An anonymous reader quotes a report from TorrentFreak: The U.S. Government's crackdown against Z-Library late last year aimed to wipe out the pirate library for good. The criminal prosecution caused disruption but didn't bring the site completely to its knees. Z-Library continued to operate on the dark web and this weekend, reappeared on the clearnet, offering a 'unique' domain name to all users. [...] Sites can often be seen hardening their operations to mitigate disruption caused by domain name seizures. Many have a list of backup domains that can be deployed when needed; The Pirate Bay infamously launched its hydra setup consisting of five different domain names. Z-Library is taking this hydra-inspired scheme to the next level. A new announcement reveals that the platform is publicly available once again and offering a unique and private domain name to every user.

"We have great news for you -- Z-Library is back on the Clearnet again! To access it, follow this link singlelogin.me and use your regular login credentials," the Z-Library team writes. "After logging into your account, you will be redirected to your personal domain. Please keep your personal domain private! Don't disclose your personal domain and don't share the link to your domain, as it is protected with your own password and cannot be accessed by other users." While we can't confirm that all users will get unique domain names, people are indeed redirected to different clearnet domains after logging in. After doing so, a popup message reminds them to keep their personal domain secret.

The domain names in question are subdomains of newly registered TLDs that rely on different domain name registries. Every user has two of these 'personal' domains listed on their personal profile page. If users can't access the universal login page, Z-Library says they can log in through TOR or I2P and get their personal clearnet domains there. How many new domain names Z-Library has is unclear but that's exactly the point. The site's operators want to prevent future domain name seizures and with the U.S. Government on its back, new domains are far from safe.

Sensitive mental health data is for sale by little-known data brokers, at times for a few hundred dollars and with little effort to hide personal information such as names and addresses, according to research released Monday. From a report: The research, conducted over the span of two months at Duke University's Sanford School of Public Policy, which studies the ecosystem of companies buying and selling personal data, consisted of asking 37 data brokers for bulk data on people's mental health. Eleven of them agreed to sell information that identified people by issues, including depression, anxiety and bipolar disorder, and often sorted them by demographic information such as age, race, credit score and location.

The researchers did not buy the data, but in many cases received free samples to prove that the broker was legitimate, a common industry practice. The study doesn't name the data brokers. Some of the brokers were particularly cavalier with sensitive data. One made no demands on how information it sold was used and advertised that it could offer names and addresses of people with "depression, bipolar disorder, anxiety issues, panic disorder, cancer, post-traumatic stress disorder, obsessive-compulsive disorder and personality disorder, as well as individuals who have had strokes and data on theirs races and ethnicities," the report found. "[T]he industry appears to lack a set of best practices for handling individuals' mental health data, particularly in the areas of privacy and buyer vetting." the report found.

In 2019 Slashdot covered Mycroft, an open-source voice assistant for Linux-based devices (including Raspberry Pi boards). But this week the company's CEO posted on Kickstarter that "without immediate new investment, we will have to cease development by the end of the month....

"We will still be shipping all orders that are made through the Mycroft website, because these sales directly cover the costs of producing and shipping the products. However we do not have the funds to continue fulfilling rewards from this crowdfunding campaign, or to even continue meaningful operations."

The announcement details Mycroft's long, strange trip, from a hardware-focused partner that couldn't provide stable hardware to their switch to using off-the-shelf parts — followed by supply chain disruptions (with hefty import and manufacturing fees): The best plan we could devise to fulfill the remaining campaign rewards was to use the slim margins we have on new sales to cover the increased costs of hardware production. With that plan in mind, we pushed forward and started production. We got plastic injection molds cast. We started printing custom PCBs. We engaged audio engineers to optimize the quality and volume of the sound output. We got the device FCC and CE approved. Many of these steps took multiple iterations to get right, and there are many more things that I'm glossing over. All up this costs — a lot of money. Far more than the total contributions from the campaign, which is why I personally committed so much additional funding. I could see a clear way forward that strengthened Mycroft as a project, as a business, and as a community.

So what went wrong? The single most expensive item that I could not predict was our ongoing litigation against the non-practicing patent entity that has never stopped trying to destroy us. If we had that million dollars we would be in a very different state right now.

With so much of our focus on hardware, and less funding to devote to improving our software — the quality and features available on the Mark II at launch were clearly underwhelming. It is more robust and stable than it has ever been, but this came at the cost of fewer new features. That in turn I believe has resulted in less than flattering reviews, and little mainstream coverage. The hardware itself has proven itself to be a solid base to work from, but without good reviews you get less sales, and without strong sales, the plan doesn't work.
Thanks to stx23 (Slashdot reader #14,942) for sharing the news.

An anonymous reader shares a report from Tom's Hardware: According to the PC Security Channel (via TechSpot), Microsoft's Windows 11 sends data not only to the Redmond, Washington-based software giant, but also to multiple third parties. To analyze DNS traffic generated by a freshly installed copy of Windows 11 on a brand-new notebook, the PC Security Channel used the Wireshark network protocol analyzer that reveals precisely what is happening on a network. The results were astounding enough for the YouTube channel to call Microsoft's Windows 11 "spyware."

As it turned out, an all-new Windows 11 PC that was never used to browse the Internet contacted not only Windows Update, MSN and Bing servers, but also Steam, McAfee, geo.prod.do, and Comscore ScorecardResearch.com. Apparently, the latest operating system from Microsoft collected and sent telemetry data to various market research companies, advertising services, and the like.
When Tom's Hardware contacted Microsoft, their spokesperson argued that flowing data is common in modern operating systems "to help them remain secure, up to date, and keep the system working as anticipated."

"We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy."

Two non-profit news site, the Markup and Grist, have co-published their investigation into how big tech rewrote America's first cellphone repair law.

"That New York passed any electronics right-to-repair bill is 'huge,' Repair.org executive director Gay Gordon-Byrne told Grist. But 'it could have been huger' if not for tech industry interference." The passage of the Digital Fair Repair Act last June reportedly caught the tech industry off guard, but it had time to act before Governor Kathy Hochul would sign it into law. Corporate lobbyists went to work, pressing for exemptions and changes that would water the bill down. They were largely successful: While the bill Hochul signed in late December remains a victory for the right-to-repair movement, the more corporate-friendly text gives consumers and independent repair shops less access to parts and tools than the original proposal called for. (The state Senate still has to vote to adopt the revised bill, but it's widely expected to do so.)

The new version of the law applies only to devices built after mid-2023, so it won't help people to fix stuff they currently own. It also exempts electronics used exclusively by businesses or the government. All those devices are likely to become electronic waste faster than they would have had Hochul, a Democrat, signed a tougher bill. And more greenhouse gases will be emitted manufacturing new devices to replace broken electronics....

Jessa Jones, who founded iPad Rehab, an independent repair shop in Honeoye Falls, about 20 miles south of Rochester, New York, says the original bill included provisions that would have made it far easier for independent shops like hers to get the tools, parts, and know-how needed to make repairs. She pointed to changes that allow manufacturers to release repair tools that only work with spare parts they make, while at the same time controlling how those spare parts are used... "If you keep going down this road, allowing manufacturers to force us to use their branded parts and service, where they're allowed to tie the function of the device to their branded parts and service, that's not repair," Jones said. "That's authoritarian control."
The bill's sponsor believes it could create momentum for dozens of other states trying to pass similar laws, the article points out, possibly leading ultimately to one national agreement between electronics manufacturers and the repair community. A lawmaker from another state argued that New York's law "gives us something to work from. We're going to take that now and try to do a better piece of legislation."

Thanks to long-time Slashdot reader Z00L00K for submitting the article.

Russ Cox, a Google software engineer steering the development of the open source Go programming language, has presented a possible plan to implement telemetry in the Go toolchain. However many in the Go community object because the plan calls for telemetry by default. The Register reports: These alarmed developers would prefer an opt-in rather than an opt-out regime, a position the Go team rejects because it would ensure low adoption and would reduce the amount of telemetry data received to the point it would be of little value. Cox's proposal summarized lengthier documentation in three blog posts.

Telemetry, as Cox describes it, involves software sending data from Go software to a server to provide information about which functions are being used and how the software is performing. He argues it is beneficial for open source projects to have that information to guide development. And the absence of telemetry data, he contends, makes it more difficult for project maintainers to understand what's important, what's working, and to prioritize changes, thereby making maintainer burnout more likely. But such is Google's reputation these days that many considering the proposal have doubts, despite the fact that the data collection contemplated involves measuring the usage of language features and language performance. The proposal isn't about the sort of sensitive personal data vacuumed up by Google's ad-focused groups. "Now you guys want to introduce telemetry into your programming language?" IT consultant Jacob Weisz said. "This is how you drive off any person who even considered giving your project a chance despite the warning signs. Please don't do this, and please issue a public apology for even proposing it. Please leave a blast radius around this idea wide enough that nobody even suggests trying to do this again."

He added: "Trust in Google's behavior is at an all time low, and moves like this are a choice to shove what's left of it off the edge of a cliff."

Meanwhile, former Google cryptographer and current open source maintainer Filippo Valsorda said in a post to Mastodon: "This is a large unconventional design, there are a lot of tradeoffs worth discussing and details to explore," he wrote. "When Russ showed it to me I made at least a dozen suggestions and many got implemented."

"Instead: all opt-out telemetry is unethical; Google is evil; this is not needed. No one even argued why publishing any of this data could be a problem."

GitHub and digital rights group EFF have filed briefs supporting stream-ripping site Yout.com in its legal battle with the RIAA. GitHub warns that the lower court's decision threatens to criminalize the work of many other developers. The EFF, meanwhile, stresses that an incorrect interpretation of the DMCA harms people who use stream-rippers lawfully. TorrentFreak reports: In 2020, YouTube ripper Yout.com sued the RIAA, asking a Connecticut district court to declare that the site does not violate the DMCA's anti-circumvention provision. The music group had previously used DMCA takedown notices to remove many of Yout's appearances in Google's search results. This had a significant impact on revenues, the site argued, adding that it always believed it wasn't breaking any laws and hoped the court would agree. Last October, the Connecticut district court concluded that Yout had failed to show that it doesn't circumvent YouTube's technological protection measures. As such, it could be breaking the law. Yout operator Johnathan Nader opted to appeal the decision. Nader's attorneys filed their opening brief (PDF) last week at the Court of Appeals for the Second Circuit, asking it to reverse the lower court's decision. The YouTube ripper is not the only party calling for a reversal. Yesterday, Microsoft-owned developer platform GitHub submitted an amicus brief that argues for the same. And in a separate filing, the EFF also agrees that the lower court's decision should be overturned.

GitHub's brief starts by pointing out that the company takes no position on the ultimate resolution of this appeal, nor does it side with all of Yout's arguments. However, it does believe that the lower court's interpretation of the DMCA is dangerous. The district court held that stream rippers can violate the DMCA's anti-circumvention provision. The court noted that these tools allow people to download video and audio from YouTube, despite the streaming platform's lack of a download button. According to GitHub, this conclusion is premature, dangerous, and places other software types at risk. In the present lawsuit, GitHub reiterates that stream-ripping tools should not be outlawed. The fact that YouTube doesn't have a download button doesn't mean that tools that enable people to download videos circumvent technological access restrictions. "YouTube's decision not to provide its own 'download' button, however, is not a restriction on access to works. It merely affects how users experience them," GitHub writes. If the court order is allowed to stand, GitHub warns that a broad group of developers could be exposed to criminal liability, effectively chilling technological innovation. YouTube download tools are not the only types of software at risk, according to GitHub. There are many others that affect 'how users experience' online websites. These could also be seen as problematic, based on the district court's expansive interpretation of the DMCA. These widely accepted tools could put their creators at risk if the DMCA is interpreted too strictly, GitHub warns.

The Electronic Frontier Foundation (EFF) also submitted an amicus curiae brief (PDF) yesterday. The digital rights group takes interest in copyright cases, particularly when they get in the way of people's ability to freely use technology. In this instance, EFF points out that stream-rippers such as Yout.com provide a neutral technology with plenty of legal uses. They can be used for infringing purposes, but that's also true for existing technologies -- the printing press, for example. "Like every reproduction technology -- from the printing press to the smartphone -- these programs, colloquially called 'streamrippers,' have important lawful uses as well as infringing ones. "Video creators, educators, journalists, and human rights organizations all depend on the ability to make copies of user-uploaded videos," EFF adds. In common with GitHub, EFF notes that the absence of a download button on YouTube doesn't imply that download tools automatically violate the DMCA, especially when there are no effective download restrictions on the platform. [...] According to EFF, Yout and similar tools provide the same functions as video cassette recorders once did. They allow people to make copies of videos that are posted publicly by their creators. In addition, these tools are vital for some reporters and useful to creatives who use them for future work.

"Wherever you live, you should be paying attention to Utah Senate Bill 152 and the somewhat similar House Bill 311," writes tech journalist and long-time child safety advocate Larry Magid in an op-ed via the Mercury News. "Even though it's legislation for a single state, it could set a dangerous precedent and make it harder to pass and enforce sensible federal legislation that truly would protect children and other users of connected technology." From the report: SB 152 would require parents to provide their government-issued ID and physical address in order for their child or teenager to access social media. But even if you like those provisions, this bill would require everyone -- including adults -- to submit government-issued ID to sign up for a social media account, including not just sites like Facebook, Instagram, Snapchat and TikTok, but also video sharing sites like YouTube, which is commonly used by schools. The bill even bans minors from being online between 10:30 p.m. and 6:30 a.m., empowering the government to usurp the rights of parents to supervise and manage teens' screen time. Should it be illegal for teens to get up early to finish their homework (often requiring access to YouTube or other social media) or perhaps access information that would help them do early morning chores? Parents -- not the state -- should be making and enforcing their family's schedule.

I oppose these bills from my perch as a long-time child safety advocate (I wrote "Child Safety on the Information Highway" in 1994 for the National Center for Missing & Exploited Children and am currently CEO of ConnectSafely.org). However well-intentioned, they could increase risk and deny basic rights to children and adults. SB 152 would require companies to keep a "record of any submissions provided under the requirements," which means there would not only be databases of all social media users, but also of users under 18, which could be hacked by criminals or foreign governments seeking information on Utah children and adults. And, in case you think that's impossible, there was a breach in 2006 of a database of children that was mandated by the State of Utah to protect them from sites that displayed or promoted pornography, alcohol, tobacco and gambling. No one expects a data breach, but they happen on a regular basis. There is also the issue of privacy. Social media is both media and speech, and some social media are frequented by people who might not want employers, family members, law enforcement or the government to know what information they're consuming. Whatever their interests, people should have the right to at least anonymously consume information or express their opinions. This should apply to everyone, regardless of who they are, what they believe or what they're interested in. [...]

It's important to always look at the potential unintended consequences of legislation. I'm sure the lawmakers in Utah who are backing this bill have the best interests of children in mind. But this wouldn't be the first law designed to protect children that actually puts them at risk or violates adult rights in the name of child protection. I applaud any policymaker who wants to find ways to protect kids and hold technology companies accountable for doing their part to protect privacy and security as well as employing best-practices when it comes to the mental health and well being of children. But the legislation, whether coming from Utah, another state or Washington, D.C., must be sensible, workable, constitutional and balanced, so it at the very least, does more good than harm.

An anonymous reader quotes a report from KrebsOnSecurity: Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into "a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks," the Treasury Department said.

"During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States," the sanctions notice continued. "In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group."

Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. According to the Treasury Department, the alleged senior leader of the Trickbot group is 34-year-old Russian national Vitaly "Bentley" Kovalev. A New Jersey grand jury indicted Kovalev in 2012 after an investigation by the U.S. Secret Service determined that he ran a massive "money mule" scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States. The 2012 indictment against Kovalev relates to cybercrimes he allegedly perpetrated prior to the creation of Trickbot. A copy of the now-unsealed 2012 indictment of Kovalev is here (PDF).

An anonymous reader shares a report: Stalkers and domestic abusers in the US for years have been able to access the kind of surveillance tools typically associated with foreign spies. That's all because of a pervasive industry that promises to help people who want to secretly monitor their family members. Now, because of an action brought by the New York Attorney General, one player in the so-called stalkerware industry has agreed to notify the people who were infected with its spyware. But it was required to pay just $410,000 in civil penalties, in part because rather than taking issue with the harmful nature of the technology, state prosecutors cited only the companies' use of deceptive marketing.

A detailed legal filing provides a glimpse into the pernicious capabilities that stalkerware firms provide to consumers -- enabling buyers to collect victims' texts, photos, emails, direct messages, you name it. The case is the latest evidence that such apps are more popular than previously understood. The New York investigation determined that one Florida man owned 16 companies, distributing apps with names such as PhoneSpector and AutoForward Data Services that promoted mobile surveillance software. Once installed on a device, some of the apps would be invisible on a user's home screen and allow a stalker to remotely activate an individual's camera or microphone without their knowledge, according to the legal filing.

UnknowingFool writes: UK Judge James Mellor has thrown out Craig Wright's cases against Bitcoin derivatives like Bitcoin Cash as Wright cannot claim copyright on the Bitcoin file format. Wright had sued forks of Bitcoin claiming they breached his copyrights to prevent them from operating. The judge disagreed noting that Wright had failed to meet a requirement of copyright called "fixation" detailing where/when/how the original expression was first recorded somewhere in any media.

"Whilst I accept that the law of copyright will continue to face challenges with new digital technologies, I do not see any prospect of the law as currently stated and understood in the caselaw allowing copyright protection of subject-matter which is not expressed or fixed anywhere," wrote Judge Mellor. In other words Wright has failed to show any evidence that he wrote down the file format somewhere to claim that he created the file format.

This is not the first time Wright has failed to produce credible evidence in a court case: in an Oslo, Norway case last year Wright claimed he destroyed a hard drive in 2016 containing the Nakomoto original keys despite telling a U.S. court in 2020 that he was waiting on the same keys to be delivered by a special courier. Those keys were later ruled to be fictitious. Decrypt notes that Wright is "currently in the process of suing 15 Bitcoin developers to retreive around 111,000 bitcoin after he lost the encrypted keys to access them when his home computer network was allegedly hacked."

An anonymous reader quotes a report from Motherboard: A section of the UK government has proposed making the sale or possession of bespoke encrypted phones for crime a criminal offense in its own right. The measure is intended to help the country's law enforcement agencies tackle organized crime and those who facilitate it, but civil liberties experts tell Motherboard the proposal is overbroad and poorly defined, meaning it could sweep up other forms of secure communication used by the wider population if not adjusted. "At the moment the government proposal appears to be vague and overly broad. While it states that the provisions 'will not apply to commercially available mobile phones nor the encrypted messaging apps available on them' it is difficult to see how it will not result in targeting devices used on a daily [basis] by human rights defenders, protesters and pretty much all of us who want to keep our data secure," Ioannis Kouvakas, senior legal officer and assistant general counsel at UK-based activism organization Privacy International, told Motherboard in an email.

The proposal is included in a document published by the Home Office (PDF). In that document, the Home Office proposes two legislative measures that it says could be used to improve law enforcement's response to serious and organized crime, and is seeking input from law enforcement, businesses, lawyers, civil liberties NGOs, and the wider public. [...] The first measure looks to create new criminal offenses on the "making, modifying, supply, offering to supply and possession of articles for use in serious crime." The document points to several specific items: vehicle concealments used to hide illicit goods; digital templates for 3D-printing firearms; pill presses used in the drug trade; and "sophisticated encrypted communication devices used to facilitate organized crime." In other words, this change would criminalize owning an encrypted phone, selling one, or making one for use in crime, a crime in itself. [...]

With encrypted phones, the Home Office writes that both the encryption itself and modifications made to the phones are creating "considerable barriers" to law enforcement. Typically, phones from this industry use end-to-end encryption, meaning that messages are encrypted before leaving the device, rendering any interception by law enforcement ineffective. (Multiple agencies have instead found misconfigurations in how companies' encryption works, or hacked into firms, to circumvent this protection). Encrypted phone companies sometimes physically remove the microphone, camera, and GPS functionality from handsets too. Often distributors sell these phones for thousands of dollars for yearly subscriptions. Given that price, the Home Office says it is "harder to foresee a need for anyone to use them for legitimate, legal reasons." The Home Office adds that under one option for legislation, laws could still criminalize people who did not suspect the technology would be used for serious crime, simply because the technology is so "closely associated with serious crime." Potential signs could include someone paying for a phone "through means which disguise the identity of the payer," the document reads. Often distributors sell phones for Bitcoin or cash, according to multiple encrypted phone sellers that spoke to Motherboard. The document says "the provisions will not apply to commercially available mobile phones nor the encrypted messaging apps available on them." But the Home Office does not yet have a settled definition of what encompasses "sophisticated encrypted communication devices," leaving open the question of what exactly the UK would be prepared to charge a person for possessing or selling.

For almost five years, Booking.com customers have been on the receiving end of a continuous series of scams that clearly demonstrate that criminals have obtained travel plans and other personal information customers provided to the travel site. From a report: One of the more recent shakedowns happened to an Ars Reader who asked not to be identified by his real name. A few months ago, Thomas, as I'll call him, reserved and paid for a two-night stay scheduled for this July in a hotel in Italy. Last week, out of the blue, he received two emails. The headers show that the first message came from the genuine Booking.com domain. It purported to have been sent on behalf of the hotel in Italy and asked that he click a non-existent confirm button for his upcoming stay. It went on to inform him that the hotel would "also transfer all bookings made from that address to your account." As phishy as that sounds, the email included his full name, the confirmation number of his reservation, the correct name of the hotel, and the dates of the stay.

An anonymous reader quotes a report from The Guardian: Pictures of 100 Birkin bags covered in shaggy, multi-colored fur have become the focus of a court dispute that will decide how digital artists can depict commercial activities in their art and cast new light on whether brands are protected in the metaverse. In the case, being heard this week in a New York federal courtroom, the luxury handbag maker Hermes is challenging an artist who sells the futuristic digital works known as NFTs or non-fungible tokens. Artist and entrepreneur Mason Rothschild created images of the astonishingly expensive Hermes handbag, the Birkin, digitally covered the bags in fur and turned the pictures into an "art project," which he called MetaBirkin. Then he sold editions of the images online for total earnings of more than $1m, according to court records.

Hermes promptly sued, claiming the artist was simply "a digital speculator who is seeking to get rich quick by appropriating" the Hermes brand. The "Metabirkins brand simply rips off Hermes's famous Birkin trademark by adding the generic prefix "meta," read the original complaint filed by Hermes in January last year, noting that the "meta" in the name refers to the digital metaverse now being pumped by technology innovators as the next big thing in tech profit-making. Rothschild, whose real name is Sonny Estival, countered that he has a first amendment right to depict the hard-to-buy, French handbags in his artwork, just as Andy Warhol portrayed a giant Campbell's soup cans in his famous pop culture silk screens. "I'm not creating or selling fake Birkin bags. I'm creating art works that depict imaginary, fur-covered Birkin bags," said Rothschild in a letter to the community after the case was filed. "The fact that I sell the art using NFTs doesn't change the fact that it's art." "One hurdle that Hermes will have to overcome in the case is the fact that US trademark law requires brands to register their trademarks for each specific type of use, so digital sales might require a separate registration," notes the report.

"In the end, [Michelle Cooke, a partner at the law firm Arentfox Schiff LLP, who advises brands on these types of trademark issues] says the decision might come down to whether the jury believes Rothschild did the MetaBirkin project as an artistic project 'or was it a money-making venture that he cast as an artistic project when he got into trouble.'"

An anonymous reader quotes a report from The New York Times: Many people in the United States would like to control the information that companies can learn about them online. Yet when presented with a series of true-or-false questions about how digital devices and services track users, most Americans struggled to answer them, according to a report published (PDF) on Tuesday by the Annenberg School for Communication at the University of Pennsylvania. The report analyzed the results of a data privacy survey that included more than 2,000 adults in the United States. Very few of the respondents said they trusted the way online services handled their personal data. The survey also tested people's knowledge about how apps, websites and digital devices may amass and disclose information about people's health, TV-viewing habits and doorbell camera videos. Although many understood how companies can track their emails and website visits, a majority seemed unaware that there are only limited federal protections for the kinds of personal data that online services can collect about consumers.

Seventy-seven percent of the participants got nine or fewer of the 17 true-or-false questions right, amounting to an F grade, the report said. Only one person received an A grade, for correctly answering 16 of the questions. No one answered all of them correctly. Seventy-nine percent of survey respondents said they had "little control over what marketers" could learn about them online, while 73 percent said they did not have "the time to keep up with ways to control the information that companies" had about them. "The big takeaway here is that consent is broken, totally broken,"Joseph Turow, a media studies professor at the University of Pennsylvania who was the lead author of the report, said in an interview. "The overarching idea that consent, either implicit or explicit, is the solution to this sea of data gathering is totally misguided -- and that's the bottom line."

The survey results challenge a data-for-services trade-off argument that the tech industry has long used to justify consumer tracking and to forestall government limits on it: Consumers may freely use a host of convenient digital tools -- as long as they agree to allow apps, sites, ad technology and marketing analytics firms to track their online activities and employ their personal information. But the new report suggests that many Americans aren't buying into the industry bargain. Sixty-eight percent of respondents said they didn't think it was fair that a store could monitor their online activity if they logged into the retailer's Wi-Fi. And 61 percent indicated they thought it was unacceptable for a store to use their personal information to improve the services they received from the store. Only a small minority -- 18 percent -- said they did not care what companies learned about them online. "When faced with technologies that are increasingly critical for navigating modern life, users often lack a real set of alternatives and cannot reasonably forgo using these tools," Lina M. Khan, the chair of the Federal Trade Commission, said in a speech (PDF) last year.

In the talk, Ms. Khan proposed a "type of new paradigm" that could impose "substantive limits" on consumer tracking.

"Man goes to the doctor for a sleep apnea diagnosis, a few months later he gets a letter from the state of Maryland about his sleep apnea -- and they won't tell him how they found out about it," writes Slashdot reader schwit1. NBC4 Washington reports: Dr. David Allick, a dentist in Rockville, was diagnosed with mild sleep apnea in June 2022. Months later, he received a letter from the MVA requesting additional information about his diagnosis in order "to determine your fitness to drive." The September 2022 letter noted failure to return the required forms, which included a report from his physician, could result in the suspension of his license. Allick said he isn't clear how the state learned about his medical diagnosis. But more importantly, he said he was previously unaware of a little-known Maryland law requiring people to report their sleep apnea diagnosis to state driving authorities. Allick said he still has questions about what prompted the ordeal. "Everybody I talked to -- nobody's heard of anything like this," he said, also acknowledging: "I'm sure they want to keep the roads safe." schwit1 adds: "How is this not a HIPAA violation?"

The investigation team at NBC4 Washington found that Allick is one of 1,310 people whose sleep apnea diagnoses "have led to medical reviews by the Maryland MVA." The state department didn't have data on how many of these Maryland drivers have had their license suspended.

If you have Wyze cameras or a Wyze home security system, you will need to make other arrangements to monitor your property from 12AM PT to 2AM PT tomorrow morning. The Verge reports: The smart home company sent an email to its customers this week stating that system maintenance on February 8th at 12AM PT will impact every feature of the system that relies on the app or website. That includes being able to alert Noonlight, the professional monitoring company Wyze uses for its Sense security system, about a potential break-in. Not only will your security system be down, but if you use Wyze cameras to keep an eye on things going bump in the night, you'll have to stay awake. Wyze cameras won't be able to upload any video to the cloud or send alerts for motion or other events to the app.

While it's a good thing that Wyze is giving customers a heads-up, the flip side is that everyone is getting a heads-up. It's posting a sign that any location using this equipment will be unprotected between these hours, with basically no notice to create a backup plan or take other precautions, depending on your security concerns. It's also worrisome that the professional security customers have paid for and rely on can be completely disabled for "maintenance."

A former Coinbase product manager pleaded guilty on Tuesday in what U.S. prosecutors have called the first insider trading case involving cryptocurrency, his defense lawyer said in a court hearing. From a report: Ishan Wahi, 32, pleaded guilty to two counts of conspiracy to commit wire fraud, after initially pleading not guilty last year. Prosecutors said Wahi shared confidential information with his brother Nikhil and their friend Sameer Ramani about forthcoming announcements of new digital assets that Coinbase would let users trade. "I knew that Sameer Ramani and Nikhil Wahi would use that information to make trading decisions," Ishan Wahi said during Tuesday's hearing in federal court in Manhattan. "It was wrong to misappropriate and disseminate Coinbase's property." Nikhil Wahi and Ramani were charged with using ethereum blockchain wallets to acquire digital assets and trading at least 14 times before Coinbase announcements between June 2021 and April 2022.

Artem S. Tashkinov writes: Don't buy an Android phone in China, boffins have warned, as they come crammed with preinstalled apps transmitting privacy-sensitive data to third-party domains without consent or notice. The research, conducted by Haoyu Liu (University of Edinburgh), Douglas Leith (Trinity College Dublin), and Paul Patras (University of Edinburgh), suggests that private information leakage poses a serious tracking risk to mobile phone customers in China, even when they travel abroad in countries with stronger privacy laws.

In a paper titled "Android OS Privacy Under the Loupe: A Tale from the East," the trio of university boffins analyzed the Android system apps installed on the mobile handsets of three popular smartphone vendors in China: OnePlus, Xiaomi and Oppo Realme. The researchers looked specifically at the information transmitted by the operating system and system apps, in order to exclude user-installed software. They assume users have opted out of analytics and personalization, do not use any cloud storage or optional third-party services, and have not created an account on any platform run by the developer of the Android distribution. A sensible policy, but it doesn't seem to help much. Within this limited scope, the researchers found that Android handsets from the three named vendors "send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators."

Ryan Graves, former Lt. U.S. Navy and F/A-18F pilot who was the first active-duty fighter pilot to come forward publicly about regular sightings of UAP, says more data is needed about unidentified anomalous phenomena (UAP). "We should encourage pilots and other witnesses to come forward and keep the pressure on Congress to prioritize UAP as a matter of national security," writes Graves in an opinion piece for The Hill. An anonymous Slashdot reader shares an excerpt from his report: As a former U.S. Navy F/A-18 fighter pilot who witnessed unidentified anomalous phenomena (UAP) on a regular basis, let me be clear. The U.S. government, former presidents, members of Congress of both political parties and directors of national intelligence are trying to tell the American public the same uncomfortable truth I shared: Objects demonstrating extreme capabilities routinely fly over our military facilities and training ranges. We don't know what they are, and we are unable to mitigate their presence. The Office of the Director of National Intelligence (ODNI) last week published its second ever report on UAP activity. While the unclassified version is brief, its findings are sobering. Over the past year, the government has collected hundreds of new reports of enigmatic objects from military pilots and sensor systems that cannot be identified and "represent a hazard to flight safety." The report also preserves last year's review of the 26-year reporting period that some UAP may represent advanced technology, noting "unusual flight characteristics or performance capabilities."

Mysteriously, no UAP reports have been confirmed to be foreign so far. However, just this past week, a Chinese surveillance balloon shut down air traffic across the United States. How are we supposed to make sense of hundreds of reports of UAP that violate restricted airspace uncontested and interfere with both civilian and military pilots? Here is the hard truth. We don't know. UAP are a national security problem, and we urgently need more data.

Why don't we have more data? Stigma. I know the fear of stigma is a major problem because I was the first active-duty fighter pilot to come forward publicly about regular sightings of UAP, and it was not easy. There has been little support or incentive for aircrew to speak publicly on this topic. There was no upside to reporting hard-to-explain sightings within the chain of command, let alone doing so publicly. For pilots to feel comfortable, it will require a culture shift inside organizations and in society at large. I have seen for myself on radar and talked with the pilots who have experienced near misses with mysterious objects off the Eastern Seaboard that have triggered unsafe evasive actions and mandatory safety reports. There were 50 or 60 people who flew with me in 2014-2015 and could tell you they saw UAP every day. Yet only one other pilot has confirmed this publicly. I spoke out publicly in 2019, at great risk personally and professionally, because nothing was being done. The ODNI report itself notes that concentrated efforts to reduce stigma have been a major reason for the increase in reports this year. To get the data and analyze it scientifically, we must uproot the lingering cultural stigma of tin foil hats and "UFOs" from the 1950s that stops pilots from reporting the phenomena and scientists from studying it. Last September, the U.S. Navy said that all of the government's UFO videos are classified information and releasing any additional UFO videos would "harm national security."