Your inbox is now a shopping mall. From a column: Email is one of the few ways companies can reach their customers directly. In fact, people overwhelmingly say that the way they want to hear from brands is by email, Chad S. White, the head of research for Oracle Marketing Consulting, told me. That's why the mailbox software started suppressing messages -- to protect people from companies' temptation to send too many emails. In response, email marketers obsess over "deliverability," or how the content and frequency of their emails might help those messages actually hit your inbox in the first place. But that process has created new and weird feedback loops, in which some companies and certain messages might be able to reach your inbox more readily than before, while others get junked -- condemned to spam, deleted, or the like -- before you see them.

As a result, your personal inbox gradually has become less like a mailbox and more like a wormhole into every business relationship you maintain: your bank; your utility provider; your supermarket; your favorite boutiques, restaurants, housewares providers, and all the rest. It's your own digital commercial district: Opening up email is akin to visiting a little mall in your browser or on your phone, where every shop is right next to every other. A few years ago, Gmail made that metaphor concrete by introducing the promotions folder, recasting spam as marketing. When you're in the mood to shop, just drop into promotions and see what's on offer (or search for a favorite brand to see the latest wares).

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now.

Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

Florida's fired Department of Health data manager Rebekah Jones lost access to her 400,000 followers on Twitter last month — which she'd been using to criticize Florida governor Ron DeSantis for downplaying the severity of the state's Covid-19 crisis. Then Jones announced she'd be running for Congress. "This also means, under Desantis' recently signed social media law, I get to fine Twitter $250K per day until my account is restored starting July 1."

Orlando Weekly reports: After a media frenzy, Jones deleted the post. She said she was attempting to point out Gov. Ron DeSantis's "hypocrisy" in writing a law that allowed political candidates to sue media companies that ban them, while still celebrating her Twitter suspension...

The bit became real when she filed to run as an Independent in Florida's 1st congressional district on June 25...

On her campaign website, she lists eight issues on her platform: protecting Florida's environmental systems, promoting government transparency, fighting for media accountability in disinformation, giving access to representatives, ensuring the district's veterans are taken care of, scrutinizing restrictive voting laws, funding science and research, and boosting support for all levels of education. Jones says there's still room for other issues on her platform, after she talks to more residents.
Jones' GoFundMe account ("DefendScience") now directs visitors to her official campaign site if they want to make campaign contributions. (And the GoFundMe page also notes that her campaign has been endorsed by 90-year-old Daniel Ellsberg, the famous whistleblower who in 1971 leaked the Pentagon Papers, a top-secret government study on the Vietnam War.)

But the last six weeks have been a wild ride for the data scientist:

• Last month Florida's Inspector General granted official whistleblower status to Jones.
• Six days later Twitter told Slashdot they'd "permanently suspended" Jones' account "for violations of the Twitter Rules on spam and platform manipulation."
• When Jones then created a new Twitter account for her campaign, "it was suspended within a day of its creation," Orlando Weekly reports.
• Jones created a new account on Instagram named "insubordinatescientist". Yet since June 16th Instagram has also marked it as "unavailable," saying the link "may be broken, or the page may have been removed." (Since June 16th Instagram has not responded to Slashdot's request for an explanation.)
• Jones' GoFundMe page now refers visitors to an entirely different Instagram page.

Yesterday the official coronavirus coordinator for the White House reported that one in five of America's Covid-19 cases this week have come from Florida.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.

An anonymous reader quotes a report from 9to5Google: SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail. Action Launcher developer Chris Lacy today tweeted how his Google verification code -- which starts with "G-" -- featured an "SMS AD." The advertisement -- for a VPN -- includes a quick message and short URL. For those that immediately suspect this is just a phishing attempt, the verification code is legitimate and was requested by Lacy to successfully verify a login attempt. Google Messages even flagged the link/message as spam. As such, Googlers responding to the thread suspect this is an occurrence of a carrier appending an ad -- note the extra spaces -- into a real text message. It's very unlikely that Google's security teams would allow advertising into a very crucial part of the login process where end user trust is paramount.

Google issued the following statement to us today: "These are not our ads and we are currently working with the wireless carrier to understand why this happened." Google confirms that the "SMS AD" did not originate from its own advertising network. Meanwhile, it's working with the wireless carrier in question to find out what occurred. Lacy has decided "not to state the carrier for privacy reasons," and Google did not share that information either.

Florida's fired Department of Health data manager Rebekah Jones has been "permanently suspended" from Twitter, "for violations of the Twitter Rules on spam and platform manipulation," a Twitter spokesperson tells Slashdot.

Florida's Sun-Sentinel reports: Jones, a former Department of Health data manager fired for alleged insubordination, emerged as a political lightning rod as COVID-19 cases spiked in Florida last year. Supporters see her as a whistleblower speaking truth to power and exposing an effort by the state to paint a rosier picture of the pandemic. Her detractors say she has peddled disinformation for her own financial benefit, unfairly casting doubt on the reliability of Florida's COVID-19 statistics... Jones helped to build the state's online coronavirus dashboard in the early days of the pandemic. In May 2020, she was fired from her post at the Florida Department of Health, where she was manager of Geographic Information Systems. Jones said her bosses pressured her to manipulate statistics to justify reopening the state amid lockdown.
In an article Monday Forbes investigated "the curious case of Rebekah Jones' suspension," citing a researcher who specializes in Twitter fraud: There was clearly a concentrated surge in new follower activity... What is not known is whether Rebekah Jones purchased the followers herself, or whether it was a false-flag campaign meant to discredit her (someone else purchased the followers and directed them at her account to make it appear she broke Twitter's rules).

Nearly 21,000 followers were added in a short amount of time...
Following up with Twitter's spokesperson, Slashdot asked them about Forbes' theory, and whether they had evidence that Jones herself (and not one of her detractors) had perpetrated the surge in follower activity.

Twitter's response? "We have nothing further to add beyond what I shared."

Jones had already attained more than 400,000 followers, reports the Washington Post. But they also note that her suspension is now being celebrated on Twitter by Florida governor DeSantis's press secretary, "who was hired after she wrote an article calling Jones's claims 'a big lie.'" DeSantis's office also pointed to an April Twitter thread from a prominent disinformation researcher alleging that an app has surreptitiously directed thousands of users to follow a number of accounts, including Jones's. Jones responded to the researcher, according to a screenshot, with a tweet saying: "This is insane."

"I've never heard of this app," she wrote.
Jones has since opened a new account on Instagram named "insubordinatescientist".

In the latest SolarWinds mass-phishing attack, "The highest percentage of emails went to the United States, but [incident response firm] Volexity also saw a significant number of victims in Europe..." according to Security Week.

In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."

So what happens next?

The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.

Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."
There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"

"He looked back at me, and he smiled, and he said, 'We understand one another.'"

"Just days after violent conflict erupted in Israel and the Palestinian territories, both Facebook and Twitter copped to major faux pas: The companies had wrongly blocked or restricted millions of mostly pro-Palestinian posts and accounts related to the crisis," reports the Washington Post: Activists around the world charged the companies with failing a critical test: whether their services would enable the world to watch an important global event unfold unfettered through the eyes of those affected. The companies blamed the errors on glitches in artificial intelligence software.

In Twitter's case, the company said its service mistakenly identified the rapid-firing tweeting during the confrontations as spam, resulting in hundreds of accounts being temporarily locked and the tweets not showing up when searched for. Facebook-owned Instagram gave several explanations for its problems, including a software bug that temporarily blocked video-sharing and saying its hate speech detection software misidentified a key hashtag as associated with a terrorist group.

The companies said the problems were quickly resolved and the accounts restored. But some activists say many posts are still being censored. Experts in free speech and technology said that's because the issues are connected to a broader problem: overzealous software algorithms that are designed to protect but end up wrongly penalizing marginalized groups that rely on social media to build support... Despite years of investment, many of the automated systems built by social media companies to stop spam, disinformation and terrorism are still not sophisticated enough to detect the difference between desirable forms of expression and harmful ones. They often overcorrect, as in the most recent errors during the Israeli-Palestinian conflict, or they under-enforce, allowing harmful misinformation and violent and hateful language to proliferate...

Jillian York, a director at the Electronic Frontier Foundation, an advocacy group that opposes government surveillance, has researched tech company practices in the Middle East. She said she doesn't believe that content moderation — human or algorithmic — can work at scale... Palestinian activists and experts who study social movements say it was another watershed historical moment in which social media helped alter the course of events...

Payment app Venmo also mistakenly suspended transactions of humanitarian aid to Palestinians during the war. The company said it was trying to comply with U.S. sanctions and had resolved the issues.

Slashdot reader AleRunner writes: Ubuntu has announced that, with immediate effect Ubuntu's IRC channels are moving to libera.chat. The move follows a "hostile takeover" of Ubuntu's namespace by Freenode's new management that appears to be happening to many other distributions including Gentoo as well as other projects that have used Freenode [including channels associated with the programming languages Raku, Elixir, and Haskell].

For Ubuntu, and many other FOSS projects, Freenode has long been one of the major official forms of communication... With IRC channels often used for important system advice, and project communication, this becomes not just an inconvenience but even a security problem. For this reason Ubuntu's replacement network, libera.chat has a more clearly open organisational structure than Freenode had before being taken over.
"All told, it appears something like 700 irc.freenode.net channels have been seized and re-permissioned," reports The Register, "supposedly because the channels mentioned Libera Chat in violation of Freenode's advertising policy."

Wednesday Freenode owner Andrew Lee posted a blog post explaining that "in retrospect, we should have handled the action of closing down channels slightly differently..."

"The intent of doing this was not an attempt of a hostile takeover nor hijack like many people are saying. Since certain projects were disrupting their users' ability to chat on freenode via mass kicks, force closures, spam, we decided to enact this policy in those places which were deemed in violation and could cause an issue later...

"We believe we should have done this in a much more communicative way to circulate the right message and keep things transparent which of course did not happen. As we move forward I'd like to fully assure you that we will be working in complete commitment to restore projects, namespaces and channels that were closed on accident as a part of this event and we welcome them to use freenode as before as their very own homebase.

"Lastly, there are no excuses for this, and I'm willing to admit that I was wrong with Tuesday's move and apologize for the inconvenience that may have caused."

"The official Python software package repository, PyPI, is getting flooded with spam packages..." Bleeping Computer reported Thursday.

"Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once..." PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-... Although some of these packages are a few weeks old, BleepingComputer observed that spammers are continuing to add newer packages to PyPI... The web page for these bogus packages contain spam keywords and links to movie streaming sites, albeit of questionable legitimacy and legality...

February of this year, PyPI had been flooded with bogus "Discord", "Google", and "Roblox" keygens in a massive spam attack, as reported by ZDNet. At the time, Ewa Jodlowska, Executive Director of the Python Software Foundation had told ZDNet that the PyPI admins were working on addressing the spam attack, however, by the nature of pypi.org, anyone could publish to the repository, and such occurrences were common.

Other than containing spam keywords and links to quasi-video streaming sites, these packages contain files with functional code and author information lifted from legitimate PyPI packages... As previously reported by BleepingComputer, malicious actors have combined code from legitimate packages with otherwise bogus or malicious packages to mask their footsteps, and make the detection of these packages a tad more challenging...

In recent months, the attacks on open-source ecosystems like npm, RubyGems, and PyPI have escalated. Threat actors have been caught flooding software repositories with malware, malicious dependency confusion copycats, or simply vigilante packages to spread their message. As such, securing these repositories has turned into a whack-a-mole race between threat actors and repository maintainers.

The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack. From a report: According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. "Attackers used compromised email accounts to launch the email campaign," Microsoft said in a series of tweets last night. "The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware." First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.

A prominent critic of China based in the U.K. said Microsoft's LinkedIn froze his account and removed content criticizing the country's government, the latest in a series of allegations that the networking website had censored users -- even outside of the Asian nation -- to appease authorities in Beijing. From a report: Peter Humphrey, a British corporate investigator and former journalist who accesses LinkedIn from his home in Surrey, England, said he received notification from LinkedIn last month that comments he had published on the platform had been removed. The comments, seen by Bloomberg News, called the Chinese government a "repressive dictatorship" and criticized the country's state media organizations as "propaganda mouthpieces."

In late April, Humphrey said LinkedIn sent him several notifications that critical comments he posted about China's government and state-controlled broadcaster China Global Television Network, or CGTN, had been removed, on the grounds that the comments constituted "bullying and harassment" or "spam and scams." On April 26, Humphrey said he couldn't access his LinkedIn profile. When Humphrey tried to log in, he said he was met with a message stating his profile had been "restricted" due to "behavior that appears to violate our Terms of Service." After Bloomberg News contacted LinkedIn for comment last week, the company reinstated Humphrey's account and restored some of his comments. Others were not. "Our team has reviewed the action, based on our appeals process, and found it was an error," said Leonna Spilman, a spokeswoman for LinkedIn. Spilman declined to comment further regarding Humphrey's account.

Sci-Hub founder Alexandra Elbakyan reports that she has received a worrying email, ostensibly from Apple, revealing that law enforcement has demanded and gained access to her account data. The email indicates an FBI investigation although the precise nature of any inquiry remains unclear. From a report: In a message posted to her personal Twitter account, which is not currently subject to a suspension, Elbakyan draws attention to an email she received to one of her accounts operated by Google. "At first I thought it was spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple," she writes. As the email reveals, the apparent request to access the data from Elbakyan's account dates back more than two years but due to its nature, Apple has only just been able to reveal its existence to the Sci-Hub founder. What this is about, however, remains unclear but perhaps the more pressing question is whether it is a genuine email from Apple.

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."
NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

tiltowait writes: My organization has an acceptable use policy which forbids sending out spam. Every few months, however, the central IT office exempts itself from this rule by delivering deceptive e-mails to all employees as a test of their ability to ignore phishing scams. For those who simply delete the messages, they are a small annoyance, comparable to the overhead of having to regularly change passwords -- also done largely unnecessarily, perhaps even to the point of being another bad practice. As someone working in a departmental systems office, I can also attest that these campaigns generate a fair amount of workload from inquiries about their legitimacy. Aside from the "gotcha" angle, which perpetuates some ill will amongst staff, I can't help but think that these exercises are of questionable net value, especially with other countermeasures, such as MFA and Safelinks, already in place. Is it worth spreading misinformation to experiment on your colleagues in such a fashion?

Private equity firm Thoma Bravo has announced plans to acquire cybersecurity company Proofpoint in a deal worth $12.3 billion. VentureBeat reports: Founded in 2002 by former Netscape CTO Eric Hahn, Proofpoint was originally known for an email security product that helped businesses identify spam, viruses, and other electric correspondence that might contravene company policies. In the subsequent years, the Sunnyvale, California-based company has expanded its scope to include an array of cloud-based security products designed to protect enterprises from targeted threats. Proofpoint went public back in 2012, with its shares initially trading at around $13 -- these have grown steadily over the past decade, hitting an all-time high of $140 earlier this year and giving it a market capitalization of more than $7 billion.

Thoma Bravo has a track record of taking publicly traded cybersecurity companies private, having done just that with network security company Barracuda in a 2017 deal worth $1.6 billion and with Sophos last year for $3.9 billion. The Proofpoint deal, which is expected to close in Q3 2021, sees Thoma Bravo paying a 34% premium on Proofpoint's closing price at the last full trading day (April 23), with shareholders set to receive $176 for each share they own. It's worth noting that the $12.3 billion price tag positions this as the biggest cybersecurity acquisition of all time, putting it ahead of the $7.68 billion Intel shelled out for McAfee 11 years ago. And by VentureBeat's calculations, the Proofpoint acquisition represents one of the biggest overall technology acquisitions ever, putting it in the top 20, alongside megadeals that include Dell's $67 billion EMC purchase, IBM's $34 billion Red Hat deal, and Salesforce's impending $27.7 billion Slack acquisition.

AmiMoJo writes: The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request. Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam. Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms. Defenders of the trackers say they are a commonplace marketing tactic. And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies. Emails pixels can be used to log: if and when an email is opened, how many times it is opened, what device or devices are involved, the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on.

This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles. Hey's co-founder David Heinemeier Hansson says they amount to a "grotesque invasion of privacy". And other experts have also questioned whether companies are being as transparent as required under law about their use.

An anonymous reader quotes a report from ZDNet: Google is rolling out its virtual private network (VPN) service for subscribers of its Fi network that should help people when they're using online services on public Wi-Fi. "We plan to roll out the VPN to iPhone starting this spring," Google notes. Google is also bringing its privacy and security hub to Android devices, offering users a shortcut to features available to Android users, such as its VPN.

Finally, Fi users can expect free spam call warnings and blocking to stop identified robocalls and scams and the company is stepping up its game to protect users from SIM swapping scams. "Your Fi number is tied to your Google Account and comes with security features that protect your phone number from threats like SIM swaps -- that's when bad actors try to take someone's phone number and assign it to another SIM card without their consent," Google said. "On Fi, you receive extra layers of protection by default, including a robust account recovery process and notifications for suspicious activity. You can also enable 2-step verification for more protection."

The maker of a defunct cloud photo storage app that pivoted to selling facial recognition services has been ordered to delete user data and any algorithms trained on it, under the terms of an FTC settlement. TechCrunch reports: The regulator investigated complaints the Ever app -- which gained earlier notoriety for using dark patterns to spam users' contacts -- had applied facial recognition to users' photographs without properly informing them what it was doing with their selfies. Under the proposed settlement, Ever must delete photos and videos of users who deactivated their accounts and also delete all face embeddings (i.e. data related to facial features which can be used for facial recognition purposes) that it derived from photos of users who did not give express consent to such a use. Moreover, it must delete any facial recognition models or algorithms developed with users' photos or videos.

This full suite of deletion requirements -- not just data but anything derived from it and trained off of it -- is causing great excitement in legal and tech policy circles, with experts suggesting it could have implications for other facial recognition software trained on data that wasn't lawfully processed. Or, to put it another way, tech giants that surreptitiously harvest data to train AIs could find their algorithms in hot water with the US regulator.

Despite several efforts from carriers, telecom regulators, mobile operating system developers, smartphone makers, and a global pandemic, spam calls continued to pester and scam people around the globe this year -- and they only got worse. From a report: Users worldwide received 31.3 billion spam calls between January and October this year, up from 26 billion during the same period last year, and 17.7 billion the year prior, according to Stockholm-headquartered firm Truecaller. The firm, best known for its caller ID app, estimated that an average American received 28.4 spam calls a month this year, up from 18.2 last year. As a result, And with 49.9 spam calls per user a month, up from an already alarming 45.6 figure last year, Brazil remained the worst impacted nation to spam calls, the firm said in its yearly report on the subject. The coronavirus pandemic, however, lowered the volume of spam calls users had to field in several markets, including India, which topped Truecaller's chart for the worst nation affected three years ago. The nation, the biggest market of Truecaller, dropped to the 9th position on the chart this year with 16.8 monthly spam calls per user, down from 25.6 last year.