Privacy

Amazon Won't Say If It Hands Your Echo Data To the Government (zdnet.com) 46

Zack Whittaker reports via ZDNet of how Amazon still won't say whether or not it hands your Echo data to the government -- three years after the Echo was first released. From the report: Amazon has a transparency problem. Three years ago, the retail giant became the last major tech company to reveal how many subpoenas, search warrants, and court orders it received for customer data in a half-year period. While every other tech giant had regularly published its government request figures for years, spurred on by accusations of participation in government surveillance, Amazon had been largely forgotten. Eventually, people noticed and Amazon acquiesced. Since then, Amazon's business has expanded. By its quarterly revenue, it's no longer a retail company -- it's a cloud giant and a device maker. The company's flagship Echo, an "always listening" speaker, collects vast amounts of customer data that's openly up for grabs by the government. But Amazon's bi-annual transparency figures don't want you to know that. In fact, Amazon has been downright deceptive in how it presents the data, obfuscating the figures in its short, but contextless, twice-yearly reports. Not only does Amazon offer the barest minimum of information possible, the company has -- and continues -- to deliberately mislead its customers by actively refusing to clarify how many customers, and which customers, are affected by the data demands it receives.
Crime

Facebook Is a 'Living, Breathing Crime Scene,' Says Former Tech Insider (nbcnews.com) 71

An anonymous reader quotes a report from NBC News: With more than 2 billion users, Facebook's reach now rivals that of Christianity and exceeds that of Islam. However, the network's laser focus on profits and user growth has come at the expense of its users, according to one former Facebook manager who is now speaking out against the social platform. "One of the things that I saw consistently as part of my job was the company just continuously prioritized user growth and making money over protecting users," the ex-manager, Sandy Parakilas, who worked at Facebook for 16 months, starting in 2011, told NBC News. During his tenure at Facebook, Parakilas led third-party advertising, privacy and policy compliance on Facebook's app platform. "Facebook is a living, breathing crime scene for what happened in the 2016 election -- and only they have full access to what happened," said Tristan Harris, a former design ethicist at Google. His work centers on how technology can ethically steer the thoughts and actions of the masses on social media and he's been called "the closest thing Silicon Valley has to a conscience" by The Atlantic magazine.

In response to the comments, Facebook issued a statement saying it is a "vastly different company" from when it was founded. "We are taking many steps to protect and improve people's experience on the platform," the statement said. "In the past year, we've worked to destroy the business model for false news and reduce its spread, stop bad actors from meddling in elections, and bring a new level of transparency to advertising. Last week, we started prioritizing meaningful posts from friends and family in News Feed to help bring people closer together. We have more work to do and we're heads down on getting it done."

Space

Meteor Lights Up Southern Michigan (arstechnica.com) 25

New submitter Foundryman writes: Amidst fake missile reports in Hawaii and Japan, Michigan gets hit by something real. From a report via Ars Technica: "Early last night local time, a meteor rocketed through the skies of southern Michigan, giving local residents a dramatic (if brief) light show. It also generated an imperceptible thump, as the U.S. Geological Survey confirmed that there was a coincident magnitude 2.0 earthquake. The American Meteor Society has collected more than 350 eyewitness accounts, which ranged from western Pennsylvania out to Illinois and Wisconsin. They were heavily concentrated over southern Michigan, notably around the Detroit area. A number of people have also posted videos of the fireball online. The American Meteor Society estimates that the rock was relatively slow-moving at a sedate 45,000km an hour. Combined with its production of a large fireball, the researchers conclude it was probably a big rock. NASA's meteorwatch Facebook page largely agrees and suggests that this probably means that pieces of the rock made it to Earth. If you were on the flight path, you might want to check your yard.
Privacy

A Photo Accidentally Revealed a Password For Hawaii's Emergency Agency (qz.com) 93

An anonymous reader quotes a report from Quartz: In the aftermath of an erroneous missile warning that terrified Hawaiians on Saturday (Jan. 13), the state's emergency management agency has come under increased scrutiny, from the poor design of the software that enables alerts to a particularly slapdash security measure by one of its employees. Old photos from the Associated Press inside the agency's office appear to show an unspecified password on a yellow Post-It note, stuck to a computer monitor. The image, which shows operations manger Jeffrey Wong standing in front of the computer, was taken in July and appeared in articles published at the time about the agency's preparedness in the face of a nuclear threat. The agency verified that the password is indeed real but wouldn't go into specifics on what program the password was supposed to be used for.
Nintendo

Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com) 86

Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
Government

France Says 'Au Revoir' to the Word 'Smartphone' (smithsonianmag.com) 329

Hoping to prevent English tech vocabulary from entering the French language, officials have suggested 'mobile multifunction' as an alternative. An anonymous reader shares a report: The official journal of the French Republic, the Journal officiel, has suggested "internet clandestin" instead of dark net. It's dubbed a casual gamer "joueur occasionnel" for messieurs and "joueuse occasionnelle" for mesdames. To replace hashtag, it's selected "mot-diese." Now, as the Local reports, the latest word to get the official boot in France is smartphone. It's time to say bonjour to the "le mobile multifonction." The recommendation was put forth by the Commission d'enrichissement de la langue francaise, which works in conjunction with the Academie Francaise to preserve the French language. This isn't the first time that the commission has tried to encourage French citizens to switch over to a Franco-friendly word for "smartphone." Previous suggestions included "ordiphone" (from "ordinateur," the French word for computer) and "terminal de poche" (or pocket terminal). These, it seems, did not quite stick.
AT&T

US Lawmakers Urge AT&T To Cut Commercial Ties With Huawei and Oppose China Mobile Citing National Security Concerns (reuters.com) 60

U.S. lawmakers are urging AT&T, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies and oppose plans by telecom operator China Mobile to enter the U.S. market because of national security concerns, two congressional aides told Reuters. From the report: The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing's role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters. The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International.
Google

Google Starts Certificate Program To Fill Empty IT Jobs (axios.com) 214

An anonymous reader shares a report: There are 150,000 open IT jobs in the U.S., and Google wants to make it easier to fill them. Today the company is announcing a certificate program on the Coursera platform to help give people with no prior IT experience the basic skills they need to get an entry-level IT support job in 8 to 12 months. Why it matters: Entry-level IT jobs are are typically higher-paying than similar roles in other fields. But they're harder to fill because, while IT support roles don't require a college degree, they do require prior experience. The median annual wage for a computer network support specialist was $62,670 in May 2016 The median annual wage for a computer user support specialist was $52,160 in May 2016. The impetus: Natalie Van Kleef Conley, head recruiter of Google's tech support program, was having trouble finding IT support specialists so she helped spearhead the certificate program. It's also part of Google's initiative to help Americans get skills needed to get a new job in a changing economy, the company told us.
The Almighty Buck

City-Owned Internet Services Offer Cheaper and More Transparent Pricing, Says Harvard Study (arstechnica.com) 113

An anonymous reader quotes a report from Ars Technica: Municipal broadband networks generally offer cheaper entry-level prices than private Internet providers, and the city-run networks also make it easier for customers to find out the real price of service, a new study from Harvard University researchers found. Researchers collected advertised prices for entry-level broadband plans -- those meeting the federal standard of at least 25Mbps download and 3Mbps upload speeds -- offered by 40 community-owned ISPs and compared them to advertised prices from private competitors. The report by researchers at the Berkman Klein Center for Internet & Society at Harvard doesn't provide a complete picture of municipal vs. private pricing. But that's largely because data about private ISPs' prices is often more difficult to get than information about municipal network pricing, the report says. In cases where the researchers were able to compare municipal prices to private ISP prices, the city-run networks almost always offered lower prices. This may help explain why the broadband industry has repeatedly fought against the expansion of municipal broadband networks.
Communications

The Tech Failings of Hawaii's Missile Alert 230

Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019.

In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
Censorship

How Millions of Iranians Are Evading Internet Censors (msn.com) 48

schwit1 quotes the Wall Street Journal: Authorities in Tehran have ratcheted up their policing of the internet in the past week and a half, part of an attempt to stamp out the most far-reaching protests in Iran since 2009. But the crackdown is driving millions of Iranians to tech tools that can help them evade censors, according to activists and developers of the tools. Some of the tools were attracting three or four times more unique users a day than they were before the internet crackdown, potentially weakening government efforts to control access to information online. "By the time they wake up, the government will have lost control of the internet," said Mehdi Yahyanejad, executive director of NetFreedom Pioneers, a California-based technology nonprofit that largely focuses on Iran and develops educational and freedom of information tools.
Wired calls it "the biggest protest movement in Iran since the 2009 Green Movement uprising," criticing tech companies which "continue to deny services to Iranians that could be crucial to free and open communications."
Government

Many US States Propose Their Own Laws Protecting Net Neutrality (seattletimes.com) 144

An anonymous reader quotes the New York Times: Lawmakers in at least six states, including California and New York, have introduced bills in recent weeks that would forbid internet providers to block or slow down sites or online services. Legislators in several other states, including North Carolina and Illinois, are weighing similar action... By passing their own law, the state lawmakers say, they would ensure that consumers would find the content of the choice, maintain a diversity of voices online and protect businesses from having to pay fees to reach users.

And they might even have an effect beyond their states. California's strict auto-emissions standards, for example, have been followed by a dozen other states, giving California major sway over the auto industry. "There tends to be a follow-on effect, particularly when something happens in a big state like California," said Harold Feld, a senior vice president at a nonprofit consumer group, Public Knowledge, that supports net-neutrality efforts by the states. Bills have also been introduced in Massachusetts, Nebraska, Rhode Island and Washington.

In addition, a representative in Alaska's legislature has also pre-filed legislation requiring the state's ISPs to practice net neutrality, which will be introduced when the state legislature resumes on January 16th.

"The recent FCC decision eliminating net neutrality was a mistake that favors the big internet providers and those who want to restrict the kinds of information a free-thinking Alaskan can access," representative Scott Kawasaki told a local news station. "That is not the Alaskan way, and I am hopeful my colleagues in the House and Senate will agree..."

The Independent also notes that Europe "is still strongly committed" to net neutrality.
Intel

Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com) 87

An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Google

Ex-Google Employee's Memo Says Executives Shut Down Pro-Diversity Discussions (gizmodo.com) 393

An anonymous reader shares a report: A memo written by a former Google engineer claims that the company's human resources department and a senior vice president pressured him to stop discussing diversity initiatives on company forums, interactions that ultimately motivated him to leave the company. The document, which was written in 2016 and shared publicly this week, provides a striking counterpoint to allegations made by former Google employees James Damore and David Gudeman in a discrimination lawsuit filed against their former employer. Cory Altheide, the former employee who wrote the memo, began work as a security engineer at Google in 2010 and departed the company in January 2016. He recently published his account in a public Google document. Altheide posted several articles and comments to internal discussion groups that promoted diversity in the workplace and was chastised for doing so, he wrote.
Patents

TiVo Sues Comcast Again, Alleging Operator's X1 Infringes Eight Patents (variety.com) 57

TiVo's Rovi subsidiary on Wednesday filed two lawsuits in federal district courts, alleging Comcast's X1 platform infringes eight TiVo-owned patents. "That includes technology covering pausing and resuming shows on different devices; restarting live programming in progress; certain advanced DVR recording features; and advanced search and voice functionality," reports Variety. From the report: A Comcast spokeswoman said the company will "aggressively defend" itself. "Comcast engineers independently created our X1 products and services, and through its litigation campaign against Comcast, Rovi seeks to charge Comcast and its customers for technology Rovi didn't create," the Comcast rep said in a statement. "Rovi's attempt to extract these unfounded payments for its aging and increasingly obsolete patent portfolio has failed to date."

TiVo's legal action comes after entertainment-tech vendor Rovi (which acquired the DVR company in 2016 and adopted the TiVo name) sued Comcast and its set-top suppliers in April 2016, alleging infringement of 14 patents. In November 2017, the U.S. International Trade Commission ruled that Comcast infringed two Rovi patents -- with the cable operator prevailing on most of the patents at issue. However, because one of the TiVo patents Comcast was found to have violated covered cloud-based DVR functions, the cable operator disabled that feature for X1 customers. Comcast is appealing the ITC ruling.

Slashdot Top Deals