Civil rights lawyers and Democratic senators are pushing for legislation that would limit U.S. law enforcement agencies' ability to buy cellphone tracking tools to follow people's whereabouts, including back years in time, and sometimes without a search warrant. From a report: Concerns about police use of the tool known as "Fog Reveal" raised in an investigation by The Associated Press published earlier this month also surfaced in a Federal Trade Commission hearing three weeks ago. Police agencies have been using the platform to search hundreds of billions of records gathered from 250 million mobile devices, and hoover up people's geolocation data to assemble so-called "patterns of life," according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used. Panelists and members of the public who took part in the FTC hearing also raised concerns about how data generated by popular apps is used for surveillance purposes, or "in some cases, being used to infer identity and cause direct harm to people in the real world, in the physical world and being repurposed for, as was mentioned earlier, law enforcement and national security purposes," said Stacey Gray, a senior director for U.S. programs for the Future of Privacy Forum.

The PC beta for Modern Warfare 2 was only online for just over a weekend, but cheat developers quickly managed to create wallhacks anyway, according to videos created by multiple cheat developers. From a report: The news highlights the constant cat and mouse game between cheat developers and the companies that make competitive video games, and shows that Modern Warfare 2 will be no different. Warzone, the massively popular free-to-play battle royale game built on top of Call of Duty's mainline games, was notoriously overrun by cheaters before publisher Activision and the development studios working on the game introduced a new anti-cheat mechanism called Ricochet. "I started developing a MW2 beta cheat right away. I was done the same day, the first day of the beta. My users got access once the cheat was complete & tested," Zebleer, the pseudonymous administrator of Phantom Overlay, a cheat provider that has a long history of selling cheats for Warzone, told Motherboard in an email.

[...] EngineOwning, another cheat developer, published a video to their Twitter account over the weekend appearing to show their own product in action, although it didn't seem to be ready for the beta. "Our MW2 cheat is now done and we're currently in close testing," the tweet read. "This means our cheat will be ready when the game launches, with all the features you'd expect." The Anti-Cheat Police Department, a researcher who has tracked the cheating ecosystem and who reports offending players, claimed in their own tweet that "Ricochet has this shitty cheat detected they are just a scam operation at this point."

An anonymous reader quotes a report from SFGate: In a 7-4 vote on Tuesday, the San Francisco Board of Supervisors agreed to test Mayor London Breed's controversial plan to overhaul the city's surveillance practices, which will allow police to access private security cameras in real time. Supervisors Catherine Stefani, Aaron Peskin, Gordon Mar, Matt Dorsey, Myrna Melgar, Rafael Mandelman and Ahsha Safai voted to approve the trial run, while Connie Chan, Dean Preston, Hillary Ronen and Shamann Walton voted in dissent.

Under the new policy, police can access up to 24 hours of live video of outdoor footage from private surveillance cameras owned by individuals or businesses without a warrant as long as the camera's owner allows it. Police must meet one of three outlined criteria to use their newfound power: they must be responding to a life-threatening emergency, deciding how to deploy officers in response to a large public event or conducting a criminal investigation that was approved in writing by a captain or higher-ranking police official. The trial will last 15 months. If supervisors wish to extend or revise the policy, they must take a second vote. "I know the thought process is, 'Just trust us, just trust the police department.' But the reality is people have been violating civil liberties since my ancestors were brought here from an entirely, completely different continent," Walton, the board president and District 10 representative, said.

San Francisco District Attorney Brooke Jenkins added: "I believe this policy can help address the existence of open-air drug markets fueling the sale of the deadly drug fentanyl. Drug dealers are destroying people's lives and wreaking havoc on neighborhoods like the Tenderloin. Mass organized retail theft, like we saw in Union Square last year, or targeted neighborhood efforts like we've seen in Chinatown is another area where the proposed policy can help."

Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well. From a report: According to journalist Matthew Keys' sources, the arrest is the result of an investigation involving the City of London Police, the UK's National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had "no further information to share at this stage."

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won't impact work on the game and that it will "properly introduce" fans to the next title in the blockbuster series once it's ready.

Australia's second-largest telecommunications company, Optus, has reported a cyber-attack. The breach exposed customers' names, dates of birth, phone numbers and email addresses. From a report: The company - which has more than ten million subscribers - says it has shut down the attack but not before other details such as driver's licences and passport numbers were hacked. Optus says payment data and account passwords were not compromised. The company said it would notify those at "heightened risk" but all customers should check their accounts. Chief executive Kelly Bayer Rosmarin apologised to its customers, on ABC TV. She said names, dates of birth and contact details had been accessed, "in some cases" the driving licence number, and in "a rare number of cases the passport and the mailing address" had also been exposed. The company had notified the Australian Federal Police after noticing "unusual activity." And investigators were trying "to understand who has been accessing the data and for what purpose."

Five luxury cars, including two BMWs, two McLarens, and a Lamborghini, have been seized from 23-year-old Aiden Pleterski, the self-described "crypto king" of Canada, during bankruptcy proceedings according to a new report from the CBC. But those cars are only worth a fraction of the $35 million that Pleterski allegedly took from investors who thought he'd make them rich in the cryptocurrency market, and it's not clear whether they'll ever see their money again. Gizmodo reports: Pleterski and his company AP Private Equity Limited are facing at least two civil lawsuits after 140 people have come forward to say they invested a combined $35 million with Pleterski. Those people believed they were investing in cryptocurrency, and Pleterski's online presence -- including photos of the 23-year-old on private jets and next to luxury cars-- helped create the image that he knew what he was doing.

Pleterski's YouTube channel and Instagram account have been deleted but it appears he purchased articles on websites like Forbes.mc (the top level domain for Monaco) and the far-right news outlet Daily Caller to get his name associated with success in crypto investment. The Daily Caller article from December 2021 includes a photo of Pleterski looking at his phone in what appears to be a private jet. Notably, December 2021 was a time when cryptocurrencies like bitcoin and ethereum were trading near all-time highs. The headline reads, "Aiden Pleterski: Meet the Young Canadian Investor Who Is Taking the World of Crypto By Storm."

The question remains whether Pleterski actually invested any of the money in crypto to begin with, and speaks to just how strange the crypto market has been over the past year. For all anyone knows, Pleterski may have actually invested the money and lost it like so many others since the peak of November 2021. Bitcoin is down 56% since its price a year ago, while ethereum is down 57%. Pleterski insists he invested the money but that he's just bad with record-keeping. But some investors suspect Pleterski didn't even bother investing the money, instead pocketing it for himself, according to people who spoke with the CBC. Investors are trying to get their money back through the bankruptcy court and two civil lawsuits, but criminal charges haven't been pursued, even though some have reported their incidents to Toronto police, according to the CBC.

A cache of nearly 160,000 files from Russia's powerful internet regulator provides a rare glimpse inside Vladimir V. Putin's digital crackdown. The New York Times: Four days into the war in Ukraine, Russia's expansive surveillance and censorship apparatus was already hard at work. Roughly 800 miles east of Moscow, authorities in the Republic of Bashkortostan, one of Russia's 85 regions, were busy tabulating the mood of comments in social media messages. They marked down YouTube posts that they said criticized the Russian government. They noted the reaction to a local protest. Then they compiled their findings. One report about the "destabilization of Russian society" pointed to an editorial from a news site deemed "oppositional" to the government that said President Vladimir V. Putin was pursuing his own self-interest by invading Ukraine. A dossier elsewhere on file detailed who owned the site and where they lived. Another Feb. 28 dispatch, titled "Presence of Protest Moods," warned that some had expressed support for demonstrators and "spoke about the need to stop the war." The report was among nearly 160,000 records from the Bashkortostan office of Russia's powerful internet regulator, Roskomnadzor.

Together the documents detail the inner workings of a critical facet of Mr. Putin's surveillance and censorship system, which his government uses to find and track opponents, squash dissent and suppress independent information even in the country's furthest reaches. The leak of the agency's documents "is just like a small keyhole look into the actual scale of the censorship and internet surveillance in Russia," said Leonid Volkov, who is named in the records and is the chief of staff for the jailed opposition leader Aleksei A. Navalny. "It's much bigger," he said. Roskomnadzor's activities have catapulted Russia, along with authoritarian countries like China and Iran, to the forefront of nations that aggressively use technology as a tool of repression. Since the agency was established in 2008, Mr. Putin has turned it into an essential lever to tighten his grip on power as he has transformed Russia into an even more authoritarian state. The internet regulator is part of a larger tech apparatus that Mr. Putin has built over the years, which also includes a domestic spying system that intercepts phone calls and internet traffic, online disinformation campaigns and the hacking of other nations' government systems. The agency's role in this digital dragnet is more extensive than previously known, according to the records.

It has morphed over the years from a sleepy telecom regulator into a full-blown intelligence agency, closely monitoring websites, social media and news outlets, and labeling them as "pro-government," "anti-government" or "apolitical." Roskomnadzor has also worked to unmask and surveil people behind anti-government accounts and provided detailed information on critics' online activities to security agencies, according to the documents. That has supplemented real-world actions, with those surveilled coming under attack for speaking out online. Some have then been arrested by the police and held for months. Others have fled Russia for fear of prosecution. The files reveal a particular obsession with Mr. Navalny and show what happens when the weight of Russia's security state is placed on one target. The system is built to control outbursts like the one this week, when protesters across Russia rallied against a new policy that would press roughly 300,000 people into military service for the war in Ukraine. At least 1,200 people have already been detained for demonstrating. More than 700 gigabytes of records from Roskomnadzor's Bashkortostan branch were made publicly available online in March by DDoSecrets, a group that publishes hacked documents.

Facebook and Instagram's speech policies harmed fundamental human rights of Palestinian users during a conflagration that saw heavy Israeli attacks on the Gaza Strip last May, according to a study commissioned by the social media sites' parent company Meta. From a report: "Meta's actions in May 2021 appear to have had an adverse human rights impact ... on the rights of Palestinian users to freedom of expression, freedom of assembly, political participation, and non-discrimination, and therefore on the ability of Palestinians to share information and insights about their experiences as they occurred," says the long-awaited report, which was obtained by The Intercept in advance of its publication. Commissioned by Meta last year and conducted by the independent consultancy Business for Social Responsibility, or BSR, the report focuses on the company's censorship practices and allegations of bias during bouts of violence against Palestinian people by Israeli forces last spring.

Following protests over the forcible eviction of Palestinian families from the Sheikh Jarrah neighborhood in occupied East Jerusalem, Israeli police cracked down on protesters in Israel and the West Bank, and launched military airstrikes against Gaza that injured thousands of Palestinians, killing 256, including 66 children, according to the United Nations. Many Palestinians attempting to document and protest the violence using Facebook and Instagram found their posts spontaneously disappeared without recourse, a phenomenon the BSR inquiry attempts to explain. Last month, over a dozen civil society and human rights groups wrote an open letter protesting Meta's delay in releasing the report, which the company had originally pledged to release in the "first quarter" of the year. While BSR credits Meta for taking steps to improve its policies, it further blames "a lack of oversight at Meta that allowed content policy errors with significant consequences to occur."

An anonymous reader shares a report: Telegram's doxxing problem goes far beyond Myanmar. WIRED spoke to activists and experts in the Middle East, Southeast Asia, and Eastern Europe who said that the platform has ignored their warnings about an epidemic of politically motivated doxxing, allowing dangerous content to proliferate, leading to intimidation, violence, and deaths. Telegram, which now claims more than 700 million active users worldwide, has a publicly stated philosophy that private communications should be beyond the reach of governments. That has made it popular among people living under authoritarian regimes all over the world (and among conspiracy theorists, anti-vaxxers, and "sovereign citizens" in democratic countries). But the service's structure -- part encrypted messaging app, part social media platform -- and its almost complete lack of active moderation has made it "the perfect tool" for the kind of doxxing campaigns occurring in Myanmar, according to digital rights activist Victoire Rio. This structure makes it easy for users to crowdsource attacks, posting a target for doxxing and encouraging their followers to dig up or share private information, which they can then broadcast more widely. Misinformation or doxxing content can move seamlessly from anonymous individual accounts to channels with thousands of users. Cross-posting is straightforward, so that channels can feed off one another, creating a kind of virality without algorithms that actively promote harmful content. "Structurally, it's suited to this use case," Rio says.

The first mass use of this tactic occurred during Hong Kong's massive 2019 democracy protests, when pro-Beijing Telegram channels identified demonstrators and sent their information to the authorities. Hundreds of protesters were sentenced to custodial sentences for their role in the demonstrations. But with the city split along "yellow" (pro-protests) and "blue" (pro-police) lines, channels were also set up to dox police officers and their families. In November 2020, a telecom company employee was jailed for two years after doxing police and government employees over Telegram. Since then, Telegram doxing appears to be spreading to new countries. In Iraq, militia groups and their supporters have become adept at using Telegram to source information about opponents, such as leaders of civil society groups, which they then broadcast on channels with tens of thousands of followers. Sometimes, bounties are offered for information, according to Hayder Hamzoz, founder of the Iraqi Network for Social Media, an organization that tracks social media use in the country. Often, these come with direct or implicit threats of violence. Targets have faced harassment and violence, and some have had to flee their homes, Hamzoz says.

An anonymous reader quotes a report from Motherboard: On Tuesday, 40 civil rights groups published an open letter calling on MGM Television executives to cancel the studio's upcoming reality show Ring Nation, which will feature former NSA employee and comedian Wanda Sykes presenting humorous surveillance footage captured from Ring doorbell cameras. The groups say the studio is "normalizing and promoting Amazon Ring's dangerous network of surveillance cameras," which, along with the Neighbors app, "violate basic privacy rights, fuel surveillance-based policing that disproportionately targets people of color and threatens abortion seekers, and enables vigilantes to surveil their neighbors and racially profile bystanders."

There's just one potential problem with the well-intentioned campaign: Amazon owns Ring, producer Big Fish Entertainment, and distributor MGM, and it also owns the Prime Video streaming service should it need somewhere to air it. It also has specific partnerships with thousands of police departments around the country should they happen to prove useful. This tower of vertical integration means that Ring Nation is a show designed from the ground up to leverage Amazon's vast monopoly to push its own product on Americans, and it also means that it will probably (but not definitely) be impossible to kill. There's very little chance that MGM executives will push back on the project when it's probably exactly the type of thing Amazon imagined being able to do when it spent $8.5 billion on a merger with MGM this year. "Ring Nation is not a comedy but rather a propaganda strategy to normalize and further digitize racial profiling in our communities. Truthfully the cognitive dissonance about the dangers of these tools is a real concern. It's striking to see a host who has been such a vocal supporter of racial justice protesters defend the very tech that was used to surveil activists during the uprisings in 2020," said Myaisha Hayes, campaign strategy director at Cancel Ring Nation co-organizer Media Justice, in a statement.

"The Ring Nation reality-TV series is anything but funny. It weaponizes the joy of our daily lives in an attempt to manufacture a PR miracle for scandal-ridden Amazon," Evan Greer, director of co-organizer Fight for the Future, said in a statement. "By normalizing surveillance, it will teach our children to relinquish their privacy in exchange for a quick laugh. In the coming weeks, Fight for the Future, Media Justice, and our org partners will be mobilizing our supporters and forming a loud and fearless coalition of civil rights groups to cancel Ring Nation," Greer said.

The show is set to launch on Sept. 26, though it hasn't been announced which networks will carry it.

After a Florida man was accused of vehicular homicide, his lawyer used Clearview AI's facial recognition software to prove his innocence. But other defense lawyers say Clearview's offer rings hollow. From a report: It was the scariest night of Andrew Grantt Conlyn's life. He sat in the passenger seat of a two-door 1997 Ford Mustang, clutching his seatbelt, as his friend drove approximately 100 miles per hour down a palm tree-lined avenue in Fort Myers, Fla. His friend, inebriated and distraught, occasionally swerved onto the wrong side of the road to pass cars that were complying with the 35 mile-an-hour speed limit. "Someone is going to die tonight," Mr. Conlyn thought. And then his friend hit a curb and lost control of the car. The Mustang began spinning wildly, hitting a light pole and three palm trees before coming to a stop, the passenger's side against a tree. At some point, Mr. Conlyn blacked out. When he came to, his friend was gone, the car was on fire and his seatbelt buckle was jammed. Luckily, a good Samaritan intervened, prying open the driver's side door and pulling Mr. Conlyn out of the burning vehicle.

Mr. Conlyn didn't learn his savior's name that Wednesday night in March 2017, nor did the police, who came to the scene and found the body of his friend, Colton Hassut, in the bushes near the crash; he'd been ejected from the car and had died. In the years that followed, the inability to track down that good Samaritan derailed Mr. Conlyn's life. If Clearview AI, which is based in New York, hadn't granted his lawyer special access to a facial recognition database of 20 billion faces, Mr. Conlyn might have spent up to 15 years in prison because the police believed he had been the one driving the car. For the last few years, Clearview AI's tool has been largely restricted to law enforcement, but the company now plans to offer access to public defenders. Hoan Ton-That, the chief executive, said this would help "balance the scales of justice," but critics of the company are skeptical given the legal and ethical concerns that swirl around Clearview AI's groundbreaking technology. The company scraped billions of faces from social media sites, such as Facebook, LinkedIn and Instagram, and other parts of the web in order to build an app that seeks to unearth every public photo of a person that exists online.

Since the data of about roughly 1 billion Chinese citizens appeared for sale on a popular dark web forum in June, researchers have observed a surge in other kinds of personal records from China appearing on cybercriminal marketplaces. From a report: In the aftermath of that record leak, an estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, according to Group-IB, a cybersecurity firm based in Singapore. In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai's mandatory health code system, used to enforce quarantine and testing orders. The alleged hoard included names, phone numbers, IDs and their Covid status -- for the price of $4,000.

"The forum has never seen such an influx of Chinese users and interest in Chinese data," said Feixiang He, a researcher at Group-IB. "The number of attacks on Chinese users may grow in the near future." Bloomberg was unable to confirm the authenticity of the datasets for sale on Breach Forums. The website, like other markets where illicit goods are sold, has been home to false advertisements meant to generate attention, as well as legitimate data apparently stolen in security incidents, including an instance where users marketed user information taken from Twitter.

Bruce66423 shares a report from the Associated Press: A rape victim whose DNA from her sexual assault case was used by San Francisco police to arrest her in an unrelated property crime on Monday filed a lawsuit against the city. During a search of a San Francisco Police Department crime lab database, the woman's DNA was tied to a burglary in late 2021. Her DNA had been collected and stored in the system as part of a 2016 domestic violence and sexual assault case, then-District Attorney Chesa Boudin said in February in a shocking revelation that raised privacy concerns. "This is government overreach of the highest order, using the most unique and personal thing we have -- our genetic code -- without our knowledge to try and connect us to crime," the woman's attorney, Adante Pointer, said in a statement.

The revelation prompted a national outcry from advocates, law enforcement, legal experts and lawmakers. Advocates said the practice could affect victims' willingness to come forward to law enforcement authorities. Federal law already prohibits the inclusion of victims' DNA in the national Combined DNA Index System. There is no corresponding law in California to prohibit local law enforcement databases from retaining victims' profiles and searching them years later for entirely different purposes.

Boudin said the report was found among hundreds of pages of evidence against a woman who had been recently charged with a felony property crime. After learning the source of the DNA evidence, Boudin dropped the felony property crime charges against the woman. The police department's crime lab stopped the practice shortly after receiving a complaint from the district attorney's office and formally changed its operating procedure to prevent the misuse of DNA collected from sexual assault victims, Police Chief Bill Scott said. Scott said at a police commission meeting in March that he had discovered 17 crime victim profiles, 11 of them from rape kits, that were matched as potential suspects using a crime victims database during unrelated investigations. Scott said he believes the only person arrested was the woman who filed the lawsuit Monday.

The Treasury Department will warn the White House that cryptocurrencies could pose significant financial risks that outweigh their benefits unless the government rolls out major new regulations, Washington Post reported Thursday, citing two people familiar with the matter. From the report: Through four separate reports this month, Treasury is expected to make clear that the Biden administration's top economic officials believe crypto needs strong oversight, as lawmakers weigh new rules for the digital assets. Treasury's reports will highlight the economic danger of cryptocurrencies in several key areas, including the fraud risks they pose for investors, the two people familiar with the matter said, speaking on the condition of anonymity to discuss the reports before they're public. Treasury's assessments conclude that cryptocurrencies do not yet pose a stability risk to the broader financial system -- but that the situation could change rapidly. One of the reports will focus in particular on the financial hazards posed by stablecoins, a form of cryptocurrency that is in theory pegged to the value of the U.S. dollar, the people said. Treasury last fall called on Congress to give banking regulators new authority to police those digital tokens, but lawmakers have yet to reach agreement on how to do so. Meanwhile, the collapse of a $60 billion stablecoin project called Terra this spring helped accelerate a broader crypto market downturn that's ongoing.

An anonymous reader quotes a report from the Associated Press: One of the strictest internet privacy laws in the United States has withstood a legal challenge, as a group of telecommunication providers has dropped its bid to overturn the Maine standard. Maine created one of the toughest rules in the nation for internet service providers in 2020 when it began enforcing an "opt-in" web privacy standard. The law stops the service providers from using, disclosing, selling or providing access to customers' personal information without permission.

Industry associations swiftly sued with a claim that the new law violated their First Amendment rights. A federal judge rejected that challenge, but legal wrangling continued. The groups, which include the country's biggest telecommunications providers, filed to dismiss the lawsuit on Sept. 2, said Maine Attorney General Aaron Frey. Frey said the state's privacy law held up despite the efforts of an "army of industry lawyers organized against us," and now other states can follow Maine's lead. "Maine's Legislature wisely sought to protect Maine residents by restricting the disclosure and use of their most private and personal information," Frey said.

The Maine Legislature passed the bill, proposed by former Democratic state Sen. Shenna Bellows, who is now Maine's secretary of state, in 2019. Internet service providers then sued in February 2020, and attorneys for Maine have been in court defending the law since. The proposal stemmed from a Maine effort to bring back rules implemented during President Barack Obama's tenure that were repealed by Congress during President Donald Trump's term. Industry plaintiffs agreed to reimburse Maine for more than $55,000 in costs incurred defending the law, Frey said. Maine is also home to the strictest facial recognition law of its kind. It was passed last July and "prohibits government use of facial recognition except in specifically outlined situations, with the most broad exception being if police have probable cause that an unidentified person in an image committed a serious crime, or for proactive fraud prevention," reports Motherboard.

"Crucially, the law plugs loopholes that police have used in the past to gain access to the technology, like informally asking other agencies or third parties to run backchannel searches for them. Logs of all facial recognition searches by the BMV must be created and are designated as public records."

Faruk Fatih Ozer, the founder and CEO of the now-defunct crypto exchange Thodex, has been arrested in the Albanian city of Vlore. PC Gamer reports: Ozer fled following the collapse of Thodex in April 2021: he initially claimed a halt in trading was due to cyberattacks, and that investors' money was safe, before disappearing. Almost immediately afterwards, Turkish police arrested dozens of Thodex employees and seized the firm's computers. It subsequently emerged that, in April 2021, Thodex had moved approximately $125 million worth of bitcoin to the established US crypto exchange Kraken. Given the number of investors in Thodex left with nothing, this looks like straightforward theft from a failing business.

It's not the whole story, either. Cryptocrime analysis firm Chainanalysis addressed Thorex specifically in its overview of 2021, in the wider context of a total $2.8 billion worth of crypto scams over this year being 'rug pulls': wherein a seemingly legitimate business is set up, operates as normal for a while, then suddenly all the money is gone. It's large-scale fraud. "We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users' ability to withdraw funds," says the Chainanalysis report. That works out at an estimate of around $2.5 billion of crypto.

Six people have already been jailed for their role in Thodex, including family members of Ozer, while 20 other prosecutions are ongoing. The Turkish daily Harriyet reports that state prosecutors are out to set an example: "A prison sentence of 40,564 years is sought for each of these 21 people, including Ozer, as over 2,000 people are included in the indictment as complainants."

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people's movements months back in time, according to public records and internal emails obtained by The Associated Press. schwit1 shares a report: Police have used "Fog Reveal" to search hundreds of billions of records from 250 million mobile devices, and harnessed the data to create location analyses known among law enforcement as "patterns of life," according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used.It relies on advertising identification numbers, which Fog officials say are culled from popular cellphone apps such as Waze, Starbucks and hundreds of others that target ads based on a person's movements and interests, according to police emails. That information is then sold to companies like Fog.

A massive Chinese database storing millions of faces and vehicle license plates was left exposed on the internet for months before it quietly disappeared in August. From a report: While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error.

The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China's east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites, and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely. It's through a vast network of cameras that Xinai has amassed millions of face prints and license plates, which its website claims the data is "securely stored" on its servers. But it wasn't. Security researcher Anurag Sen found the company's exposed database on an Alibaba-hosted server in China and asked for TechCrunch's help in reporting the security lapse to Xinai. Sen said the database contained an alarming amount of information that was rapidly growing by the day, and included hundreds of millions of records and full web addresses of image files hosted on several domains owned by Xinai.

The company behind the bright green marijuana-themed trucks that crowd Manhattan's tourist districts is now paying the price for repeatedly breaking the law. They haven't been fined for selling anything illicit, but for being top contributors to one of the city's other infamous scourges: illegal parking. From a report: The New York City department of finance confirmed to the Guardian that Weed World Candies had paid $200,000 in parking fines to get back several vehicles that had been towed in June by the city's sheriff's office.

But while Weed World is apparently getting on the right side of the law, its payments only equal a fraction of the $534.5m the city is owed in unpaid parking fines, according to the agency, as serial offenders skirt the rules in one of the world's most maddening places to get around. In Midtown Manhattan, where competition for parking is cutthroat in a grid of cramped and chaotic roadways, trucks habitually stop in bike lanes, forcing cyclists into busy traffic; cars double-park as drivers sprint into bodegas to buy their increasingly expensive bacon, egg and cheese sandwiches. Police often turn a blind eye, amid allegations that they illegally park their personal cars and harassed a cyclist who reported them.

Facebook's parent company Meta is heading into another political battle over the planned introduction of end-to-end encryption (E2EE) in its Messenger chat platform. From a report: The UK's home secretary, Priti Patel, makes this clear in an op-ed for Tory mouthpiece The Telegraph this week, saying it would be a "grotesque betrayal" if the company didn't consider issues of child safety while introducing E2EE. Similar arguments are likely to be raised in the US, too. Meta has been working on adding E2EE to Messenger for years, and recently confirmed that it aims to encrypt all chats and calls on the platform by default next year. (It currently only offers default E2EE on its other big chat platform, WhatsApp, though users can opt-in to E2EE on Messenger on a chat-by-chat basis.)

The move is reigniting decades-old debates in politics and tech about the right way to balance user privacy and safety. In the US, these arguments have been heightened by the potential for police to issues search warrants for user chats in order to enforce new abortion laws after the overturn of Roe v. Wade. In the UK, arguments over encryption tend to focus on child safety and the dissemination of of child sexual abuse material, or CSAM. "A great many child predators use social media platforms such as Facebook to discover, target and sexually abuse children," writes Patel in her op-ed. "It is vital that law enforcement have access to the information they need to identify the children in these images and safeguard them from vile predators."