New submitter jasonridesabike writes "ProPublica reports that Werner Koch, the man behind GPG, is in financial straits: "The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded." (You can donate to the project here..)
An anonymous reader writes Stanford University has pledged not to use money from Google to fund privacy research at its Center for Internet and Society — a move that critics claim poses a threat to academic freedom. The center has long been generously funded by Google but its privacy research has proved damaging to the search giant as of late. Just two years ago, a researcher at the center helped uncover Google privacy violations that led to the company paying a record $22.5 million fine. In 2011-2012, the center's privacy director helped lead a project to create a "Do Not Track" standard. The effort, not supported by Google, would have made it harder for advertisers to track what people do online, and likely would have cut into Google's ad revenue. Both Stanford and Google say the change in funding was unrelated to the previous research.
Advocatus Diaboli writes Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...
McGruber (1417641) writes "Return-free filing might allow tens of millions of Americans to file their taxes for free and in minutes. Under proposals authored by several federal lawmakers, it would be voluntary, using information the government already receives from banks and employers and that taxpayers could adjust. The concept has been endorsed by Presidents Obama and Reagan and is already a reality in some parts of Europe. Sounds great, except to Intuit, maker of Turbotax: last year, Intuit spent more than $2.6 million on lobbying, some of it to lobby on four bills related to the issue, federal lobbying records show."
coolnumbr12 writes "In a new leak published by the Guardian, New York Times and ProPublica, Edward Snowden revealed new secret programs by the NSA and GCHQ to decrypt programs designed to keep information private online. In response to NSA's Bullrun and GCHQ's Edgehill, Google said it has accelerated efforts to build new encryption software that is impenetrable to the government agencies. Google has not provided details on its new encryption efforts, but did say it would be 'end-to-end,' meaning that all servers and fiber-optic lines involved in delivering information will be encrypted."
An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.
cycoj writes "The NSA says that there is no central method to search its own email. When asked in a Freedom of Information Act request for emails with the National Geographic Channel over a specific time period, the agency, which has been collecting and analyzing the data of hundreds of millions of Internet users, says it can only perform person-per-person searches on its own email."
dstates writes "ProPublica, the award winning public interest journalism group and frequently cited Slashdot source, has published an interesting guide to app technology for journalism and a set of data and style guides. Journalism presents unique challenges with potentially enormous but highly variable site traffic, the need to serve a wide variety of information, and most importantly, the need to quickly develop and vet interesting content, and ProPublica serves lots of data sets in addition to the news. They are also doing some cool stuff like using AI to generate specific narratives from tens of thousands of database entries illustrating how school districts and states often don't distribute educational opportunities to rich and poor kids equally. The ProPublica team focuses on some basic practical issues for building a team, rapidly and flexibly deploying technology and insuring that what they serve is correct. A great news app developer needs three key skills: the ability to do journalism, design acumen and the ability to write code quickly — and the last is the easiest to teach. To build a team they look to their own staff rather than competing with Google for CS grads. Most news organizations use either Ruby on Rails or Python/Django, but more important than which specific technology you choose is to just pick a server-side programming language and stick to it. Cloud hosting provides news organizations with incredible flexibility (like increasing your capacity ten-fold for a few days around the election and then scaling back the day after), but they're not as fast as real servers, and cloud costs can scale quickly relative to real servers. Maybe a news app is not the most massive 'big data' application out there, but where else can you find the challenge of millions of users checking in several times a day for the latest news, and all you need to do is sort out which of your many and conflicting sources are providing you with straight information? Oh, and if you screw up, it will be very public."
An anonymous reader writes "You don't necessarily have to a hacker to be viewed as one under federal law. ProPublica breaks down acts of 'hacktivism' to see what is considered criminal under the Computer Fraud and Abuse Act. It points out that both Aaron Swartz and Bradley Manning were charged under the CFAA. Quoting: 'A DDoS attack can be charged as a crime under the CFAA, as it “causes damage” and can violate a web site’s terms of service. The owner of the site could also file a civil suit citing the CFAA, if they can prove a temporary server overload resulted in monetary losses. ... The charges for doxing depend on how the information was accessed, and the nature of published information. Simply publishing publicly available information, such as phone numbers found in a Google search, would probably not be charged under the CFAA. But hacking into private computers, or even spreading the information from a hack, could lead to charges under the CFAA.'"
An anonymous reader writes "A 2011 ProPublica series found that the TSA had glossed over the small cancer risk posed by its X-ray body scanners at airports across the country. While countries in Europe have long prohibited the scanners, the TSA is just now getting around to studying the health effects." I'm not worried; the posters and recorded announcements at the airport say these scanners raise no health concerns.
An anonymous reader writes "Proud voters are already posting their ballots on Instagram but ProPublica's Lois Beckett reports that you may want to check your state laws first since showing your marked ballot to other people is actually illegal in many states."
OverTheGeicoE writes "If you're concerned about possible health effects from TSA's X-ray body scanners, you might be pleased to learn that TSA is making changes. TSA is removing X-ray body scanners from major airports including Los Angeles International, Boston's Logan, Chicago's O'Hare, and New York City's JFK. Then again, these changes might not please you at all, because they are not mothballing the offending devices. No, they are instead moving them to smaller airports like the one in Mesa, AZ. Is this progress, or is TSA just moving potentially dangerous scanners from 'Blue' areas to 'Red' ones right before a presidential election?"
theodp writes "ProPublica's Lois Beckett reports that the Obama for America campaign's new mobile app is raising privacy concerns with its Google map that recognizes one's current location, marks nearby Democratic households with small blue flags, and displays the first name, age and gender of the voter or voters who live there (e.g.,'Lori C., 58 F, Democrat'). Asked about the privacy aspects of the new app, a spokesperson for the Obama campaign wrote that 'anyone familiar with the political process in America knows this information about registered voters is available and easily accessible to the public.' Harvard law prof Jonathan Zittrain said the Obama app does represent a significant shift. While voter data has been 'technically public,' it is usually accessed only by political campaigns and companies that sell consumer data. 'Much of our feelings around privacy are driven by what you might call status-quo-ism,' Zittrain added, 'so many people may feel that the app is creepy simply because it represents something new.'"
wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"
Pigskin-Referee sends this excerpt from an article at ProPublica: "Jonathan Mayer had a hunch. A gifted computer scientist, Mayer suspected that online advertisers might be getting around browser settings that are designed to block tracking devices known as cookies. If his instinct was right, advertisers were following people as they moved from one website to another even though their browsers were configured to prevent this sort of digital shadowing. Working long hours at his office, Mayer ran a series of clever tests in which he purchased ads that acted as sniffers for the sort of unauthorized cookies he was looking for. He hit the jackpot, unearthing one of the biggest privacy scandals of the past year: Google was secretly planting cookies on a vast number of iPhone browsers. Mayer thinks millions of iPhones were targeted by Google."
First time accepted submitter samazon writes "According to a recently proposed abstract by the United States Geological Survey, hydraulic fracturing, or more specifically the disposal of fracking wastewater, may be directly correlated to the increase in seismic activity in the midwest. Results of the paper will be presented on April 18th, but the language of the abstract seems to imply that there is a connection. After years of controversy regarding hydrofracking including ground water contamination and disclosure of chemical solutions, the results of the study, if conclusive, could influence the cost of natural gas due to increased regulations on wastewater disposal." The actual language of the abstract leaves a fair amount of wiggle room: "While the seismicity rate changes described here are almost certainly manmade, it remains to be determined how they are related to either changes in extraction methodologies or the rate of oil and gas production."
OverTheGeicoE writes "U.S. Senator Susan Collins, the top Republican on the homeland security committee, plans to introduce a bill that would require a new health study of the X-ray body scanners used to screen airline passengers nationwide. If the bill becomes law, TSA would be required to choose an 'independent laboratory' to measure the radiation emitted by a scanner currently in use at an airport checkpoint and use the data to produce a peer-reviewed study, to be submitted to Congress, based on its findings. The study would also evaluate the safety mechanisms on the machine and determine 'whether there are any biological signs of cellular damage caused by the scans.' Many Slashdotters are or have been involved in science. Is this a credible experimental protocol? Is it reasonable to expect an organization accused of jeopardizing the health and safety of hundreds of millions of air travelers to pick a truly unbiased lab? Would any lab chosen deliver a critical report and risk future funding? Should the public trust a study of radiology and human health designed by a US Senator whose highest degree is a bachelor's degree in government?"
Wednesday is here, and with it sites around the internet are going under temporary blackout to protest two pieces of legislation currently making their way through the U.S. Congress: the Stop Online Piracy Act (SOPA) and the Protect-IP Act (PIPA). Wikipedia, reddit, the Free Software Foundation, Google, the Electronic Frontier Foundation, imgur, Mozilla, and many others have all made major changes to their sites or shut down altogether in protest. These sites, as well as technology experts (PDF) around the world and everyone here at Slashdot, think SOPA and PIPA pose unacceptable risks to freedom of speech and the uncensored nature of the internet. The purpose of the protests is to educate people — to let them know this legislation will damage websites you use and enjoy every day, despite being unrelated to the stated purpose of both bills. So, we ask you: what can you do to stop SOPA and PIPA? You may have heard the House has shelved SOPA, and that President Obama has pledged not to pass it as-is, but the MPAA and SOPA-sponsor Lamar Smith (R-TX) are trying to brush off the protests as a stunt, and Smith has announced markup for the bill will resume in February. Meanwhile, PIPA is still present in the Senate, and it remains a threat. Read on for more about why these bills are bad news, and how to contact your representative to let them know it.
Note: This will be the last story we post today until 6pm EST in protest of SOPA.
Note: This will be the last story we post today until 6pm EST in protest of SOPA.
OverTheGeicoE writes "The Transportation Security Administration is getting a lot of negative attention, much of it from the U.S. government itself. A recent congressional report blasted the TSA for being incompetent and ineffective (PDF). A bill to force the TSA to reduce its screening of active duty U.S. military members and their families was approved unanimously by the House of Representatives. After a TSA employee was arrested for sexually assaulting a woman while in uniform, a bill has been introduced to prevent TSA agents from wearing police-style uniforms and badges or using the title 'officer.' The bill's sponsor calls these practices 'an insult to real cops.' The FBI is getting involved by changing its definition of rape in a way that might expose the TSA's 'enhanced pat-down' screeners to prosecution. Lastly, public support for the TSA's use of X-ray body scanners drops dramatically when people realize there is a cancer risk."