Privacy

'I Asked Apple for All My Data. Here's What Was Sent Back' (zdnet.com) 171

"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size...

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here...

[T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.

CNET explains how to request your own data from Apple.
Earth

Floating Pacific Island Is In the Works With Its Own Government, Cryptocurrency (cnbc.com) 168

An anonymous reader quotes a report from CNBC: Nathalie Mezza-Garcia is a political scientist turned "seavangelesse" -- her term for an evangelist in favor of living off the grid -- and on the ocean. Mezza-Garcia spoke with CNBC's Matthew Taylor about what she sees as the trouble with governments, and why she believes tech startups should head to Tahiti. This seavangelesse is a researcher for the Blue Frontiers and Seasteading Institute's highly-anticipated Floating Island Project. The project is a pilot program in partnership with the government of French Polynesia, which will see 300 homes built on an island that runs under its own governance, using a cryptocurrency called Varyon.

"Once we can see how this first island works, we will have a proof of concept to plan for islands to house climate refugees," she said. The project is funded through philanthropic donations via the Seasteading Institute and Blue Frontiers, which sells tokens of the cryptocurrency Varyon. The pilot island is expected to be completed by 2022 and cost up to $50 million. As well as offering a home for the displaced, the self-contained islands are designed to function as business centers that are beyond the influence of government regulation.

Privacy

FCC Investigating LocationSmart Over Phone-Tracking Flaw (cnet.com) 19

The FCC has opened an investigation into LocationSmart, a company that is buying your real-time location data from four of the largest U.S. carriers in the United States. The investigation comes a day after a security researcher from Carnegie Mellon University exposed a vulnerability on LocationSmart's website. CNET reports: The bug has prompted an investigation from the FCC, the agency said on Friday. An FCC spokesman said LocationSmart's case was being handled by its Enforcement Bureau. Since The New York Times revealed that Securus, an inmate call tracking service, had offered the same tracking service last week, Sen. Ron Wyden, a Democrat from Oregon, called for the FCC and major wireless carriers to investigate these companies. On Friday, Wyden praised the investigation, but requested the FCC to expand its look beyond LocationSmart.

"The negligent attitude toward Americans' security and privacy by wireless carriers and intermediaries puts every American at risk," Wyden said. "I urge the FCC expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans." He is also calling for FCC Chairman Ajit Pai to recuse himself from the investigation, because Pai was a former attorney for Securus.

AI

Google's Duplex AI Robot Will Warn That Calls Are Recorded (bloomberg.com) 28

An anonymous reader quotes a report from Bloomberg: On Thursday, the Alphabet Inc. unit shared more details on how the Duplex robot-calling feature will operate when it's released publicly, according to people familiar with the discussion. Duplex is an extension of the company's voice-based digital assistant that automatically phones local businesses and speaks with workers there to book appointments. At Google's weekly TGIF staff meeting on Thursday, executives gave employees their first full Duplex demo and told them the bot would identify itself as the Google assistant. It will also inform people on the phone that the line is being recorded in certain jurisdictions, the people said.
Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 118

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

Privacy

Cell Phone Tracking Firm Exposed Millions of Americans' Real-time Locations (zdnet.com) 39

Earlier this week, ZDNet shed some light on a company called LocationSmart that is buying your real-time location data from four of the largest U.S. carriers in the United States. The story blew up because a former police sheriff snooped on phone location data without a warrant, according to The New York Times. ZDNet is now reporting that the company "had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent." An anonymous reader shares an excerpt: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD. student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here." The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon. Xiao said the bug may have exposed nearly every cell phone customer in the U.S. and Canada, some 200 million customers.

The researcher said he started looking at LocationSmart's website following ZDNet's report this week, which followed from a story from The New York Times, which revealed how a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance. He said one of the APIs used in the "try" page that allows users to try the location feature out was not validating the consent response properly. Xiao said it was "trivially easy" to skip the part where the API sends the text message to the user to obtain their consent. "It's a surprisingly simple bug," he said.

Google

Google Won't Confirm If Its Human-Like AI Actually Called a Salon To Make an Appointment As Demoed at I/O (axios.com) 95

The headline demo at Google's I/O conference earlier this month continues to be a talking point in the industry. The remarkable demo, which saw Google Assistant call a salon to successfully fix an appointment, continues to draw skepticism. News outlet Axios followed up with Google to get some clarifications only to find that the company did not wish to talk about it. From the report: What's suspicious? When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn't happen when the Google assistant called these "real" businesses. Axios called over two dozen hair salons and restaurants -- including some in Google's hometown of Mountain View -- and every one immediately gave the business name.

Axios asked Google for the name of the hair salon or restaurant, in order to verify both that the businesses exist and that the calls were not pre-planned. We also said that we'd guarantee, in writing, not to publicly identify either establishment (so as to prevent them from receiving unwanted attention). A longtime Google spokeswoman declined to provide either name.

We also asked if either call was edited, even perhaps just cutting the second or two when the business identifies itself. And, if so, were there other edits? The spokeswoman declined comment, but said she'd check and get back to us. She didn't.

Music

YouTube Unveils New Streaming Service 'YouTube Music,' Rebrands YouTube Red (gizmodo.com) 107

An anonymous reader quotes a report from Gizmodo: YouTube Music, a streaming music platform designed to compete with the likes of Spotify and Apple Music, officially has a launch date: May 22nd. Its existence will also shift around YouTube and Google's overall media strategy, which has thus far been quite the mess. YouTube Music will borrow the Spotify model and offer a free, ad-supported tier as well as a premium version. The paid tier, which will be called YouTube Music Premium, will be available for $9.99 per month. It will debut in the U.S., Australia, New Zealand, Mexico, and South Korea before expanding to 14 other countries.

One of the selling points for YouTube Music will be the ability to harness the endless amount of information Google knows about you, which it will use to try to create customized listening experiences. Pitchfork reported that the app, with the help of Google Assistant, will make listening recommendations based on the time of day, location, and listening patterns. It will also apparently offer "an audio experience and a video experience," suggesting perhaps an emphasis on music videos and other visual content. From here, Google seems to be focused on making its streaming strategy a little less wacky. Google Play Music, the company's previous music streaming service that is still inexplicably up and running despite teetering on the brink of extinction for years, will slowly be phased out according to USA Today.
Meanwhile, the paid streaming subscription service, known as YouTube Red, is being rebranded to YouTube Premium and will cost $11.99 per month instead of $9.99. (Pitchfork notes that existing YouTube Red subscribers will be able to keep their $9.99 rate.) YouTube Premium will include access to YouTube Music Premium. Here's a handy-dandy chart that helps show what is/isn't included in the two plans.
Government

Cops Will Soon ID You Via Your Roof Rack (arstechnica.com) 98

An anonymous reader quotes a report from Ars Technica: On Tuesday, one of the largest license plate reader (LPR) manufacturers, ELSAG, announced a major upgrade to "allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time." Such a vast expansion of the tech now means that evading such scans will be even more difficult.

"Using advanced computer vision software, ELSAG ALPR data can now be processed to include the vehicle's make, type -- sedan, SUV, hatchback, pickup, minivan, van, box truck -- and general color -- red, blue, green, white and yellow," ELSAG continued. "The solution actively recognizes the 34 most-common vehicle brands on US roads." Plus, the company says, the software is now able to visually identity things like a "roof rack, spare tire, bumper sticker, or a ride-sharing company decal."

Businesses

Senate Votes To Save Net Neutrality (gizmodo.com) 288

In a monumental decision that will resonate through election season, the U.S. Senate on Wednesday voted to reinstate the net neutrality protections the Federal Communications Commission decided to repeal late last year. From a report: For months, procedural red tape has delayed the full implementation of the FCC's decision to drop Title II protections that prevent internet service providers from blocking or throttling online content. Last week, FCC Chairman Ajit Pai confirmed that the repeal of the 2015 Open Internet Order would go into effect on June 11. But Democrats put forth a resolution to use its power under the Congressional Review Act (CRA) to review new regulations by federal agencies through an expedited legislative process. All 49 Democrats in the Senate supported the effort to undo the FCC's vote. Republicans, Sen. Susan Collins of Maine, John Kennedy of Louisiana and Lisa Murkowski of Alaska crossed party lines to support the measure. Further reading: ArsTechnica.
United States

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com) 68

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.
Robotics

Researchers Create First Flying Wireless Robotic Insect (newatlas.com) 64

An anonymous reader quotes a report from New Atlas: You might remember RoboBee, an insect-sized robot that flies by flapping its wings. Unfortunately, though, it has to be hard-wired to a power source. Well, one of RoboBee's creators has now helped develop RoboFly, which flies without a tether. Slightly heavier than a toothpick, RoboFly was designed by a team at the University of Washington -- one member of that team, assistant professor Sawyer Fuller, was also part of the Harvard University team that first created RoboBee. That flying robot receives its power via a wire attached to an external power source, as an onboard battery would simply be too heavy to allow the tiny craft to fly. Instead of a wire or a battery, RoboFly is powered by a laser. That laser shines on a photovoltaic cell, which is mounted on top of the robot. On its own, that cell converts the laser light to just seven volts of electricity, so a built-in circuit boosts that to the 240 volts needed to flap the wings. That circuit also contains a microcontroller, which tells the robot when and how to flap its wings -- on RoboBee, that sort of "thinking" is handled via a tether-linked external controller. The robot can be seen in action here.
Facebook

Justice Department, FBI Are Investigating Cambridge Analytica (cbsnews.com) 139

An anonymous reader quotes a report from CBS News: The Justice Department and FBI are investigating Cambridge Analytica, the now-shuttered political data firm that was once used by the Trump campaign and came under scrutiny for harvesting data of millions of users, The New York Times reported on Tuesday. The Times, citing a U.S. official and people familiar with the inquiry, reported federal investigators have looked to question former employees and banks connected to the firm.

The Times reports prosecutors have informed potential witnesses there is an open investigation into the firm, whose profiles of voters were intended to help with elections. One source tells CBS News correspondent Paula Reid prosecutors are investigating the firm for possible financial crimes. A company that has that much regulatory scrutiny is almost guaranteed to have federal prosecutors interested, Reid was told. Christopher Wylie, a former Cambridge Analytica employee who spoke out about the data sharing practices, told the Times federal investigators had contacted him. The American official told the Times investigators have also contacted Facebook as a part of the probe.

Communications

US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com) 146

Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.

Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said.
Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Businesses

Apple CEO Says He Has Urged Trump To Address Legal Status of Immigrants; Also Told Him That Tariffs Are Wrong Approach To China (bloomberg.com) 376

Apple chief executive Tim Cook told Bloomberg Television that he has criticized Donald Trump's approach to trade with China in a recent White House meeting, while also urging the president to address the legal status of immigrants known as Dreamers. From the interview: Cook said his message to Trump focused on the importance of trade and how cooperation between two countries can boost the economy more than nations acting alone. Cook met with Trump in the Oval Office in late April amid a brewing trade war between the U.S. and China. The Trump administration instituted 25 percent tariffs on at least $50 billion worth of products from China, sparking retaliation. In the interview on "The David Rubenstein Show: Peer-to-Peer Conversations," Cook acknowledged that previous trade policies were flawed but said Trump's move is also problematic. "It's true, undoubtedly true, that not everyone has been advantaged from that -- in either country -- and we've got to work on that," Cook said. "But I felt that tariffs were not the right approach there, and I showed him some more analytical kinds of things to demonstrate why."
Communications

Slashdot Asks: Which Is Your Favorite Email Client? 404

With Google recently rolling out a big revamp of Gmail to mixed reviews, we would like to know which email client you prefer. Are you a firm believe in the "inbox zero" idea -- that is, the approach to email management aimed at keeping the inbox empty, or almost empty, at all times? If you're looking for inspiration, Ars Technica recently published an article highlighting several different email clients used by the editors of the site: Are you the sort of person who needs to read and file every email they get? Or do you delight in seeing an email client icon proudly warning of hundreds or even thousands of unread items? For some, keeping one's email inbox with no unread items is more than just a good idea: it's a way of life, indicating control over the 21st century and its notion of productivity. For others, it's a manifestation of an obsessively compulsive mind. The two camps, and the mindsets behind them, have been a frequent topic of conversation here in the Ars Orbiting HQ. And rather than just argue with each other on Slack, we decided to collate our thoughts about the whole "inbox zero" idea and how, for those who adhere to it, that happens. Some of the clients floated by the editors include: Webmail, Airmail 3, Readdle's Spark, Edison Mail, Sparrow, Inbox by Gmail, and MailSpring.
Facebook

Researchers Reportedly Exposed Facebook Quiz Data On 3 Million Users (newscientist.com) 19

According to a report from New Scientist, researchers exposed quiz data on over three million Facebook users via an insecure website. The data includes answers to intimate questionnaires, and was held by academics from the University of Cambridge's Psychometrics Centre. While the breach isn't as severe as the Cambridge Analytica leak, it is distantly connected as the project previously involved Alexandr Kogan, the researcher at the center of the scandal. From the report: Facebook suspended myPersonality from its platform on April 7 saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared. More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project. All of this data was then scooped up and the names removed before it was put on a website to share with other researchers. The terms allow the myPersonality team to use and distribute the data "in an anonymous manner such that the information cannot be traced back to the individual user."

However, for those who were not entitled to access the data set because they didn't have a permanent academic contract, for example, there was an easy workaround. For the last four years, a working username and password has been available online that could be found from a single web search. Anyone who wanted access to the data set could have found the key to download it in less than a minute.

Technology

Jails Are Replacing Visits With Video Calls (arstechnica.com) 194

An anonymous reader shares a report: In recent years, more and more jails have introduced video-calling services. Theoretically, these products could make it easier for inmates to maintain their relationships with family and friends outside. But many jails have moved in the opposite direction, using the advent of these "video visitation" services as an excuse to restrict or eliminate traditional in-person visits.

There are a number of reasons jail administrators have gone this route. But critics say that money plays a big role. In-person visitation requires more staff supervision -- both to escort inmates to and from visitation rooms and to make sure no contraband changes hands during a visit. So switching to video visitation can save cash-strapped jails money.

But jails also profit more directly from limiting in-person visits. While on-site video visits are usually free, the companies providing the system generally offer a paid off-site video-calling service, too. And jails get a hefty percentage of that money.

Google

Google Hasn't Stopped Reading Your Emails (theoutline.com) 186

An anonymous reader shares a report: If you're a Gmail user, your messages and emails likely aren't as private as you'd think. Google reads each and every one, scanning your painfully long email chains and vacation responders in order to collect more data on you. Google uses the data gleaned from your messages in order to inform a whole host of other products and services, NBC News reported Thursday.

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users' Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also "may analyze [email] content to customize search results, better detect spam and malware," a practice the company first announced back in 2012.

Education

H-1B Visa Alternative 'OPT' Grew 400 Percent In Eight Years, Report Finds 185

theodp writes: Almost 1.5 million foreign students have been allowed to stay and work in the U.S. after graduation as part of the Optional Practical Training (OPT) program, which is now larger than the controversial H-1B program (Warning: source may be paywalled; alternative source). According to new Pew Research analysis of U.S. Immigration and Customs Enforcement data obtained through a Freedom of Information Act request, the number of students authorized to work under OPT has grown 400% since the federal government in 2008 increased the amount of time graduates with science, technology, engineering and math (STEM) degrees could remain in the United States and work. More than half of those working under OPT from 2004 to 2016 were in STEM fields, Pew found, and as a result, were eligible for the so-called STEM extension.

The OPT program added a 17-month STEM extension in 2008, shortly after Microsoft co-founder Bill Gates suggested it in testimony to Congress after complaining that the cap for the H-1B program had caused a serious disruption in the flow of talented STEM graduates to U.S. companies. In 2016, another 12-month extension was added after a Federal judge threatened to torpedo the STEM extension program, saying it "appears to have been adopted directly from the unanimous suggestions by Microsoft and similar industry groups." In its Top Ten Tech Issues for 2018, Microsoft expressed "concern that in 2018 the White House will announce a rollback of the extended period of Optional Practical Training for STEM graduates." Pew also took note of allegations that "visa mills" have sprung up in response to demand driven by the OPT program.

Slashdot Top Deals