Are Google and Facebook Surveilling Their Own Employees? (theguardian.com) 15

The Guardian just ran an article titled " 'They'll squash you like a bug': how Silicon Valley keeps a lid on leakers," which begins with the story of an employee confronted by Facebook's secretive "rat-catching" team: They had records of a screenshot he'd taken, links he had clicked or hovered over, and they strongly indicated they had accessed chats between him and the journalist, dating back to before he joined the company. "It's horrifying how much they know," he told the Guardian, on the condition of anonymity... "You get on their bad side and all of a sudden you are face to face with Mark Zuckerberg's secret police"... One European Facebook content moderator signed a contract, seen by the Guardian, which granted the company the right to monitor and record his social media activities, including his personal Facebook account, as well as emails, phone calls and internet use. He also agreed to random personal searches of his belongings including bags, briefcases and car while on company premises. Refusal to allow such searches would be treated as gross misconduct...

Some employees switch their phones off or hide them out of fear that their location is being tracked. One current Facebook employee who recently spoke to Wired asked the reporter to turn off his phone so the company would have a harder time tracking if it had been near the phones of anyone from Facebook. Two security researchers confirmed that this would be technically simple for Facebook to do if both people had the Facebook app on their phone and location services switched on. Even if location services aren't switched on, Facebook can infer someone's location from wifi access points.

The article cites a 2012 report that Microsoft read a French blogger's Hotmail account to identify a former employee who had leaked trade secrets. And it also reports that tech companies hire external agencies to surveil their employees. "One such firm, Pinkerton, counts Google and Facebook among its clients." Though Facebook and Google both deny this, "Among other services, Pinkerton offers to send investigators to coffee shops or restaurants near a company's campus to eavesdrop on employees' conversations...

Al Gidari, consulting director of privacy at the Stanford Center for Internet and Society, says that these tools "are common, widespread, intrusive and legal."

Google Open Sources Its Exoplanet-Hunting AI (vice.com) 12

dmoberhaus writes: Last December, NASA announced that two new exoplanets had been hiding in plain sight among data from the Kepler space telescope. These two new planets weren't discovered by a human, however. Instead, an exoplanet hunting neural network -- a type of machine learning algorithm loosely modeled after the human brain -- had discovered the planets by finding subtle patterns in the Kepler data that would've been nearly impossible for a human to see. Last Thursday, Christopher Shallue, the lead Google engineer behind the exoplanet AI, announced in a blog post that the company was making the algorithm open source. In other words, anyone can download the code and help hunt for exoplanets in Kepler data.
Google's research blog called the December discovery "a successful proof-of-concept for using machine learning to discover exoplanets, and more generally another example of using machine learning to make meaningful gains in a variety of scientific disciplines (e.g. healthcare, quantum chemistry, and fusion research)."

Did Cambridge Analytica Harvest 50 Million Facebook Profiles? (theguardian.com) 92

Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...

The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."

Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...

"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
Open Source

How An Open Source Plugin Tamed a Chaotic Comments Section With A Simple Quiz (arstechnica.com) 120

Long-time Slashdot reader jebrick quotes an article from Ars Technica about how Norway's government-owned public broadcasting company "employs open source tactics to fight trolling": The five-person team behind a simple WordPress plugin, which took three hours to code, never expected to receive worldwide attention as a result. But NRKbeta, the tech-testing group at Norway's largest national media organization, tapped into a meaty vein with the unveiling of last February's Know2Comment, an open source plugin that can attach to any WordPress site's comment section. "It was a basic idea," NRKbeta developer Stale Grut told a South By Southwest crowd on Tuesday. "Readers had to prove they read a story before they were able to comment on it"... He and fellow staffers spent three hours building the plugin, which Grut reminded the crowd is wholly open source... "[W]e realized not every article is in need of this. We are a tech site; we don't have a lot of controversy, so there's not a big need for it. We use it now on stories where we anticipate there'll be uninformed debate to add this speed bump."
What do you think? And would a quiz-for-commenting-privileges be a good addition to Slashdot?
The Courts

Entire Broadband Industry Will Help FCC Defend Net Neutrality Repeal (arstechnica.com) 84

The biggest lobby groups representing broadband providers will help the FCC defend the repeal of net neutrality rules in court. Ars Technica reports: Yesterday, three trade groups that collectively represent every major home Internet and mobile broadband provider in the U.S. filed motions to intervene in the case on behalf of the FCC. The motions for leave to intervene were filed by NCTA--The Internet & Television Association, CTIA--The Wireless Association, and USTelecom--The Broadband Association. NCTA represents cable companies such as Comcast, Charter, Cox, and Altice. CTIA represents the biggest mobile carriers, such as AT&T, Verizon Wireless, T-Mobile, and Sprint. USTelecom represents wireline telcos with copper and fiber networks, such as AT&T and Verizon. All three groups also represent a range of smaller ISPs.

As intervenors in the case, the groups will file briefs in support of the net neutrality repeal order and may play a role in oral arguments. NCTA's motion noted that its members would once again be subject to "common-carriage regulation under Title II of the Communications Act" if the FCC were to lose the case. CTIA said that its members "would be adversely affected if the [net neutrality] Order were set aside and the prior Title II Order classification and rules were reinstated."


Sierra Leone Records World's First Blockchain-Powered Election (techcrunch.com) 63

The citizens of Sierra Leone went to the polls on March 7 but this time something was different: the country recorded votes at 70% of the polling to the blockchain using a technology that is the first of its kind in actual practice. The tech, created by Leonardo Gammar of Agora, anonymously stored votes in an immutable ledger, thereby offering instant access to the election results. TechCrunch reports: "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Gammar. "This is the first time a government election is using blockchain technology." "Sierra Leone wishes to create an environment of trust with the voters in a contentious election, especially looking at how the election will be publicly viewed post-election. By using blockchain as a means to immutably record ballots and results, the country hopes to create legitimacy around the election and reduce fall-out from opposition parties," he said.

Why is this interesting? While this is little more than a proof of concept -- it is not a complete voting record but instead captured a seemingly acceptable plurality of votes -- it's fascinating to see the technology be implemented in Sierra Leone, a country of about 7.4 million people. The goal ultimately is to reduce voting costs by cutting out paper ballots as well as reducing corruption in the voting process.


Amazon Is Hiring More Developers For Alexa Than Google Is Hiring For Everything (gadgetsnow.com) 79

An anonymous reader quotes a report from Gadgets Now: Amazon is hiring 1,147 people just for its Alexa business. To put this number in perspective, it has to be mentioned that this number is higher than what Google is hiring for technical and product roles across its Alphabet group of companies including YouTube and Waymo. According to a report published in Forbes, Amazon is hiring engineers, data scientists, developers, analysts, payment services professionals among others. The Forbes report cites information released by Citi Research in association with Jobs.com. It's clear that Amazon is betting big on the smartphone speaker market if the hiring numbers are to go by. It was the first major company to come with a smart speaker and has almost 70% market share in the U.S. Google has been making in-roads with Google Home devices but still has a lot of catching up to do. The Citi report further mentions that other notable areas where Amazon is hiring are devices, advertising and seller services. Amazon is looking at hiring a total of about 1,700 employees for other divisions.

'They'll Squash You Like a Bug': How Silicon Valley Keeps a Lid on Leakers (theguardian.com) 96

The public image of Silicon Valley's tech giants is all colourful bicycles, ping-pong tables, beanbags and free food, but behind the cartoonish facade is a ruthless code of secrecy. From a report: They rely on a combination of Kool-Aid, digital and physical surveillance, legal threats and restricted stock units to prevent and detect intellectual property theft and other criminal activity. However, those same tools are also used to catch employees and contractors who talk publicly, even if it's about their working conditions, misconduct or cultural challenges within the company. While Apple's culture of secrecy, which includes making employees sign project-specific NDAs and covering unlaunched products with black cloths, has been widely reported, companies such as Google and Facebook have long put the emphasis on internal transparency.

Zuckerberg hosts weekly meetings where he shares details of unreleased new products and strategies in front of thousands of employees. Even junior staff members and contractors can see what other teams are working on by looking at one of many of the groups on the company's internal version of Facebook. "When you first get to Facebook you are shocked at the level of transparency. You are trusted with a lot of stuff you don't need access to," said Evans, adding that during his induction he was warned not to look at ex-partners' Facebook accounts.


Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com) 68

Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.

The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.

Electronic Frontier Foundation

New Bill In Congress Would Bypass the Fourth Amendment, Hand Your Data To Police (medium.com) 245

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

Microsoft Removes Antivirus Registry Key Check for Windows 10 Users (bleepingcomputer.com) 37

Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates. From a report: That particular "requirement" was introduced as part of the Meltdown and Spectre patching process. At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft's original Meltdown and Spectre patches. This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

Google Will Prioritize Stories for Paying News Subscribers (bloomberg.com) 36

Google users who subscribe to newspapers will find articles from those publications appearing higher in their search results, part of the tech giant's efforts to help media companies find and retain paying readers, Bloomberg reports, citing people familiar with the matter. From the report: The Alphabet unit will also begin sharing search data that show who's most likely to buy a subscription, said the people, who asked to be anonymous because they weren't authorized to speak publicly. Google executives plan to disclose specific details at an event in New York on March 20, according to the people. Google declined to comment. The moves could help publishers better target potential digital subscribers and keep the ones they've already got by highlighting stories from the outlets they're paying for. The initiative marks the latest olive branch from Silicon Valley in its evolving relationship with media companies.

'Women At Microsoft Are Sexualized By Their Male Managers,' Lawsuit Alleges (arstechnica.com) 178

An anonymous reader quotes a report from Ars Technica: According to a newly unsealed court filing, women at Microsoft who work in technical jobs filed 238 internal complaints pertaining to gender discrimination or sexual harassment from 2010 through 2016. The new document was first reported Monday evening by Reuters. The figures were revealed as part of a proposed class-action lawsuit originally filed in 2015 (Moussouris v. Microsoft). The female plaintiffs argue that the company's internal rating system discriminates against women and disfavors professional advancement for women.

As part of the class certification process and civil discovery, Microsoft handed over years of records to the plaintiffs' lawyers. In the Monday-released filing, which was originally submitted to the court in October 2017, Moussouris' lawyer, Michael Subit, wrote that "Microsoft's Culture is Rife with Sexual Harassment" before continuing: "Company records indicate that women at Microsoft are sexualized by their male managers and coworkers, leading to a substantial number of incidents of alleged sexual harassment, and even several incidents of sexual assault, that often go unpunished." Specifically, Subit continued, Microsoft's internal unit (known as "ERIT") received 108 complaints of sexual harassment filed by female US-based technical employees, 119 complaints of gender discrimination, eight complaints of retaliation, and three complaints of pregnancy discrimination. Out of all of the claimed instances of gender discrimination, Microsoft's internal investigation only found that one such complaint was "founded."


Developers Love Trendy New Languages, But Earn More With Functional Programming: Stack Overflow's Annual Survey (arstechnica.com) 107

Stack Overflow has released the results of its annual survey of 100,000 developers, revealing the most-popular, top-earning, and preferred programming languages. ArsTechnica: JavaScript remains the most widely used programming language among professional developers, making that six years at the top for the lingua franca of Web development. Other Web tech including HTML (#2 in the ranking), CSS (#3), and PHP (#9). Business-oriented languages were also in wide use, with SQL at #4, Java at #5, and C# at #8. Shell scripting made a surprising showing at #6 (having not shown up at all in past years, which suggests that the questions have changed year-to-year), Python appeared at #7, and systems programming stalwart C++ rounded out the top 10.

These aren't, however, the languages that developers necessarily want to use. Only three languages from the most-used top ten were in the most-loved list; Python (#3), JavaScript (#7), and C# (#8). For the third year running, that list was topped by Rust, the new systems programming language developed by Mozilla. Second on the list was Kotlin, which wasn't even in the top 20 last year. This new interest is likely due to Google's decision last year to bless the language as an official development language for Android. TypeScript, Microsoft's better JavaScript than JavaScript comes in at fourth, with Google's Go language coming in at fifth. Smalltalk, last year's second-most loved, is nowhere to be seen this time around. These languages may be well-liked, but it looks as if the big money is elsewhere. Globally, F# and OCaml are the top average earners, and in the US, Erlang, Scala, and OCaml are the ones to aim for. Visual Basic 6, Cobol, and CoffeeScript were the top three most-dreaded, which is news that will surprise nobody who is still maintaining Visual Basic 6 applications thousands of years after they were originally written.


A Startup is Pitching a Mind-Uploading Service That is '100 Percent Fatal' (technologyreview.com) 245

The startup accelerator Y Combinator is known for supporting audacious companies in its popular three-month boot camp. There's never been anything quite like Nectome, though. From a report: Next week, at YC's "demo days," Nectome's cofounder, Robert McIntyre, is going to describe his technology for exquisitely preserving brains in microscopic detail using a high-tech embalming process. Then the MIT graduate will make his business pitch. As it says on his website: "What if we told you we could back up your mind?" So yeah. Nectome is a preserve-your-brain-and-upload-it company. Its chemical solution can keep a body intact for hundreds of years, maybe thousands, as a statue of frozen glass. The idea is that someday in the future scientists will scan your bricked brain and turn it into a computer simulation. That way, someone a lot like you, though not exactly you, will smell the flowers again in a data server somewhere.

This story has a grisly twist, though. For Nectome's procedure to work, it's essential that the brain be fresh. The company says its plan is to connect people with terminal illnesses to a heart-lung machine in order to pump its mix of scientific embalming chemicals into the big carotid arteries in their necks while they are still alive (though anesthetized). The company has consulted with lawyers familiar with California's two-year-old End of Life Option Act, which permits doctor-assisted suicide for terminal patients, and believes its service will be legal. The product is "100 percent fatal," says McIntyre. "That is why we are uniquely situated among the Y Combinator companies."

Slashdot Top Deals