Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods. From a report: Apple in August announced a planned suite of new child safety features, including scanning users' iCloud Photos libraries for Child Sexual Abuse Material (CSAM), Communication Safety to warn children and their parents when receiving or sending sexually explicit photos, and expanded CSAM guidance in Siri and Search. Following their announcement, the features were criticized by a wide range of individuals and organizations, including security researchers, the privacy whistleblower Edward Snowden, the Electronic Frontier Foundation (EFF), Facebook's former security chief, politicians, policy groups, university researchers, and even some Apple employees.

Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs. From a report: If it's been a year or more since you traveled, particularly internationally, you may notice something different at airports in the United States: More steps -- from checking a bag to clearing customs -- are being automated using biometrics. Biometrics are unique individual traits, such as fingerprints, that can be used to automate and verify identity. They promise both more security and efficiency in moving travelers through an airport where, at steps from check-in to boarding, passengers are normally required to show government-issued photo identification. In the travel hiatus caused by the pandemic, many airports, airlines, tech companies and government agencies like the Transportation Security Administration and United States Customs and Border Protection continued to invest in biometric advancements. The need for social distancing and contactless interactions only added to the urgency.

"The technologies have gotten much more sophisticated and the accuracy rate much higher," said Robert Tappan, the managing director for the trade group International Biometrics + Identity Association, who called the impetus to ease crowds and reduce contact through these instruments "COVID-accelerated." Many of the latest biometric developments use facial recognition, which the National Institute of Standards and Technology recently found is at least 99.5 percent accurate, rather than iris-scanning or fingerprints. "Iris-scanning has been touted as the most foolproof," said Sherry Stein, the head of technology in the Americas for SITA, a Switzerland-based biometrics tech company. "For biometrics to work, you have to be able to match to a known trusted source of data because you're trying to compare it to a record on file. The face is the easiest because all the documents we use that prove your identity -- driver's licenses, passports etc. -- rely on face." Shortly after 9/11, Congress mandated an entry and exit system using biometric technology to secure U.S. borders. Some travelers have expressed concerns about privacy, and while companies and agencies using the technology say they do not retain the images, the systems largely rely on willing travelers who agree to their use.

Dozens of printers across the internet are printing out a manifesto that encourages workers to discuss their pay with coworkers, and pressure their employers. Motherboard reports: "ARE YOU BEING UNDERPAID?" one of the manifestos read, according to several screenshots posted on Reddit and Twitter. "You have a protected LEGAL RIGHT to discuss your pay with your coworkers. [...] POVERTY WAGES only exist because people are 'willing' to work for them." On Tuesday, a Reddit user wrote in a post that the manifesto was getting randomly printed at his job. "Which one of you is doing this because it's hilarious," the user wrote. "Me and my co-workers need answers."

Some people on Reddit have suggested that the messages are fake (i.e. printed by people with access to a receipt printer and posted for Reddit clout) or as part of a conspiracy to make it seem like the r/antiwork subreddit is doing something illegal. But Andrew Morris, the founder of GreyNoise, a cybersecurity firm that monitors the internet, told Motherboard that his firm has seen actual network traffic going to insecure receipt printers, and that it seems someone or multiple people are sending these printing jobs all over the internet indiscriminately, as if spraying or blasting them all over. Morris has a history of catching hackers exploiting insecure printers. "Someone is using a similar technique as 'mass scanning' to massively blast raw TCP data directly to printer services across the internet," Morris told Motherboard in an online chat. "Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging."

Whoever is doing this, Morris said, is doing it "in an intelligent way." "The person or people behind this are distributing the mass-print from 25 separate servers so blocking one IP isn't enough," he said. "A technical person is broadcasting print requests for a document containing workers rights messaging to all printers that are misconfigured to be exposed to the internet and we've confirmed that it is printing successfully in some number of places the exact number would be difficult to confirm but Shodan suggests that thousands of printers are exposed," he added, referring to Shodan, a tool that scans the internet for insecure computers, servers, and other devices.

At the Snapdragon Tech Summit 2021 yesterday, Qualcomm introduced their new always-on camera capabilities in the Snapdragon 8 Gen 1 processor, which is expected to arrive in high-end Android phones early next year. The company says this new feature will let users wake and unlock their phone without having to pick it up or have it instantly lock when it no longer sees their face. Even though Judd Heape, Qualcomm Technologies vice president of product management, said that the "always-on camera data never leaves the secure sensing hub while it's looking for faces," it raises a serious privacy concern that "far outweighs any potential convenience benefits," argues The Verge's Dan Seifert. From the report: Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years. Those are used to listen for voice commands like "Hey Siri" or "Hey Google" (or lol, "Hi Bixby") and then wake up the phone and provide a response, all without you having to touch or pick up the phone. But the key difference is that they are listening for specific wake words and are often limited with what they can do until you do actually pick up your phone and unlock it. It feels a bit different when it's a camera that's always scanning for your likeness.

It's true that smart home products already have features like this. Google's Nest Hub Max uses its camera to recognize your face when you walk up to it and greet you with personal information like your calendar. Home security cameras and video doorbells are constantly on, looking for activity or even specific faces. But those devices are in your home, not always carried with you everywhere you go, and generally don't have your most private information stored on them, like your phone does. They also frequently have features like physical shutters to block the camera or intelligent modes to disable recording when you're home and only resume it when you aren't. It's hard to imagine any phone manufacturer putting a physical shutter on the front of their slim and sleek flagship smartphone.

Lastly, there have been many reports of security breaches and social engineering hacks to enable smart home cameras when they aren't supposed to be on and then send that feed to remote servers, all without the knowledge of the homeowner. Modern smartphone operating systems now do a good job of telling you when an app is accessing your camera or microphone while you're using the device, but it's not clear how they'd be able to inform you of a rogue app tapping into the always-on camera. [...] But even if it's not found in every phone next year, the mere presence of the feature means that it will be used by someone at some point. It sets a precedent that is unsettling and uncomfortable; Qualcomm may be the first with this capability, but it won't be long before other companies add it in the race to keep up. Maybe we'll just start having to put tape on our smartphone cameras like we already do with laptop webcams.

Heidi Thorsen owns the coin-only laundromat "Lunar Laundry" in Seattle — and discovered an odd phenomenon, reports the Seattle Times. "Thorsen went to her bank to replenish her coin supply. But the bank was so short on change, she could only buy a few $10, 40-quarter rolls, and most often there were none at all..."

Thorsen speaks for many in the local coin-operated economy, a diverse, somewhat old-school community of businesses and consumers that has been in a state of agitation since COVID-19 interrupted the normal cycle of coins. "It's something I have to think about all the time," says Queen Anne resident Dan White, whose apartment has a coin-operated laundry. Early in the pandemic, White had to frantically group-text friends to secure enough quarters for a weekend's wash... "People that aren't using quarters for a laundry machine have no idea that this is even happening." Indeed, the Great Quarter Shortage has exposed another social and economic divide as a subset of consumers and businesses must scramble to replace what COVID has made scarce. The result is a kind of two-bit black market, rife with clever workarounds and conspiracy theories, and no small amount of social friction...

Technically, there is no quarter shortage, in Seattle or anywhere. The U.S. Mint produced nearly 24% more coins in 2020 than in 2019, despite a temporary pandemic slowdown, and continues to roll them out at "near record levels," according to Mint officials. The problem, federal officials say, is many of the roughly 55 billion quarters estimated to be in circulation have been stranded by the pandemic in places — under your couch cushions, say, or in your console coin holder — where the coin-operated economy can't touch them. It's a smaller, less visible version of the supply chain crisis, but with quarters instead of cargo containers.

Early in the pandemic, many consumers and businesses stopped using physical currency out of safety concerns. Overall cash purchases in 2020 dropped nearly 27% compared with 2019, while the rate at which coins and bills change hands fell more than 70% — the steepest drop on record — and hasn't recovered, Federal Reserve data show. As coins accumulated in homes and handbags, retailers that were typically quarter-negative even before COVID went even further in the red and made even more frequent coin purchases from banks. Consumers, meanwhile, were also less frequently hauling in their caches of spare change to banks or coin kiosks. As the circulation of coins slowed, and as the reopening economy led banks to order more coins from the Federal Reserve, the country's central bank saw its own coin inventory fall below normal levels. In June 2020, the Reserve imposed a "temporary" restriction on coin orders by private banks that, despite a brief reprieve this year, remains in effect. Some banks restricted their own coin sales, even to big retail customers — and many still do.

The bank is "shorting us on our order a lot," says Dave Garcia, assistant store director at Ballard Market, which, like many retailers, has suspended its own quarter sales to consumers...
It's a problem for the "unbanked" without debit cards and the small-business owners who depend on them and "can't afford to upgrade to digital payments and the touchless economy." (And the article points out this includes laundromats, more than half of which are still coin-operated in the U.S.) The CEO of the Coin Laundry Association even tells the Times that some laundromats have resorted to installing a kill switch on their change machines, just so if noncustomers try to make change, "they just cut the power to the machine."

The owner of the Lunar Laundry ultimately installed a digital system that lets customers pay through a phone app after scanning a washer's QR code. A bar owner in Seattle even believes a conspiracy theory that the government is prolonging the shortage to push everyone to digital currencies so their purchases can all be tracked.

But in fact, the Times notes, "Solving the quarter crisis has become a top priority of the Federal Reserve, where a specially empaneled U.S. Coin Task Force is working to persuade Americans to spend those quarters and other coins back into circulation..."

Hmmmmmm shares a report from SciTechDaily: Investigators from Brigham and Women's Hospital and MIT used the power of nanotechnology to discover a new way that cancer can disarm its would-be cellular attackers by extending out nanoscale tentacles that can reach into an immune cell and pull out its powerpack. Slurping out the immune cell's mitochondria powers up the cancer cell and depletes the immune cell. The new findings, published in Nature Nanotechnology, could lead to new targets for developing the next generation of immunotherapy against cancer.

To investigate how cancer cells and immune cells interact at the nanoscale level, [corresponding author Shiladitya Sengupta, PhD, and co-director of the Brigham's Center for Engineered Therapeutics] and colleagues set up experiments in which they co-cultured breast cancer cells and immune cells, such as T cells. Using field-emission scanning electron microscopy, they caught a glimpse of something unusual: Cancer cells and immune cells appeared to be physically connected by tiny tendrils, with widths mostly in the 100-1000 nanometer range. (For comparison, a human hair is approximately 80,000 to 100,000 nanometers). In some cases, the nanotubes came together to form thicker tubes. The team then stained mitochondria -- which provide energy for cells -- from the T cells with a fluorescent dye and watched as bright green mitochondria were pulled out of the immune cells, through the nanotubes, and into the cancer cells.

"By carefully preserving the cell culture condition and observing intracellular structures, we saw these delicate nanotubes and they were stealing the immune cells' energy source," said co-corresponding author Hae Lin Jang, PhD, a principal investigator in the Center for Engineered Therapeutics. "It was very exciting because this kind of behavior had never been observed before in cancer cells. This was a tough project as the nanotubes are fragile and we had to handle the cells very gently to not break them." The researchers then looked to see what would happen if they prevented the cancer cells from hijacking mitochondria. When they injected an inhibitor of nanotube formation into mouse models used for studying lung cancer and breast cancer, they saw a significant reduction in tumor growth.

iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents.

Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

An anonymous reader quotes a report from ZDNet: LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says. Now, to address the growing threat of software supply chain attacks, the foundation is upgrading its LFX Security module to deal with these attacks. Jim Zemlin, the Linux Foundation's executive director, announced this new tooling today at the Linux Foundation Membership Summit.

Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community. [...] LFX Security will be further scaled out in 2022, helping to solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation. LFX Security is free and available now.

As investors race to capitalize on surging interest in cryptocurrencies, startups are getting creative in how they onboard a generation of crypto users to their first wallets. From a report: Worldcoin is perhaps one of the most audacious efforts to bribe the world to embrace their currency. The startup, founded by OpenAI CEO Sam Altman and Alex Blania, wants to put a crypto wallet (and some of their currency) onto every human's smartphone, but in order to do so they have to build a way to determine whether someone is a unique human. Worldcoin is aiming to make their proof-of-personhood network in the least dystopian way possible, that being said, it still requires scanning a billion people's eyeballs with a 5-pound chromatic sphere called "The Orb."

The internet has developed with a very amorphous mesh of user networks. Bot networks operate alongside real people using their real identities, alongside users impersonating real people, alongside pseudonymous users. This can be a recipe for misaligned user incentives, as modern social media platforms have showcased, but when it comes to finance it can also be a recipe for fraud and inequality. Worldcoin wants to avoid all of that while ensuring equitable distribution of their currency, ensuring that each human on earth only signs up for one wallet in their network. Worldcoin CEO Alex Blania tells TechCrunch that the currency is part of a larger effort to drive a more unified and equitable global economy driven by the internet economy, something cryptocurrencies notably haven't nailed in their first several years.

An anonymous reader quotes a report from The Register: In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology. The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times. Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child's identity against "encrypted faceprint templates," and will be held on servers on-site at the 65 schools that have so far signed up. He added: "In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale." He told the paper that with the system, the average transaction time was cut to five seconds per pupil. The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England. North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision. Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the "next step in cashless catering."

em1ly shares a report from Motherboard: Amazon's new robot called Astro is designed to track the behavior of everyone in your home to help it perform its surveillance and helper duties, according to leaked internal development documents and video recordings of Astro software development meetings obtained by Motherboard. The system's person recognition system is heavily flawed, according to two sources who worked on the project. The documents, which largely use Astro's internal codename "Vesta" for the device, give extensive insight into the robot's design, Amazon's philosophy, how the device tracks customer behavior as well as flow charts of how it determines who a "stranger" is and whether it should take any sort of "investigation activity" against them.

The meeting document spells out the process in a much blunter way than Amazon's cutesy marketing suggests. "[Astro] slowly and intelligently patrols the home when unfamiliar person are around, moving from scan point to scan point (the best location and pose in any given space to look around) looking and listening for unusual activity," one of the files reads. "Vesta moves to a predetermined scan point and pose to scan any given room, looking past and over obstacles in its way. Vesta completes one complete patrol when it completes scanning all the scan point on the floorplan." [...]

Developers who worked on Astro say the versions of the robot they worked on did not work well. "Astro is terrible and will almost certainly throw itself down a flight of stairs if presented the opportunity. The person detection is unreliable at best, making the in-home security proposition laughable," a source who worked on the project said. "The device feels fragile for something with an absurd cost. The mast has broken on several devices, locking itself in the extended or retracted position, and there's no way to ship it to Amazon when that happens." "They're also pushing it as an accessibility device but with the masts breaking and the possibility that at any given moment it'll commit suicide on a flight of stairs, it's, at best, absurdist nonsense and marketing and, at worst, potentially dangerous for anyone who'd actually rely on it for accessibility purposes," the source said.

EFF.org has the story: For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn't want concerns about the phone-scanning features to steal the spotlight.

But we can't let Apple's disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road. To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising.

During Apple's event, a plane circled the company's headquarters carrying an impossible-to-miss message: "Apple, don't scan our phones!" The evening before Apple's event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as "confusion" about the new features.

Apple's iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don't support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple's September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online...

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that's a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user's communication.

Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it's an open question whether Apple will continue to be one of them.

"Germany's Federal Criminal Police Office (BKA) purchased access to NSO Group's Pegasus spyware in 2019 after internal efforts to create similar iOS and Android surveillance tools failed," reports AppleInsider. The news comes less than a month after the Digital Agenda committee chairman of Germany's federal parliament, Manual Hoferlin, declared Apple to be on a "dangerous path" with plans to enact on-device child sexual assault material monitoring. He said the system undermines "secure and confidential communication" and represents the "biggest breach of the dam for the confidentiality of communication that we have seen since the invention of the Internet." From the report: The federal government revealed the agreement with NSO in a closed-door session with the German parliament's Interior Committee on Tuesday, reports Die Zeit. When the BKA began to use Pegasus is unclear. While Die Zeit says the tool was purchased in 2019 and is currently used in concert with a less effective state-developed Trojan, a separate report from Suddeutsche Zeitung, via DW.com, cites BKA Vice President Martina Link as confirming an acquisition in late 2020 followed by deployment against terrorism and organized crime suspects in March.

Officials made the decision to adopt Pegasus in spite of concerns regarding the legality of deploying software that can grant near-unfettered access to iPhone and Android handsets. As noted in the report, NSO's spyware exploits zero-day vulnerabilities to gain access to smartphones, including the latest iPhones, to record conversations, gather location data, access chat transcripts and more. Germany's laws state that authorities can only infiltrate suspects' cellphone and computers under special circumstances, while surveillance operations are governed by similarly strict rules.

BKA officials stipulated that only certain functions of Pegasus be activated in an attempt to bring the powerful tool in line with the country's privacy laws, sources told Die Zeit. It is unclear how the restrictions are implemented and whether they have been effective. Also unknown is how often and against whom Pegasus was deployed. According to Die Zeit, Germany first approached NSO about a potential licensing arrangement in 2017, but the plan was nixed due to concerns about the software's capabilities. Talks were renewed after the BKA's attempts to create its own spyware fell short.

Automated resume-scanning software is contributing to a "broken" hiring system in the US, says a new report from Harvard Business School. Such software is used by employers to filter job applicants, but is mistakenly rejecting millions of viable candidates, say the study's authors. It's contributing to the problem of "hidden workers" -- individuals who are able and willing to work, but remain locked out of jobs by structural problems in the labor market. From a report: The study's authors identify a number of factors blocking people from employment, but say automated hiring software is one of the biggest. These programs are used by 75 percent of US employers (rising to 99 percent of Fortune 500 companies), and were adopted in response to a rise in digital job applications from the '90s onwards. Technology has made it easier for people to apply for jobs, but also easier for companies to reject them. The exact mechanics of how automated software mistakenly reject candidates are varied, but generally stem from the use of overly-simplistic criteria to divide "good" and "bad" applicants.

Apple has delayed plans to roll out its child sexual abuse (CSAM) detection technology that it chaotically announced last month, citing feedback from customers and policy groups. From a report: That feedback, if you recall, has been largely negative. The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology. In a statement on Friday morning, Apple told TechCrunch: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

UK ISP Sky Broadband is monitoring the IP addresses of servers suspected of streaming pirated content to subscribers and supplying that data to an anti-piracy company working with the Premier League. That inside knowledge is then processed and used to create blocklists used by the country's leading ISPs, to prevent subscribers from watching pirated events. An anonymous reader shares the report from Torrent Freak: In recent weeks, an anonymous source shared a small trove of information relating to the systems used to find, positively identity, and then ultimately block pirate streams at ISPs. According to the documents, the module related to the Premier League work is codenamed 'RedBeard.' The activity appears to start during the week football matches or PPV events take place. A set of scripts at anti-piracy company Friend MTS are tasked with producing lists of IP addresses that are suspected of being connected to copyright infringement. These addresses are subsequently dumped to Amazon S3 buckets and the data is used by ISPs to block access to infringing video streams, the documents indicate. During actual event scanning, content is either manually or fingerprint matched, with IP addresses extracted from DNS information related to hostnames in media URLs, load balancers, and servers hosting Electronic Program Guides (EPG), all of which are used by unlicensed IPTV services.

The big question then is how the Premier League's anti-piracy partner discovers the initial server IP addresses that it subsequently puts forward for ISP blocking. According to documents reviewed by TF, information comes from three sources -- the anti-piracy company's regular monitoring (which identifies IP addresses and their /24 range), manually entered IP addresses (IP addresses and ports), and a third, potentially more intriguing source -- ISPs themselves. The document revealing this information is not dated but other documents in the batch reference dates in 2021. At the time of publishing date, the document indicates that ISP cooperation is currently limited to Sky Broadband only. TorrentFreak asked Friend MTS if that remains the case or whether additional ISPs are now involved. It appears that instead of monitoring customer IP addresses, Sky is compiling data on which IP addresses subscribers are pulling most data from during (and potentially before) match or event times. Sky then uploads the highest-trafficked IP addresses along with the port the traffic is streamed on to the S3 bucket mentioned above, every five minutes. It is then accessed by the anti-piracy company which, every five minutes, extracts the IP, bandwidth rate, and the port number that bandwidth is on. At the time of the document's publication, the Sky 'Top Talker' threshold for the Premier League's 'RedBeard' module was 100mbps. The IP address information provided by the ISP that exceeds this limit then appears to be cross-referenced by IP address and port number with data obtained during game week scanning at Friend MTS. It is then processed accordingly. Torrent Freak goes on to note that the Premier League is "seeking cooperation from additional ISPs too."

"In summary, it appears that Sky subscribers aren't being directly monitored per se, but the servers they draw most bandwidth from are being noted by Sky and that data is being forwarded for anti-piracy enforcement," the report adds. "This means that Sky subscribers' piracy habits are directly providing information to support Premier League, Matchroom Boxing, and Queensbury Promotions blocking efforts."

The Washington Post reports that the U.S. government "plans to expand its use of facial recognition to pursue criminals and scan for threats, an internal survey has found, even as concerns grow about the technology's potential for contributing to improper surveillance and false arrests." Ten federal agencies — the departments of Agriculture, Commerce, Defense, Homeland Security, Health and Human Services, Interior, Justice, State, Treasury and Veterans Affairs — told the Government Accountability Office they intend to grow their facial recognition capabilities by 2023, the GAO said in a report posted to its website Tuesday. Most of the agencies use face-scanning technology so employees can unlock their phones and laptops or access buildings, though a growing number said they are using the software to track people and investigate crime. The Department of Agriculture, for instance, said it wants to use it to monitor live surveillance feeds at its facilities and send an alert if it spots any faces also found on a watch list...

The GAO said in June that 20 federal agencies have used either internally developed or privately run facial recognition software, even though 13 of those agencies said they did not "have awareness" of which private systems they used and had therefore "not fully assessed the potential risks ... to privacy and accuracy." In the current report, the GAO said several agencies, including the Justice Department, the Air Force and Immigration and Customs Enforcement, reported that they had used facial recognition software from Clearview AI, a firm that has faced lawsuits from privacy groups and legal demands from Google and Facebook after it copied billions of facial images from social media without their approval... Many federal agencies said they used the software by requesting that officials in state and local governments run searches on their own software and report the results. Many searches were routed through a nationwide network of "fusion centers," which local police and federal investigators use to share information on potential threats or terrorist attacks...

U.S. Customs and Border Protection officials, who have called the technology "the way of the future," said earlier this month that they had run facial recognition scans on more than 88 million travelers at airports, cruise ports and border crossings. The systems, the officials said, have detected 850 impostors since 2018 — or about 1 in every 103,000 faces scanned.

According to the Wall Street Journal, the person behind T-Mobile's recent security breach that affected more than 50 million customers is a 21-year-old named John Binns. " Binns said he broke through the T-mobile defenses after discovering an unprotected router exposed on the internet, after scanning the carrier's internet addresses for weak spots using a publicly available tool," reports Axios. From the report: "I was panicking because I had access to something big," he wrote in Telegram messages to the Journal. "Their security is awful." "Generating noise was one goal," Binns said. He declined to say whether he sold any of the information he stole, or whether he was paid for the hack.

Some of the information exposed in the breach included names, dates of birth, social security numbers and personal ID information. The breach is being investigated Seattle's FBI office, according to the Journal.

According to 9to5Mac, Apple has confirmed that it's already been scanning iCloud Mail for Child Sexual Abuse Material (CSAM), and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups, which sent the internet into a frenzy when it announced its intents to begin doing so. From the report: The clarification followed me querying a rather odd statement by the company's anti-fraud chief [Eric Friedman]: that Apple was "the greatest platform for distributing child porn." That immediately raised the question: If the company wasn't scanning iCloud photos, how could it know this? [...] Apple confirmed to me that it has been scanning outgoing and incoming iCloud Mail for CSAM attachments since 2019. Email is not encrypted, so scanning attachments as mail passes through Apple servers would be a trivial task. Apple also indicated that it was doing some limited scanning of other data, but would not tell me what that was, except to suggest that it was on a tiny scale. It did tell me that the "other data" does not include iCloud backups.

Although Friedman's statement sounds definitive -- like it's based on hard data -- it's now looking likely that it wasn't. It's our understanding that the total number of reports Apple makes to CSAM each year is measured in the hundreds, meaning that email scanning would not provide any kind of evidence of a large-scale problem on Apple servers. The explanation probably lays in the fact that other cloud services were scanning photos for CSAM, and Apple wasn't. If other services were disabling accounts for uploading CSAM, and iCloud Photos wasn't (because the company wasn't scanning there), then the logical inference would be that more CSAM exists on Apple's platform than anywhere else. Friedman was probably doing nothing more than reaching that conclusion.

An explanation for Apple's controversial decision to begin scanning iPhones for CSAM has been found in a 2020 statement by Apple's anti-fraud chief. Eric Friedman stated, in so many words, that "we are the greatest platform for distributing child porn." The revelation does, however, raise the question: How could Apple have known this if it wasn't scanning iCloud accounts...? 9to5Mac reports: The iMessage thread was spotted by the Verge as it works its way through the internal emails, messages, and other materials handed over by Apple as part of the discovery process in the Epic Games lawsuit. Ironically, Friedman actually suggests that Facebook does a better job of detecting it than Apple did: "The spotlight at Facebook etc. is all on trust and safety (fake accounts, etc). In privacy, they suck. Our priorities are the inverse. Which is why we are the greatest platform for distributing child porn, etc."

A fellow exec queries this, asking whether it can really be true: "Really? I mean, is there a lot of this in our ecosystem? I thought there were even more opportunities for bad actors on other file sharing systems." Friedman responds with the single word, "Yes." The document is unsurprisingly labeled "Highly confidential -- attorneys' eyes only."

The stunning revelation may well be explained by the fact that iCloud photo storage is on by default, even if it's just the paltry 5GB the company gives everyone as standard. This means the service may be the most-used cloud service for photos -- in contrast to competing ones where users have to opt in. Apple has said that it has been looking at the CSAM problem for some time, and was trying to figure out a privacy-protecting way to detect it. It may well be this specific conversation that led the company to prioritize these efforts.