An anonymous reader shares a report: After years of avoiding social media, drug companies are growing bolder about advertising on Facebook and other social networks, according to interviews with advertising executives, marketers, health-care privacy researchers and patient advocates. That is exposing loopholes around the way data can be used to show consumers relevant ads about their personal health, even as both social networks and pharmaceutical manufacturers disavow targeting ads to people based on their medical conditions. Ads promoting prescription drugs are popping up on Facebook for depression, HIV and cancer. Spending on Facebook mobile ads alone by pharmaceutical and health-care brands reached nearly a billion dollars in 2019, nearly tripling over two years, according to Pathmatics, an advertising analytics company. Facebook offers tools to help drug companies stay compliant with rules about disclosing safety information or reporting side effects.

But seeing an ad for a drug designed to treat a person's particular health condition in the relatively intimate setting of a social media feed -- amid pictures of friends and links to news articles -- can feel more intrusive than elsewhere online. The same opaque Facebook systems that help place an ad for a political campaign or a new shoe in a user's feed also can be used by pharmaceutical companies, allowing them to target consumers who match certain characteristics or had visited a particular website in the past. The ability of drug companies to reach people likely to have specific health conditions -- a far cry from a magazine or TV ad -- underscores how the nation's health privacy law, the Health Insurance Portability and Accountability Act (HIPAA), has not kept up with the times. HIPAA, which safeguards personal health records, typically does not cover drug companies or social media networks.

"I love that my car recorded a hit-and-run on my behalf," writes a technology columnist at the Washington Post. "Yet I'm scared we're not ready for the ways cameras pointed inside and outside vehicles will change the open road..."

Long-time Slashdot reader Strudelkugel shared the Post's report: It's not just crashes that will be different. Once governments, companies and parents get their hands on car video, it could become evidence, an insurance liability and even a form of control... [I]t's not just the bad guys my car records. I've got clips of countless people's behinds scooching by in tight parking lots, because Sentry Mode activates any time something gets close. It's also recording my family: With another function called Dash Cam that records the road, Tesla has saved hours and hours of my travels -- the good driving and the not-so-good alike.

We've been down this road before with connected cameras. Amazon's Ring doorbells and Nest cams also seemed like a good idea, until hackers, stalkers and police tried to get their hands on the video feed... Applied to a car, the questions multiply: Can you just peer in on your teen driver -- or spouse? Do I have to share my footage with the authorities? Should my car be allowed to kick me off the road if it thinks I'm sleepy? How long until insurance companies offer "discounts" for direct video access? And is any of this actually making cars safer or less expensive to own? Your data can and will be used against you. Can we do anything to make our cars remain private spaces...?

Their design choices may well determine our future privacy. It's important to remember: Automakers can change how their cameras work with as little as a software update. Sentry mode arrived out of thin air last year on cars made as early as 2017... Tesla is already recording gobs. Living in a dense city, my Sentry Mode starts recording between five and seven times per day -- capturing lots of people, the vast majority of whom are not committing any crime. (This actually drains the car's precious battery. Some owners estimate it sips about a mile's worth of the car's 322-mile potential range for every hour it runs.) Same with the Dash Cam that runs while I'm on the road: It's recording not just my driving, but all the other cars and people on the road, too. The recordings stick around on a memory card until you delete them or the card fills up, and it writes over the old footage... Now imagine what Google or Facebook might want to do with that data on everywhere you drive...

Without Sentry Mode, I wouldn't have known what hit me. The city's response to my hit-and-run report was that it didn't even need my video file. Officials had evidence of their own: That bus had cameras running, too.
"Thank You St. Tesla," jokes Slashdot reader DenverTech, linking to a story in which a Tesla owner shared the video it recorded of another car struck in a hit-and-run accident in the parking lot of a Colorado Olive Garden. "It just makes me really thankful that there are cars out there, that can prove what happened so justice can happen," that car's owner told a local news station -- though the Tesla owner had also already written down the license number of the truck which struck her vehicle.

The news station also links to another story in which a man accused of dragging a knife across a parked Tesla "was also captured on the vehicle's built-in camera."

Facial recognition company Clearview AI notified customers that an intruder had gained "unauthorized access" to its entire list of customers, The Daily Beast reports. From a report: Clearview gained widespread attention in recent weeks after a wave of media coverage, starting with The New York Times in January. The company stands out from others due to its use of a database of over 3 billion photos the firm constructed by scraping images from Facebook, Twitter, Instagram, and other social networks and websites. Clearview sells its product to law enforcement clients particularly in the U.S. The company's app allows a customer to point their phone's camera at a subject, or upload a photo into the system. Then, the system provides links to other photos and related social media profiles of the suspected person online.

New submitter John Trumpian shares a report from Reuters: The U.S. Supreme Court on Monday refused to hear Apple's bid to avoid paying about $440 million in damages for using patent licensing firm VirnetX's internet security technology without permission in features such as FaceTime video calling. The justices rejected Apple's appeal in the long-running case in which a federal jury in 2016 found that Apple had infringed VirnetX's patents and awarded $302 million. A judge later increased that amount to $439.7 million including interest and other costs.

The case dates back to 2010 when Nevada-based VirnetX filed suit in federal court in the Eastern District of Texas accusing Cupertino, California-based Apple of infringing four patents for secure networks, known as virtual private networks, and secure communications links. VirnetX said Apple infringed with its FaceTime and VPN on Demand features in products such as the iPhone and iPad. The U.S. Court of Appeals for the Federal Circuit in Washington, which specializes in patent disputes, upheld the judgment against Apple last year.

Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers. From a report: Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it's active, despite privacy issues that have been raised. "Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a 'don't break the web,' never-cross redline," he wrote. "This spec does that." The debate over the feature percolated last year on mailing lists and in GitHub issues posts and picked up in October when the team working on Chrome's Blink engine declared their intent to implement the specification. The feature rollout serves to illustrate that the consensus-based web standards process doesn't do much to constrain the technology Google deploys.

Google is indexing invite links to WhatsApp group chats whose administrators may want to be private. This means with a simple search, random people can discover and join a wide range of WhatsApp group chats. From a report: "Your WhatsApp groups may not be as secure as you think they are," Jordan Wildon, a multimedia journalist for German outlet Deutsche Welle, tweeted on Friday. Using particular Google searches, people can discover links to the chats, Wildon explained. App reverse-engineer Jane Wong added in a tweet that Google has around 470,000 results for a simple search of "chat.whatsapp.com," part of the URL that makes up invites to WhatsApp groups.

Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn. But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.

Many of us have an overflowing kitchen cupboard of plastic containers to store our leftovers. But as awareness grows over the health and environmental pitfalls of plastic, some consumers may be wondering: Is it time to ditch that stash of old deli containers? From a report: Only 9% of all the plastic waste ever created has been recycled. From its contributions to global heating and pollution, to the chemicals and microplastics that migrate into our bodies, the food chain and the environment, the true cost of this cheap material is becoming more apparent. There are thousands of compounds found in plastic products across the food chain, and relatively little is known about most of them. But what we do know of some chemicals contained in plastic is concerning. Phthalates, for example, which are used to make plastic more flexible and are found in food packaging and plastic wrap, have been found by the Centers for Disease Control and Prevention (CDC) in measurable levels across the US population (including in the body of Guardian journalist Emily Holden). They have been linked to reproductive dysfunction in animal studies and some researchers have suggested [PDF] links to decreased fertility, neurodevelopmental issues and asthma in humans.

BPA, another chemical widely added to food plastics and can linings, has been subject to increasing regulations after studies linked the chemical to neonatal and infant brain and reproductive harm. But BPS and BPF, two common replacements used in products marketed as "BPA-free," may have similar effects to their predecessor: studies out of both the University of Texas and Washington State University found that even at a dose of one part per trillion, BPS could disrupt cell functioning. A 2019 study from New York University linked childhood obesity with BPS and BPF. There are many other chemicals added to plastic during production, and researchers concede that many gaps remain in our understanding of how they affect health and development. But research that is adding to concerns about the "miracle material" is growing.

An anonymous reader quotes the Verge: In December, online coding bootcamp Lambda School quietly partnered with Edly, a digital marketplace that helps schools sell income-sharing agreements (ISAs) to accredited investors. The arrangement allows Lambda to receive money from the ISAs upfront, rather than waiting for students to find jobs. But it also flies in the face of the values Lambda typically espouses: namely, that ISAs align its incentives with the goals and aspirations of the students...

Lambda's ISAs promise an alternative to traditional student loans by allowing students to defer tuition until they've landed a job that pays $50,000 a year or more. When that happens, they hand over 17 percent of their income until the $30,000 tuition is paid off. If students don't find work within five years of completing the program, the ISA is automatically dissolved. It's a business model that allows Lambda to brag about investing in students — which, in many ways, it still does. The school provides living stipends and even housing to some students who need it. But reselling ISAs muddies the narrative a bit since Lambda can make money long before students find jobs...

Shortly after the arrangement was called out on Twitter, following a report by The Verge about some students' disappointment with the curriculum, Edly began taking down pages that referenced the Lambda partnership. Edly did not immediately respond to a request for comment about why these pages were taken down, and Lambda declined to comment on the nature of the partnership at all.
"I wonder why Lambda isn't so keen on seeing discussions about how students are being packed into the same kind of CDOs that brought us the financial crisis," tweeted David Heinemeier Hansson, the creator of Ruby on Rails, who's been tweeting screenshots of Edly's past statements about their ambitions as well as links to Google's cache of Edly's pitches to investors.

Last year Wired reported that nearly half of Lambda's ISAs had at least partly been sold off to investors. They also note that in January of 2019, Lambda "received $30 million from investors including Google Ventures, Y Combinator, and Ashton Kutcher."

The sophistication of the Emotet malware's code base and its regularly evolving methods for tricking targets into clicking on malicious links has allowed it to spread widely. "Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks," reports Ars Technica. From the report: Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations. After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

"With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet's capabilities," researchers from security firm Binary Defense wrote in a recently published post. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords." The Binary Defense post said the new Wi-Fi spreader has a timestamp of April 2018 and was first submitted to the VirusTotal malware search engine a month later. While the module was created almost two years ago, Binary Defense didn't observe it being used in the wild until last month.

Researchers have successfully bypassed the eyes with a brain implant that allows rudimentary vision. MIT Technology Review reports: "Alli," says Bernardeta Gomez in her native Spanish, pointing to a large black line running across a white sheet of cardboard propped at arm's length in front of her. "There." It isn't exactly an impressive feat for a 57-year-old woman -- except that Gomez is blind. And she's been that way for over a decade. When she was 42, toxic optic neuropathy destroyed the bundles of nerves that connect Gomez's eyes to her brain, rendering her totally without sight. She's unable even to detect light. But after 16 years of darkness, Gomez was given a six-month window during which she could see a very low-resolution semblance of the world represented by glowing white-yellow dots and shapes. This was possible thanks to a modified pair of glasses, blacked out and fitted with a tiny camera. The contraption is hooked up to a computer that processes a live video feed, turning it into electronic signals. A cable suspended from the ceiling links the system to a port embedded in the back of Gomez's skull that is wired to a 100-electrode implant in the visual cortex in the rear of her brain.

Using this, Gomez identified ceiling lights, letters, basic shapes printed on paper, and people. She even played a simple Pac-Man-like computer game piped directly into her brain. Four days a week for the duration of the experiment, Gomez was led to a lab by her sighted husband and hooked into the system. Gomez's first moment of sight, at the end of 2018, was the culmination of decades of research by Eduardo Fernandez, director of neuroengineering at the University of Miguel Hernandez, in Elche, Spain. His goal: to return sight to as many as possible of the 36 million blind people worldwide who wish to see again. Fernandez's approach is particularly exciting because it bypasses the eye and optical nerves.

In Google's recent end-of-the-year 2019 financial report, the company for the first time disclosed the revenues for YouTube and its Google Cloud unit. However, as Tom Foremski writes via ZDNet, "Google removed key metrics that have been included for more than 15 years: How much money it makes per click (Cost-per-Click (CPC)) and the growth of paid clicks." From the report: These monetization metrics are typically found on the second page of every quarterly earnings release from Google -- which underscores their importance in a 10-page document. Yet they are missing from the latest Google 2019 Q4 report with no explanation. Clicks are at the heart of Google's business, so why are these metrics no longer viable? And why hasn't this change been noticed widely? Why didn't the Wall Street analysts ask about these missing numbers in the financial call the same day as the report was released? What is Google hiding?

Google has a rapidly deflating advertising product, sometimes 29% less revenue per click, every quarter, year-on-year, year after year. Take a look at this chart: As long as Google can keep growing the blue line -- growth of paid clicks faster than the red line its ad click deflation -- then it is golden. Every three months Google has to find faster ways of expanding the total number of paid clicks by as much as 66%. How is this a sustainable business model? There is an upper limit to how much more expansion in paid links can be found especially with the shift to mobile platforms and the constraints of the display. And what does this say about the effectiveness of Google's ads? They aren't very good and their value is declining at an astounding and unstoppable pace.

John Gruber: Ten years ago today, Steve Jobs introduced the iPad on stage at the Yerba Buena theater in San Francisco. [...] Ten years later, though, I don't think the iPad has come close to living up to its potential. [...] Software is where the iPad has gotten lost. iPadOS's "multitasking" model is far more capable than the iPhone's, yes, but somehow Apple has painted it into a corner in which it is far less consistent and coherent than the Mac's, while also being far less capable. iPad multitasking: more complex, less powerful. That's quite a combination.

Consider the basic task of putting two apps on screen at the same time, the basic definition of "multitasking" in the UI sense. To launch the first app, you tap its icon on the homescreen, just like on the iPhone, and just like on the iPad before split-screen multitasking. Tapping an icon to open an app is natural and intuitive. But to get a second app on the same screen, you cannot tap its icon. You must first slide up from the bottom of the screen to reveal the Dock. Then you must tap and hold on an app icon in the Dock. Then you drag the app icon out of the Dock to launch it in a way that it will become the second app splitting the display. But isn't dragging an icon out of the Dock the way that you remove apps from the Dock? Yes, it is -- when you do it from the homescreen.

So the way you launch an app in the Dock for split-screen mode is identical to the way you remove that app from the Dock. Oh, and apps that aren't in the Dock can't become the second app in split screen mode. What sense does that limitation make? On the iPhone you can only have one app on screen at a time. The screen is the app; the app is the screen. This is limiting but trivial to understand. [...] On iPad you can only have two apps on screen at the same time, and you must launch them in entirely different ways -- one of them intuitive (tap any app icon), one of them inscrutable (drag one of the handful of apps you've placed in your Dock). And if you don't quite drag the app from the Dock far enough to the side of the screen, it launches in "Slide Over", an entirely different shared-screen rather than split-screen mode. The whole concept is not merely inconsistent, it's incoherent. How would anyone ever figure out how to split-screen multitask on the iPad if they didn't already know how to do it?

[...] As things stand today, I get a phone call from my mom once a month or so because she's accidentally gotten Safari into split-screen mode when tapping links in Mail or Messages and can't get out. I like my iPad very much, and use it almost every day. But if I could go back to the pre-split-screen, pre-drag-and-drop interface I would. Which is to say, now that iPadOS has its own name, I wish I could install the iPhone's one-app-on-screen-at-a-time, no-drag-and-drop iOS on my iPad Pro. I'd do it in a heartbeat and be much happier for it. The iPad at 10 is, to me, a grave disappointment. Not because it's "bad", because it's not bad -- it's great even -- but because great though it is in so many ways, overall it has fallen so far short of the grand potential it showed on day one. To reach that potential, Apple needs to recognize they have made profound conceptual mistakes in the iPad user interface, mistakes that need to be scrapped and replaced, not polished and refined. I worry that iPadOS 13 suggests the opposite -- that Apple is steering the iPad full speed ahead down a blind alley. Further reading: The iPad's original software designer and program lead look back on the device's first 10 years.

Slashdot reader SmartAboutThings writes: While Microsoft Edge is right on track to replace Internet Explorer, it seems that the last one is a bigger security liability then you may think. In a newly released advisory, the Cybersecurity and Infrastructure Security Agency (CISA) [an agency within America's Department of Homeland Security] is warning users about an IE vulnerability.

To keep your personal data safe and don't expose your PC to dangerous malware, the agency further recommends "Consider using Microsoft Edge or an alternate browser until patches are made available." As a reminder, this is not the first international agency that ranks IE's security very low, as Germany's BSI shared a couple of months back a similar study.
Lifehacker's senior technology editor notes that the new vulnerability affects "various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server).

"The bad news is that Microsoft won't likely patch this problem until February -- when the next major batch of security updates hits." But they offer a work-around of their own until then which involves opening an administrative command prompt to restrict access to the deprecated JScript library used by the exploit.

Otherwise, don't click on links from strangers, and if you're using IE switch to Edge. And Microsoft explains what will happen if you used Internet Explorer to visit a web site designed to exploit the vulnerability. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Google's latest design change to its search results received blowback from some who said it blurred the lines between search ads and regular search results. On Friday, Google responded, saying it will be experimenting with different designs, some that will not include the icons that make ads look similar to those organic search results. From a report: As part of a recent redesign to desktop search results, the company made paid links look more like the unpaid search results users see. The word "Ad" in bold text appears next to the advertisements, which typically appear as the first few results in a search and are therefore more likely to be clicked on and generate ad revenue for Google.

Kim Lyons, writing for The Verge: Google added tiny favicon icons to its search results this week for some reason, creating more clutter in what used to be a clean interface, and seemingly without actually improving the results or the user experience. The company says it's part of a plan to make clearer where information is coming from, but how? In my Chrome desktop browser, it feels like an aggravating, unnecessary change that doesn't actually help the user determine how good, bad, or reputable an actual search result might be. Yes, ads are still clearly marked with the word "ad," which is a good thing. But do I need to see Best Buy's logo or AT&T's blue circle when I search for "Samsung Fold" to know they're trying to sell me something? Google says the favicon icons are "helping searchers better understand where information is coming from, more easily scan results & decide what to explore."

If you don't care for the new look, Google has instructions on how to change or add a favicon to search results. Lifehacker also has instructions on how to apply filters to undo the favicon nonsense.

An anonymous reader quotes a report from Wired: Twitch has been and remains home to illicit sports broadcasts; a late December boxing match attracted over 86,000 viewers -- some of whom spammed ASCII genitalia in chat -- and a mid-January soccer match drew over 70,000 over three livestreams. Although Twitch often stomps them out mid-match, plenty of livestreams posted by throwaway accounts with innocuous names like "Untitled" slip through the cracks and garner tens of thousands of viewers. As the value of sports media rights has climbed to over $20 billion, copyright holders have more incentive than ever to guard their treasure. Yet piracy persists, in part because it's so burdensome for copyright holders to catch it. Stream aggregation site FirstRow Sports lays out a buffet of illicit livestreams for games ranging from ice hockey to basketball and attracts over 300,000 daily visitors, according to data from web analytics firm SimilarWeb. In January 2019 alone, sports fans accessed sports piracy sites 362.7 million times, according to data from digital piracy research firm Muso. On Discord, anonymous benefactors distribute links to soccer livestreams like handfuls of pigeon feed at the park. Once a stream is taken down, another immediately manifests. It's like 40 games of Whac-A-Mole simultaneously taking place in 40 adjacent arcades.

Increasingly, those links lead to Twitch, whose credentials as a mainstream platform make it a relatively safe option -- especially after Reddit shut down the popular soccer piracy subreddit r/soccerstreams. "The older days of streams (5+ years ago) was [sic] littered with ads and viruses," says a soccer stream Discord moderator who goes by Tom. "even though it is considered illegal, I see it being the same as watching porn and being under 18." He adds that some of the hairier-looking piracy sites are still more popular, offer higher-quality streams, and have live chats that utilize Twitch chats' code. Twitch's DMCA guidelines specify that copyright owners can submit takedown requests, and asks the people who submit them to add a "statement under penalty of perjury" that they're authorized to act on behalf of the copyright owner. Occasionally, media companies file claims to Twitch impacting legitimate streamers who commentate over or react to games, television, or YouTube clips. Copyright holders can also choose to sue, as the third-largest internet company in Russia did against Twitch in December for broadcasting an English Premier League streams. It's a rare escalation, and one that underscores how serious an issue Twitch sports piracy has become. Twitch "only provides users access to the platform, does not post its own content, cannot change the content posted by users, or track possible violations of rights," says Twitch lawyer Yuliana Tabastayeva.

The live streaming service said it will "continue to, as has always been the case, effectively and swiftly address any violation of its terms of service with the removal of unlicensed copyrighted content."

An anonymous reader quotes a report from VentureBeat: Verizon Media, the media and digital offshoot of telecommunications giant Verizon, has launched a "privacy-focused" search engine called OneSearch. With OneSearch, Verizon promises there will be no cookie tracking, no ad personalization, no profiling, no data-storing, and no data-sharing with advertisers.

With its default dark mode, OneSearch lets you know that Advanced Privacy Mode is activated. You can manually toggle this mode to the "off" position which returns a brighter interface, but with this setting deactivated you won't have access to privacy features such as search-term encryption. With Advanced Privacy Mode on, links to search results will only be shareable for an hour, after which time they will "self-destruct" and return an error to anyone who clicks on it. More broadly, the OneSearch interface is clean and fairly familiar to anyone who has used a search engine before. But at its core, it promises to show the same search results to everyone given that it's not tailored to the individual. In the OneSearch privacy policy, Verizon says it it will store a user's IP address, search query, and user agent on different servers so that it can't draw correlations between a user's specific location and the query that they've made.

"Verizon said that it will monetize its new search engine through advertising; however, the advertising won't be based on browsing history or data that personally identifies the individual -- it will only serve contextual advertisements based on each individual search," reports VentureBeat. OneSearch is currently available on desktop and mobile web, with mobile apps coming later this month.

Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: [...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.

Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.

Dan Rockmore, writing for New Yorker: There are more resonances between programming and poetry than you might think. Computer science is an art form of words and punctuation, thoughtfully placed and goal-oriented, even if not necessarily deployed to evoke surprise or longing. Laid out on a page, every program uses indentations, stanzas, and a distinctive visual hierarchy to convey meaning. In the best cases, a close-reader of code will be rewarded with a sense of awe for the way ideas have been captured in words. Programming has its own sense of minimalist aesthetics, born of the imperative to create software that doesn't take up much space and doesn't take long to execute. Coders seek to express their intentions in the fewest number of commands; William Carlos Williams, with his sparse style and simple, iconic images, would appreciate that. One poet's "road not taken" is one programmer's "if-then-else" statement. Generations of coders have taken their first steps by finding different ways to say "Hello, World." Arguably, you could say the same for poets.

Many programmers have links to poetry -- Ada Lovelace, the acknowledged first programmer ever, was Lord Byron's daughter -- but it's a challenge to fully bridge the gap. Sonnets occupy something of a sweet spot: they're a rich art form (good for poets) with clear rules (good for machines). Ranjit Bhatnagar, an artist and programmer, appreciates both sides. In 2012, he invented Pentametron, an art project that mines the Twittersphere for tweets in iambic pentameter. First, using a pronouncing dictionary created at Carnegie Mellon, he built a program to count syllables and recognize meter. Then, with a separate piece of code to identify rhymes, he started to assemble sonnets. For the first National Novel Generation Month (NaNoGenMo), in 2013, Bhatnagar submitted "I got a alligator for a pet!," a collection of five hundred and four sonnets created with Pentametron. Bhatnagar's code required that each line be an entire tweet, or essentially one complete thought (or at least what counts as a thought on Twitter). It also did its best to abide by strict rules of meter and rhyme.

A new leak of more than 100,000 documents from Cambridge Analytica's work in 68 different countries "will lay bare the global infrastructure of an operation used to manipulate voters on 'an industrial scale,'" writes the Guardian.

Long-time Slashdot reader Freshly Exhumed shares their report: The release of documents began on New Year's Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoenaed by Robert Mueller's investigation into Russian interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month's election in Britain. "It's so abundantly clear our electoral systems are wide open to abuse," she said. "I'm very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible."

The documents were retrieved from her email accounts and hard drives, and though she handed over some material to parliament in April 2018, she said there were thousands and thousands more pages which showed a "breadth and depth of the work" that went "way beyond what people think they know about 'the Cambridge Analytica scandal....'" Kaiser said the Facebook data scandal was part of a much bigger global operation that worked with governments, intelligence agencies, commercial companies and political campaigns to manipulate and influence people, and that raised huge national security implications.