EU Court of Justice Declares US-EU Data Transfer Pact Invalid 134

Sique writes: Europe's highest court ruled on Tuesday that a widely used international agreement for moving people's digital data between the European Union and the United States was invalid. The decision, by the European Court of Justice, throws into doubt how global technology giants like Facebook and Google can collect, manage and analyze online information from their millions of users in the 28-member bloc. The court decreed that the data-transfer agreement was invalid as of Tuesday's ruling. New submitter nava68 adds links to coverage at the Telegraph; also at TechWeek Europe. From TechWeek Europe's article: The ruling was the court’s final decision in a data-protection case brought by 27-year-old Austrian law student Max Schrems against the Irish data protection commissioner. That case, in turn, was spurred by Schrems’ concerns over the collection of his personal data by Facebook, whose European headquarters is in Ireland, and the possibility that the data was being handed over to US intelligence services.
Electronic Frontier Foundation

EFF Joins Nameless Coalition and Demands Facebook Kills Its Real Names Policy 191

Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations.

Google Lets Advertisers Target By (Anonymized) Customer Data 58

An anonymous reader writes: Google's new advertising product, called Customer Match, lets advertisers upload their customer and promotional email address lists into AdWords. The new targeting capability extends beyond search to include both YouTube Trueview ads and the newly launched native ads in Gmail. Customer Match marks the first time Google has allowed advertisers to target ads against customer-owned data in Adwords. Google matches the email addresses against those of signed-in users on Google. Individual addresses are hashed and are supposedly anonymized. Advertisers will be able to set bids and create ads specifically geared to audiences built from their email lists. This new functionality seems to make de-anonymization of google's supposedly proprietary customer data just a hop, skip and jump away. If you can specify the list of addresses that get served an ad, and the criteria like what search terms will trigger that ad, you can detect if and when your target searches for specific terms. For example, create an email list that contains your target and 100 invalid email addresses that no one uses (just in case google gets wise to single-entry email lists). Repeat as necessary for as many keywords and as many email addresses that you wish to monitor.

Ask Slashdot: Best Country For Secure Online Hosting? 110

An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?

Stolen Patreon User Data Dumped On Internet 159

After the personal data breach at crowd-funding site Patreon reported a few days ago, there's some worse news: the information isn't just in limbo any more; Patreon reported Saturday that the compromised information has been leaked in the form of a massive data dump. (The slightly good news is that no credit card information was leaked.)

DHS Detains Mayor of Stockton, CA, Forces Him To Hand Over His Passwords 392

schwit1 writes: Anthony Silva, the mayor of Stockton, California, recently went to China for a mayor's conference. On his return to San Francisco airport he was detained by Homeland Security, and then had his two laptops and his mobile phone confiscated. They refused to show him any sort of warrant (of course) and then refused to let him leave until he agreed to hand over his password.

Experian Breached, 15 Million T-Mobile Customer's Data Exposed 161

New submitter Yuuki! writes: The Washington Post reports that T-Mobile's Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver's license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. The attack started back in September 2013 and was only just discovered on September 16, 2015. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach.

Patreon Hacked, Personal Data Accessed 79

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

Yelp For People To Launch In November 447 writes: Caitlin Dewey reports in the Washington Post that 'Peeple' — basically Yelp, but for humans will launch in November. Subtitled "character is destiny," Peeple is an upcoming app that promises to "revolutionize the way we're seen in the world through our relationships" by allowing you to assign reviews of one to five stars to everyone you know: your exes, your co-workers, the old guy who lives next door. You can't opt out — once someone puts your name in the Peeple system, it's there unless you violate the site's terms of service. And you can't delete bad or biased reviews — that would defeat the whole purpose. "People do so much research when they buy a car or make those kinds of decisions," says co-founder Julia Cordray. "Why not do the same kind of research on other aspects of your life?"

According to Caitlin, one does not have to stretch far to imagine the distress and anxiety that such a system will cause even a slightly self-conscious person; it's not merely the anxiety of being harassed or maligned on the platform — but of being watched and judged, at all times, by an objectifying gaze to which you did not consent. "If you're one of the people who miss bullying kids in high school, then Peeple is definitely going to be the app for you!," says Mike Morrison. "I'm really looking forward to being able to air all of my personal grievances, all from the safety of my phone. Thanks to the app, I'll be able to potentially ruin someone's life, without all the emotional stress that would occur if I actually try to fix the problem face-to-face."

Apple, Microsoft Tout Their Privacy Policies To Get Positive PR 102

jfruh writes: Apple hasn't changed its privacy policy in more than a year — but that didn't stop the company from putting up a glossy website explaining it in layman's terms. Microsoft too has been touting its respect for its users's privacy. This doesn't represent any high-minded altruism on those companies' parts, of course; it's part of their battle against Google, their archrival that offers almost all of its services for free and makes its money mining user data.

Snowden Joins Twitter, Follows NSA 206

wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."

Newly Found TrueCrypt Flaw Allows Full System Compromise 106

itwbennett writes: James Forshaw, a member of Google's Project Zero team has found a pair of flaws in the discontinued encryption utility TrueCrypt that could allow attackers to obtain elevated privileges on a system if they have access to a limited user account. 'It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered,' writes Lucian Constantin.

FBI and DEA Under Review For Misuse of NSA Mass Surveillance Data 86

Patrick O'Neill writes: The FBI and DEA were among the agencies fed information from an NSA surveillance program described as "staggering" by one judge who helped strike the program down. Now the two agencies are under review by the Justice Department for the use of parallel construction as well as looking into the specifics and results of cases originating from NSA tips. (Here's some more on the practice of parallel construction in this context.)

How the FBI Hacks Around Encryption 91

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
Electronic Frontier Foundation

EFF: DMCA Hinders Exposing More Software Cheats Like Volkswagen's 166

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

Edward Snowden Promotes Global Treaty To Curtail Surveillance 110

An anonymous reader writes: In a video appearance, Edward Snowden said domestic digital spying on ordinary citizens is an international threat that will only be slowed with measures like a proposed international treaty declaring privacy a basic human right. "This is not a problem exclusive to the United States.... This is a global problem that affects all of us. What's happening here happens in France, it happens in the U.K., it happens in every country, every place, to every person," he said.

Ask Slashdot: Make Windows Update Install Only Security Updates Automatically? 288

An anonymous reader writes: After the news earlier this month about Microsoft forcing the Windows 10 upgrade on people who don't want it, my sizeable extended family has been coming to me for a solution. They don't want to be guinea pigs this early in the Windows 10 release cycle, but it looks like Microsoft may not be giving them a choice. My reading of Woody Leonhard's advice is that the only way to ensure the upgrade doesn't happen is to disable Windows Update, but that seems extreme. I want my family to install security updates, but I don't relish the idea of explaining to them how to install just those and hide the less-desireable updates.

The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?

Chrome For Android's Incognito Mode Saves Some of the Sites You Visit 69

An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."

'RipSec' Goes To Hollywood: How the iCloud Celeb Hack Happened 28

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipSec using a photoshopped naked image of major TV star who offered access to her iCloud account. "I contacted some of the celebrities and she gave me access to her account," Doering says. "From there I baited them (the hackers)."
United States

EU May Forbid the Transfer of Personal Data To the US 202

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.