An anonymous reader quotes a report from Engadget: Alphabet offshoot Jigsaw is launching a Chrome extension designed to help moderate toxic comments on social media. The new open-source tool, dubbed "Tune," builds on the machine learning smarts introduced in Jigsaw's "Perspective" tech to help sites like Facebook and Twitter set the "volume" of abusive comments. Using "filter mix" controls, users can either turn toxic comments off altogether (what's known as "zen mode") or show selective types of posts containing attacks, insults, or profanity. Tune also works with Reddit, YouTube and Disqus. Jigsaw admits that Tune is still an experiment, meaning it may not spot all forms of toxicity or could hide non-offensive comments. "We're constantly working to improve the underlying technology, and users can easily give feedback right in the tool to help us improve our algorithms," C.J. Adams, Jigsaw product manager, wrote in a blog post.

An anonymous reader quotes a report from Business Insider: Millions of dollars were missing when the CEO of a crypto exchange died without sharing the passwords to his accounts. Investigators recently cracked his laptop -- only to find the money was gone. Gerald Cotten, the founder of QuadrigaCX, was thought to have had sole access to the funds and coins exchanged on it. After his death in December, his colleagues said that about $137 million in cryptocurrency belonging to about 115,000 customers was held offline in "cold storage" and inaccessible. The case has sparked numerous theories, including that Cotten faked his own death and ran off with the cash. A court-appointed auditor, Ernst & Young, was able to crack Cotten's laptop and found that the accounts were emptied in April, eight months before his death, it said in a report last week.

The investigators said they found other issues too, such as that Quadriga kept "limited books and records" and never reported its financials. Ernst & Young also said it found 14 user accounts linked to Cotten that traded on Quadriga's exchange and withdrew cryptocurrency to addresses not tied to Quadriga. Burdened with $190 million in debt and unable to find or access the money, Quadriga filed for creditor protection in late January. A Nova Scotia court threw the company a lifeline this week, granting it a 45-day extension that prevents creditors from filing lawsuits against it until mid-April.

Okian Warrior writes: Free speech social network Gab has launched a new comments platform, Dissenter, which allows users to make comments on every single website on the Internet without fear of censorship or banning. The Dissenter platform, which integrates with Gab as either a website or a browser extension, allows users to comment on any web page in the world, with the ability to upvote, downvote, and reply to other comments.

"A free, open-source utility that allows people to dissent from orthodoxy and express what they are really thinking, without fear of reprisal, is essential in order to wrest control of the Internet and public discourse from Silicon Valley tech giants," said Gab founder Andrew Torba. "Gab.com and dissenter.com lead the way in keeping the Internet free. All people are welcome to use our products to express themselves freely." One example of recent comment censorship was review website Rotten Tomatoes' removal of comments for unreleased movies this week, which the review website claimed was due to "trolling."

More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.

Microsoft has released an official Timeline extension for Google Chrome called "Web Activities" that brings Timeline integration to Google's web browser. From a report: Just like with Microsoft Edge, this new extension syncs web browsing activities with the Timeline feature on Windows 10, making it easier to pick up old activities and search through webpages you've visited recently. The extension is available now in the Chrome Web Store, and ties with your Microsoft Account.

Tesla CEO Elon Musk said his fleet of electric vehicles will be getting a "dog mode" to protect pets from overheating. The feature, which will be rolled out next week, will be able to detect when a pet is locked inside the car -- and keep the temperature at a safe level. The New Zealand Herald reports: There will also likely be a display or some form of communication to inform passers-by that the dog is safe. The feature was added after Musk was inundated with tweets from customers. In October, one Tesla driver asked him: "Can you put a dog mode on the Tesla Model 3. "Where the music plays and the air conditioning is on, with a display on screen saying 'I'm fine my owner will be right back?'" Musk replied: "Yes."

'Dog mode' will likely be an extension of Tesla's Cabin Overheat Protection System. This already prevents temperatures inside the car from reaching unsafe levels when kids or pets are inside. But the screen in Tesla models is likely to now flash a message to pedestrians informing them that the pet inside is safe. The "dog mode" update will be launched at the same time as a "sentry mode" -- designed to ward off would-be thieves. Sentry Mode will use the dashcam to record footage in the event of an attempted break-in. And it is rumored the car will play loud classical music through the stereo system to draw attention to the intruder and encourage passersby to call the police.

An anonymous reader shares a report: Given the frequency of hacks and data leaks these days, chances are good at least one of your passwords has been released to the wild. A new Chrome extension released by Google today makes it a little easier to stay on top of that: Once installed, Password Checkup will simply sit in your Chrome browser and alert you if you enter a username / password combination that Google "knows to be unsafe." The company says it has a database of 4 billion credentials that have been compromised in various data breaches that it can check against. When the extension detects an insecure password, it'll prompt you with a big red dialog box to immediately update your info. It's handy, but users might wonder exactly what Google can see -- to that end, Google says that the extension "never reveal[s] this personal information."

The Electronic Frontier Foundation argues that police should not be allowed to force you to turn over your passcode or unlock your device. "The Fifth Amendment states that no one can be forced to be 'a witness against himself,' and we argue that the constitutional protection applies to forced decryption," writes the EFF. Last week, the non-profit digital rights group filed a brief making that case to the Indiana Supreme Court, which is set to decide if you can be forced to unlock your phone. From the report: The case began when Katelin Eunjoo Seo reported to law enforcement outside of Indianapolis that she had been the victim of a rape and allowed a detective to examine her iPhone for evidence. But the state never filed charges against Seo's alleged rapist, identified by the court as "D.S." (Courts often refer to minors using their initials.) Instead, the detective suspected that Seo was harassing D.S. with spoofed calls and texts, and she was ultimately arrested and charged with felony stalking. Along with a search warrant, the state sought a court order to force Seo to unlock her phone. Seo refused, invoking her Fifth Amendment rights. The trial court held her in contempt, but an intermediate appeals court reversed. When the Indiana Supreme Court agreed to get involved, it took the somewhat rare step of inviting amicus briefs. EFF got involved because, as we say in our brief filed along with the ACLU and the ACLU of Indiana, the issue in Seo is "no technicality; it is a fundamental protection of human dignity, agency, and integrity that the Framers enshrined in the Fifth Amendment."

Our argument to the Indiana Supreme Court is that compelling Seo to enter her memorized passcode would be inherently testimonial because it reveals the contents of her mind. Obviously, if she were forced to verbally tell a prosecutor her password, it would be a testimonial communication. By extension, the act of forced unlocking is also testimonial. First, it would require a modern form of written testimony, the entry of the passcode itself. Second, it would rely on Seo's mental knowledge of the passcode and require her to implicitly acknowledge other information such as the fact that it was under her possession and control. The lower appellate court in Seo added an intriguing third reason: "In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. . . . Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents." Because entering a passcode is testimonial, that should be the end of it, and no one should be ordered to decrypt their device, at least absent a grant of immunity that satisfies the Fifth Amendment. The case gets complicated when you factor in a case from 1976 called Fisher v. United States, where the Supreme Court recognized an exception to the Fifth Amendment privilege for testimonial acts of production. "State and federal prosecutors have invoked it in nearly every forced decryption case to date," writes the EFF. "In Seo, the State argued that all that compelling the defendant to unlock her phone would reveal is that she knows her own passcode, which would be a foregone conclusion once it 'has proven that the phone belongs to her.'"

"As we argue in our amicus brief, this would be a dangerous rule for the Indiana Supreme Court to adopt. If all the government has to do to get you to unlock your phone is to show you know the password, it would have immense leverage to do so in any case where it encounters encryption."

An anonymous reader quotes a report from The San Francisco Examiner: San Francisco could be the first city in the nation to ban city agencies from using facial recognition surveillance technology under proposed legislation announced Tuesday by Supervisor Aaron Peskin. The legislation, which will be introduced at Tuesday's Board of Supervisors meeting, echoes ordinances adopted by cities including Oakland and Berkeley, as well as by the transit agency BART, that require legislative approval before city agencies or law enforcement adopt new surveillance technologies or policies for the use of existing technologies. However, the new proposal takes things a step further with an outright ban on facial recognition technology.

The San Francisco proposal would not only ban facial recognition but would also require the Board of Supervisors to approve new surveillance technology in general. The board would have to find that the benefits of the technology outweigh the costs, that civil rights will be protected and that the technology will not disparately impact a community or group. Peskin portrayed the proposal to be introduced Tuesday as an extension of his "Privacy First Policy," approved by voters in November, which sets new limits and transparency requirements on the collection and use of personal data by companies doing business with The City.

"Time and again, security experts and vendors alike will recommend to organizations and end users to keep software and systems updated with the latest patches," reports eWeek. "But what happens when the application infrastructure that is supposed to deliver those patches itself is at risk?" That's what open-source and Linux users were faced with this past week with a pair of projects reporting vulnerabilities. On January 22, the Debian Linux distribution reported a vulnerability in its APT package manager that is used by end users and organizations to get application updates. That disclosure was followed a day later, on January 23, with the PHP PEAR (PHP Extension and Application Repository) shutting down its primary website, warning that it was the victim of a data breach. PHP PEAR is a package manager that is included with many Linux distributions as part of the open-source PHP programming language binaries....

In the Debian APT case, a security researcher found a flaw, reported it, and the open-source project community responded rapidly, fixing the issue. With PHP PEAR issue, researchers with the Paranoids FIRE (Forensics, Incident Response and Engineering) Team reported that they discovered a tainted file on the primary PEAR website... Both PHP PEAR and Debian have issued updates fixing their respective issues. While both projects are undoubtably redoubling their efforts now with different security technologies and techniques, the simple fact is that the two issues highlight a risk with users trusting updating tools and package management systems.

The Chinese government has developed a mobile app that tells users if they are near someone who is in debt. The app, called a "map of deadbeat debtors," flashes when the user is within 500 meters of a debtor and displays that person's exact location. TechSpot reports: News of the app has caused quite a bit of controversy after it was originally reported by the state-run China Daily. It is an extension to China's existing "social credit" system which scores people based on how they act in public. The app is available through the WeChat platform which has become immensely popular in China. The government stated that "Deadbeat debtors in North China's Hebei province will find it more difficult to abscond as the Higher People's Court of Hebei on Monday introduced" the app. Once a user is alerted that they are close to a debtor, the user can then view their personal information. This will reveal their name, national ID number, and why they were added to the debtor list. The debtor can then be publicly shamed or reported to the authorities if it is deemed that they are capable of repaying their debts.

"Threatpost has a link to some recent research about ways web pages can exploit browser extensions to steal information or write files," writes Slashdot reader jbmartin6. "Did we need another reason to be deeply suspicious of any browser extension? Not only do they spy on us for their makers, now other people can use them to spy on us as well. The academic paper is titled 'Empowering Web Applications with Browser Extensions' (PDF)." From the report: "An attacker [uses] a script that is present in a web application currently running in the user browser. The script either belongs to the web application or to a third party. The goal of the attacker is to interact with installed extensions, in order to access user sensitive information. It relies on extensions whose privileged capabilities can be exploited via an exchange of messages with scripts in the web application," researchers wrote. They added, "Even though content scripts, background pages and web applications run in separate execution contexts, they can establish communication channels to exchange messages with one another... APIs [are used] for sending and receiving (listening for) messages between the content scripts, background pages and web applications."

The researcher behind the paper focused on a specific class of web extension called "WebExtensions API," a cross-browser extensions system compatible with major browsers including Chrome, Firefox, Opera and Microsoft Edge. After analyzing 78,315 extensions that used the specific WebExtension API, it found 3,996 that were suspicious. While it seems voluminous, they noted that research found a small number of vulnerable extensions overall, and that concern should be measured. However, "browser vendors need to review extensions more rigorously, in particular take into consideration the use of message passing interfaces in extensions."

In a bid to fight fake news read while on your phone, Microsoft's mobile Edge browser on Android and iOS now includes the NewsGuard extension. From a report: The addition needs to be toggled on within the Edge settings menu to be enabled. Once it is, Edge will display a small shield icon next to the site's URL in the search bar: a green shield with a checkmark for a trusted news site, and a red shield with an exclamation point inside of it for a site that NewsGuard believes isn't always accurate. (Some sites haven't been evaluated, and these will simply show a gray shield.)

"Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers," reports The Register. "The drafted changes will also limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge." From the report: In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users. Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior. The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."

An anonymous reader quotes a report from ZDNet: A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world. Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of similarities with Dharma ransomware.

Like Dharma, Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demands a ransom to be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension. The demand is made in a ransom note -- and aside from 'Phobos' logos being added to the ransom note, it's exactly the same as the note used by Dharma, with the same typeface and text use throughout. Phobos is being distributed by the gang behind Dharma and likely serves as an insurance policy for malicious campaigns, providing attackers with a second option for conducting attacks, should Dharma end up decrypted or prevented from successfully extorting ransoms from victims.

Long-time Slashdot reader syn3rg quotes the DNS Flag Day page: The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.

This change affects only sites which operate software which is not following published standards. Are you affected?
The site includes a form where site owners can test their domain -- it supplies a helpful technical report about any issues encountered -- as well as suggestions for operators of DNS servers and DNS resolvers, researchers, and DNS software developers. The Internet Systems Consortium blog also has a list of the event's supporters, which include Google, Facebook, Cisco, and Cloudflare, along with some history. "Extension Mechanisms for DNS were specified in 1999, with a minor update in 2013, establishing the 'rules of the road' for responding to queries with EDNS options or flags. Despite this, some implementations continue to violate the rules.

"DNS software developers have tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension by various workarounds for non-standard behaviors... These workarounds excessively complicate DNS software and are now also negatively impacting the DNS as a whole. The most obvious problems caused by these workarounds are slower responses to DNS queries and the difficulty of deploying new DNS protocol features. Some of these new features (e.g. DNS Cookies) would help reduce DDoS attacks based on DNS protocol abuse....

"Our goal is a reliable and properly functioning DNS that cannot be easily attacked."

According to a survey of asteroid craters at least 6.2 miles wide, the number of asteroids slamming into Earth has nearly tripled since the dinosaurs first roamed. "Researchers worked out the rate of asteroid strikes on the moon and the Earth and found that in the past 290 million years the number of collisions had increased dramatically," reports The Guardian. "Before that time, the planet suffered an asteroid strike about once every 3 million years, but since then the rate has risen to once nearly every 1 million years." From the report: The findings suggest that the dinosaurs may have been unfortunate in evolving 240 million years ago, just as the odds of being wiped out by a stray asteroid were ramping up. It was one of those impacts, on top of other factors, that did for the beasts 66 million years ago. Many scientists had assumed that asteroid strikes were a rare but constant threat in Earth's deep history, but the latest study challenges that belief.

Writing in the journal Science, the researchers describe how they turned to the moon to examine the violent history of Earth. The Earth and moon are hit by asteroids with similar frequency, but impact craters on Earth are often erased or obscured by erosion and the shifting continents which churn up the crust. On the geologically inactive moon, impact craters are preserved almost indefinitely, making them easier to examine. Using images from Nasa's Lunar Reconnaissance Orbiter, the scientists studied the "rockiness" of the debris surrounding craters on the moon. Rocks thrown up by asteroid impacts are steadily ground down by the constant rain of micrometeorites that pours down on the moon. This means the state of the rocks around a crater can be used to date it. The dates revealed that the moon, and by extension the Earth, has suffered more intense asteroid bombardment in the past 290 million years than at any time in the previous billion. On Earth there are hardly any impact craters older than 650 million years, most likely because they were eroded when the planet became encased in ice in an event known as Snowball Earth.

"iTMunch reports that Elon Musk apparently believes that the human race can only be "saved" by implanting chips into our skulls that make us half human, half artificial intelligence," writes Slashdot reader dryriver. From the report: Elon Musk's main goal, he explains, is to wire a chip into your skull. This chip would give you the digital intelligence needed to progress beyond the limits of our biological intelligence. This would mean a full incorporation of artificial intelligence into our bodies and minds. He argues that without taking this drastic measure, humanity is doomed. There are a lot of ethical questions raised on the topic of what humanity according to Elon Musk exactly is, but he seems undeterred. "My faith in humanity has been a little shaken this year," Musk continues, "but I'm still pro-humanity."

The seamless conjunction of humans and computers gives us humans a shot at becoming completely "symbiotic" with artificial intelligence, according to Elon Musk. He argues that humans as a species are all already practically attached to our phones. In a way, this makes us almost cyborg-like. The only difference is that we haven't managed to expand our intelligence to that level. This means that we are not as smart as we could be. The data link that currently exists between the information that we get from our phones or computers is not as fast as it could be. "It will enable anyone who wants to have superhuman cognition," Musk said. "Anyone who wants." As for how much smarter humans will become with these AI chips, Musk writes: "How much smarter are you with a phone or computer or without? You're vastly smarter, actually," Musk said. "You can answer any question pretty much instantly. You can remember flawlessly. Your phone can remember videos (and) pictures perfectly. Your phone is already an extension of you. You're already a cyborg. Most people don't realize you're already a cyborg. It's just that the data rate [...] it's slow, very slow. It's like a tiny straw of information flow between your biological self and your digital self. We need to make that tiny straw like a giant river, a huge, high-bandwidth interface."

According to the U.S. Department of Agriculture, there's a 1.4 billion-pound cheese surplus. "The glut, which at 900,000 cubic yards is the largest in U.S. history, means that there is enough cheese sitting in cold storage to wrap around the U.S. Capitol," reports NPR. Americans managed to consume nearly 37 pounds per capita in 2017, but that wasn't enough to reduce the surplus. From the report: The stockpile started to build several years ago, in large part because the pace of milk production began to exceed the rates of consumption, says Andrew Novakovic, professor of agricultural economics at Cornell University. Over the past 10 years, milk production has increased by 13 percent because of high prices. But what dairy farmers failed to realize was that Americans are drinking less milk. According to data from the USDA, Americans drank just 149 pounds of milk per capita in 2017, down from 247 pounds in 1975.

Suppliers turn that extra milk into cheese because it is less perishable and stays fresh for longer periods. But Americans are turning their noses up at those processed cheese slices and string cheese -- varieties that are a main driver of the U.S. cheese market -- in favor of more refined options, Novakovic tells Here & Now's Jeremy Hobson. Despite this shift, sales of mozzarella cheese, the single largest type of cheese produced and consumed in the U.S., remain strong, he says. Novakovic also notes that imported cheeses tend to cost more, so when people choose those, they buy less cheese overall. The growing surplus of American-made cheese and milk means that prices are declining. The current average price of whole milk is $15.12 per 100 pounds, which is much lower than the price required for dairy farmers to break even.

Mark Wilson writes: Responding to a forum post that accused it of 'fingerprinting users', privacy-centric search engine DuckDuckGo says that fears are unfounded and that it is not tracking its users. The allegation was made after the Firefox extension CanvasBlocker showed a warning to users. The suggestion of fingerprinting -- gathering as much information as possible about a user through their browser to create a unique identifier that can be used for tracking -- is clearly something that would seem to sit in opposition to what DuckDuckGo claims to stand for. The company CEO says the accusation is simply wrong.