An anonymous reader quotes a report from Ars Technica: Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department. The attack drew considerable concern because it's the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers -- who have been linked to a Moscow-based research lab owned by the Russian government -- have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America's Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for "knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation." Under the sanctions, all property of TsNIIKhM that is or has come within the possession of a US person is blocked, and US persons are generally prohibited from engaging in transactions with anyone in the group. What's more, any legal entity that's 50-percent or more owned by one of the center members is also blocked. Some non-US persons who engage in transactions with TsNIIKhM may be subject to sanctions.

"Singapore will become the world's first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse," reports AFP: Face scanning technology remains controversial despite its growing use and critics have raised ethical concerns about it in some countries — for instance, law enforcement agencies scanning crowds at large events to look for troublemakers. Singapore authorities are frequently accused of targeting government critics and taking a hard line on dissent, and activists are concerned about how the face scanning tech will be used. "There are no clear and explicit restraints on government power when it comes to things like surveillance and data gathering," said Kirsten Han, a freelance journalist from the city. "Will we one day discover that this data is in the hands of the police or in the hands of some other agency that we didn't specifically give consent for?"

Those behind the Singapore scheme stress facial verification is different to recognition as it requires user consent, but privacy advocates remain sceptical. "The technology is still far from benign," Privacy International research officer Tom Fisher told AFP. He said systems like the one planned for Singapore left "opportunities for exploitation", such as use of data to track and profile people.

Catalin Cimpanu, writing for ZDNet: For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report. Just like the previous SIR reports, Microsoft has yet again delivered. Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers. The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft's main findings, and general threat landscape trends.

[...] But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company's incident response (IR) engagements from October 2019 through July 2020. And of all ransomware gangs, it's the groups known as "big game hunters" and "human-operated ransomware" that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments. Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities. In most cases, groups gain access to a system and maintain a foothold until they're ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic. "Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim's system â" compromising, exfiltrating data and, in some cases, ransoming quickly â" apparently believing that there would be an increased willingness to pay as a result of the outbreak," Microsoft said today. "In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes."

Amazon accounts for nearly 40 percent of e-commerce sales in the US today, and it takes a cut of even more online shopping by selling payments services and other technologies to external shopping sites. Now, the online retail giant is making a play to grab a piece of brick-and-mortar shopping, too -- and it wants customers to literally lend a hand to do it. From a report: Amazon on Tuesday is unveiling a new biometric technology called Amazon One that allows shoppers to pay at stores by placing their palm over a scanning device when they walk in the door or when they check out. The first time they register to use this tech, a customer will scan their palm and insert their payment card at a terminal; after that, they can simply pay with their hand. The hand-scanning tech isn't just for Amazon's own stores -- the company hopes to sell it to other retailers, including competitors, too.

The technology will be available at the entrance of two of the company's Amazon Go cashierless convenience stores in Seattle, Washington, starting Tuesday, and will roll out to the rest of the chain's 20-plus stores in the future, Amazon Vice President Dilip Kumar told Recode in an interview Monday. Recode reported in December that Amazon had filed a patent application for such a hand-payment technology. The technology could also show up in Whole Foods stores, with Amazon hinting in a press release that it will introduce palm payments in the coming months at its other stores beyondtAmazon Go locations. Kumar wouldn't comment on a potential Whole Foods implementation, though the New York Post reported a year ago that such a plan was in the works.

An anonymous reader shares a report from Motherboard, written by Jason Koebler: In late July, America was briefly enthralled with "Unsolicited Seeds from China," which started showing up in mailboxes in all 50 states. These mystery seeds prompted warnings from the USDA, which said people should not plant them, and should instead alert their state agricultural authority and mail them to the USDA or their local officials. Many Americans heeded this advice. Many more decidedly did not. According to documents obtained by Motherboard from state departments of agriculture, at least hundreds, perhaps thousands of Americans planted the seeds. Since the seed story originally broke, I have been obsessed with learning more. To do this, I filed 52 freedom of information requests; one with each of the departments of agriculture (or their state-level equivalent) in all 50 states plus Washington DC and Puerto Rico. I also filed requests with the USDA and several of its labs. Thousands of pages of emails, spreadsheets, reports, and documents, as well as audio voicemail recordings, have been trickling in for the last month, and they have been enlightening in many ways.

While scanning through thousands of pages of documents about the seeds, it became clear that, for at least the first few weeks, no one had any idea who sent the seeds, where they came from (other than "China"), or the goal of the seed mailing campaign. Eventually, the official line became that this was a "brushing" campaign, in which items of small value are sent to people whose online accounts have been compromised, or are sent to people as a "gift." In order to leave a positive review from a "verified buyer" (which is weighted higher because the person nominally bought and used the product), you need to have actually bought or received an item, so by receiving seeds, reviews from that account or name will be weighted higher. The "brushing" idea is still what USDA and other agencies are saying, but, at least in the emails I've reviewed there's very little talk about how the scam worked or why it happened. This campaign also seems to be much larger than any other known brushing campaign or any other seed mailing campaign.

One thing is clear to me, from reading these documents. American people do not seem particularly well-prepared for scams of this nature. The emails between public officials and scientists, who were dealing with a difficult situation, seem efficient, professional, and appropriately cautious. But communication from the general public is concerning. People planted seeds even when expressly told not to. Hundreds of people had no idea whether they had ever ordered seeds, or how to check. Some people called 911. Others ate the seeds. Others ordered something specific, got what they ordered from who they ordered it from, then still panicked. Others were furious they had to pay for postage to send the seeds to the government. From one recipient in North Carolina: "I did not receive seeds. I received a suspicious package from China with a spoon and a fork in it my concerns are that it is full of Covid."

A new large-scale survey of the sky looked into the dark forest of the cosmos, examining over 10 million stars, but failed to turn up any evidence of alien technologies. CNET reports: The study, published in Publications of the Astronomical Society of Australia on Monday, details a search for extraterrestrial intelligence (SETI) using the Murchison Widefield Array (MWA), a collection of 4096 antennas planted in the red soil of Western Australia that detects radio signals from space. "They are little spider-like antennas that sit on the ground," explains Chenoa Tremblay, co-author on the study and astrophysicist with CSIRO, an Australian government scientific research organization.

Tremblay and co-author Stephen Tingay, from the International Centre for Radio Astronomy Research, used the MWA to listen out for "technosignatures," or evidence of alien technology, in a portion of the sky around the Vela constellation. Tremblay explains this region is scientifically interesting because a large number of stars have exploded and died, creating ideal conditions for new stars to form. The search for extraterrestrial life "piggy-backs" on other work studying this region to understand the life cycle of stars. [...] After listening to the Vela region for 17 hours, no unknown signals were detected. While the survey was able to capture over 10.3 million stellar sources and contained six known exoplanets (likely many more exist in the region), the team notes it was like trying to find something in an ocean, but only studying "a volume of water equivalent to a large backyard swimming pool." And there's another big caveat. "Looking for technosignatures is assuming that the civilization have technology similar to our own," says Tremblay.

Monica Chin, reporting for The Verge: On Monday, Dana Simmons came downstairs to find her 12-year-old son, Lazare, in tears. He'd completed the first assignment for his seventh-grade history class on Edgenuity, an online platform for virtual learning. He'd received a 50 out of 100. That wasn't on a practice test -- it was his real grade. "He was like, I'm gonna have to get a 100 on all the rest of this to make up for this," said Simmons in a phone interview with The Verge. "He was totally dejected." At first, Simmons tried to console her son. "I was like well, you know, some teachers grade really harshly at the beginning," said Simmons, who is a history professor herself. Then, Lazare clarified that he'd received his grade less than a second after submitting his answers. A teacher couldn't have read his response in that time, Simmons knew -- her son was being graded by an algorithm. Simmons watched Lazare complete more assignments. She looked at the correct answers, which Edgenuity revealed at the end. She surmised that Edgenuity's AI was scanning for specific keywords that it expected to see in students' answers. And she decided to game it.

Now, for every short-answer question, Lazare writes two long sentences followed by a disjointed list of keywords -- anything that seems relevant to the question. "The questions are things like... 'What was the advantage of Constantinople's location for the power of the Byzantine empire,'" Simmons says. "So you go through, okay, what are the possible keywords that are associated with this? Wealth, caravan, ship, India, China, Middle East, he just threw all of those words in." "I wanted to game it because I felt like it was an easy way to get a good grade," Lazare told The Verge. He usually digs the keywords out of the article or video the question is based on. Apparently, that "word salad" is enough to get a perfect grade on any short-answer question in an Edgenuity test. Edgenuity didn't respond to repeated requests for comment.

A government watchdog has criticized U.S. border authorities for failing to properly disclose the agency's use of facial recognition at airports, which included instructions on how Americans can opt out. From a report: U.S. Customs and Border Protection (CBP), tasked with protecting the border and screening immigrants, has deployed its face-scanning technology in 27 U.S. airports as part of its Biometric Entry-Exit Program. The program was set up to catch visitors who overstay their visas. Foreign nationals must complete a facial recognition check before they are allowed to enter and leave the United States, but U.S. citizens are allowed to opt out. But the Government Accountability Office (GAO) said in a new report out Wednesday that CBP did "not consistently" provide notices that informed Americans that they would be scanned as they depart the United States.

Two million truckers move 70% of America's goods. But hundreds of thousands of their jobs could be disrupted away, reports Jon Wertheim on the CBS news show 60 Minutes, in "a high-stakes, high-speed race pitting the usual suspects — Google and Tesla and other global tech firms — against small start-ups smelling opportunity."

One of those startups is TuSimple, and their company's chief product officer points out that an AI driving system never gets distracted or falls asleep at the wheel: Chuck Price has unshakable confidence in the reliability of the technology; as do some of the biggest names in shipping: UPS, Amazon and the U.S. Postal Service ship freight with TuSimple trucks. All in, each unit costs more than a quarter million dollars. Not a great expense, considering it's designed to eliminate the annual salary of a driver; currently around $45,000. Another savings: the driverless truck can get coast-to-coast in two days, not four, stopping only to refuel — though a human still has to do that...

Jon Wertheim: How far are we from being able to pick up the specific cars that are passing us? "Oh, that's Joe from New Jersey with six points on his license.

Chuck Price: We can read license plates. So if there was an accessible database for something like that, we could...

Test Driver Maureen Fitzgerald: This truck is scanning mirrors, looking 1,000 meters out. It's processing all the things that my brain could never do and it can react 15 times faster than I could.

Most of her two million fellow truckers are less enthusiastic. Automated trucking threatens to jack-knife an entire $800 billion industry. Trucking is among the most common jobs for American's without a college education.... Sam Loesche represents 600,000 truckers for the teamsters. He's concerned that federal, state and local governments have only limited access to the driverless technology.

Sam Loesche: A lot of this information, understandably, is proprietary. Tech companies wanna keep, you know, their algorithms and their safety data — secret until they can kinda get it right. The problem is that, in the meantime, they're testing this technology on public roads. They're testing it next to you as you drive down the road...

Internet Archive, in a blog post: Yesterday, the Internet Archive filed our response to the lawsuit brought by four commercial publishers to end the practice of Controlled Digital Lending (CDL), the digital equivalent of traditional library lending. CDL is a respectful and secure way to bring the breadth of our library collections to digital learners. Commercial ebooks, while useful, only cover a small fraction of the books in our libraries. As we launch into a fall semester that is largely remote, we must offer our students the best information to learn from -- collections that were purchased over centuries and are now being digitized. What is at stake with this lawsuit? Every digital learner's access to library books. That is why the Internet Archive is standing up to defend the rights of hundreds of libraries that are using Controlled Digital Lending. The publishers' lawsuit aims to stop the longstanding and widespread library practice of Controlled Digital Lending, and stop the hundreds of libraries using this system from providing their patrons with digital books. Through CDL, libraries lend a digitized version of the physical books they have acquired as long as the physical copy doesn't circulate and the digital files are protected from redistribution. This is how Internet Archive's lending library works, and has for more than nine years. Publishers are seeking to shut this library down, claiming copyright law does not allow it. Our response is simple: Copyright law does not stand in the way of libraries' rights to own books, to digitize their books, and to lend those books to patrons in a controlled way.

"The Authors Alliance has several thousand members around the world and we have endorsed the Controlled Digital Lending as a fair use," stated Pamela Samuelson, Authors Alliance founder and Richard M. Sherman Distinguished Professor of Law at Berkeley Law. "It's really tragic that at this time of pandemic that the publishers would try to basically cut off even access to a digital public library like the Internet Archive ... I think that the idea that lending a book is illegal is just wrong." These publishers clearly intend this lawsuit to have a chilling effect on Controlled Digital Lending at a moment in time when it can benefit digital learners the most. For students and educators, the 2020 fall semester will be unlike any other in recent history. From K-12 schools to universities, many institutions have already announced they will keep campuses closed or severely limit access to communal spaces and materials such as books because of public health concerns. The conversation we must be having is: how will those students, instructors and researchers access information -- from textbooks to primary sources? Unfortunately, four of the world's largest book publishers seem intent on undermining both libraries' missions and our attempts to keep educational systems operational during a global health crisis.

An anonymous reader quotes a report from The New York Times: When Google and Apple announced plans in April for free software to help alert people of their possible exposure to the coronavirus, the companies promoted it as "privacy preserving" and said it would not track users' locations. Encouraged by those guarantees, Germany, Switzerland and other countries used the code to develop national virus alert apps that have been downloaded more than 20 million times. But for the apps to work on smartphones with Google's Android operating system -- the most popular in the world -- users must first turn on the device location setting, which enables GPS and may allow Google to determine their locations.

Some government officials seemed surprised that the company could detect Android users' locations. After learning about it, Cecilie Lumbye Thorup, a spokeswoman for Denmark's Health Ministry, said her agency intended to "start a dialogue with Google about how they in general use location data." Switzerland said it had pushed Google for weeks to alter the location setting requirement. "Users should be able to use such proximity tracing apps without any bindings with other services," said Dr. Sang-Il Kim, the department head for digital transformation at Switzerland's Federal Office of Public Health, who oversees the country's virus-alert app. Latvia said it had pressed Google on the issue as it was developing its virus app. "We don't like that the GPS must be on," said Elina Dimina, head of the infectious-disease surveillance unit at Latvia's Center for Disease Prevention and Control. Google's location requirement adds to the slew of privacy and security concerns with virus-tracing apps, many of which were developed by governments before the new Apple-Google software became available. Now the Android location issue could undermine the privacy promises that governments made to the public. Pete Voss, a Google spokesman, claims the virus alert apps that use the company's software do not use device location. "The apps use Bluetooth scanning signals to detect smartphones that come into close contact with one another â" without needing to know the devices' locations at all," reports The New York Times. "Since 2015, Google's Android system has required users to enable location on their phones to scan for other Bluetooth devices, Mr. Voss said, because some apps may use Bluetooth to infer user location. For instance, some apps use Bluetooth beacons in stores to help marketers understand which aisle a smartphone user may be in."

"Once Android users turn on location, however, Google may determine their precise locations, using Wi-Fi, mobile networks and Bluetooth beacons, through a setting called Google Location Accuracy, and use the data to improve location services. Mr. Voss said apps that did not have user permission could not gain access to a person's Android device location."

America's border-protection agency "can track everyone's cars all over the country thanks to massive troves of automated license plate scanner data, a new report reveals," reports Ars Technica.

And they didn't need to request search warrants from the courts, the article explains, since "the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases." U.S. Customs and Border Protection (CBP) has been buying access to commercial automated license plate-reader databases since 2017, TechCrunch reports, and the agency says bluntly that there's no real way for any American to avoid having their movements tracked. "CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control," the agency wrote in its most recent privacy assessment. "The only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic...."

CBP already buys cell phone location data, even though it would not legally be able to hoover it up on a wide scale directly. Police also purchase hacked and breached data from third-party vendors that they can then use to track and identify individuals in ways that otherwise might have required a warrant.

Although hundreds of jurisdictions nationwide use automated plate-scanning technology, fewer than 20 states have laws of any kind on their books governing the collection, use, and storage of automated license plate-reader (ALPR) data. Even fewer of those laws specify what private entities can collect ALPR data and what can be done with that information. The software also seems to become more granular almost by the day.

Theoretically, CBP only has authority to operate within 100 miles of the US border. The data it purchases, however, may allow it to track any given license plate basically anywhere in the country.

Mr. Cooper was a retired high school history teacher using what NBC News calls those peer-to-peer networks where "the lack of corporate oversight creates the illusion of safety for people sharing illegal images."
Police were led to Cooper's door by a forensic tool called Child Protection System, which scans file-sharing networks and chatrooms to find computers that are downloading photos and videos depicting the sexual abuse of prepubescent children. The software, developed by the Child Rescue Coalition, a Florida-based nonprofit, can help establish the probable cause needed to get a search warrant... Cooper is one of more than 12,000 people arrested in cases flagged by the Child Protection System software over the past 10 years, according to the Child Rescue Coalition... The Child Protection System, which lets officers search by country, state, city or county, displays a ranked list of the internet addresses downloading the most problematic files...

The Child Protection System "has had a bigger effect for us than any tool anyone has ever created. It's been huge," said Dennis Nicewander, assistant state attorney in Broward County, Florida, who has used the software to prosecute about 200 cases over the last decade. "They have made it so automated and simple that the guys are just sitting there waiting to be arrested." The Child Rescue Coalition gives its technology for free to law enforcement agencies, and it is used by about 8,500 investigators in all 50 states. It's used in 95 other countries, including Canada, the U.K. and Brazil. Since 2010, the nonprofit has trained about 12,000 law enforcement investigators globally. Now, the Child Rescue Coalition is seeking partnerships with consumer-focused online platforms, including Facebook, school districts and a babysitter booking site, to determine whether people who are downloading illegal images are also trying to make contact with or work with minors...

The tool has a growing database of more than a million hashed images and videos, which it uses to find computers that have downloaded them. The software is able to track IP addresses — which are shared by people connected to the same Wi-Fi network — as well as individual devices. The system can follow devices even if the owners move or use virtual private networks, or VPNs, to mask the IP addresses, according to the Child Rescue Coalition.... Before getting a warrant, police typically subpoena the internet service provider to find out who holds the account and whether anyone at the address has a criminal history, has children or has access to children through work.
A lawyer who specializes in digital rights tells NBC that these tools need more oversight and testing. "There's a danger that the visceral awfulness of the child abuse blinds us to the civil liberties concerns. Tools like this hand a great deal of power and discretion to the government. There need to be really strong checks and safeguards."

Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes.

Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
[...]
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

An anonymous reader quotes a report from Ars Technica: Microsoft is moving forward with its promise to extend enterprise security protections to non-Windows platforms with the general release of a Linux version and a preview of one for Android. The software maker is also beefing up Windows security protections to scan for malicious firmware. The Linux and Android moves -- detailed in posts published on Tuesday here, here, and here -- follow a move last year to ship antivirus protections to macOS. Microsoft disclosed the firmware feature last week. All the new protections are available to users of Microsoft Advanced Threat Protection and require Windows 10 Enterprise Edition. Public pricing from Microsoft is either non-existent or difficult to find, but according to this site, costs range from $30 to $72 per machine per year to enterprise customers. "We are just at the beginning of our Linux journey and we are not stopping here!" Tuesday's post announcing the Linux general availability said. "We are committed to continuous expansion of our capabilities for Linux and will be bringing you enhancements in the coming months."

The Android preview, meanwhile, provides several protections, including:

- The blocking of phishing sites and other high-risk domains and URLs accessed through SMS/text, WhatsApp, email, browsers, and other apps. The features use the same Microsoft Defender
- SmartScreen services that are already available for Windows so that decisions to block suspicious sites will apply across all devices on a network.
- Proactive scanning for malicious or potentially unwanted applications and files that may be downloaded to a mobile device.
- Measures to block access to network resources when devices show signs of being compromised with malicious apps or malware.
- Integration to the same Microsoft Defender Security Center that's already available for Windows, macOS, and Linux. As for the new firmware protections, Microsoft's new offering via Microsoft Defender "scans Unified Extensible Firmware Interface, which is the successor to the traditional BIOS that most computers used during the boot process to locate and enumerate hardware installed," adds Ars. "The firmware scanner uses a new component added to virus protection already built into Defender."

Slashdot reader shirappu writes: For eight years now, the Mars Rover Curiosity has been exploring the surface of Mars. Even now, it's still exploring, and still getting upgrades. According to Tech Crunch, NASA is now looking to interested volunteers to help upgrade the rover's terrain-scanning AI systems by annotating image data of the planet itself.
"The problem is that while there are lots of ready-made data sets of images with faces, cats and cars labeled, there aren't many of the Martian surface annotated with different terrain types..." notes TechCrunch. "Improvements to the AI might let the rover tell not just where it can drive, but the likelihood of losing traction and other factors that could influence individual wheel placement."

shirappu continues: Volunteers go through a short tutorial after which they can label images to help the rover better understand the terrain on which it drives. The system is expected to be used in future planet rover robots, and the project marks an interesting example of open crowd-sourcing to improve machine learning systems, and how it is impacting technology even on other planets.

Click this link for the AI4Mars site link where people can volunteer.

Lily Hay Newman writes via Wired: Security researchers Noam Rotem and Ran Locar were scanning the open internet on May 24 when they stumbled upon a collection of publicly accessible Amazon Web Services "buckets." Each contained a trove of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt. In all, the researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users. They are publishing their findings today with vpnMentor.

The information was particularly sensitive and included sexually explicit photos and audio recordings. The researchers also found screenshots of private chats from other platforms and receipts for payments, sent between users within the app as part of the relationships they were building. And though the exposed data included limited "personally identifying information," like real names, birthdays, or email addresses, the researchers warn that a motivated hacker could have used the photos and other miscellaneous information available to identify many users. The data may not have actually been breached, but the potential was there. "The researchers don't know whether anyone else discovered the exposed trove before they did," the report adds. "If you use one of the affected apps there's not a lot you can do to protect against the possibility that the data was stolen before the researchers found it. There wasn't a specific trove of passwords in the exposed data, so changing your password likely won't do much."

All you can really do is hope the developer locks down the cloud infrastructure before anyone grabs the information.

The Internet Archive's National Emergency Library is finished. The non-profit repository for digital preservation, which began offering millions of e-books for free to address the closure of libraries during the pandemic, buckled under a joint lawsuit filed by major publishers including Penguin Random House and HarperCollins. From a report: Publishers said lending out books without compensation was "mass copyright infringement." The digital library will close next week. The archive of books was initially invite-only and only allowed a given file to be downloaded a limited number of times at once, with each rental limited to 14 days. But then the pandemic hit and libraries closed, so the Internet Archive responded by making all the books accessible to everyone, with no limits.

The Internet Archive is a massive endeavor -- it's an online library aiming to "provide Universal Access to All Knowledge." It has digitized millions of web pages, movies, photos, recordings, software programs, and books that might otherwise be lost to history. But it's neither un-censorable nor outside the bounds of copyright law. And now open internet supporters are wondering how to save it before it disappears.

An anonymous reader quotes a report from Ars Technica: In January, my coworker received a peculiar email. The message, which she forwarded to me, was from a handful of corporate Walmart employees calling themselves the "Concerned Home Office Associates." (Walmart's headquarters in Bentonville, Arkansas, is often referred to as the Home Office.) While it's not unusual for journalists to receive anonymous tips, they don't usually come with their own slickly produced videos. The employees said they were "past their breaking point" with Everseen, a small artificial intelligence firm based in Cork, Ireland, whose technology Walmart began using in 2017. Walmart uses Everseen in thousands of stores to prevent shoplifting at registers and self-checkout kiosks. But the workers claimed it misidentified innocuous behavior as theft and often failed to stop actual instances of stealing.

They told WIRED they were dismayed that their employer -- one of the largest retailers in the world -- was relying on AI they believed was flawed. One worker said that the technology was sometimes even referred to internally as "NeverSeen" because of its frequent mistakes. WIRED granted the employees anonymity because they are not authorized to speak to the press. The workers said they had been upset about Walmart's use of Everseen for years and claimed colleagues had raised concerns about the technology to managers but were rebuked. They decided to speak to the press, they said, after a June 2019 Business Insider article reported Walmart's partnership with Everseen publicly for the first time. The story described how Everseen uses AI to analyze footage from surveillance cameras installed in the ceiling and can detect issues in real time, such as when a customer places an item in their bag without scanning it. When the system spots something, it automatically alerts store associates. A video from the Concerned Home Office Associates "purports to show Everseen's technology failing to flag items not being scanned in three different Walmart stores," adds the report. "Set to cheery elevator music, it begins with a person using self-checkout to buy two jumbo packages of Reese's White Peanut Butter Cups. Because the packages are stacked on top of each other, only one is scanned, but both are successfully placed in the bagging area without issue."

"The same person then grabs two gallons of milk by their handles and moves them across the scanner with one hand. Only one is rung up, but both are put in the bagging area. They then put their own cell phone on top of the machine, and an alert pops up saying they need to wait for assistance -- a false positive."