U.S. retailers including Walmart will add "Do Not Sell My Info" links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, Reuters reported Tuesday citing sources. From the report: Others like Home Depot will allow shoppers not just in California but around the country to access such information online. At its California stores, Home Depot will add signs, offer QR codes so shoppers can look up information using their mobile devices and train store employees to answer questions. Large U.S retailers are rushing to comply with a new law, the California Consumer Privacy Act (CCPA), which becomes effective at the start of 2020 and is one of the most significant regulations overseeing the data collection practices of U.S. companies. It lets shoppers opt out of allowing retailers and other companies to sell personal data to third parties. In addition to retailers, the law affects a broad swath of firms including social media platforms such as Facebook and Alphabet's Google, advertisers, app developers, mobile service providers and streaming TV services, and is likely to overhaul the way companies benefit from the use of personal information.

Forty million Californians "will soon have sweeping digital-privacy rights stronger than any seen before in the U.S.," reports the Associated Press, saying the new law taking effect Wednesday "might end up serving as a de facto national standard."

"Early signs of compliance have already started cropping up in the form of 'Don't sell my personal information' links at the bottom of many corporate websites..." But there are catches galore. The law -- formally known as the California Consumer Privacy Act, or CCPA -- seems likely to draw legal challenges, some of which could raise constitutional objections over its broad scope. It's also filled with exceptions that could turn some seemingly broad protections into coarse sieves, and affects only information collected by business, not government. For instance, if you're alarmed after examining the data that Lyft holds on you, you can ask the company to delete it. Which it will legally have to do -- unless it claims some information meets one of the law's many exceptions, among them provisions that allow companies to continue holding information needed to finish a transaction or to keep it in a way you'd "reasonably expect" them to. "It's more of a 'right to request and hope for deletion,'" says Joseph Jerome, a policy director at privacy group Common Sense Media/Kids Action.

A more fundamental issue, though, is that Californians are largely on their own in figuring out how to make use of their new rights. To make the law effective, they'll need to take the initiative to opt out of data sales, request their own information, and file for damages in the case of data breaches... State residents who do make that effort, but find that companies reject their requests or offer only halting and incomplete responses, have no immediate legal recourse. The CCPA defers enforcement action to the state attorney general, who won't be empowered to act until six months after the law takes effect.

When the state does take action, though, it can fine businesses up to $7,500 for each violation of the law -- charges that could quickly add up depending on how many people are affected...

Among other limitations, the law doesn't really stop companies from collecting personal information or limit how they store it. If you ask a company to delete your data, it can start collecting it again next time you do business with it.
The article also provides another example of "unintended consequences and even corporate attempts to discourage people from using the law.

"The job-search site Indeed.com, for instance, now explains that when anyone opts out of data sales under CCPA, it will also ask them to delete their associated accounts and all personal information."

Mac developer Michael Tsai reports that Apple News no longer supports RSS. The news comes from user David A. Desrosiers, who writes: Apple News on iOS and macOS no longer supports adding RSS or ATOM feeds from anywhere. Full-stop, period. It will immediately fetch, then reject those feeds and fail to display them, silently without any message or error. I can see in my own server's log that they make the request using the correct app on iOS and macOS, but then ignore the feed completely; a validated, clean feed. They ONLY support their own, hand-picked, curated feeds now. You can visit a feed in Safari, and it will prompt you to open the feed in Apple News, then silently ignore that request, after fetching the full feed content from the remote site. Simon Willison, creator of Datasette and co-creator of Django, points out that Apple News still hijacks links to Atom/RSS feeds -- "so if you click on one of those links in Mobile Safari you'll be bounced to the News app, which will then display an error."

Europe's highest court on Thursday ruled that the exhaustion of copyright does not apply to e-books. "The court says that offering 'second-hand' e-books for sale qualifies as an unauthorized 'communication to the public' under the 2001 InfoSec Directive," reports World IP Review. Not only could this ruling have implications for the book industry, but for the digital film, gaming and music sectors too. From a report: The case involves a Dutch startup called Tom Kabinet, which has since 2014 been trying to make second-hand ebooks a thing. At first, it simply tried to run a second-hand ebook market, but publishers took it to court and won a ruling saying Tom Kabinet had to make sure it wasn't selling pirated copies of ebooks. So the firm rethought its strategy and morphed into a kind of book club. Now even that model has been ruled illegal.

Tom Kabinet's users "donate" the download links for the ebooks they have bought from standard retailers like Kobo and ebooks.com, in exchange for credits that can be used to buy other ebooks from Tom Kabinet. (Obviously this doesn't work with ebooks from Amazon, which does not use download links in its system.) The idea is that using the original links ensures the ebooks have been legitimately bought in the first place, and that the same copy isn't being placed on the platform multiple times. The Dutch publishing industry was still not impressed, and asked a district court in The Hague for an injunction against Tom Kabinet's activities. The district court asked the Court of Justice of the European Union for its opinion, which arrived Thursday. The EU court essentially said Tom Kabinet was breaking European copyright law.

Tom Kabinet's defense was that the so-called "rule of exhaustion" should apply when it comes to second-hand ebooks, as it does with paper books -- in other words, after the ebook has been sold the first time, the publisher no longer has a right to control how it is traded. (This is known as the "first sale doctrine" in the U.S.) The exhaustion principle is part of European copyright law, but the Court of Justice said the lawmakers had only intended it to apply to physical books. The court said the rule would be unfair in the ebook world, because "digital copies of ebooks do not deteriorate with use and are, therefore, perfect substitutes for new copies on any second-hand market."

Android Authority argues that the new Microsoft Chromium Edge browser "is full of neat tricks" and "packs more features than Firefox": The final major feature is called Apps. Essentially, Apps allows you to download and install web pages and web apps for use without the Edge browser. Previously, you had to find these dedicated web apps via the Microsoft Store, but now Edge handles downloading and managing web apps all in the browser. For example, you can download the Twitter web app via Edge just by visiting the Twitter website and clicking "install this site as an app" from the settings menu. Once installed, you can run the webpage as an app directly from your desktop, taskbar, or start menu like any other piece of software. It's like saving links only better, as some web apps can run offline too. Alternatively, you can install the Android Authority webpage and run it as an app to catch up with the latest news without having to boot up Edge each time. It's pretty neat and something that I intend to use more often.

Overall, Edge offers everything you'll want in a web browser and more. Microsoft finally feels on the cutting edge of the internet.
The browser does have a smaller range of supported extensions, but you can also manually install Chrome extensions, according to the article. It adds that Microsoft Edge Chromium "typically uses just 70 to 75 percent of the RAM required by Chrome [and] is even more lightweight than Firefox."

And while acknowledging that Microsoft's Windows 10 "has its share" of telemetry issues, the article adds that "at no point during my couple of weeks with Edge have I noticed it thrashing my hard drive.

"Chrome has a habit of scanning various files on my computer, despite opting out of all the available data sharing options. This isn't great for system performance and raises obvious security questions."

Anil Dash: We don't even notice it anymore -- "link in bio." It's a pithy phrase, usually found on Instagram, which directs an audience to be aware that a pertinent web link can be found on that user's profile. Its presence is so subtle, and so pervasive, that we barely even noticed it was an attempt to kill the web. Links on the web are incredibly powerful. There are decades of theory behind the role of hyperlinks in hypertext -- did you know in most early versions, links were originally designed to be two-way? You'd be able to see every page on the web that links to this one. But even in the very simple form that we've ended up with on the World Wide Web for the last 30 years, links are incredibly powerful, opening up valuable connections between unexpected things.

For a closed system, those kinds of open connections are deeply dangerous. If anyone on Instagram can just link to any old store on the web, how can Instagram -- meaning Facebook, Instagram's increasingly-overbearing owner -- tightly control commerce on its platform? If Instagram users could post links willy-nilly, they might even be able to connect directly to their users, getting their email addresses or finding other ways to communicate with them. Links represent a threat to closed systems. Here's the thing, though: people like links. So closed systems have to present a pressure release valve. Hashtags are a great way out. They use the semiotics of links (early versions of hashtags on social platforms were really barely more than automated links to a search for a particular term) but are also constrained by the platforms they live on. A hashtag is easier to gather into a database, to harvest, to monetize. It's much easier, sure, but it also doesn't have all the messiness of a real link. Instagram doesn't have to worry that clicking on its hashtags will accidentally lead people to Twitter, or vice versa.

The Pirate Bay may be about to fully launch a brand new feature that will let you stream videos in your browser. TorrentFreak reports: As the image below shows, in addition to the familiar magnet and trusted uploader icons displayed alongside video and TV show releases, the site also features a small orange 'B' graphic. In some cases (but currently not all), pressing these buttons when they appear next to a video release diverts users to a new platform called BayStream. Here, the chosen content can be streamed directly in the browser using a YouTube-style player interface.

Loading times appear swift when the content is actually available and as the screenshot below shows, the material appears to be sourced, at least in some cases, from torrent releases. The new feature appears to be in its early stages of development and in tests doesn't always perform as planned. In particular, accessing the 'B' links using various Pirate Bay 'proxy' sites can cause them to break with various errors. Nevertheless, when things go to plan (usually when selecting more popular content) the system appears effective. [...] The big question, perhaps, is whether this is a Pirate Bay-operated platform or one run by outsiders. The familiar 'Kopimi' logo at the bottom suggests that it could be someone who supports the 'pirate' movement but anyone can use the image freely, so that's not the best pointer.

An anonymous reader shares a report: Verizon, which bought Yahoo in 2017, has suspended email addresses of archivists who are trying to preserve 20 years of content that will be deleted permanently in a few weeks. As Verizon announced in October, the company intends to wipe all content from Yahoo Groups. As of December 14, all previously posted content on the site will be permanently removed. The mass deletion includes files, polls, links, photos, folders, database, calendar, attachments, conversations, email updates, message digests, and message histories that was uploaded to Yahoo servers since pre-Google 1990s. Verizon planned to allow users to download their own data from the site's privacy dashboard, but apparently it has a problem with the work of The Archive Team who wants to save content to upload it to the non-profit Internet Archive, which runs the popular Wayback Machine site.

"Yahoo banned all the email addresses that the Archive Team volunteers had been using to join Yahoo Groups in order to download data," reported the Yahoo Groups Archive Team. "Verizon has also made it impossible for the Archive Team to continue using semi-automated scripts to join Yahoo Groups -- which means each group must be rejoined one by one, an impossible task (redo the work of the past four weeks over the next 10 days)."

In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming -- and 57 years later, he's still working on it. But he's finally released The Art of Computer Programming, Volume 4, Fascicle 5: Mathematical Preliminaries Redux; Introduction to Backtracking; Dancing Links.

An anonymous reader writes: On his personal site at Stanford, 81-year-old Donald Knuth promised this newly-released section "will feature more than 650 exercises and their answers, designed for self-study," and he shared an excerpt from "the hype on its back cover":

This fascicle, brimming with lively examples, forms the first third of what will eventually become hardcover Volume 4B. It begins with a 27-page tutorial on the major advances in probabilistic methods that have been made during the past 50 years, since those theories are the key to so many modern algorithms. Then it introduces the fundamental principles of efficient backtrack programming, a family of techniques that have been a mainstay of combinatorial computing since the beginning.

This introductory material is followed by an extensive exploration of important data structures whose links perform delightful dances. That section unifies a vast number of combinatorial algorithms by showing that they are special cases of the general XCC problem --- "exact covering with colors." The first fruits of the author's decades-old experiments with XCC solving are presented here for the first time, with dozens of applications to a dazzling array of questions that arise in amazingly diverse contexts...

Knuth is still offering his famous hexadecimal reward checks (now referred to as "reward certificates," since they're drawn on the imaginary Bank of San Serriffe) to any reader who finds a technical (or typographical) error. "Of course those exercises, like those in Fascicle 6, include many cutting-edge topics that weren't easy for me to boil down into their essentials. So again I'm hoping to receive 'Dear Don' letters...either confirming that at least somebody besides me believes that I did my job properly, or pointing out what I should really have said...."

And to make it easier he's even shared a list of the exercises where he's still "seeking help and reassurance" about the correctness of his answers. "Let me reiterate that you don't have to work the exericse first. You're allowed to peek at the answer; indeed, you're encouraged to do so, in order to verify that the answer is 100% correct."

Researchers at Valimail found that only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks. TechCrunch reports: Researchers at Valimail, which has a commercial stake in the email security space, looked at the largest three electoral districts in each U.S. state, and found only 10 out of 187 domains were protected with DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects fraudulent or spoofed emails. DMARC, when enabled and properly enforced, rejects fake emails that hackers design to spoof a genuine email address by sending to spam or bouncing it from the target's inbox altogether. Hackers often use spoofed emails to try to trick victims into opening malicious links from people they know.

But the research found that although DMARC is enabled on many domains, it's not properly enforced, rendering its filtering efforts largely ineffective. The researchers said 66% of the district election-related domains had no DMARC entry at all, while 28% had either a valid DMARC entry but no enforcement, or an invalid DMARC entry altogether. [...] The worry is that attackers could use the lack of DMARC to impersonate legitimate email addresses to send targeted phishing or malware in order to gain a foothold on election networks or launch attacks, steal data or delete it altogether, a move that would potentially disrupt the democratic process.

Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats during the 2016 election. From a report: Out of the 21 presidential candidates in the race, according to Reuters, only seven Democrats are using and enforcing DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects spoofed emails, which hackers often use to try to trick victims into opening malicious links from seemingly known individuals. It's a marked increase from April, where only Elizabeth Warren's campaign had employed the technology. Now, the Democratic campaigns of Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have all improved their email security. The remaining candidates, including presidential incumbent Donald Trump, are not rejecting spoofed emails. Another seven candidates are not using DMARC at all.

Brian Krebs: Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Earlier this month, KrebsOnSecurity received an email from a researcher who said he got a .gov domain simply by filling out and emailing an online form, grabbing some letterhead off the homepage of a small U.S. town that only has a ".us" domain name, and impersonating the town's mayor in the application.

"I used a fake Google Voice number and fake Gmail address," said the source, who asked to remain anonymous for this story but who said he did it mainly as a thought experiment. "The only thing that was real was the mayor's name." The email from this source was sent from exeterri[.]gov, a domain registered on Nov. 14 that at the time displayed the same content as the .us domain it was impersonating -- town.exeter.ri.us -- which belongs to the town of Exeter, Rhode Island (the impostor domain is no longer resolving). "I had to [fill out] 'an official authorization form,' which basically just lists your admin, tech guy, and billing guy," the source continued. "Also, it needs to be printed on 'official letterhead,' which of course can be easily forged just by Googling a document from said municipality. Then you either mail or fax it in. After that, they send account creation links to all the contacts."

An anonymous reader quotes a report from The New York Times: The Trump administration is preparing to significantly limit the scientific and medical research that the government can use to determine public health regulations, overriding protests from scientists and physicians who say the new rule would undermine the scientific underpinnings of government policymaking. A new draft of the Environmental Protection Agency proposal, titled Strengthening Transparency in Regulatory Science, would require that scientists disclose all of their raw data, including confidential medical records, before the agency could consider an academic study's conclusions. E.P.A. officials called the plan a step toward transparency and said the disclosure of raw data would allow conclusions to be verified independently.

The measure would make it more difficult to enact new clean air and water rules because many studies detailing the links between pollution and disease rely on personal health information gathered under confidentiality agreements. And, unlike a version of the proposal that surfaced in early 2018, this one could apply retroactively to public health regulations already in place. [...] [The draft] shows that the administration intends to widen its scope, not narrow it. The previous version of the regulation would have applied only to a certain type of research, "dose-response" studies in which levels of toxicity are studied in animals or humans. The new proposal would require access to the raw data for virtually every study that the E.P.A. considers. "E.P.A. is proposing a broader applicability," the new regulation states, saying that open data should not be limited to certain types of studies. Most significantly, the new proposal would apply retroactively. A separate internal E.P.A. memo viewed by The New York Times shows that the agency had considered, but ultimately rejected, an option that might have allowed foundational studies like Harvard's Six Cities study to continue to be used. Harvard's Six Cities study is a 1993 project that "definitively linked polluted air to premature deaths" and is "currently the foundation of the nation's air-quality laws," the report says.

"When gathering data for their research, known as the Six Cities study, scientists signed confidentiality agreements to track the private medical and occupational histories of more than 22,000 people in six cities. They combined that personal data with home air-quality data to study the link between chronic exposure to air pollution and mortality. But the fossil fuel industry and some Republican lawmakers have long criticized the analysis and a similar study by the American Cancer Society, saying the underlying data sets of both were never made public, preventing independent analysis of the conclusions."

Is it the web page that's slow or is it your network connection? In the future, Google's Chrome web browser may have an answer for you. From a report: Google announced today a plan to identify and label websites that typically load slowly by way of clear badging. The company says it may later choose to identify sites that are likely to be slow based on the user's device and current network conditions, as well. Google hasn't yet determined how exactly the slow websites will be labeled, but says it may experiment with different options to see which makes the most sense. For example, a slow-loading website may show a "Loading..." page that includes a warning, like a caution icon and text that reads "usually loads slow." Meanwhile, a fast website may display a green progress indicator bar at the top of the page instead of a blue one. And for links, Chrome may use the context menu to help users know if the site will be slow so you can decide whether or not you want to click.

The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after "Send this page" widely rolled in September. With "click-to-call," you can right-click on phone number links -- like tel:800-800-8000 -- to have them sent to your Android device. It's quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking "Settings" at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app. Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a "crisp, lower-latency experience."
- You'll be warned when using a Linux app that does not support virtual keyboard in tablet mode.

The operator of the Wayback Machine allows Wikipedia's users to check citations from books as well as the web. From a report: The reason people rely on Wikipedia, despite its imperfections, is that every claim is supposed to have citations. Any sentence that isn't backed up with a credible source risks being slapped with the dreaded "citation needed" label. Anyone can check out those citations to learn more about a subject, or verify that those sources actually say what a particular Wikipedia entry claims they do -- that is, if you can find those sources. It's easy enough when the sources are online. But many Wikipedia articles rely on good old-fashioned books. The entry on Martin Luther King Jr., for example, cites 66 different books. Until recently, if you wanted to verify that those books say what the article says they say, or if you just wanted to read the cited material, you'd need to track down a copy of the book. Now, thanks to a new initiative by the Internet Archive, you can click the name of the book and see a two-page preview of the cited work, so long as the citation specifies a page number.

You can also borrow a digital copy of the book, so long as no else has checked it out, for two weeks -- much the same way you'd borrow a book from your local library. (Some groups of authors and publishers have challenged the archive's practice of allowing users to borrow unauthorized scanned books. The Internet Archive says it seeks to widen access to books in "balanced and respectful ways.") So far the Internet Archive has turned 130,000 references in Wikipedia entries in various languages into direct links to 50,000 books that the organization has scanned and made available to the public. The organization eventually hopes to allow users to view and borrow every book cited by Wikipedia, with the ultimate goal being to digitize every book ever published.

A state-linked Chinese hacking group is using malware to steal SMS text messages from high-ranking military and government targets, according to cybersecurity company FireEye. From a report: The hacking technology, known as MESSAGETAP, "allows China to efficiently steal data from multitudes of sources from one location," Steven Stone, FireEye's director of advanced practices, said in a statement. "Espionage-related theft and intrusions have been long occurring, but what is new is the vast scale due to the use of this tool." The company's finding, released in a blog on Thursday, underscores the growing concerns about China's use of technology for espionage and the theft of intellectual property. Telecommunications pose a special concern, as the U.S. seeks to persuade its allies not to build their next-generation networks with tools from Chinese companies such as Huawei. But even in networks that China hasn't built, sophisticated hacking operations might allow access to data. In 2019 alone, FireEye observed eight attempts to target telecommunications entities by groups with suspected links to the Chinese government. Four of these hacking attempts were conducted by the group known as APT41 that is now using MESSAGETAP.

A year ago, Google rolled out ".new" links that worked like shortcuts to instantly create new Google documents. For example, you could type "doc.new" (without the quotes) to create a new Google Doc or "sheet.new" to create a new spreadsheet. Today, Google announced it's bringing the .new shortcuts to the rest of the web. From a report: Now, any company or organization can register their own .new domain to generate a .new shortcut that works with their own web app. Several have already done so, including Microsoft, which now has "word.new" to start a new word document, or Spotify, which has "playlist.new" to start adding songs to a new playlist on its streaming app. The domains are designed to get users straight to the action. That is, instead of having to visit a service, sign in, then find the right menu or function, they could just start creating. However, some of today's new domains aren't quite as seamless as Google's own.

Facebook on Monday removed nearly 200 newly discovered fake accounts linked separately to Iran and to Russia's Internet Research Agency. The takedowns demonstrate that foreign influence operations are already targeting the 2020 election, but provide evidence that Russia's notorious troll farm is struggling to regain anything close to the influence in held in 2016. The Daily Beast reports: The new wave of takedowns targeted separate networks of deceptive accounts created by Iran and Russia, including dozens of fake Facebook organization pages. In a press call, Facebook founder Mark Zuckerberg said the takedowns show the company has come far since getting caught flat-footed in 2016. "The fact that we've identified them proactively should provide some confidence that our systems here are working," Zuckerberg said. The Russian accounts were far more focused on U.S. domestic issues, but in terms of sheer numbers and longevity, the Iranian effort outstripped Russia. The Iranian accounts included 21 Instagram accounts and 135 fake Facebook accounts propping up 26 phony organization pages and four Facebook groups. More than 90 of the accounts were primarily focused on U.S. readers, with the others mostly targeting Latin America. The accounts largely pushed links to Iranian propaganda on state-run news outlets, according to Facebook.

As with past takedowns, the company's announcement only identified a handful of the Iranian personas. Of those, though, one stands out as eerily reminiscent of Russia's 2016 efforts -- a Facebook page called "BLMnews" that purported to be a news site covering the Black Lives Matters movement. The page had a meager 45 followers, and, according to Facebook, was devoted to driving traffic to an associated website that's been operating since August 2016, according to Internet registration records. Russia's Internet Research Agency ran similar sites and Facebook pages during and after the 2016 election season, some with sizable followings. But so far the Saint Petersburg troll farm appears to have a long way to go. Of the 50 accounts banned by Facebook on Monday, all but one were on Instagram alone, with no Facebook presence at all. The Russian operation appears to be in the early stages, Facebook said. "They're still trying to build their audience, and they put significant operation security into concealing who they were," said company cybersecurity chief Nathaniel Gleicher in Monday's press call.

Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."