With a pig named Gertrude, Elon Musk demonstrated his startup Neuralink's technology to build a digital link between brains and computers. A wireless link from the Neuralink device showed the pig's activity activity as it snuffled around a pen on stage Friday night. CNET reports: The demonstration shows the the technology to be significantly closer to delivering on Musk's radical ambitions than during a 2019 product debut, when Neuralink only showed photos of a rat with a Neuralink connected via a USB-C port. It's still far from reality, but Musk said the US Food and Drug Administration in July granted approval for "breakthrough device" testing. Musk also showed a second-generation device that's more compact and that fits into a small cavity hollowed out of a hole in a skull. "It's like a Fitbit in your skull with tiny wires," Musk said of the device. It communicates with brain cells with 1,024 thin electrodes that penetrate within brain cell.

An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information: Profile name; Full real name; Profile photo; and Account description. Statistics about follower engagement, including: Number of followers; Engagement rate; Follower growth rate; Audience gender; Audience age; Audience location; Likes; Last post timestamp; Age; and Gender. "The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, says. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers. The data appeared to have originated from a company called Deep Social, which was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

The researchers reached out to Deep Social, which then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. Social Data shut down the database about three hours after the researchers' initial email. "Social Data has denied any connection between itself and Deep Social," reports Forbes, citing Comparitech.

"As controversy rages over the governance of Google's Istio service mesh, Microsoft has seen an opportunity to offer a simple and truly open alternative," reports InfoWorld: Microsoft has announced that it will release its own open source service mesh — called Open Service Mesh (OSM) — and transfer it to the Cloud Native Computing Foundation (CNCF) as soon as possible. This sets the Redmond-based company apart from its cloud rival Google, which recently announced that its own Istio service mesh will no longer be part of the vendor-neutral CNCF and will instead sit under Google's own Open Usage Commons foundation.

The service mesh has quickly become a vital part of the modern cloud native computing stack, as it essentially enables communication, monitoring, and load balancing between disparate parts of today's microservices-based architecture. This differs from the popular container orchestration service Kubernetes in its level of granularity. When run in tandem with Kubernetes, a service mesh enables deeper security policy and encryption enforcement and automated load balancing and circuit breaking functionality...

With this launch Microsoft is not only aligning itself with the open governance side of the debate which has been raging through the open source software community for the past few months, but is also looking to solve a customer pain point.

An anonymous reader quotes a report from TechCrunch: YouTube has banned a large number of Chinese accounts it said were engaging in "coordinated influence operations" on political issues, the company announced today; 2,596 accounts from China alone were taken down from April to June, compared with 277 in the first three months of 2020. "These channels mostly uploaded spammy, non-political content, but a small subset posted political content primarily in Chinese similar to the findings in a recent Graphika report (PDF), including content related to the U.S. response to COVID-19," Google posted in its Threat Analysis Group bulletin for Q2.

The Graphika report, entitled "Return of the (Spamouflage) Dragon: Pro Chinese Spam Network Tries Again," [...] details a large set of accounts on YouTube, Facebook, Twitter and other social media that began to be activated early this year that appeared to be part of a global propaganda push: "The network made heavy use of video footage taken from pro-Chinese government channels, together with memes and lengthy texts in both Chinese and English. It interspersed its political content with spam posts, typically of scenery, basketball, models, and TikTok videos. These appeared designed to camouflage the operation's political content, hence the name." It's the "return" of this particular spam dragon because it showed up last fall in a similar form, and whoever is pulling the strings appears undeterred by detection. New, sleeper and stolen accounts were amassed again and deployed for similar purposes, though now -- as Google notes -- with a COVID-19 twist. When June rolled around, content was also being pushed related to the ongoing protests regarding the killings of George Floyd and Breonna Taylor and other racial justice matters.

It was rumored last week and now it's official: the European Commission announced it is launching an in-depth antitrust investigation into Google's $2.1 billion bid for Fitbit. CNN reports: The European Union's top antitrust regulator said it is concerned that the takeover would further strengthen Google's market position in online advertising by "increasing the already vast amount of data that Google could use for personalization of the ads it serves and displays." Google announced it was buying Fitbit, the world's leading maker of wearable fitness activity trackers, in November. The deal, worth about $2.1 billion, is one of Google's largest acquisitions and represents an important step for the company into smartwatches and other wearable devices.

The Commission had already launched a preliminary investigation into the transaction. It said a commitment by Google not to use Fitbit data for advertising purposes was insufficient to address the concerns identified in the initial probe. The Commission's top antitrust official, Margrethe Vestager, said in a statement that the use of wearable devices by European consumers, as well as the data generated by them, is expected to grow significantly. "Our investigation aims to ensure that control by Google over data collected through wearable devices as a result of the transaction does not distort competition," Vestager said. In a blog post, Google Senior Vice President for Devices and Services Rick Osterloh said the deal "is about devices, not data," a market he said is full of competition. "We've been clear from the beginning that we will not use Fitbit health and wellness data for Google ads," Osterloh said. "We recently offered to make a legally binding commitment to the European Commission regarding our use of Fitbit data. As we do with all our products, we will give Fitbit users the choice to review, move or delete their data."

Long-time Slashdot reader xonen quotes the Verge: YouTube plans to discontinue its community captions feature, which allowed viewers to add subtitles to videos, because it was "rarely used and had problems with spam/abuse," the company announced. It says it's removing the captions and will "focus on other creator tools." The feature will be removed as of September 28th.

"You can still use your own captions, automatic captions and third-party tools and services," YouTube said in an update on its help page. But deaf and hard-of-hearing creators say removing the community captions feature will stifle accessibility, and they want to see the company try to fix the issues with volunteer-created captions, rather than doing away with them entirely. Deaf YouTuber Rikki Poynter said on her channel in May that community captions were an "accessibility tool that not only allowed deaf and hard of hearing people to watch videos with captions, but allowed creators that could not afford to financially invest in captions." She tweeted Thursday that she was disappointed with YouTube's decision.

YouTuber JT, whose channel has more than 550,000 subscribers, highlighted the downside of the community captions feature last year, showing how viewers were adding abusive comments to videos by popular creators. But many creators say they relied on the captions not only to better reach deaf and hard-of-hearing viewers, but to help translate their videos into other languages, giving them a larger audience.
YouTube is offering a free six-month subscription to a subtitling service for regular users of the community contribution feature — but not everyone is satisfied, according to the Verge. A petition calling on Google to reverse the decision has now garnered more than 155,000 signatures.

Dreamwidth is an online journal service based on the LiveJournal codebase, according to Wikipedia — "a code fork of the original service, set up by ex-LiveJournal staff Denise Paolucci and Mark Smith, born out of a desire for a new community based on open access, transparency, freedom and respect."

"I discovered, about an hour ago, that all of my posts on Facebook which were links to Dreamwidth had vanished. Suddenly gone as if they'd never existed," complained Dreamwidth user Andrew Ducker on Sunday morning.

Though that afternoon he posted "All working fine now," thousands had already seen his original post (quoted below): I checked with Denise (one of the owners of Dreamwidth) to find out if she knew about it, and discovered that Facebook have stuck Dreamwidth on a block list...

This is unbelievably frustrating. And the kind of centralised, autocratic, opaque decision making which I loathe. Tens of thousands of active users, unable to share blog posts with Facebook (which, let's face it, is where most of my friends go for their socialising)...
"This may be an overzealous spam filter at work," Slashdot reader JoshuaZ had argued. But even before Facebook adjusted their filtering, Dreamwidth co-owner Mark Smith was calling it "definitely a bit of a /shrug moment... 'Facebook gonna Facebook' I think is approximately how we feel about this...

"We do not have any goals around growth, we don't advertise, and we ultimately don't care that much what the other platforms do. Our goal is to give people a stable home where they don't have to worry about their data being sold, their writing being monetized..."

An anonymous reader quotes a report from Ars Technica: President Trump's re-election campaign has accused Verizon, AT&T, and T-Mobile of "suppression of political speech" over the carriers' blocking of spam texts sent by the campaign. The fight was described Wednesday in an in-depth article by Business Insider and other reports. "The Trump campaign has been battling this month with the biggest US cellphone carriers over an effort to blast millions of cell users with texts meant to coax them to vote or donate," Business Insider wrote. "President Donald Trump's adviser and son-in-law, Jared Kushner, didn't appreciate it when AT&T, Verizon, and T-Mobile blocked mass campaign texts to voters. He called the companies to complain, setting off the legal wrangling."

When contacted by Ars, a Trump campaign spokesperson said that "any effort by the carriers to restrict the campaign from contacting its supporters is suppression of political speech. Plain and simple." The Trump campaign statement also said it "stands by the compliance of its texting programs" with the US Telephone Consumer Protection Act (TCPA) and Federal Communications Commission guidelines. Business Insider wrote that "the showdown got serious at the start of July when Trump's team sent a blast of texts to people who hadn't signed up for them," and "a third-party firm hired to screen such messages for the major cellphone companies blocked the texts." The article said that campaign lawyers and the carriers "are still fighting over what kinds of messages the campaign is allowed to send and what the companies have the power to stop." Politico wrote about the dispute on Monday. "People familiar with the chain of events said Verizon, T-Mobile and AT&T flagged potential regulatory problems with the peer-to-peer messaging operation, which differs from robo-texting in that texts are sent individually, as opposed to a mass blast," Politico wrote. "But within Trump's orbit, the episode has further fueled suspicions that big tech companies are looking to influence the election." The Trump campaign has not explained why the texts are legal and shouldn't have been blocked. They also didn't say how many people they tried to send the texts to, or whether the texts were unsolicited or sent to people who had signed up for campaign communications.

Carriers "viewed the texts as a possible violation of federal anti-robocall laws and Federal Communications Commission rules that come with hefty fines," Business Insider reported, citing information provided by "two Republicans familiar with the effort." Trump "campaign operatives" contend that its texting "exists in a legal gray area that allows campaigns to blast cellphone users if the messages are sent manually," Business Insider also wrote.

"Bad-actor" phone companies that profit from robocalls could be blocked by more legitimate carriers under rules approved unanimously yesterday by the Federal Communications Commission. From a report: Under the change, the FCC said carriers can block calls "from bad-actor upstream voice service providers that pass illegal or unwanted calls along to other providers, when those upstream providers have been notified but fail to take action to stop these calls." Carriers that impose this type of blocking will get a safe harbor from liability "for the unintended or inadvertent blocking of wanted calls, thus eliminating a concern that kept some companies from implementing robust robocall blocking efforts."

This expanded level of blocking -- spurred by a new law in which Congress directed the FCC to expand safe harbors -- could be implemented by companies that sell phone service directly to consumers. That includes mobile carriers Verizon, AT&T, and T-Mobile, traditional landline companies, and VoIP providers. Carriers won't be able to block calls from just any provider. As Chairman Ajit Pai explained, the safe harbor will be available in cases when the "bad-actor" telecom has been notified by the FCC that it is carrying illegal traffic and "fails either to effectively mitigate such traffic or to implement effective measures to prevent customers from using its network to originate illegal calls."

A federal grand jury returned a second superseding indictment today charging Julian P. Assange, the founder of WikiLeaks, with offenses that relate to Assange's alleged role in one of the largest compromises of classified information in the history of the United States. DOJ, in a press release: The new indictment does not add additional counts to the prior 18-count superseding indictment returned against Assange in May 2019. It does, however, broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged. According to the charging document, Assange and others at WikiLeaks recruited and agreed with hackers to commit computer intrusions to benefit WikiLeaks. Since the early days of WikiLeaks, Assange has spoken at hacking conferences to tout his own history as a "famous teenage hacker in Australia" and to encourage others to hack to obtain information for WikiLeaks. In 2009, for instance, Assange told the Hacking At Random conference that WikiLeaks had obtained nonpublic documents from the Congressional Research Service by exploiting "a small vulnerability" inside the document distribution system of the United States Congress, and then asserted that "[t]his is what any one of you would find if you were actually looking." In 2010, Assange gained unauthorized access to a government computer system of a NATO country. In 2012, Assange communicated directly with a leader of the hacking group LulzSec (who by then was cooperating with the FBI), and provided a list of targets for LulzSec to hack. With respect to one target, Assange asked the LulzSec leader to look for (and provide to WikiLeaks) mail and documents, databases and pdfs. In another communication, Assange told the LulzSec leader that the most impactful release of hacked materials would be from the CIA, NSA, or the New York Times. WikiLeaks obtained and published emails from a data breach committed against an American intelligence consulting company by an "Anonymous" and LulzSec-affiliated hacker. According to that hacker, Assange indirectly asked him to spam that victim company again.

If our social platforms are going to be gatekeepers, then they need to acknowledge their role in the information ecosystems. It is knowing what to boost and what to ignore that makes a good platform, writes veteran technology journalist and now a venture capitalist Om Malik. From his essay: The battle of good email versus spam email has taken a long time, but it has been worth fighting. The struggle between real information and fake information is no different. Unfortunately, what we have is ambivalent algorithms on our social platforms that blindly amplify both hope and hate. This gets complicated pretty quickly. Without access to the same platforms currently being used to gaslight our country, we won't see the awful videos of police in conflict with the people they should protect. Without the same platforms, it would be harder to tell that the media just glorifies the titillating stuff, whether it is the opinion page of the old Gray Lady or the fake looting of a non-existent Rolex store.

I am the first to admit that this is one hard and messy problem. The challenge we face today is that technology's supreme commanders fail to fight the real monkey on their back -- how the modern internet works. Whether it is Facebook, Twitter, Amazon, or Google, the core principle of these companies is engagement and growth. More engagement means more growth, and that means more attention and thus more money. If Facebook removed news from your feed and just restricted it to social items, like baby pictures, ravings of a crazy uncle, and event announcements, there is a good chance that engagement on the platform would decrease. Twitter would be a lot less engaging if it reverted back to its original premise of showing the latest, not the loudest. And what if Google stopped rewarding frequent visits as one of the measurements for showing the results on its search engine? I think you know.

Google announced this week plans to enable its new anti-notification spam system in Chrome over the summer, with the release of Chrome 84, on July 12, 2020. From a report: Known internally as the "quieter notification permission UI," this Chrome component works by blocking sites from showing notification requests, which are hidden under an icon in the Chrome URL bar (on desktop) or under a toolbar (on mobile). Google first announced the "quieter notification permission UI" in January, and shipped it in February, in Chrome 80, in a limited, user opt-in fashion. But in a blog post, Google said the new UI and its ability to detect spammy notification popups has been improved and will roll out enabled by default for all users in July, with the release of Chrome 84.

An anonymous reader writes: Jeff Teper, CVP for Microsoft 365, has a vision for the company's Office 365 chat-based collaboration tool that competes with Slack, Facebook's Workplace, and Google Chat. In terms of reach, Teper wants Microsoft Teams to eclipse Windows. (Windows 10 runs on over 1 billion monthly active devices.)

Our interview took place a day after Microsoft concluded its online-only Build 2020 developer conference, where the company gave business developers new tools to build Teams apps. Microsoft launched a Visual Studio and Visual Studio Code extension for Teams in preview, introduced new integrations between its Power Platform and Teams, and announced a custom app submission process to help IT admins. Teper was happy to cover a range of Teams topics, including metrics, growth, competitors, consumer positioning, machine learning, and of course dealing with the increased demand during the coronavirus pandemic.

CAM4, a popular adult platform that advertises "free live sex cams," misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs. According to Wired, the database exposed 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts -- 10.88 billions records in all. From the report: First of all, very important distinction here: There's no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn't mean it wasn't, but this is not an Ashley Madison-style meltdown. It's the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse). [...] The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems. A few hundred of the entries included full names, credit card types, and payment amounts. Who's Affected? It's hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It's unclear to what extent the leak impacted both performers and customers. The report says CAM4's parent company, Granity Entertainment, took the server offline within a half hour of being contacted by the researchers.

An anonymous reader writes: Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms. The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned. Private Relay will be available as a Firefox add-on that lets users generate a unique email address -- an email alias -- with one click. The user can then enter this email address in web forms to send contact requests, subscribe to newsletters, and register new accounts. "We will forward emails from the alias to your real inbox," Mozilla says on the Firefox Private Relay website. "If any alias starts to receive emails you don't want, you can disable it or delete it completely," the browser maker said.

Google announced this week new rules for the Chrome Web Store in an attempt to cut down the number of shady Chrome extensions submitted and listed on the site. From a report: Starting August 27, Google says it intends to enforce a new set of rules, which will result in a large number of extensions being delisted. These rules are meant to crack down on a series of practices extension developers have been recently employing to flood the Web Store with shady extensions or boost install counts for low-quality content. They include:
1. Developers cannot submit duplicate extensions anymore. (e.g. Wallpaper extensions that have different names but provide the user with the same wallpapers when installed.)
2. Extensions are not allowed to use "keyword spam" techniques to flood metadata fields with multiple terms and have the extension listed across multiple categories to improve the extension's visibility in search results.
3. Developers are not allowed to use misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata. Extension metadata needs to be accurate, and Google intends to be strict about it.
4. Developers are now forbidden from inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or paid downloads, reviews, and ratings.

1.5 billion people use Gmail, according to a recent article in the BBC. And every day millions of them receive an email about a coronavirus scam: Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day, according to Google... The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus. The virus may now be the biggest phishing topic ever, tech firms say...

The growth in coronavirus-themed phishing is being recorded by several cyber-security companies. Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic...

Google claims that its machine-learning tools are able to block more than 99.9% of [scam] emails from reaching its users.

McGruber shares a report from Business Insider: Facebook is blocking users from posting some legitimate news articles about the coronavirus in what appears to be a bug in its spam filters. On Tuesday, multiple Facebook users reported on Twitter that they found themselves unable to post articles from certain news outlets including Business Insider, BuzzFeed, The Atlantic, and the Times of Israel. It's not clear exactly what has gone wrong, and Facebook did not respond to a request for comment.

Alex Stamos, an outspoken former Facebook security exec, speculated that it might be caused by Facebook's shift to automated software after it sent its human content moderators home. "It looks like an anti-spam rule at FB is going haywire," he wrote on Twitter. "Facebook sent home content moderators yesterday, who generally can't [work from home] due to privacy commitments the company has made. We might be seeing the start of the machine learning going nuts with less human oversight. In a tweet, VP of Integrity Guy Rosen said: "We're on this -- this is a bug in an anti-spam system, unrelated to any changes in our content moderator workforce. We're in the process of fixing and bringing all these posts back."

Malware distributors "have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software," reports security researcher Brian Krebs: In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.

The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller's certificate. "It loads [a] fully working online map of Corona Virus infected areas and other data," the seller explains. "Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral...!" The sales thread claims the customer's payload can be bundled with the Java-based map into a filename that most Webmail providers allow in sent messages... The seller says the user/victim has to have Java installed for the map and exploit to work, but that it will work even on fully patched versions of Java...

It's unclear how many takers this seller has had, but earlier this week security experts began warning of new malicious Web sites being stood up that used interactive versions of the same map to distract visitors while the sites tried to foist the password-stealing AZORult malware.