"Apple, which often positions itself as a champion of privacy and human rights, is sending some IP addresses from users of its Safari browser on iOS to Chinese conglomerate Tencent -- a company with close ties to the Chinese Communist Party," reports the Reclaim the Net blog: Apple admits that it sends some user IP addresses to Tencent in the "About Safari & Privacy" section of its Safari settings.... The "Fraudulent Website Warning" setting is toggled on by default which means that unless iPhone or iPad users dive two levels deep into their settings and toggle it off, their IP addresses may be logged by Tencent or Google when they use the Safari browser. However, doing this makes browsing sessions less secure and leaves users vulnerable to accessing fraudulent websites...

Even if people install a third-party browser on their iOS device, viewing web pages inside apps still opens them in an integrated form of Safari called Safari View Controller instead of the third-party browser. Tapping links inside apps also opens them in Safari rather than a third-party browser. These behaviors that force people back into Safari make it difficult for people to avoid the Safari browser completely when using an iPhone or iPad.
Engadget adds that it's "not clear" whether or not Tencent is actually collecting IP addresses from users outside of China. ("You'll see mention of the collection in the U.S. disclaimer, but that doesn't mean it's scooping up info from American web surfers.")

But Reclaim the Net points out that the possibility is troubling, in part because Safari is the #1 most popular mobile internet browser in America, with a market share of over 50%.

An anonymous reader writes: TED Conferences has its own educational YouTube channel (now with 10 million subscribers and over 1.5 billion views). Two weeks ago it launched a 10-episode animated series about computer programming, and its first episode -- The Prison Break -- has already been viewed nearly a quarter of a milllion times.

In the 7-minute video, a programmer wakes up in a prison cell -- with total amnesia -- and discovers a "mysterious stranger" squeezing through the jail cell's bars. It's a floating anthropomorphic drone, saying it needs the programmer's help to rescue a dystopian future world "in turmoil. Robots have taken over." The video introduces the computer programming concept of a loop -- since escaping the jail cell involves testing a key in every possible position. And the video's page on the TED-Ed web site offers links to related resources from Code.org and Free Code Camp, as well as from Advent of Code, "which is run by Eric Wastl, who consulted extensively on Think Like a Coder and inspired quite a few of the puzzles."

The episode ends with the programmer dangling from the flying drone, off on an attempt to recover three artifacts -- nodes of memory, power, and creation -- that are currently being used for "nefarious purposes."

Pinterest says it's using machine learning techniques to identify and hide content that displays, rationalizes, or encourages self-injury. The company says it has achieved an 88% reduction in reports of self-harm content by users and that it's now able to remove such content 3 times faster. From a report: Additionally, over 4,600 search terms and phrases related to self-harm have been removed from the platform, Pinterest says, and links to free and confidential support from expert resources are now more prominently displayed to members who search for those keywords. People showing signs of distress now see the resources directly in their boards (i.e., home screens), an approach Pinterest says was developed with guidance from outside emotional health experts at the National Suicide Prevention Lifeline, Vibrant Emotional Health, and Samaritans. Elsewhere, Pinterest this morning broadened the rollout of the emotional well-being interactive practices and exercises it introduced in the U.S. through its iOS app earlier this year.

An anonymous reader shares a report from The New York Times: On Thursday, New York City transformed one of its most congested streets into a "busway" that delighted long frustrated bus riders and transit advocates but left many drivers and local businesses fuming that the city had gone too far. Passenger cars, including taxis and Ubers, were all but banned from 14th Street, a major crosstown route for 21,000 vehicles a day that links the East and West Sides of Manhattan. It was New York's most ambitious stand yet against cars since the first pedestrian plazas were carved out of asphalt more than a decade ago. Roads that were once the exclusive domain of cars have been squeezed to make way for bike and bus-only lanes. Prime parking spots have been turned into urban green spaces. Traffic lights give pedestrians a head start crossing intersections. And making a vital artery nearly off limits to cars could be the beginning of a new wave of sweeping moves. "From now on, drivers are allowed onto 14th Street only to make deliveries and pick up and drop off passengers from 6 a.m. to 10 p.m., seven days a week," the report adds. "They can travel just a block or two before they have to turn right off the street. No left turns are allowed. The police will give out warnings at first and surveillance cameras will be watching."

An anonymous reader quotes ZDNet: A massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already... But the YouTube car community wasn't the only one targeted. Other YouTube creators also reported having their accounts hijacked last week, and especially over [last] weekend, with tens of complaints flooding Twitter and the YouTube support forum.

The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials... Some users reported receiving individual emails, while others said they received email chains that included the addresses of multiple YouTube creators, usually from the same community or niche... Ryan Scott, the owner of the PURE Function YouTube channel confirmed he used two-factor authentication on his account, validating that hackers did bypass 2FA on some of the hacked accounts.

Google did not return a request for comment.
The article includes links to 9 different complaints in YouTube's support forum -- and another 9 complaints from Twitter -- adding that they'd found "many more."

MIT's Technology Review reports that YouTube warned the owners of roughly 23 million channels to boost their security measures.

UPDATE (9/29/2019): The original report of a ban has now been retracted, with HTNovo now reporting that "CCleaner is not in any Microsoft Blacklist and there are no Blacklists regarding other domains in the official Microsoft forums," according to MS Power User.

Below is the (now-retracted) text of their earlier report: Microsoft has never been a fan of registry cleaners, and today we have learned that the company has taken steps to ensure that such software is no longer being recommended to users who are having issues with their PCs. HTNovo reports that Microsoft has added CCleaner.com to their blacklist of domains on the official Microsoft Support forums. The Blacklist Filter notes that: "Microsoft has various filters in place to keep community members safe. When a website that is blacklisted is posted, the system will remove it if it has been posted by an unaffiliated user. The filter will remove part of the site so it is unreadable with 4 stars (****). Affiliated users will be able to post websites which are blacklisted."

This means the domain will automatically be censored when posted on the site. The domain is included in a quite short list of sites, which is only 11 domain names long, suggesting the activity is rather targetted. The blacklist was introduced recently and only official moderators on the forum have been informed. In exceptional cases, some moderators will be able to post links to the software, but it seems likely this will generally be frowned upon.

An anonymous reader quotes a report from CBC.ca: Advertisers on Facebook are able to completely rewrite the displayed headline for news stories, CBC News has learned, opening the door for potential disinformation to spread on the platform while using news media branding as cover. When placing an ad on the platform, one option is to include a link to a website, including links to news stories. The news story's real headline is auto-filled into the ad copy, but advertisers have the option to rewrite the headline. However, the article's website address still appears in the ad, giving the impression that the headline is the one written by the article's author. This policy raises the possibility that it could be abused by political parties or third-party advertisers during the federal election campaign. The article provides an example where the UK's Conservative Party ran an ad containing a BBC article whose headline was, "14 billion pound cash boost for schools." However, the actual BBC story is headlined "School spending: Multi-billion pound cash boost announced," and instead put the number at 7.1 billion pounds, criticizing the government's use of 14 billion pound figure as not the usual way of calculating spending.

Facebook is aware of the issue and said it is planning changes. "We have a system that gives publishers control over how their links appear on Facebook. We're working to put additional safeguards in place by the end of this year to make sure advertisers don't misuse this tool," said a Facebook spokesperson in an email to CBC News.

In 107 days, Python 2 -- first released in 2000 -- will officially sunset, according to an announcement this week by "volunteers who make and take care of the Python programming language."

But according to TechRepublic, not everybody is ready: Given Python's popularity and ubiquity, the amount of business logic hinging on Python is quite vast, presenting an issue for organizations still clinging to Python 2. JPMorgan's Athena trading platform is one of those applications -- while access has only been available directly to clients since 2018, the Athena platform is used internally at JPMorgan for pricing, trading, risk management, and analytics, with tools for data science and machine learning. This extensive feature set utilizes over 150,000 Python modules, over 500 open source packages, and 35 million lines of Python code contributed by over 1,500 developers, according to data presented by Misha Tselman, executive director at J.P. Morgan Chase in a talk at PyData 2017.

Migrating 35 million lines of code from Python 2 to Python 3 is quite the undertaking -- and JPMorgan is going to miss the deadline, according to eFinancialCareers, stating that JPMorgan's roadmap puts "most strategic components" compatible with Python 3 by the end of Q1 2020 -- that is, three months after the end of security patches -- with "all legacy Python 2.7 components" planned for compatibility with Python 3 by Q4 2020.

Modern developer practices are needed to maintain a project of this scale -- fortunately, JPMorgan uses Continuous Delivery, with 10,000 to 15,000 production changes per week, according to Tselman.
The eFinancialCareers site argues that banks "have been dragging their feet," adding that JPMorgan is not the only bank that still hasn't migrated to Python 3.

The Python volunteers are pointing concerned individuals to the Python 2.7 Countdown Clock, and their announcement also links to a list of support and migration vendors, adding "If you can pay to hire someone to help you, post on the job board or hire a consultant. If you need free help from volunteers, look at this help page."

Google is starting to make its Chrome 77 browser update available to Windows, Mac, iOS, and Android this week. While there are many visual changes to Chrome this time, Google is introducing a new send webpage to devices feature. From a report: You can right-click on a link and a new context menu will appear that simply lets you send links to other devices where you use Chrome. If you're using Chrome on iOS you'll need to have the app open and a small prompt will appear to accept the sent tab. The feature has started showing up on Windows, Android, and iOS versions of Chrome, but it doesn't appear to be enabled in the macOS variant just yet. Chrome has long supported the ability to browse your open and recent tabs across multiple devices, but this send to device feature just makes things a little quicker if you're moving from browsing on a PC or laptop to a phone or vice versa.

Last week, Apple published a statement in which it disputed Google's Project Zero team's findings about the worst iOS attack in history. Alex Stamos, adjunct professor at Stanford University's Center for International Security and Cooperation and former CSO at Facebook, writes on Twitter: Apple's response to the worst known iOS attack in history should be graded somewhere between "disappointing" and "disgusting". First off, disputing Google's correct use of "indiscriminate" when describing a watering hole attack smacks of "it's ok, it didn't hit white people." The use of multiple exploits against an oppressed minority in an authoritarian state makes the likely outcomes *worse* than the Huffington Post example a former Apple engineer posited. It is possible that this data contributed to real people being "reeducated" or even executed. Even if we accept Apple's framing that exploiting Uyghurs isn't as big a deal as Google makes it out to be, they have no idea whether these exploits were used by the PRC in more targeted situations. Dismissing such a possibility out of hand is extremely risky.

Second, the word "China" is conspicuously absent, once again demonstrating the value the PRC gets from their leverage over the world's most valuable public company. To be fair, Google's post also didn't mention China. Their employees likely leaked attribution on background. Third, the pivot to Apple's arrogant marketing is not only tone-deaf but really rings hollow to the security community when Google did all the heavy lifting here. I'm guessing we won't hear Tim talk about how they are going to do better on stage next week. Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better. Michael Tsai raises further questions about the way Apple framed its statement: "A blog," rather than "a blog post"? I love how Apple is subtly trying to discredit Project Zero by implying that it's a mere blog. And let's be sure everyone knows it's affiliated with Google, the privacy bad guys, even though it's a responsible, technically focused group. Apple says: "First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described."
Project Zero literally referred to "a small collection of hacked websites" that received "receive thousands of visitors per week." And it does seem like a particular subpopulation was targeted "en masse." The sites in question were on the public Internet; it wasn't links being sent to target particular individuals. Apple is blaming the messenger for things it didn't even say.

Apple adds: "The attack affected fewer than a dozen websites that focus on content related to the Uighur community."
Oh, I get it. Most people would consider "fewer than a dozen" to be "a small collection." But in Apple-speak, there were "a small number" of corrupt App Store binaries causing crashes, and "a small number" of MacBook Pro users experiencing butterfly keyboard problems, not to be confused with the "very small number" of iPhones that unexpectedly shut down. So, yeah, I can see why Apple wants people to know that this "small collection" doesn't mean "millions." Although there are apparently 10 million Uigurs in China. Apple adds: "Google's post, issued six months after iOS patches were released[...] It's great that Project Zero reported this in a responsible way, because now we can downplay it as old news.

Facebook is "bringing" facial recognition to all users, the company announced Tuesday. But the EFF's surveillance litigation director and a senior staff attorney warn that despite media reports, Facebook's announcement "definitely does not say that face recognition is now opt-in for all users." Throughout Facebook's deliberately vague announcement, it takes great pains to note that the change applies only to new Facebook users and people who currently have the "tag suggestions" setting. However, Facebook migrated many, if not most, existing users from "tag suggestions" to "face recognition" in December 2017... That means this safeguard does not apply to the billions of current Facebook users who have already been moved...

Facebook should not subject any of its users to face surveillance, absent their informed opt-in consent. And Facebook should clear up the uncertainties in in its announcement before it gets any more credit than it's due for this change.
Facebook's announcement didn't even include links to the "Settings" menu where users can opt out of Facebook's facial recognition, so the EFF's article helpfully provides both mobile and desktop links. According to Facebook's own help pages, the left-side menu should include a "Face Recognition" choice where users can turn off Facebook's face recognition features.

But three different Facebook users I know have also reported that that menu choice just isn't there...

An anonymous reader quotes a report from Gizmodo: Last week, the Washington Post reported that the White House had been briefed on a plan to create an agency called HARPA, a healthcare counterpart to the Pentagon's research and development arm DARPA. Among other initiatives, this new agency would reportedly collect volunteer data from a suite of smart devices, including Apple Watches, Fitbits, Amazon Echos, and Google Homes in order to identify "neurobehavioral signs" of "someone headed toward a violent explosive act." The project would then use artificial intelligence to create a "sensor suite" to flag mental changes that make violence more likely. According to the Post, the HARPA proposal was discussed with senior White House officials as early as June 2017, but has "gained momentum" after the mass shootings in El Paso, Texas, and Dayton, Ohio. The latest version of the plan, reportedly submitted to the Trump administration this month, outlined the biometric project called "SAFE HOME," an acronym for "Stopping Aberrant Fatal Events by Helping Overcome Mental Extremes." A source told the newspaper that every time HARPA has been discussed in the White House "even up to the presidential level, it's been very well-received."

A copy of the plan obtained by the Post characterizes HARPA as pursuing "breakthrough technologies with high specificity and sensitivity for early diagnosis of neuropsychiatric violence" and claims that "a multi-modality solution, along with real-time data analytics, is needed to achieve such an accurate diagnosis." That's a lot of vague buzzwords, but the general idea is clear: collect a wealth of personal data in order to flag mental status changes in individuals and determine whether those changes can predict mass violence. It's an approach that strikes George David Annas, deputy director of the Forensic Psychiatry Fellowship Program at SUNY Upstate Medical University, as ridiculous. "The proposed data collection goes beyond absurdity when they mention the desire to collect FitBit data," Annas told Gizmodo. "I am unaware of any study linking walking too much and committing mass murder. As for the other technologies, what are these people expecting? 'Alexa, tell me the best way to kill a lot of people really quickly'? Really?" "Creating a watchlist of citizens who most likely will never act violently based on their mental health is a very dangerous proposal with major ethical considerations," Emma Fridel, a doctoral candidate at Northeastern University specializing in mass murder, told Gizmodo. "Doing so to predict the unpredictable is utterly absurd."

Microsoft is killing support for the EPUB document format in Edge classic, and it won't be supported in the new, Chromium-based version of Microsoft Edge. Thurrott reports: "Download an .epub app to keep reading," a notification in Edge classic reads when you load an EPUB document. "Microsoft Edge will no longer be supporting [sic] e-books that use the .epub file extension. Visit the Microsoft Store to see our recommended .epub apps." Aside from the contorted grammar and word usage in the notification -- it's "support" not "be supporting," Microsoft -- the linked webpage is a "Reading room" area on the Microsoft Store that includes audiobook apps in addition to e-book apps. So good luck with that.

Microsoft provides a more grammatically correct explanation for the change on its Microsoft Edge support site, which notes that "Microsoft Edge will no longer support e-books that use the .epub file extension." The site also links to the same terrible Microsoft Store area, but adds that "you can expect to see more added over time as we partner with companies like the DAISY Consortium to add additional, accessible apps... These apps are expected to be available in the Microsoft Store after September 2019." Given that, it's likely that EPUB support will disappear in Edge classic sometime after those apps appear in the Store.

An anonymous reader quotes MSPoweruser: Google Chrome always had a bit of a love-hate relationship when it comes to managing FTP links. The web browser usually downloads instead of rendering it like other web browsers. However, if you're using FTP then you might have to look elsewhere soon as Google is planning to remove FTP support altogether.

In a post (via Techdows), Google, today announced its intention to deprecate FTP support starting with Chrome v80. The main issue with FTP right now is security and the protocol doesn't support encryption which makes it vulnerable and Google has decided it's no longer feasible to support it.

Google's fast-growing tool for searching job listings has been a boon for employers and job boards starving for candidates, but several rival job-finding services contend anti-competitive behavior has fueled its rise and cost them users and profits. From a report: In a letter to be sent to European Union competition commissioner Margrethe Vestager on Tuesday and seen by Reuters, 23 job search websites in Europe called on her to temporarily order Google to stop playing unfairly while she investigates. Similar to worldwide leader Indeed and other search services familiar to job seekers, Google's tool links to postings aggregated from many employers. It lets candidates filter, save and get alerts about openings, though they must go elsewhere to apply.

Alphabet's Google places a large widget for the 2-year-old tool at the top of results for searches such as "call center jobs" in most of the world. Some rivals allege that positioning is illegal because Google is using its dominance to attract users to its specialized search offering without the traditional marketing investments they have to make. Other job technology firms say Google has restored industry innovation and competition.

On Friday technologist Bruce Schneier wrote that after reviewing responses from WhatsApp, he's concluded that reports of a pre-encryption backdoor are a false alarm. He also says he got an equally strong confirmation from WhatsApp's Privacy Policy Manager Nate Cardozo, who Facebook hired last December from the EFF. "He basically leveraged his historical reputation to assure me that WhatsApp, and Facebook in general, would never do something like this."

Schneier has also added the words "This story is wrong" to his original blog post. "The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference." But that Forbes contributor has also responded, saying that he'd first asked Facebook three times about when they'd deploy the backdoor in WhatsApp -- and never received a response.

Asked again on July 25th the company's plans for "moderating end to end encrypted conversations such as WhatsApp by using on device algorithms," a company spokesperson did not dispute the statement, instead pointing to Zuckerberg's blog post calling for precisely such filtering in its end-to-end encrypted products including WhatsApp [apparently this blog post], but declined to comment when asked for more detail about precisely when such an integration might happen... [T]here are myriad unanswered questions, with the company declining to answer any of the questions posed to it regarding why it is investing in building a technology that appears to serve little purpose outside filtering end-to-end encrypted communications and which so precisely matches Zuckerberg's call. Moreover, beyond its F8 presentation, given Zuckerberg's call for filtering of its end-to-end encrypted products, how does the company plan on accomplishing this apparent contradiction with the very meaning of end-to-end encryption?

The company's lack of transparency and unwillingness to answer even the most basic questions about how it plans to balance the protections of end-to-end encryption in its products including WhatsApp with the need to eliminate illegal content reminds us the giant leap of faith we take when we use closed encryption products whose source we cannot review... Governments are increasingly demanding some kind of compromise regarding end-to-end encryption that would permit them to prevent such tools from being used to conduct illegal activity. What would happen if WhatsApp were to receive a lawful court order from a government instructing it to insert such content moderation within the WhatsApp client and provide real-time notification to the government of posts that match the filter, along with a copy of the offending content?

Asked about this scenario, Carl Woog, Director of Communications for WhatsApp, stated that he was not aware of any such cases to date and noted that "we've repeatedly defended end-to-end encryption before the courts, most notably in Brazil." When it was noted that the Brazilian case involved the encryption itself, rather than a court order to install a real-time filter and bypass directly within the client before and after the encryption process at national scale, which would preserve the encryption, Woog initially said he would look into providing a response, but ultimately did not respond.

Given Zuckerberg's call for moderation of the company's end-to-end encryption products and given that Facebook's on-device content moderation appears to answer directly to this call, Woog was asked whether its on-device moderation might be applied in future to its other end-to-end encrypted products rather than WhatsApp. After initially saying he would look into providing a response, Woog ultimately did not respond.
Here's the exact words from Zuckerberg's March blog post. It said Facebook is "working to improve our ability to identify and stop bad actors across our apps by detecting patterns of activity or through other means, even when we can't see the content of the messages, and we will continue to invest in this work. "

To buy his favorite oatmeal, Gregory Kelly drives to a city 40 miles away rather than sharing his data with an online retailer, or purchasing it from the company's web site, "which he says is riddled with tracking software from Google," according to the Washington Post: "I'm just not sure why Google needs to know what breakfast cereal I eat," the 51-year-old said. Kelly is one of a hearty few who are taking the ultimate step to keep their files and online life safe from prying eyes: turning off Google entirely. That means eschewing some of the most popular services on the Web, including Gmail, Google search, Google Maps, the Chrome browser, Android mobile operating software and even YouTube. Such never-Googlers are pushing friends and family to give up the search and advertising titan, while others are taking to social media to get the word out. Online guides have sprouted up to help consumers untangle themselves from Google.

These intrepid Web users say they'd rather deal with daily inconveniences than give up more of their data. That means setting up permanent vacation responders on Gmail and telling friends to resend files or video links that don't require Google software. More than that, it takes a lot of discipline.
While there's no data on how many people are avoiding Google, the article points out that DuckDuckGo is now averaging 42.4 million searches every day -- up from 23.5 million a year ago.

But at least one Berkeley tech consultant acknowledged that "the improvement is mostly in the category of self-righteousness." Seeking an office software with better privacy protections, he's now paying $100 a year for a subscription to Microsoft Office 365.

An anonymous reader quotes a report from The Verge: A new report from The Wall Street Journal shares some of the proposals for Saudi Arabia's biggest megaproject yet: a city built in the desert named Neom, where robots will outnumber humans and hologram teachers will educate genetically-enhanced students. These are only proposals, of course, dreamt up by American consulting firms like McKinsey and Boston Consulting who have no incentive to bring Saudi leaders down to Earth. But all the same, they give you a flavor of what trillions of dollars of oil wealth will do to your sense of proportion.

The whole Neom project is undeniably fascinating. It was first announced in 2017, with Saudi Arabia's de-facto leader, Crown Prince Mohammed bin Salman, saying he wants the city to attract the "world's greatest minds and best talents." According to planning documents reported by the WSJ, bin Salman "envisions Neom the largest city globally by GDP, and wanted to understand what he can get with up to 500 billion USD investment." The project is the flagpole of Saudi Arabia's plans to diversify the country's economy away from oil. MBS and other Saudi leaders known this source of revenue can't last forever, and they're keen to develop cities like Neom as new commercial hubs. As currently planned, Neom will occupy a region the size of Massachusetts. This will include a huge coastal urban sprawl; outlying towns and villages; advance manufacturing hubs in industries like biotech and robotics; and links with international shipping routes. Early building work has already begun, with facilities including a new airport and palace. Some of the key features of the city include cloud seeding to make it rain, dystopian surveillance to keep citizens safe, genetic engineering to increase human strength and IQ, robot cage fights and "maids," flying taxis, and even a fake moon that could perhaps be created by a fleet of drones or via live-streaming images from space.

The report notes that it's anyone's guess as to whether Neom will live up to its planners' dreams. What may hinder its success is Saudi Arabia's corruption, difficult legal system, and unappealing social norms. "Alcohol is banned; women's rights are restricted; and homosexuality is illegal," the report notes. There's also the sweltering weather that'll only get worse with climate change.

An anonymous reader quotes a report from Motherboard: A report published by the Environmental Data & Governance Initiative (EDGI) on Monday found that language related to climate change has disappeared at an alarming pace since Trump took office in 2016. Across 5,301 pages -- ranging from websites belonging to the Environmental Protection Agency (EPA) to the U.S. Geological Survey (USGS) -- the use of the terms "climate change," "clean energy," and "adaptation" plummeted by 26 percent between 2016 and 2018. Of the pages where "climate change" was stricken, more than half belong to the EPA. The EPA homepage was the 1,750th most-visited website in the U.S. in early 2019, according to the report, giving it more reach than Whitehouse.gov. But "unlike the much-discussed White House effort to question climate change findings, website changes go unannounced and are often beyond immediate public recognition," the report argues. "They insidiously undermine publicly-funded infrastructure for knowledge dissemination."

According to the report, clear scientific terminology on government websites was often replaced with politicized language such as "energy independence," a buzzword ripped directly from Trump's "America First Energy Plan" which demands an increase in fossil fuel production. The watchdog also found evidence of "diminished connections" between climate change and its effects on government websites, or quite literally, the breaking of links between public information about the topic.

Dan Goodin, reporting for ArsTechnica: When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people's browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head. DataSpii begins with browser extensions -- available mostly for Chrome but in more limited cases for Firefox as well -- that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account."

Web histories may not sound especially sensitive, but a subset of the published links led to pages that are not protected by passwords -- but only by a hard-to-guess sequence of characters (called tokens) included in the URL. Thus, the published links could allow viewers to access the content at these pages. (Security practitioners have long discouraged the publishing of sensitive information on pages that aren't password protected, but the practice remains widespread.) Further reading: More on DataSpii: How extensions hide their data grabs -- and how they're discovered.