After months of back and forth, Apple has permitted Indian telecom regulator TRAI to release its anti-spam app on the App Store. The app, called TRAI DND - Do Not Disturb, went live on the iPhone app store on Friday. The free app, a version of which has existed on Android platform since 2016, allows customers to block unsolicited texts and calls from marketers, a rampant issue that continues to plague customers in India.

The app has been the subject of months-long, heated argument between Apple and TRAI. Apple had argued that the app, which by design accesses message and call logs of a user, violates its privacy policy. The company, however, had agreed to provide some help to the regulator to tap into new iOS features to build the "Do Not Disturb" app. In response, R.S. Sharma, who heads the Telecom Regulatory Authority of India, had threatened to take legal action against Apple. "This is unjust, it shows the approach and attitude of this company," he told Reuters in March.

Further reading: Apple approves Indian government's Do Not Disturb app, avoiding iPhone ban.

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

The FCC has unveiled a new proposal as part of its plan to help reduce unwanted phone and text spam. From a report: In a move that's sure to make wireless operators happy, the FCC at its December meeting will consider a draft Declaratory Ruling on text messaging that would formally rule text messaging services are information services, not telecommunications services. That means carriers will be able to continue using robotext-blocking and anti-spoofing measures to protect consumers from unwanted text messages. Chairman Ajit Pai revealed the plan in a blog post highlighting items on the Dec. 12 meeting agenda.

"Today's wireless messaging providers apply filtering to prevent large volumes of unwanted messages from ever reaching your phone," Pai wrote. "However, there's been an effort underway to put these successful consumer protections at risk. In 2015, a mass-texting company named Twilio petitioned the FCC, arguing that wireless messaging should be classified as a 'telecommunications service.' This may not seem like a big deal, but such a classification would dramatically curb the ability of wireless providers to use robotext-blocking, anti-spoofing, and other anti-spam features."

That's why he's circulating a Declaratory Ruling that would instead classify wireless messaging as an "information service," denying Twilio's petition [PDF]. "Aside from being a more legally sound approach, this decision would keep the floodgates to a torrent of spam texts closed, remove regulatory uncertainty, and empower providers to continue finding innovative ways to protect consumers from unwanted text messages," Pai said.

An anonymous reader quotes a report from Ars Technica: A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Twitter is updating its reporting process to allow you to report accounts that you suspect are bots. "Now, when you tap the 'it's suspicious or spam' option under the report menu, you'll be able to specify why you think that, including an option to say 'the account tweeting this is fake,'" reports The Verge. From the report: Twitter announced the change through its official safety account today, and it's now live on both the web version and mobile version of the service. You can see an example of the mobile report flow pertaining to this update [via a tweet from @TwitterSafety.] According to a Twitter spokesperson, "The new reporting flow will allow us to collect more detailed information so we can identify and remove spam more effectively. With more details to review, we'll be adding more resources to our review processes."

When a Stanford researcher removed all the duplicate and fake comments filed with the Federal Communications Commission last year, he found that 99.7 percent of public comments -- about 800,000 in all -- were pro-net neutrality. From a report: "With the fog of fraud and spam lifted from the comment corpus, lawmakers and their staff, journalists, interested citizens and policymakers can use these reports to better understand what Americans actually said about the repeal of net neutrality protections and why 800,000 Americans went further than just signing a petition for a redress of grievances by actually putting their concerns in their own words," Ryan Singel, a media and strategy fellow at Stanford University, wrote in a blog post Monday. Singel released a report [PDF] Monday that analyzed the unique comments -- as in, they weren't a copypasta of one or dozens of other letters -- filed last year ahead of the FCC's decision to repeal federal net neutrality protections. That's from the 22 million total comments filed, meaning that more than 21 million comments were fake, bots, or organized campaigns.

Facebook is purging hundreds of accounts and pages in the U.S., many of which spread political misinformation, for breaking the company's terms against "inauthentic" content and spam. The Verge reports: The company said in a blog post that 559 pages and 251 accounts would be removed. While the accounts used "sensational political content," Facebook did not say that was the reason for the purge. Instead, the accounts and pages will be taken down after they had "consistently broken" the company's rules against gaming its platform. Facebook noted that many used strategies like posting on fake or multiple accounts to generate traffic, or to inflate their popularity. Still, Facebook noted the proximity to the U.S. midterm elections, and said that networks like the ones it removed today are "increasingly" promoting political content that is "often indistinguishable from legitimate political debate." The company said this was the reason it has turned to "behavior" instead of "content" when searching for bad actors.

An anonymous reader writes: This October will see the fifth annual Hacktoberfest, "a month-long celebration of open source software run by DigitalOcean in partnership with GitHub and Twilio." Basically you sign up any time in October, then submit five quality pull requests to public GitHub repositories to win a t-shirt and stickers. (Issues and commits don't count, only pull requests created after October 1st -- but pull requests will still count even if they're not accepted or merged, "unless they are spam, irrelevant, or tagged as invalid.") "No contribution is too small -- bug fixes and documentation updates are valid ways of participating."
Here's Microsoft's own announcement about the event from their Open Source blog: We're excited to announce that we're participating in this year's Hacktoberfest! An annual celebration of all things open source, Hacktoberfest launched as a partnership between DigitalOcean and GitHub in 2014 and rallies a global community of contributors, with last year's event drawing more than 30K participants and nearly 240K pull requests.

This October, we'll recognize anyone who submits a pull request to one of our open source projects with a special limited-edition T-shirt (more details below)... Our projects span nearly all areas of computing, from developer tools and frameworks like .NET Core, Microsoft Cognitive Toolkit, Visual Studio Code, and Visual Studio Tools for Xamarin to Kubernetes tooling like Draft and the Service Fabric container orchestrator. Any contributions are welcome, so explore our GitHub repos, find something that interests you, and submit your first (or 100th) pull request.
Microsoft's t-shirt design includes a cameo appearance by.... Clippy, Microsoft's widely beloved default assistant for Office 2000/XP/2003.

An anonymous reader shares commentary on the new devices Microsoft unveiled Tuesday: At a low-key event held in a New York City warehouse, Microsoft unveiled its next iterations in the Surface lineup. Sitting in the audience, I saw the most coherent device strategy in the industry, from a company that's slowly built a hardware business from the ground up. The company took just an hour to unveil sweeping updates to its existing hardware, and what's clear after the dust has settled is that Microsoft's hardware division is a force to be reckoned with. Apple's dominance on the high-end laptop space looks shakier than ever, because Microsoft's story is incredibly compelling. Rather than building out a confusing, incompatible array of devices, Microsoft has taken the time to build a consistent, clear portfolio that has something to fit everyone across the board.

[...] What's interesting about this is the Surface hardware is now incredibly consistent across the board, making it dead simple for consumers to choose a device they like. Each device offers high quality industrial design, with consistent input methods regardless of form factor, and a tight software story to boot. That matters. Every single one of these machines has a touchscreen, supports a high-quality stylus, and current generation chipsets. The only question is which device fits your lifestyle, and whether or not you want the faster model. The peripherals work across every machine, and Microsoft has clearly gone to lengths with Timeline and Your Phone to make the software as seamless as you'd expect in 2018. Microsoft, it seems, has removed all of the barriers to remaining in your 'flow.' Surface is designed to adapt to the mode you want to be in, and just let you do it well. Getting shit done doesn't require switching device or changing mode, you can just pull off the keyboard, or grab your pen and the very same machine adapts to you. It took years to get here, but Microsoft has nailed it. By comparison, the competition is flailing around arguing about whether or not touchscreens have a place on laptops. The answer? Just let people choose.

At 2:18 p.m. Eastern on Wednesday, cellphones across the United States will emit the ominous ring of an emergency presidential alert. From a report: It will be the first nationwide test of a wireless emergency alert system, designed to warn people of a dire threat, like a terror attack, pandemic or natural disaster. There is no opting out, which has already prompted a lawsuit. "THIS IS A TEST of the National Wireless Emergency Alert System," it will read. "No action is needed." Two minutes later, televisions and radios will show test alerts. There is no notification plan for landlines. Officials say they believe that the wireless test will reach about 75 percent of the cellphones in the country, though they hope the number is higher. It could take up to 30 minutes for the alerts to be transmitted to all devices.

Some things that could interfere: ongoing phone calls or data transmission, a device that is turned off or out of range, and smaller cellphone providers that are not participating in the program. The test, originally planned for last month but delayed by Hurricane Florence, is the culmination of many years of work. The federal government developed a system to issue the alerts, which are scripted in coordination with numerous government agencies. They are limited to 90 characters, but will be expanded to 360 in the future. The Communications Act of 1934 gives the president the power to use communications systems in case of an emergency, and a 2006 law called for the Federal Communications Commission to work with the wireless industry to transmit such messages.

Vivaldi announced Wednesday it has released a major update to its namesake desktop web browser, remaining as one of the rare companies that is still attempting to fight Google's monopoly in the space. Major features in Vivaldi 2.0 include: Syncing browsers across computers:Version 2.0 allows users to sync data, including bookmarks, passwords, autofill information, and history. Vivaldi uses its own servers to store the data, which is all encrypted end-to-end.
Panels: These are expandable, multi-tasking dashboards that can be opened in the sidebar.
Tab management: Additional features are included that allow for better searching through tabs, stacking them, and even renaming them.
History: Offers new ways to track your usage, including generating statistics and a visual history feature. Vivaldi was founded by Jon von Tetzchner, who also co-founded Opera and served as its chief executive for a number of years. Jon has been vocal about what many find unfair tactics employed by Google and Microsoft to aggressively expand the user bases of their respective browsers. Slashdot had a chance to speak with Jon recently: Slashdot: One of the biggest complaints that people have about browsers today is just how much memory they consume. Is it a lost-cause? What is Vivaldi doing to address this?
Jon: This is very true. Browsers can use a lot of memory. We have worked hard to reduce that load. The most important thing we have done there is the lazy loading of tabs. When you have a lot of tabs, you use a lot of memory, but with Vivaldi, we will only load the tabs once you need them. We also have the ability to hibernate background tabs, by right clicking the tab bar, which will free up a lot of memory. Besides this we are always looking at how to make the browser use less memory and be faster. There is a lot of details there, but with the feedback from our users, we continue to improve every single part of the browser.

Slashdot: You are offering a browser, and a web email client and service provider. Is Vivaldi attempting to offer a catalog of services? And if so, what more could we expect from the company in the long-term?
Jon: The focus for us is the browser, but we believe the browser should be able to do more than it does today, so we will continue to expand on the features we offer in the browser. We have been open about the fact that we aim to provide an email client in the browser, but that will come in the future, but we are, as you pointed out, providing the free email service. This is in addition to our free blog, forums and sync service. We feel there is a need for these services, free from ads and free from building of super profiles. Our free webmail service is thus without ads and we do not scan mails, except for spam and viruses. We will continue to add services to support the browser or where we feel a service supplements the browser in a good way.

Slashdot: You have been vocal about some of the tactics Google and Microsoft use to promote their own browsers. Following the news cycle, we don't think things have changed much. What's your view on it?
Jon: No, sadly things have not changed much. Microsoft continues to push their browser in their operating system, at times taking over the default browser as well. They also block competing browsers on their Windows 10S. Google sadly blocks some competing browsers from using their services, even browsers such as Vivaldi, that is based on Chromium. We need to change our identity when visiting many Google services. I guess my feeling is that those large companies should not and should not need to behave this way.

Slashdot: Chrome continues to be a market leader. Firefox, despite some of its recent changes, has lost some of the market. How hard is it for a browser company to survive these days? And why is it important that someone continues to fight back?
Jon: We all know that browser choice is a good thing, even more so than for most other products. The browser is your view into the Internet and we all spend a lot of time there. Healthy competition means product innovation and lower prices (this is not only about the price of the product, but also what you have to give up in other ways, such as your private information). Monopolies tend slow down innovation and also there is a tendency for them to use their position in one market to attack another.
It is not trivial to compete with these large corporations, but it is something we enjoy. We fight for our users and for the future of the Internet. That is definitely something worth fighting for.

Slashdot: Are you folks still working on a mobile browser?
Jon: Indeed we are. We aim to get it out there as soon as we can. We are ramping up the team after then 2.0 release to move faster. Further reading: The Next Web, and VentureBeat.

Long-time Slashdot reader kwelch007 writes: I finally gave in, after years of Android loyalty, because the iPhone and Apple Watch just worked, so I was told (and it is true). I changed from my Motorola Maxx for an iPhone 7, because I wanted the Apple Watch. Shortly after, I purchased a second-hand Apple Watch Series 1. I have never looked back...and I'm happy with it.

Last week, I was able to buy an Apple Watch Series 4 with the exact specs I wanted... Wow! The screen is a ton bigger than my Series 1. I noticed right away when it asked me to set my passcode...the buttons were WAY bigger! It truly has the "side-to-side" screen...it's noticable... "Walkie Talkie" is super convenient (used with my associate who told me that it was in stock at Best Buy...)

Cool:

1) It's big, but not much bigger on your wrist than the 42mm versions previous...rather, the screen is bigger, brighter, and more usable.
2) The speakers and mics are far and away better than previous versions of the Apple Watch.
But they don't yet have access to "the highly-touted 'ECG' capability". (Fortune reports it was only approved by America's FDA the day before the launch event -- and isn't yet available for "international" customers.) And the software also isn't ready yet for "Fall Protection," a feature which calls emergency responders if it detects that you've fallen to the ground and you don't respond to prompts for the next 60 seconds. ("The feature is automatic with Watch owners who identify themselves as 65 and up," USA Today reported last week.)

"I spoke to several people in their 40s or 50s who said the same thing: they were already considering buying Series 4 watches for their parents for this feature alone," reported Daring Fireball, and both sites concluded that excitement was actually higher for Apple's new watches than it was for their new iPhones. ("We're talking about a device used by over a billion people -- the iPhone," writes USA Today, "compared with an accessory that analysts say have sold about 15 million units.") Daring Fireball acknowledges that the Apple Watch isn't the "nicest" watch in the world, but it's definitely the nicest if you compare it only to other smart watches and fitness trackers. (Though "that's like saying you're the richest person in the poorhouse.") But what do Slashdot readers think?

Is anyone considering an Apple Watch 4?

"LinkedIn Sucks" writes TechCrunch's John Biggs: I hate LinkedIn. I open it out of habit and accept everyone who adds me because I don't know why I wouldn't. There is no clear benefit to the social network. I've never met a recruiter on there. I've never gotten a job. The only messages I get are spam from offshore dev teams and crypto announcements. It's like Facebook without the benefit of maybe seeing a picture of someone's award-winning chili or dog. I understand that I'm using LinkedIn wrong. I understand I should cultivate a salon-like list of contacts that I can use to source stories and meet interesting people. But I have my own story-sourcing tools and my own contacts. It's not even good as a broadcast medium....

LinkedIn is a spam garden full of misspelled, grunty requests from international software houses that are looking, primarily, to sell you services. Because it's LinkedIn it's super easy to slip past any and all defenses against this spam.... I know people have used LinkedIn to find jobs. I never have. I know people use LinkedIn to sell products. It's never worked for me.
The article ends with advice for people trying to contact him on LinkedIn for promotional purposes. "LinkedIn isn't a game. It isn't an alternative to MailChimp. It's a conversational tool. Use it that way." But what do Slashdot's readers think? Is LinkedIn a valuable resource for finding recruiters and job offers, interesting perspectives, and updates on your friends' careers?

Or does LinkedIn suck?

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.

In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.

Google announced this week that it is discontinuing the public method of submitting URLs to its search index. The "addurl" page, which is still listed in this help document, now redirects to the Google Search Console login page. From a report: Google Webmasters said, "We've had to drop the public submission feature." The company did not say why it was necessary to drop it. Maybe it has to do with spam issues or abuse. Google added, "... but we continue to welcome your submissions using the usual tool in Search Console and through sitemaps directly." The last time Google updated the submit content tool was back in 2012, when it moved it to the classic Google Webmaster Tools URL. Google says webmasters should submit content only through Search Console's Fetch as Google tool or via sitemaps.

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. From a report: Now Facebook will nag you when an acquaintance comments on someone else's photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication -- which is a great way to turn people off to that extra layer of security. "The part of it that bugs me is that two-factor authentication is something [Facebook] should be encouraging people to use, but instead the way this is working here is that they're driving people away from two-factor and making people less secure," says Matt Green, a professor at the Johns Hopkins University Information Security Institute, who has done contracted security work for Facebook in the past.

"It's abusive, people's attention is deliberately tweaked by what looks like a two-factor authentication message." Green says he's received near-daily SMS messages from Facebook since January alerting him that one of his friends performed some action on the platform. Before he started receiving the messages, Green says he hadn't logged into Facebook for a long time and had actually forgotten his password. The weirdest part about the SMS notifications is what happens if you reply to them. If you respond, your message is posted to your own profile. Further reading: Facebook Really Wants You To Come Back, Facebook Is Spamming Users Via Their 2FA Phone Numbers, and Facebook Makes Moves On Instagram's Users.

In a bid to fight spread of misinformation on its platform, Facebook-owned WhatsApp announced on Tuesday that it is launching a new feature globally that will highlight when a message has been forwarded versus composed by the sender. At the centre of the issue is high-volume sharing of misleading and false information, often arching political and religious sentiments, that is tricking a significant number of WhatsApp users. (WhatsApp is used by more than a billion users worldwide.) From a report: From now on, WhatsApp will put a "forwarded" label on these messages. "This extra context will help make one-on-one and group chats easier to follow. It will also help you determine if your friend or relative wrote the message they sent or if it came from someone else," the company said in a note. "WhatsApp cares deeply about your safety. We encourage you to think before sharing forwarded messages. As a reminder, you can report spam or block a contact in one tap and always reach out to WhatsApp directly for help," it added. To see this new forwarded label, users are required to have the newest supported version of WhatsApp on their phones. Additionally, this week the company relaunched a campaign in India as part of which it is running full-page ads on several newspapers in the country to create awareness about the issue.

According to The Washington Post, Twitter has suspended 70 million accounts in the past two months as part of a crackdown on malicious activity on its platform. "The rate of suspensions for May and June is reportedly twice the company's October 2017 suspension rate," reports The Verge. From the report: In a blog post last month, Twitter said it had been working to improve its safety policies, and that its "systems identified and challenged more than 9.9 million potentially spammy or automated accounts per week."

The Post reports that the change in enforcement could cause a decline in users for the company's second quarter, although a Twitter executive told the publication that many of the accounts rarely tweeted, and would therefore not dramatically impact the company's active user count. A Twitter spokesperson said in a statement to The Verge that the company noted in its first-quarter shareholder letter this year that âoeongoing information quality effortsâ had negatively impacted monthly users, and that the efforts could continue to impact user numbers in the future.