eeplox shares a report from VICE, adding: "Community-built sites like these are very much needed since Reddit announced they were going closed source": After r/LeftWithSharpEdge was taken down, ziq [one of the subreddit's members] decided to leave Reddit and create an independent anarchist community free from its rules. Raddle.me, which was originally called Raddit.me, is an "alternative that is focused on community building and openness, and not controlled by a corporation," ziq told me. The original name was intended to sound similar to Reddit, but was later changed to avoid potential trademark issues. Raddle doesn't have advertisements or run analytical software, so its size is difficult to calculate -- but that's by design. The site is meant to be an alternative to social networks that profit by monitoring user behavior and serving advertisements. "We have no ads, no tracking, no user profiling and we don't collect or share any user data with anyone," ziq said. The site is community-built and anyone can contribute to the code.

Ziq's commitment to privacy is an appealing virtue for Raddle's users. "I'm always very uneasy about the lack of concern for privacy online," Tequila_Wolf, a user who posts frequently to Raddle, told me in a direct message. "When you have friends on government lists who get harassed at every border because, say, they are members of Anarchists Against The Wall, you know you don't want to get on that list." Raddle ultimately came out of more broad problems ziq and Emma saw with Reddit. Ziq complained about how it has increasingly become a recruiting ground for the alt-right, the social network's overemphasis on America (r/politics, a major subreddit, only discusses U.S.-based politics, for example), and the fact that the site's code isn't open source, among other issues. Emma mentioned what she says is a problem with harassment on the site. "To me, the biggest problem with Reddit is how its administrators ignore the routine harassment and witch-hunts of marginalized people that takes place, with r/The_Donald being the most prominent example," she said.

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

Security researcher Brian Krebs complains that Experian's identity-protecting credit freezes are easily unfrozen online. An anonymous reader quotes the Verge: Experian makes it easy to undo a credit freeze, resetting a subject's PIN through an easily accessible account recovery page. That page only asks for a person's name, address, date of birth, and Social Security number...data [that] was compromised in the Equifax breach, as well as other breaches, so we can probably assume hackers possess this information. After entering that data, attackers then just have to enter an email address -- any email -- and answer a few security questions.

That might not jump out as insecure; security questions exist for a reason. But the questions themselves are easy to answer, particularly if you know how to use the internet and a search bar. Krebs says sample questions include asking users to identify cities where they've previously lived and the people that resided with them. Much of that information is available through a person's own social media accounts, search engines, or Yellow Pages-like databases, including Spokeo and Zillow... In response to Krebs' report, Experian claims that it goes beyond the measures identified to authenticate users. "While we do not disclose those additional processes," said the company in a statement, "they include a broad array of checks that are not visible to the consumer."
Meanwhile, the Los Angeles Times reports that Experian is also advertising a "free scan of the dark Web" which actually binds anyone who accepts it to their 17,600-word terms of service, as well as acceptance of "advertisements or offers" from financial products companies -- plus "an arbitration clause preventing you from suing the company" which a spokesperson acknowledges could remain in effect for several years.

An anonymous reader shares a report: The rise of cyber-bullying and monopolistic business practices has damaged trust in the internet, pioneering entrepreneur Baroness Lane-Fox has told the BBC. The Lastminute.com founder also called for a "shared set of principles" to make the web happier and safer. She said the internet had done much good over the last 30 years. But she said too many people had missed out on the benefits and it was time to "take a step back". "The web has become embedded in our lives over the last three decades but I think it's reached an inflexion point, or a sort of midlife crisis," she told Radio 4's Today programme. Baroness Lane-Fox co-founded travel booking site Lastminute.com in 1998 before going on to sell the firm for 577m pound seven years later. She described the early days of the internet as being "full of energy and excitement," and akin to the "wild West". "There was this feeling that suddenly, with this access to this new technology, you could start a business from anywhere," she said. However, she said that while technology had become a hugely important sector of the UK economy, it had not fulfilled its early potential.

An anonymous reader writes: Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers...

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this:

#This is a comment
Contact: security@example.com
Contact: +1-201-555-0123
Contact: https://example.com/security
Encryption: https://example.com/pgp-key.tx...
Acknowledgement: https://example.com/acknowledg...
Disclosure: Full

According to Bleeping Computer, a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. While the WordPress.org team removed the plugin from the official WordPress Plugins repository, the plugin managed to be installed on more than 200,000 sites at the time of its removal. The good news is that the backdoor code was only found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2), so it's unlikely everyone who installed the plugin is affected. WordPress.org staff members reportedly removed the plugin three times before for similar violations. Bleeping Computer has compiled a history of events in its report, put together with data aggregated from three different investigations by David Law, White Fir Design, and Wordfence. The report adds: The original Display Widgets is a plugin that allowed WordPress site owners to control which, how, and when WordPress widgets appear on their sites. Stephanie Wells of Strategy11 developed the plugin, but after switching her focus to a premium version of the plugin, she decided to sell the open source version to a new developer who would have had the time to cater to its userbase. A month after buying the plugin in May, its new owner released a first new version -- v2.6.0 -- on June 21.

An anonymous reader quotes a report from Motherboard: On October 5, 2015, facing mounting criticism about the hate groups proliferating on Reddit, the site banned a slew of offensive subreddits, including r/Coontown and r/fatpeoplehate, which targeted Black people and those with weight issues. But did banning these online groups from Reddit diminish hateful behavior overall, or did the hate just spread to other places? A new study from the Georgia Institute of Technology, Emory University, and University of Michigan examines just that, and uses data collected from 100 million Reddit posts that were created before and after the aforementioned subreddits were dissolved. Published in the journal ACM Transactions on Computer-Human Interaction, the researchers conclude that the 2015 ban worked. More accounts than expected discontinued their use on the site, and accounts that stayed after the ban drastically reduced their hate speech. However, studies like this raise questions about the systemic issues facing the internet at large, and how our culture should deal with online hate speech. First, the researchers automatically extracted words from the banned subreddits to create a dataset that included hate speech and community-specific lingo. The researchers looked at the accounts of users who were active on those subreddits and compared their posting activity from before and after those offensive subreddits were banned. The team was able to monitor upticks or drops in the hate speech across Reddit and if that speech had "migrated" to other subreddits as a result.

CNN has a story on Veles, riverside town in Macedonia, which back in the day was known to make porcelain for the whole of Yugoslavia. But now, as an investigation by the news outlet has found, it makes fake news. Veles has become home to dozens of website operators who churn out bogus stories designed to attract the attention of Americans. Each click adds cash to their bank accounts. From the report: The scale is industrial: Over 100 websites were tracked here during the final weeks of the 2016 U.S. election campaign, producing fake news that mostly favored Republican candidate for President Donald Trump. One of the shadowy industry's pioneers is a soft-spoken law school dropout. Worried that his online accounts could be shut down, the 24-year-old asked to be known only as Mikhail. He takes on a different persona at night, prowling the internet as "Jesica," an American who frequently posts pro-Trump memes on Facebook. The website and Facebook page that "Jesica" runs caters to conservative readers in the U.S. The stories are political -- and often wrong on the facts. But that doesn't concern Mikhail. "I don't care, because the people are reading," he said. "At 22, I was earning more than someone [in Macedonia] will ever learn in his entire life." He claims to have earned up to $2,500 a day from advertising on his website, while the average monthly income in Macedonia is just $426. The profits come primarily from ad services such as Google's AdSense, which place targeted advertisements around the web. Each click sends a little bit of cash back to the content creator. Mikhail says he has used his profits to buy a house and put his younger sister through school. [...] That site was blocked a few months ago after Facebook and Google started cracking down on fake news sites. Mikhail is now retooling his operation, with his sights set firmly on the 2020 presidential election.

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?

Long-time Slashdot reader BinBoy writes: Science fiction author and Byte magazine columnist Jerry Pournelle has died according to a statement by his son Alex posted to Jerry's web site. A well-wishing page has been set up for visitor's to post their thoughts and memories of Mr. Pournelle.
Pournelle's literary career included the 1985 science fiction novel Footfall with Larry Niven, which became a #1 New York Times best-seller -- one of several successful collaborations between the two authors. In a Slashdot interview in 2003, Larry Niven credited Jerry for the prominent role of religion in their 1974 book The Mote in God's Eye.

Wikipedia also remembers how Byte magazine announced Pournelle's legendary debut as a columnist in their June 1980 issue.
"The other day we were sitting around the BYTE offices listening to software and hardware explosions going off around us in the microcomputer world. We wondered, "Who could cover some of the latest developments for us in a funny, frank (and sometimes irascible) style?" The phone rang. It was Jerry Pournelle with an idea for a funny, frank (and sometimes irascible) series of articles to be presented in BYTE on a semi-regular (i.e.: every 2 to 3 months) basis, which would cover the wild microcomputer goings-on at the Pournelle House ("Chaos Manor") in Southern California. We said yes."
Slashdot reader tengu1sd fondly remembers Pournelle as "frequently loud, but well reasoned." He also shares a link to a new appreciation posted on the Science Fiction and Fantasy Writers of America site. And Slashdot reader Nova Express also remembers Pournelle's Chaos Manor website "later became one of the first blogs on the Internet."

The American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, accused Sci-Hub of mass copyright infringement and is demanding $4.8 million in piracy damages. "Sci-Hub was made aware of the legal proceedings but did not appear in court," reports Torrent Freak. "As a result, a default was entered against the site, and a few days ago ACS specified its demands, which include $4.8 million in piracy damages." The complaint comes soon after the pirate site was ordered to pay $15 million in piracy damages to academic publisher Elsevier. From the report: "Here, ACS seeks a judgment against Sci-Hub in the amount of $4,800,000 -- which is based on infringement of a representative sample of publications containing the ACS Copyrighted Works multiplied by the maximum statutory damages of $150,000 for each publication," they write. "Sci-Hub's unabashed flouting of U.S. Copyright laws merits a strong deterrent. This Court has awarded a copyright holder maximum statutory damages where the defendant's actions were "clearly willful' and maximum damages were necessary to 'deter similar actors in the future.'" The publisher notes that the maximum statutory damages are only requested for 32 of its 9,000 registered works. This still adds up to a significant sum of money, of course, but that is needed as a deterrent, ACS claims.

Although the deterrent effect may sound plausible in most cases, another $4.8 million in debt is unlikely to worry Sci-Hub's owner, as she can't pay it off anyway. However, there's also a broad injunction on the table that may be more of a concern. The requested injunction prohibits Sci-Hub's owner to continue her work on the site. In addition, it also bars a wide range of other service providers from assisting others to access it. Specifically, it restrains "any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, to cease facilitating access to any or all domain names and websites through which Defendant Sci-Hub engages in unlawful access to [ACS's works]."

Long-time Slashdot reader davesag writes: I'm a regular long-term Slashdot reader and have been living in Delhi for the last 9 months. As of last Friday 25th August the only way I can access Slashdot at all is via a VPN. It appears that Slashdot has joined the growing list of websites the Indian Government finds threatening.

The Indian Government is deeply paranoid over internet access, with many sites being blocked, jail sentences for viewing blocked URLs, and bans on open wifi networks.
In 2015 the Indian government blocked access to over 800 adult web sites, and earlier this month they reportedly blocked access to Archive.org. "A block on Slashdot is over the top," davesag writes, "and makes me wonder what it is about this news site that the government here finds so terrifying."

dryriver writes: We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B. Logic suggests that some kind of advertising system is following you from site A to B, and possibly onto subsequent sites C, D and E as well. Logic also suggests that this advertising system can now put together a nice long list of whatever you are looking at online. So here's the question: How much of your online browsing is "monitored" or "logged" this way by advertisers? Can there be any realistic expectation of privacy on the internet if the default behavior of advertisers is to track you as much as they can?

An anonymous reader shares a report: You could buy any drug imaginable, wherever you were in the world, on the Silk Road website. Hidden on the dark web, it made millions of dollars every week. The US government had been trying to shut it down for more than two years when tax agent Gary Alford was brought in to try to trace the money which passed through the site. In his spare time, Gary started searching Google to try to find the mysterious mastermind behind the site: Dread Pirate Roberts. And he was successful. Gary spent hours trawling the internet for the first ever mention of Silk Road. He says he came across a posting on Bitcoin forum. In the post, Roberts had shared his Gmail account. That escalated the investigation. Gary spoke with BBC describing the rest.

After being shutdown by Google and GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."

An anonymous reader shares a report: One company is sticking by The Daily Stormer and other far-right websites: the cloud security and performance service Cloudflare. Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites' owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are -- even if those clients are literally Nazis. In a statement Cloudflare sent to Quartz and other publications yesterday, the company refused to explicitly say it will continue to do business with sites like The Daily Stormer, but pointed out that the content would exist regardless of what Cloudflare does or doesn't do. "Cloudflare is aware of the concerns that have been raised over some sites that have used our network. We find the content on some of these sites repugnant. While our policy is to not comment on any user specifically, we are cooperating with law enforcement in any investigation. Cloudflare is not the host of any website. Cloudflare is a network that provides performance and security services to more than 10% of all Internet requests. Cloudflare terminating any user would not remove their content from the Internet, it would simply make a site slower and more vulnerable to attack."
UPDATE: The Daily Stormer now says Cloudflare has decided to drop their site after all.

In 1989 Mondo 2000 magazine ran an editorial promising they'd cover "the leading edge in hyperculture...the latest in human/technological interactive mutational forms as they happen." 28 years later, they're now heckling that editorial as they relaunch into a web site. Slashdot reader DevNull127 quotes Motherboard's interview with R.U. Sirius, the founder of Mondo 2000 (as well as its predecessors High Frontiers and Reality Hackers): "It was my idea to merge psychedelics and emerging technologies, and the culture around technology," Sirius said, citing Timothy Leary, writer Robert Anton Wilson and counterculture magazine The Whole Earth Catalog among his inspirations... "I kind of found my way into that particular stream of bohemian culture. It was probably a minority, but there had always been that idea of letting robots replace human work." Soon High Frontiers evolved into a glossy magazine, Reality Hackers ("Some distributors at the time thought it was about hacking people up, and put it on the shelf next to murder mystery magazines"), and later Mondo 2000, which ran from 1989 till 1998...

"We really had to work to convince people that technology was defining the future. Nobody really got it. Doug Rushkoff wrote his book Cyberia, and his first book company cancelled its publication because they said the internet was a fad and that it would be over by the time the book came out"... While he uses Facebook and Twitter, Sirius is critical of their role in colonising what was once a more democratic and open space. "People are being herded into little buildings -- or huge ones -- in what was supposed to be a wide open space in which everybody created their own sites. It's a complete corporate takeover of the net, Facebook in particular... It's definitely not what we were expecting."
Mondo 2000's new online relaunch includes audio of a conversation between William Gibson and Timothy Leary about a Neuromancer game to accompany a proposed film back in 1989. (Gibson complained "That was no interview! That was a drunken business meeting!" when first informed of the magazine's plans to publish it, though he eventually "became friendly.") There's also a 1987 discussion about mind technologies with 73-year-old William S. Burroughs (who was also "an advocate of high technology, and the 'brain machine'"), plus an unpublished John Shirley essay titled "The Next Fifty Years: Why I'm Optimistic Because Everything Will Be Terrible" and new pieces by Paul Krassner ("Alternative Facts") and M.Christian ("La Petite Mort: The Death Of Sex").

An anonymous reader quotes Gizmodo: It started back in 1998 as an April Fool's Day gag. Written up by Larry Masinter of the Internet Engineering Task Force (IETF), error code 418 -- "I'm a teapot" -- was nothing more than a poke at the "many bad HTTP extensions that had been proposed". Despite its existence as a joke, a number of major software projects, including Node.js, ASP.NET and Google's Go language, implemented it as an Easter egg. A recent attempt to excise the fictitious code from these projects ended up doing the opposite, cementing it as a "reserved" error by the IETF...

Mark Nottingham, IETF chair for the HTTP and QUIC working groups, flagged the code's removal as an "issue" for Google's Go language, the Node.js Javascript runtime and Microsoft's ASP.NET... Nottingham's argument was that 418 was "polluting [the] core protocol" of these projects... It didn't take long for a "Save 418" website to go live and through the efforts of interested internet historians (and jokers), all three of the aforementioned projects have decided to keep the code as it is, though Google will "revisit" the situation with the next major version of Go.
The Save 418 site argued that "the application of such an status code is boundless. Its utility, quite simply, is astonishingly unparalleled. It's a reminder that the underlying processes of computers are still made by humans. It'd be a real shame to see 418 go."

An anonymous reader shares a report: BroadbandNow, a broadband provider search site that gets referral fees from some ISPs, has more than 2,500 home internet providers in its database. BroadbandNow's team looked through the ISPs' websites to generate a list of those with data caps. The data cap information was "pulled directly from ISP websites," BroadbandNow Director of Content Jameson Zimmer told Ars. BroadbandNow, which is operated by a company called Microbrand Media, plans to keep tracking the data caps over time in order to examine trends, he said. The listed caps range from 3GB to 3TB per month. That 3GB cap seemed like it couldn't be accurate, so we called the ISP, a small phone company called NTCNet in Newport, New York. A person answering the phone confirmed that the company lists 3GB as its cap, but said it is not enforced and that customers' usage isn't monitored. The cap is essentially a placeholder in case the ISP needs to enforce data limits in the future. [...] BroadbandNow excluded mobile providers from its list of ISPs with data caps, since caps are nearly universal among cellular companies. The list of 196 providers with caps includes 89 offering fixed wireless service, 45 fiber ISPs, 35 DSL ISPs, 63 cable ISPs, and two satellite providers. Some offer Internet service using more than one technology. Some of the providers are tiny, with territories covering just 100 or a few hundred people.

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users. UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."