Newly public documents reveal just how paranoid Facebook was of its potential competitors and shines new light on some of the company's most important acquisitions. From a report: The internal documents, made public as part of a cache of documents released by UK lawmakers, show just how close an eye the social network was keeping on competitors like WhatsApp and Snapchat, both of which became acquisition targets. The documents, which are labeled "highly confidential," show slides from an internal presentation in 2013 that compares Facebook's reach to competing apps, including WhatsApp and Snapchat. While Facebook and Instagram lead in marketshare, it's clear why Facebook may have viewed Snapchat and WhatsApp as potential threats. [...] Facebook's presentation relied on data from Onavo, the virtual private network (VPN) service which Facebook also acquired several months later. Facebook's use of Onavo, which has been likened to "corporate spyware," has itself been controversial.

An anonymous reader quotes a report from Motherboard: Smart doorbell company Ring is making it easier for customers to call the cops on "suspicious" people and activities. The startup, which Amazon acquired for reportedly "more than" $1 billion this year, uses security cameras to let people monitor their entryways. Now, it's launching its Neighbors app -- a platform for reporting crime that, so far, police in Fort Lauderdale and Orlando, and the Ventura Sheriff's Department, have access to. "Over the next days and weeks, law enforcement across the U.S. will be joining Neighbors," a Ring spokesperson told me over email.

The app, while presented as a crime-fighting aid, could also be a new place for paranoid people to profile fellow citizens, as similar platforms in the past have turned out to be. According to the company's statement in a press release for Neighbors today: "In addition to receiving push notifications about potential security issues, app users can see recent crime and safety posts uploaded by their neighbors, the Ring team and local law enforcement via an interactive map. If a neighbor notices suspicious activity in their area, they can post their own text, photo or video and alert the community to proactively prevent crime."

schwit1 shares a report from CNET, written by Claire Reilly: In 2015, during the transition from paper to Opal [contactless public transit cards], Australia passed sweeping new data retention laws. These laws required all Australian internet service providers and telecommunications carriers to retain customers' phone and internet metadata for two years -- details like the phone number a person calls, the timestamps on text messages or the cell tower a phone pings when it makes a call. Suddenly, Australians were fighting for the right to stay anonymous in a digital world. On one side of the fence: safety-conscious civilians. They argued that this metadata was a powerful tool and that the ability to track a person's movements through phone pings or call times was vital for law enforcement. On the other side of the fence: digital civil libertarians. They argued that the data retention scheme was invasive and that this metadata could be used to build up an incredibly detailed picture of someone's life. And sitting in a barn two paddocks away from that fence: me, switching out burner phones and researching VPNs. When it emerged that police had the power to search Opal card data, track people's movements and match this to individual users, it was the last straw. August 2016 rolled around, paperless tickets were phased out and I hatched my plan. The Black Opal. The concept of the Black Opal is simple. Buy your transport card. Pay cash. Top up with cash (preferably in a new location each time). Never register it. Never link it to your credit or debit card. Live off the grid. Stay away from The Man.

[Reilly discusses the problems she faced:] All the top-up machines at train stations, light rail stops and ferry terminals were card-only affairs. One tap on that baby and you were back in the system. So, if I was busing downtown for a work meeting, I'd have to factor in extra time to get to an ATM, get cash out and then find somewhere to top up my card. Running for the train with friends, I was the one who had to divert three blocks, change jackets, burn off my fingerprints and find a nondescript corner store to top up. Here's what I learned. No one likes the paranoid one. [...] I finally came undone last week. Racing for a flight, I forgot about my Black Opal. I'd had an unusually busy week on public transport, and my balance was low. On the train to the airport terminal, it hit me. Did I have enough money on my card to pay the AU$17.76 tap-off fee that they use to gouge tourists at the airport? As I rode up the escalators and the exit turnstiles came into view, my heart sank. No ATM. No cash in my wallet. Just a row of bright green Opal readers and a top-up machine. Card only. With one trip, my years of off-grid living were undone. I slumped against the top-up machine and swiped my debit card. I was just 9 cents short, but it cost me so much more than that. My Black Opal was dead.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.
"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."

According to the results of a Gallup poll released mid-August, most employed U.S. adults aren't too worried about technology eliminating their jobs. Only 13 percent of Americans are fearful that tech will eradicate their work opportunities in the near future, according to the poll. Workers are relatively more concerned about immediate issues like wages and benefits. CNBC reports: This corresponds with another recent Gallup survey finding that about one in eight workers, or 13 percent of Americans, also believe it's likely they will lose their jobs due to new technology, automation, robots or AI in the next five years. While the survey reflects a generally confident American workforce, Monster career expert Vicki Salemi tells CNBC Make It that people should not become complacent.

"Employees need to think of themselves as replaceable in a way that propels them into action," Salemi says, "so they can focus on continuously learning and sharpening their skills." In the meantime, Americans can look to what the tech giants are saying. On the contrary, Salemi emphasizes that Americans shouldn't be paranoid and lose sleep every night. Rather, they should think about AI "from a place of power." "If your job does start to get automated, you'll already have a game plan and solid skill set to back you up for your next career move," she says. If you find yourself in the 13 percent of Americans worried about losing their jobs to robots, Salemi says you can "robot-proof" your job through networking. "Always be on top of your game, she says. "If your industry is becoming more digitally focused, get schooled on specific skills. Instead of being lax about your career, always stay ahead of the curve, keep your resume in circulation, ask yourself where the industry is headed and most importantly where you and your skills fit in."

Long-time Slashdot reader davesag writes: I'm a regular long-term Slashdot reader and have been living in Delhi for the last 9 months. As of last Friday 25th August the only way I can access Slashdot at all is via a VPN. It appears that Slashdot has joined the growing list of websites the Indian Government finds threatening.

The Indian Government is deeply paranoid over internet access, with many sites being blocked, jail sentences for viewing blocked URLs, and bans on open wifi networks.
In 2015 the Indian government blocked access to over 800 adult web sites, and earlier this month they reportedly blocked access to Archive.org. "A block on Slashdot is over the top," davesag writes, "and makes me wonder what it is about this news site that the government here finds so terrifying."

In a piece describing the paranoid vibe in Las Vegas during the DEFCON convention, CNET reported Friday that the Wet Republic web site "had two images vandalized" with digital graffiti. But their reporter now writes that "my paranoia finally got the best of me, and it turned out to be an ad campaign."

The images included a scribbled beard and eye patch on a photo of bikini model, along with the handwritten message "It's all out war." CNET's updated story now reports that "It looked like a prank you'd see from a mischievous hacker..." When I spotted the vandalism on the Wet Republic site Friday morning, it looked like other attacks I'd seen throughout the week, such as a Blue Screen of Death on a bus ticket machine... Hakkasan, which hosts the event at MGM Grand, said the "vandalism" was part of the cheeky advertisements for a seasonal bikini contest it's been running since 2015. The "all-out war" is between the models in the competition, not between hackers and clubs. Hakkasan's spokeswoman said nothing on its network has been compromised.

So maybe not everything online in Las Vegas is getting hacked this week, and this n00b learned to calm down the hard way.
For that matter, maybe that blue screen of death was also just another random Windows machine crashing.

CNET's reporter made one other change to his article. He removed the phrase "when hackers are in town for Defcon, everything seems to be fair game."

BuzzFeed Editor-in-Chief Ben Smith describes a three-year-old meeting that Uber held -- which saw several influencers including actor Ed Norton among attendees -- as the beginning of the ride-hailing company's long slow meltdown. Later today, the company is expected to announce that its CEO Travis Kalanick would be temporarily stepping away, and his closest lieutenant is all set to hand his resignation. On Sunday, the company held a board meeting, which according to several journalists, lasted for nearly seven hours. The meeting capped a difficult stretch for the ride-hailing company, which is trying to weather an investigation into its workplace culture, a lawsuit by Google parent Alphabet over the alleged theft of self-driving car trade secrets, a federal probe into its business practices, and the recent departures of top executives. Back to Ben: At the dinner (which took place three years ago), Emil Michael, the right hand of CEO Travis Kalanick, heatedly complained to me about the press. The company, he told me, could hire a team of opposition researchers to fight fire with fire and attack the media -- specifically to smear a female journalist who has criticized the company. I suggested to him that this plan wouldn't really work because the story would immediately become a story about Uber behaving like maniacs. "Nobody would know it was us," Michael responded. "But you just told me!," I replied. [...] Instead of making any meaningful changes, Uber simply pressed on for years. It found both continued growth and accumulating scandals. Many of its crises, like those remarks to me, were tinged with misogyny, whether sexual harassment of its engineers or pulling a rape victim's medical files. After one of those engineers, Susan Fowler, stepped forward with a blog post detailing systemic sexual harassment and discrimination -- a post that was followed up by a series of devastating stories by The New York Times, Recode, and others -- the company invited former Attorney General Eric Holder to lead an internal investigation. Sunday, the Wall Street Journal reported that Michael is set to resign, and Reuters reported Kalanick will take a leave of absence ahead of what's expected to be a deeply damning Holder report. (Kalanick is also coping with a family tragedy.) They will leave having built the most valuable private company in the world. But it is a company whose cultural darkness is inseparable from its place as the icon of the tech boom. Uber -- and the boom -- have been defined both by massive new conveniences and by a corporate culture that is aggressive, paranoid, and dismissive of, in particular, complaints from women; a culture of enemies lists and cavalier approaches to the law. Emil Michael told Uber employees Monday that he has left the company.

An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a "No USB drives" at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems.

An anonymous reader quotes a report from The Verge: Trump administration members and other Republicans are using the encrypted, self-destructing messaging app Confide to keep conversations private in the wake of hacks and leaks, according to Jonathan Swan and David McCabe at Axios. Axios writes that "numerous senior GOP operatives and several members of the Trump administration" have downloaded Confide, which automatically wipes messages after they're read. One operative told Axios that the app "provides some cover" for people in the party. He ties it to last year's hack of the Democratic National Committee, which led to huge and damaging information dumps of DNC emails leading up to the 2016 election. But besides outright hacks, the source also said he liked the fact that Confide makes it difficult to screenshot messages, because only a few words are shown at a time. That suggests that it's useful not just for reducing paper trails, but for stopping insiders from preserving individual messages -- especially given the steady flow of leaks that have come out since Trump took office. As Axios notes, official White House business is subject to preservation rules, although we don't know much about who's allegedly using Confide and what they're doing with it, so it's not clear whether this might run afoul of those laws. It's also difficult to say how much this is a specifically Republican phenomenon, and how much is a general move toward encryption.

"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article: The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore? To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?

An anonymous reader quotes a report from Motherboard: It's a common assumption among tech geeks, and even cybersecurity experts, that if you are really paranoid, you should probably use an iPhone, and not Android. But the man responsible for securing the more than one billion Android users on the planet vehemently disagrees -- but of course he would. "For almost all threat models," Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, "they are nearly identical in terms of their platform-level capabilities." In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said, without mentioning that Android has already been around for more than eight years at this point. During his talk at the O'Reilly Security Conference Ludwig said that Android's built-in security product called "Safety Net" scans 400 million devices per day and checks a stunning 6 billions apps per day. The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware or, as Google calls it, "Potentially Harmful Applications" or PHAs, according to Ludwig. In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.

An anonymous reader writes: "High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device...Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop."

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking." In addition, security researchers "have already found ways to mine cloaked IP addresses. Speaking to New Scientist, team member Vasilios Mavroudis suggests that an app's always-on microphone access could be leveraged to monitor conversations (and, if you're not paranoid already, to decipher what you're typing). The 'beacons' that transmit ultrasound data can also be spoofed to manipulate apps' user data."

An anonymous reader quotes a report from The Verge: The Cuban government is blocking text messages that contain words such as "democracy," "human rights," and "hunger strike," according to an investigation from local dissidents. In a Spanish-language report published last week, prominent blogger Yoani Sanchez and journalist Reinaldo Escobar found that the government is filtering 30 keywords and blocking the transmission of any texts that contain them. Reuters later confirmed that messages containing the Spanish words for "democracy" and "human rights" did not reach their destination, nor did those containing Sanchez's name or "Somos Mas": an opposition group that worked on the investigation. Texts that included the word "protest" were transmitted, the agency reported on Tuesday, and those that were blocked were marked as "sent" on the sender's phone. It's not clear how long the communist government has been filtering keywords and blocking texts, and activists suspect that there may be more terms that it is targeting. Cuba has long been accused of committing human rights abuses, including arbitrary detentions and restrictions on freedom of speech. "We discovered not just us but the entire country is being censored," Eliecer Avila, the head of Somos Mas, tells Reuters. "It just shows how insecure and paranoid the government is."

The U.S. government announced plans to require some foreign travelers to provide their social media account names when entering the country -- and in June requested comments. Now the plan is being called "ludicrous," an "all-around bad idea," "blatant overreach," "desperate, paranoid heavy-handedness," "preposterous," "appalling," and "un-American," reports Slashdot reader dcblogs: That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from "visa waiver" countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand... In a little twist of irony, some critics said U.S. President Obama's proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.
"Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities," reports Computer World. "It's technically an 'optional' request, but since it's the government asking, critics believe travelers will fear consequences if they ignore it..."

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.

Plenty of users are skeptical about upgrading to Windows 10. While they understand that Microsoft's newest desktop operating system comes with a range of interesting features, they are paranoid about the repeated update fiascos that have spoiled the experience for many users. Reader Quantus347 writes: Whenever I think of Windows 10 these days I, like so many others out there, immediately feel a swell of rage over the heavy-handed way the "upgrade" has been forced on me and so many others. I had to downgrade one of my computers that installed windows 10 over a weekend I was away, and as a result, I have been fending off the update ever since. I find myself wondering if Windows 10 is actually that bad. With the end of the "free" upgrade period quickly coming to an end, my fiscally conservative side is starting to overwhelm my fear and distrust of all things new, and I'm wondering if it's time to take the leap. I've been burned too many times for being an early adopter of something that proved to be an underdeveloped product, but Windows 10 has been around for long enough that I'm wondering if it might have it's kinks worked out.

So I ask you, Slashdot, what are your experiences with Windows 10 itself, aside from the auto-upgrade nonsense? How does it measure up to its predecessors, and is it a worthwhile OS in its own right?

The Verge reports the death at age 79 of former Intel CEO, Andy Grove, one of the best-known names in Silicon Valley, and in fact one of the people who are behind the fecund technological and business climate that made Silicon Valley a household name. Grove's professional life at Intel spanned five decades, beginning as a day-one, number-one hire, as director of engineering; he went on to serve as president, CEO, and chairman of the board, managing to write several books along the way; "Only the Paranoid Survive" is probably the best known. From The Verge's story: During Groves' tenure as CEO, Intel produced chips including the 386 and Pentium, which became name brands unto themselves and laid the groundwork for much of the personal computing era. "Andy approached corporate strategy and leadership in ways that continue to influence prominent thinkers and companies around the world," Intel Chairman Andy Bryant said in a statement. "He combined the analytic approach of a scientist with an ability to engage others in honest and deep conversation, which sustained Intel's success over a period that saw the rise of the personal computer, the Internet and Silicon Valley."

Muad'Dave writes: Here's an interesting article at The Atlantic about the prevalence of surveillance and the recent uptick in 'deja-vu' moments where devices seemingly hear your conversations and then attempt to market to you. From the article: "One night the previous summer, I’d driven to meet a friend at an art gallery in Hollywood, my first visit to a gallery in years. The next morning, in my inbox, several spam e-mails urged me to invest in art. That was an easy one to figure out: I’d typed the name of the gallery into Google Maps. Another simple one to trace was the stream of invitations to drug and alcohol rehab centers that I’d been getting ever since I’d consulted an online calendar of Los Angeles–area Alcoholics Anonymous meetings. Since membership in AA is supposed to be confidential, these emails irked me. Their presumptuous, heart-to-heart tone bugged me too. Was I tired of my misery and hopelessness? Hadn’t I caused my loved ones enough pain? Some of these disconcerting prompts were harder to explain. For example, the appearance on my Facebook page, under the heading “People You May Know,” of a California musician whom I’d bumped into six or seven times at AA meetings in a private home. In accordance with AA custom, he had never told me his last name nor inquired about mine. And as far as I knew, we had just one friend in common, a notably solitary older novelist who avoided computers altogether. I did some research in an online technology forum and learned that by entering my number into his smartphone’s address book (compiling phone lists to use in times of trouble is an AA ritual), the musician had probably triggered the program that placed his full name and photo on my page."