GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 80

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Data Storage

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims (theregister.co.uk) 35

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.
Technology

What Comes After User-Friendly Design? (fastcodesign.com) 182

Kelsey Campbell-Dollaghan, writing for FastCoDesign: "User-friendly" was coined in the late 1970s, when software developers were first designing interfaces that amateurs could use. In those early days, a friendly machine might mean one you could use without having to code. Forty years later, technology is hyper-optimized to increase the amount of time you spend with it, to collect data about how you use it, and to adapt to engage you even more. [...] The discussion around privacy, security, and transparency underscores a broader transformation in the typical role of the designer, as Khoi Vinh, principal designer at Adobe and frequent design writer on his own site, Subtraction, points out. So what does it mean to be friendly to users-er, people-today? Do we need a new way to talk about design that isn't necessarily friendly, but respectful? I talked to a range of designers about how we got here, and what comes next.
Entertainment

Sonos To Launch a Wireless Speaker That Would Support Multiple Voice Assistants (yahoo.com) 33

Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.
Social Networks

New Book Argues Silicon Valley Will Lead Us to Our Doom (sandiegouniontribune.com) 201

Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission.
The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments."

Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."
Facebook

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

KDE

KDE Plasma 5.11 Beta Released (kde.org) 59

JRiddell writes: The original and best linux desktop has a new version, KDE Plasma 5.11 beta is out. UI improvements include a redesigned System Settings and notification history. Privacy improvements include Plasma Vault, which helps you store your files securely. Progress on Wayland support continues with many people now using it as their daily setup. The full changelog can be viewed here.
Security

ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Microsoft

Windows 10 Will Soon Give Users More Control Over App Permissions (engadget.com) 76

An anonymous reader shares a report: The software giant has revealed that you'll get much more control over what apps are allowed to do with your device. Where you previously only had control over location sharing, the Fall Creators Update will ask you to grant permission before accessing all kinds of potentially sensitive hardware and software features. It'll ask to use your camera and microphone if you have a video recording app, for instance, or check before offering access to your calendar and contacts. You'll only get these prompts for apps installed after you move to the Fall Creators Update; you'll have to dive into your privacy settings to review permissions for apps you already have. Even so, it's an important boost to Windows' privacy security levels. Much as on phones, where fine-grained permissions are already fairly commonplace, you might not have to worry as much about malicious apps spamming your contacts or hijacking the camera.
Privacy

Trump Administration Sued Over Phone Searches at US Borders (reuters.com) 138

The Trump administration has engaged in an unconstitutional practice of searching without a warrant the phones and laptops of Americans who are stopped at the border, a lawsuit filed on Wednesday alleged. From a report: Ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security in federal court, saying the searches and prolonged confiscation of their electronic devices violate privacy and free speech protections of the U.S. Constitution. DHS could not be immediately reached for comment. The lawsuit comes as the number of searches of electronic devices has surged in recent years, alarming civil rights advocates.
Security

Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) 193

Equifax's data breach was colossal -- but what should happen next? The Guardian writes: The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports: Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...": We must create new, secure methods for cryptographically securing our data... These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
AI

AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) 350

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person's sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior "gaydar" when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here.
Businesses

Amazon Was Tricked By a Fake Law Firm Into Removing a Popular Product, Costing the Seller $200,000 (cnbc.com) 98

Eugene Kim, reporting for CNBC: Shortly before Amazon Prime Day in July, the owner of the Brushes4Less store on Amazon's marketplace received a suspension notice for his best-selling product, a toothbrush head replacement. The email that landed in his inbox said the product was being delisted from the site because of an intellectual property violation. In order to resolve the matter and get the product reinstated, the owner would have to contact the law firm that filed the complaint. But there was one problem: the firm didn't exist. Brushes4Less was given the contact information for an entity named Wesley & McCain in Pittsburgh. The website wesleymccain.com has profiles for five lawyers. A Google image search shows that all five actually work for the law firm Brydon, Swearengen & England in Jefferson City, Missouri. The phone number for Wesley & McCain doesn't work while the address belongs to a firm in Pittsburgh called Robb Leonard Mulvihill. The person who supposedly filed the complaint is not registered to practice law in Pennsylvania. One section on Wesley & McCain's site stole language from the website of the Colby Law Office. The owner of Brushes4Less agreed to tell his story to CNBC but asked that we not use his name out of concern for his privacy. As far as he can tell, and based on what CNBC could confirm, Amazon was duped into shutting down the seller's key product days before the site's busiest shopping event ever.
Communications

European Court Rules Companies Must Tell Employees of Email Checks (reuters.com) 103

Companies must tell employees in advance if their work email accounts are being monitored and such checks must not unduly infringe workers' privacy, the European Court of Human Rights ruled on Tuesday. From a report: In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on this issue.
Verizon

Verizon Up Offers Rewards in Exchange For Customers' Personal Information (wsj.com) 74

An anonymous reader shares a report: A new Verizon rewards program, Verizon Up, provides credits that wireless subscribers can use for concert tickets, movie premieres and phone upgrades. But it comes with a catch: Customers must give the carrier access to their web-browsing history, app usage and location data, which Verizon says it uses to personalize the rewards and deliver targeted advertising as its customers browse the web. The trade-off is part of Verizon's effort to build a digital advertising business to compete with web giants Facebook and Google, which often already possess much of the same customer information. Even though Congress earlier this year dismantled tough privacy regulations on telecommunications providers, Verizon still wants customers to opt-in to its most comprehensive advertising program, called Verizon Selects. Data collected under the program is shared with Oath, the digital-media unit Verizon created when it bought AOL and Yahoo. Since access to data from customers could make it easier to tailor ads to their liking, Verizon hopes the information will help it gain advertising revenue to offset sluggish growth in its cellular business.See a current list of Verizon plans here.
Firefox

TechRepublic: Mozilla 'Is Desperately Needed to Save the Web' (techrepublic.com) 317

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more." An anonymous reader quotes TechRepublic: Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.

The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."
Privacy

US Cops Can't Keep License Plate Data Scans Secret Without Reason, Court Rules (theregister.co.uk) 60

An anonymous reader quotes a report from The Register: Police departments cannot categorically deny access to data collected through automated license plate readers, California's Supreme Court said on Thursday -- a ruling that may help privacy advocates monitor government data practices. The ACLU Foundation of Southern California and the Electronic Frontier Foundation sought to obtain some of this data in 2012 from the Los Angeles Police Department and Sheriff's Department, but the agencies refused, on the basis that investigatory data is exempt from disclosure laws. So the following year, the two advocacy groups sued, hoping to understand more about how this data hoard is handled. The LAPD, according to court documents, collects data from 1.2 million vehicles per week and retains that data for five years. The LASD captures data from 1.7 to 1.8 million vehicles per week, which it retains for two years. The ACLU contends [PDF] that indiscriminate license plate data harvesting presents a risk to civil liberties and privacy. It argues that constant monitoring has the potential to chill rights of free speech and association and that databases of license plate numbers invite institutional abuse, not to mention security risks.
Communications

Apple Calls For FCC To Keep 'Strong, Enforceable' Net Neutrality Protections (appleinsider.com) 50

An anonymous reader quotes a report from Apple Insider: Apple has written to the U.S. Federal Communications Commission in support for the concept of net neutrality, with its four-page commentary arguing for the government agency to "retain strong, enforceable open internet protections" instead of rolling back the rules forbidding "fast lane" internet connections. "An open internet ensures that hundreds of millions of consumers get the experience they want, over the broadband connections they choose, to use the devices they love, which have become an integral part of their lives," starts the comment signed by Cynthia Hogan, Apple's Vice President of Public Policy for the Americas. Citing a "deep respect" for its customers' privacy, security, and control over personal information, Apple believes this extends to their internet connection choices as well. "What consumers do with those tools is up to them -- not Apple, and not broadband providers," the statement claims, before urging the FCC to keep advancing the key principles of net neutrality. Based on a belief of consumer choice with regards to connectivity, Apple insists broadband providers should not "block, throttle, or otherwise discriminate against lawful websites and services," and not create "paid fast lanes on the internet." Lifting current FCC bans on these restrictions could allow broadband providers to favor one service over another's, "fundamentally altering the internet as we know it today -- to the detriment of consumers, competition, and innovation." Allowing such fast lanes could result in an internet with heavily distorted competition, caused through online providers being forced to make deals or risk losing customers from providing a hampered service. Apple suggests the practice could "create artificial barriers to entry for new online services, making it harder for tomorrow's innovations to attract investment and succeed," effectively turning broadband providers into a king-maker based on its priorities.
Privacy

Uber Says It'll Stop Tracking Riders After They're Dropped Off (usatoday.com) 69

Uber is revamping privacy settings that it rolled out last fall to allow iOS users the ability to deny Uber the right to track your whereabouts. Similar tweaks are reportedly coming to the Android version of the app. USA Today reports: The new options for Uber app users are: Always (Uber is allowed to collect rider location information from the moment the app is opened until the trip ends), While Using The App (information flows to Uber while the app is visible on the screen) and Never (no info is transmitted but riders have to manually input their pick-up and drop-off locations). One of the old privacy features that gave many users pause was Uber's ability to track the whereabouts of riders up to 5 minutes after a ride was completed. Uber says the 5-minute feature was never activated on the iOS version of its app, and that it was disabled a few months after being initiated on the Android version. The company maintained that the feature was to enhance safety, but for many the option was too reminiscent of some of Uber's more notorious Big Brother tactics.

In 2016, Uber settled an investigation brought by New York's attorney general by agreeing to encrypt rider geo-location. The inquiry was sparked by reports that Uber executives had access to riders' locations, and that Uber displayed rider information in an aerial view known internally as "God View." Earlier this year, federal regulators began investigating an Uber practice known as "greyballing," which allowed engineers to take over an app and create a screen showing cars that did not really exist. The practice was used to steer regulators investigating Uber away from drivers, and was halted by Uber after being reported by The New York Times.

United States

The IRS Decides Who To Audit By Data Mining Social Media (typepad.com) 232

In America the Internal Revenue Service used to pick who got audited based on math mistakes or discrepancies with W-2 forms -- but not any more. schwit1 shares an article from the Vanderbilt Journal of Entertainment and Technology Law describing their new technique: The IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This article argues that current IRS practices, mostly unknown to the general public, are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government's data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be a panacea for the IRS's budget woes, unchecked these activities are a significant threat to privacy [PDF]. Other concerns regarding the IRS's entrance into big data are raised including the potential for political targeting, data breaches, and the misuse of such information.
While tax evasion cost the U.S.$3 trillion between 2000 and 2009, one of the report's authors argues that people should be aware âoethat what they say and do onlineâ could be used against them.

Slashdot Top Deals