended to help enforce community standards. But the company has addressed those situations and taken down dozens of accounts linked to OBN, the spokesperson said. Most often, the spokesperson said, OBN scammed people by falsely claiming to be able to ban and restore accounts.... After banning an account, OBN frequently offers to reactivate it for a fee as high as $5,000, kicking off a cycle of bans and reactivations that continues until the victim runs out of money or stops paying.
A Meta spokesperson told the site they're currently "updating our support systems," including a tool to help affected users and letting more speak to a live support agent rather than an automated one. But the Meta spokesperson added that "This remains a highly adversarial space, with scammers constantly trying to evade detection by social media platforms."

ProPublica ultimately traced the money to a 20-year-old who lives with his mother (who claimed he was only "funnelling" the money for someone else). After that conversation OBN "announced he would no longer offer account banning as a service" — but would still sell his services in getting your account verified.

An anonymous reader quotes a report from KrebsOnSecurity: Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating "an internet service" since mid-2021. The German authorities did not name the suspects or the Internet service in question.

"Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called 'DDoS attacks', i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems," the statement reads. The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, "so that they could only be operated to a limited extent or no longer at times." The statement says police seized mobile phones, laptops, tablets, storage media and handwritten notes from the unnamed defendants, and confiscated servers operated by the suspects in Germany, Finland and the Netherlands.

An anonymous reader shares a report: In a new report published Thursday, the New York Office of the Inspector General for the New York Police Department (OIG-NYPD) said the New York Police Department violated the 2020 ââPublic Oversight of Surveillance Technology (POST) Act, which required the NYPD to publicly disclose surveillance technology. The POST Act was signed into law by then-New York City Mayor Bill de Blasio and required the NYPD to disclose information about its current and future surveillance technologies and how it wants to use them.

In the report, the OIG-NYPD said that NYPD was not in compliance with the POST Act orders to publish Impact and Use Policies (IUPs) for existing surveillance tech 180 days after the Act was signed and new IUPs at least 90 days before the use of any new surveillance tech. The IUPs were supposed to "describe the capabilities of surveillance technology, and include any rules, processes, and guidelines that regulate access to or use of the technology, and any prohibitions or restrictions on its use, and any potential disparate impacts," according to the report. But, the OIG-NYPD said that the 36 IUPs NYPD published after the Act was signed were general and not detailed, leaving the OIG-NYPD unable to conduct an audit and assess whether NYPD's use of surveillance devices complies with its IUPs and report any suspected violations.

India is hunting for new spyware with a lower profile than the controversial Pegasus system blacklisted by the US government, with rival surveillance software makers preparing bids on lucrative deals being offered by Narendra Modi's government. Financial Times: Defence and intelligence officials from the South Asian country have decided to acquire spyware from less exposed competitors to the NSO Group, the Israeli makers of Pegasus, according to people familiar with the move, seeking to spend up to $120mn through new spyware contracts. About a dozen competitors are expected to join the bidding process, according to two people with knowledge of the talks, stepping into the void created by the pressure on NSO from human rights groups and the administration of US President Joe Biden.

India's move shows how demand for this sophisticated -- and largely unregulated -- technology remains strong despite growing evidence that governments worldwide have abused spyware by targeting dissidents and critics. India has never publicly acknowledged being a customer of NSO. However, the company's malware has been found on the phones of journalists, left-leaning academics and opposition leaders around India, sparking a political crisis. Pegasus can turn phones into surveillance devices and can hoover up encrypted WhatsApp and Signal messages surreptitiously. Modi government officials have grown concerned about the "PR problem" caused by the ability of human rights groups to forensically trace Pegasus, as well as warnings from Apple and WhatsApp to those who have been targeted, according to two people familiar with the discussions.