An anonymous reader writes: Microsoft is using the IP address 'voluntarily' collected during its software activation process to sue a Comcast subscriber for pirating thousands of copies of Windows and Office. The Redmond giant wants the court to issue a subpoena which will force Comcast to hand over the pirating subscriber's info. If the infringing IP address belongs to another ISP which obtained it via Comcast, then Microsoft wants that ISP's info and the right to subpoena it as well. "Defendants activated and attempted to activate at least several thousand copies of Microsoft software, much of which was pirated and unlicensed," Microsoft's legal team wrote. The product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008. The product keys, Microsoft said, were used "more times than is authorized by the applicable software license," used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended." Whether or not the IP traces back to a Comcast subscriber or was assigned by Comcast to a different ISP, as the The Register pointed out, "It would be a significant gaffe on behalf of the alleged pirates if the IP address data pointed to their real identifies."

An anonymous reader writes: Nathan Blecharcyzk, one of the co-founders at home rental platform Airbnb, has detailed the company's interest in blockchain technologies to help establish user reputation and trust. He revealed that in 2016 Airbnb would be looking into blockchain integration, or a similar distributed ledger system, to authenticate a user's reputation and establish trust on the platform. The proposal marks a potentially revolutionary step for e-commerce sites and peer opinion platforms looking to identify and filter out damaging reviews planted by competitors and trolls, or self-promoting posts which can mislead consumers. However, while protecting the integrity of some, the introduction of a blockchain-based reputation system holds a potential threat to anonymity and privacy online. A distributed and irreversible system for trust management, which stores personal data, could offer a hotbed for doxing and identity theft – and even undermine an individual's right to be forgotten.

lightbox32 writes with this excerpt from MSN News confirming what many people suspected with the proliferation of military and law-enforcement drones would happen, already has: A report by a Pentagon inspector general, made public under a Freedom of Information Act request, said spy drones on non-military missions have occurred fewer than 20 times between 2006 and 2015 and always in compliance with existing law. ... The use of unmanned aerial surveillance (UAS) drones over U.S. surfaced in 2013 when then-FBI director Robert Mueller testified before Congress that the bureau employed spy drones to aid investigations, but in a "very, very minimal way, very seldom." The inspector general analysis was completed March 20, 2015, but not released publicly until last Friday. ... The report quoted a military law review article that said "the appetite to use them (spy drones) in the domestic environment to collect airborne imagery continues to grow, as does Congressional and media interest in their deployment."

itwbennett writes: In remedy for the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services. And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer.

cold fjord writes: General Michael Hayden (Retired), who served as head of both the NSA and CIA, has taken a position supporting Apple in its conflict with the FBI. Apple is fighting a court order to assist the FBI in breaking into the government owned phone used by one of the two dead terrorists responsible for the recent San Bernardino massacre. General Hayden stated, "You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it. You can do balancing privacy and security dead men don't have a right to privacy. I don't use those lenses. My lens is the security lens, and frankly, it's a close but clear call that Apple's right on just raw security grounds. ... I get why the FBI wants to get into the phones but this may be a case where we've got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity."

An anonymous reader writes: The FBI has quietly revised its privacy rules for searching data involving Americans' international communications that was collected by the NSA, US officials have confirmed to the Guardian. The classified revisions were accepted by the secret US court that governs surveillance, during its annual recertification of the agencies' broad surveillance powers. The new rules affect a set of powers colloquially known as Section 702, the portion of the law that authorizes the NSA's sweeping "Prism" program to collect internet data. Section 702 falls under the Foreign Intelligence Surveillance Act, and is a provision set to expire later this year. A government civil liberties watchdog, the Privacy and Civil Liberties Oversight Board, alluded to the change in its recent overview of ongoing surveillance practices. The PCLOB's new compliance report, released last month, found that the administration has submitted "revised FBI minimization procedures" that address at least some of the group's concerns about "many" FBI agents who use NSA-gathered data. Sharon Bradford Franklin, a spokesperson for the PCLOB, said the rule changes move to enhance privacy. She could not say when the rules actually changed -- that, too, is classified. Last February, a compliance audit alluded to imminent changes to the FBI's freedom to search the data for Americans' identifying information. "FBI's minimization procedures will be updated to more clearly reflect the FBI's standard for conducting US person queries and to require additional supervisory approval to access query results in certain circumstances," the review stated. The reference to "supervisory approval" suggests the FBI may not require court approval for their searches -- unlike the new system Congress enacted last year for NSA or FBI acquisition of US phone metadata in terrorism or espionage cases.

An anonymous reader writes: The Dutch Privacy Authority made it known today that companies are not allowed to gather their employees' health data from wearable devices [original, in Dutch] such as the Fitbit. Of the two companies that were mentioned in this case, one of them had access to employee sleep patterns. In both cases the employees had given their employers permission to use this data. However, according to the Privacy Authority it is impossible to truly give 'free consent' when there is a 'financial dependency.'

schwit1 writes: Guccifer, the infamous Romanian hacker who accessed emails of celebrities and top US officials, will be extradited to the United States after losing a case in his home country's top court. Reuters reports that Lehel will come to the US under an 18-month extradition order, following a request made by the US authorities. Details of the extradition have not been made public, however. Marcel Lehel, a 42-year-old hacker better known by his pseudonym "Guccifer," achieved notoriety when he released an email with images of paintings by former President George W. Bush, including a self-portrait in a bathtub. He also hacked and published emails from celebrities Leonardo DiCaprio, Steve Martin and Mariel Hemingway. Perhaps most notably, Lehel was also the first source to uncover Hillary Clinton's improper use of a private email account while she was Secretary of State, which the FBI is investigating as a potential danger to national security.

chasm22 writes: Verizon Communications Inc agreed to pay a $1.35 million fine after the Federal Communications Commission said on Monday it found the company's wireless unit violated the privacy of its users. Verizon Wireless agreed to get consumer consent before sending data about "supercookies" from its more than 100 million users, under a settlement. The largest U.S. mobile company inserted unique tracking codes in its users traffic for advertising purposes. Supercookies are unique, non-removable identifiers inserted into web traffic to identify customers in order to deliver targeted ads from Verizon and others. The FCC said Verizon Wireless failed to disclose the practice from late 2012 until 2014, violating a 2010 FCC regulation on internet transparency. The FCC also said the supercookies overrode consumers privacy practices they had set on web browsers, which led some advocates to call it a "zombie cookie." Under the agreement, consumers must opt in to allow their information to be shared outside Verizon Wireless, and have the right to "opt out" of sharing information with Verizon.

An anonymous reader writes: MIT has launched a new scheme whereby participating users can voluntarily share data on their website viewing habits, via the use of a Google Chrome extension and by signing up to an MIT website. The scheme, called Eyebrowse, began development in 2010 and has been in closed beta for the last 18 months. Cornell information science professor Mor Naaman says of the project: "Data has traditionally been used by anyone from corporations to the government...but the goal of this system is to make the data more useful for the individuals themselves, to give them more control, and to make it more useful to communities."

An anonymous reader writes: In traditional computing, numbers are represented by either 0s or 1s, but quantum computing relies on atomic-scale units, or "quibits," that can be simultaneously 0 and 1 -- a state known as a superposition that's far more efficient. It typically takes about 12 qubits to factor the number 15, but researchers at MIT and the University of Innsbruck in Austria have found a way to pare that down to five qubits, each represented by a single atom, they said this week. Using laser pulses to keep the quantum system stable by holding the atoms in an ion trap, the new system promises scalability as well, as more atoms and lasers can be added to build a bigger and faster quantum computer able to factor much larger numbers. That, in turn, presents new risks for factorization-based methods such as RSA, used for protecting credit cards, state secrets and other confidential data. "If you are a nation state, you probably don't want to publicly store your secrets using encryption that relies on factoring as a hard-to-invert problem," said Chuang. "Because when these quantum computers start coming out, [adversaries will] be able to go back and unencrypt all those old secrets."

phantomfive writes: We've seen password frequency lists, here is an analysis of PIN frequency with a nice heatmap towards the bottom. There is a line for numbers starting with 19*, which is the year of birth, a cluster around MM/DD for people's birthdays, and a hard diagonal line for the same digit repeated four times.

An anonymous reader writes: The Maryland Court of Special Appeals on Wednesday upheld a historic decision by a state trial court that the warrantless use of cell-site simulators, or Stingrays, violates the Fourth Amendment. The trial had suppressed evidence obtained by the warrantless use of a Stingray -- the first time any court in the nation had done so. Last April, a Baltimore police detective testified that the department has used Stingrays 4,300 times since 2007, usually without notifying judges or defendants. Stingrays mimic cellphone towers, tricking nearby phones into connecting and revealing users' locations. Stingrays sweep up data on every phone nearby -- collecting information on dozens or potentially hundreds of people. The ruling has the potential to set a strong precedent about warrantless location tracking.

Mr.Intel writes with the Guardian's report that : San Bernadino D.A. has a novel argument for why Apple should be forced to provide the FBI with tools to decrypt the iPhone once used by mass-shooter Syed Rizwan Farook: a "dormant cyber pathogen," he says, could have been unleashed by the county's electronic infrastructure, and only by examining the phone's content can any really be sure. From the article: The questionable claim comes from Ramos's amicus brief in the case, filed with the US District Court on Thursday afternoon. In it, Ramos supports the FBI's argument that Apple should be compelled to build a one-use version of its operating system to load on to the seized phone – used by the mass-murderer, but still technically property of his employer, San Bernardino county – in order to weaken the security and allow the Government to brute-force the shooter's passcode. ... Ramos said: 'The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County's infrastructure and poses a continuing threat to the citizens of San Bernardino County'.

Mark Wilson writes: In the run-up to the presidential election, few days go by when Donald Trump isn't hitting the headlines for something he's said or done. The bombastic billionaire looks set to become the Republican candidate, and his journey towards the White House is littered with offense and controversy, and back in December Anonymous declared war on him. The loose collective of hackers and activist made its declaration after Trump announced plans to ban Muslims from entering the U.S. One of the first strikes in Anonymous' war sees the group hacking the businessman's voicemail and leaking the messages. The messages appear to show that Trump had a surprisingly cosy relationship with the more left-leaning section of the media than one might imagine.

HughPickens.com writes: Ann Carrns reports at the NYT that despite a push by financial institutions to switch customers to digital statements from paper, the traditional hard-copy version may work better for some people, in particuar particular, older, less educated and lower-income consumers who may lack fast Internet connections at home. According to a new report from the National Consumer Law Center, even consumers who know the Internet may simply prefer paper, because statement notifications can easily be overlooked in a deluge of email. Also unlike paper statements, which can be neatly collected and filed away, going paperless on multiple accounts will mean having that information scattered under different user names and passwords. You may also be surprised to learn you have to pay for copies of some older statements. "If you have a system for organizing your paper statements, you should think about how that's going to translate online," says Jim Bruene. Finally you may not be able to go back as far with paperless statements. At Verizon, cellphone customers get up to 12 months of past statements. Customers can also request older statements dating back seven years for $5 per copy.

Under federal law, banks must obtain consent from consumers to deliver statements electronically. But banks are sometimes aggressive in encouraging customers to opt out of receiving paper statements. Last summer, holders of some Chase credit cards received pop-up ads when they logged into their accounts online, asking them to switch to electronic statements. The notice said "Action Required," even though no action was necessary if cardholders simply wanted to continue receiving paper statements. The screen showed buttons for "accept" and "manage my preferences," but not for "decline."

schwit1 writes: China's effort to flush out threats to stability is expanding into an area that used to exist only in dystopian sci-fi: pre-crime. The Communist Party has directed one of the country's largest state-run defense contractors, China Electronics Technology Group, to develop software to collate data on jobs, hobbies, consumption habits, and other behavior of ordinary citizens to predict terrorist acts before they occur. "It's very crucial to examine the cause after an act of terror," Wu Manqing, the chief engineer for the military contractor, told reporters at a conference in December. "But what is more important is to predict the upcoming activities." The program is unprecedented because there are no safeguards from privacy protection laws and minimal pushback from civil liberty advocates and companies, says Lokman Tsui, an assistant professor at the School of Journalism and Communication at the Chinese University of Hong Kong, who has advised Google on freedom of expression and the Internet.

Okian Warrior writes: Dstillery gets information from people's phones via ad networks. When you open an app or look at a browser page, there's a very fast auction that happens where different advertisers bid to get to show you an ad. Your phone sends them information about you, including, in many cases, an identifying code (that they've built a profile around) and your location information, down to your latitude and longitude. On the night of the Iowa caucus, Dstillery flagged auctions on phones in latitudes and longitudes near caucus locations, some 16,000 devices. It then looked up the characteristics associated with those IDs to make observations about the kind of people that went to Republican caucus locations versus Democrat caucus locations. It drilled down farther by looking at which candidate won at a particular caucus location.

An anonymous reader writes: In a presentation at the BSides security conferences in San Francisco, Michael Raggo from MobileIron, has revealed that he discovered a cheap smartwatch engaging in covert communications behind the users' back. The watch in question is the U8 Nucleus, a cheap smartwatch that's made in China, sold for around $17 (€15.6), which also runs its own operating system, also known as Nucleus. When the user would install the iOS/Android app that allows the owners to manage the smartwatch via their phones, the app would start an encrypted communications channel with an IP address in China. This could be telemetry or analytics data, but nothing in the U8 smartwatch manual or website even mentioned something like this was happening in the first place.

mi writes: You may not have heard of it yet, but Maryland Transit Administration began recording passengers' conversations in 2012 — on its own initiative. Legislative efforts to put an end to the practice failed four times since then — but some State Senators keep trying "What [the MTA] is doing is a mass surveillance [...] I can make an argument to tape everybody, everywhere, everywhere they walk, everywhere they talk, and you can make the excuse for homeland security." If we had competing public transport companies, one could've switched to a privacy-respecting competitor. Alas, MTA holds a monopoly and legislation is the only recourse.