Amazon's Ring doorbell cameras just added two new privacy and security features "amid rising scrutiny on the company," reports The Hill, including "a second layer of authentication by requiring users to enter a one-time code shared via email or SMS when they try to log in to see the feed from their cameras starting this week...

"Until recently the company did not notify users when their accounts had been logged in to, meaning that hackers could have accessed camera feeds without owners being aware."

But CBS News reports that the changes appeared "two weeks after a study showed the company shares customers' personal information with Facebook, Google and other parties without users' consent." In late January, an Electronic Frontier Foundation (EFF) study found the company regularly shares user data with Facebook, including that of Ring users who don't have accounts on the social media platform... EFF claims the company shares a lot of other user data, including people's names, email addresses, when the doorbell app was being used, the number of devices a user has, model numbers of devices, user's unique internet addresses and more. Such information could allow third parties to know when Ring users are at home or away, and potentially target them with advertising for services based on that info...

The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements "where applicable." The spokesperson declined to clarify what "where applicable" might mean.
Evan Greer, deputy director of digital rights organization Fight for the Future, shared a skeptical response with The Hill.

"No amount of security updates will change the fact that these devices are enabling a nationwide, for-profit, surveillance empire. Amazon Ring is fundamentally incompatible with democracy and human rights."

An anonymous reader quotes a report from TechCrunch: A social media boosting startup, which bills itself as a service to increase a user's Instagram followers, has exposed thousands of Instagram account passwords. The company, Social Captain, says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started. But TechCrunch learned this week Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain sight, so long as they had connected their account to the platform.

Making matters worse, a website bug allowed anyone access to any Social Captain user's profile without having to log in -- simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account -- and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information with relative ease. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.

"The spreadsheet contained about 4,700 complete sets of Instagram usernames and passwords," the report says. "The rest of the records contained just the user's name and their email address."

Many Disney+ users who have had their accounts stolen and put up for sale on the dark web say that Disney has yet to sort their problems. The firm says it does not believe its systems have been compromised, suggesting that members' details have been stolen by other means. The BBC reports: On November 12, its first day live, people had technical problems and many complained on social media. Others said they were locked out of their accounts, and since they contacted Disney they have not heard back. According to an investigation by ZDNet, thousands of user accounts went on sale on the dark web. Only hours after the service launched, hackers were selling Disney+ accounts for as little as $3. A subscription to the service costs $7 a month. With the help of a cyber-security researcher, the BBC also found several hacked customer accounts for sale on the dark web.

Many say they used unique userIDs and passwords to access the streaming platform. But Jason Hill, a lead researcher with CyberInt, says it looks like many were stolen because people use the same passwords for different sites. Mr Hill said that hackers can lift someone's password from a different site which has previously been hacked and then try it on a new site, like Disney+. If it works, they steal the account. The streaming service does not have two-factor authentication. Others are concerned because they can use their Disney+ login to access other products the company provides, like the Disney store and its recreation parks.

"Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, continued undetected for the past years by using malware families previously unknown to security researchers," reports BleepingComputer -- citing a surprisingly detailed report: Relying on stealthy communication techniques between infected systems and the command and control servers, the group managed to keep their activity under the radar for a long time. Cyber-espionage campaigns that likely started in 2013, collectively named "Operation Ghost," have been attributed to this group, and continued through 2019...

Researchers at ESET tracking this threat actor found at least three victims of Operation Ghost, all being European Ministries of Foreign Affairs including the Washington DC embassy of a European Union country. The victim count is likely larger but identifying them is difficult because the threat actor uses unique command and control infrastructure for each target.
The report notes the group used sites like Reddit, Twitter, and Imgur to deliver the URLs for some command-and-control servers, along with information hidden in images. And another stage of its malware platform used an even more robust site for its command-and-control server: Dropbox.

Rob Enderle reports on the excitement at AMD's Epyc processor launch in San Francisco: I've been at a lot of AMD events, and up until this one, the general message was that AMD was almost as good as Intel but not as expensive. This year it is very different; Intel has stumbled badly, and AMD is moving to take the leadership role in the data center, so its message isn't that it is nearly as good but cheaper anymore; it is that it has better customer focus, better security and better performance. Intel's slip really was around trust, and as Intel seemed to abandon the processor segment, OEMs and customers lost faith, and AMD is capitalizing on that slip...

AMD has always been relatively conservative, but Lisa Su, AMD's CEO, stated that the company has broken 80 performance records and that this new processor is the highest-performing one in the segment. This is one thing Lisa's IBM training helps validate; I went through that training myself and, at IBM, you aren't allowed to make false claims. AMD isn't making a false claim here. The new Epyc 2 is 64 cores and 128 threads and with PCIe generation 4, it has 128 lanes on top its 7nm technology, which currently also appears to lead the market. Over the years the average performance for the data center chips, according to Su, has improved around 15% per year. The last generation of Epyc exceeded this when it launched, but just slightly. This new generation blows the curve out; instead of 15% year-over-year improvement, it is closer to 100%...

Intel has had a number of dire security problems that it didn't disclose in timely fashion, making their largest customers very nervous. AMD is going after this vulnerability aggressively and pointing to how they've uniquely hardened Epyc 2 so that customers that use it have few, if any, of the concerns they've had surrounding Intel parts. Part of this is jumping to more than 500 unique encryption keys tied to the platform.
Besides Google and Twitter, AMD's event also included announcements from Hewlett-Packard Enterprise, Dell, Cray, Lenovo, and Microsoft Azure. For example, Hewlett Packard Enterprise has three systems immediately available with AMD's new processor, the article reports, with plan to have 9 more within the next 12 months. And their CTO told the audience that their new systems have already broken 37 world performance records, and "attested to the fact that some of the most powerful supercomputers coming to market will use this processor, because it is higher performing," calling them the most secure in the industry and the highest-performing.

"AMD came to play in San Francisco this week," Enderle writes. "I've never seen it go after Intel this aggressively and, to be frank, this would have failed had it not been for the massive third-party advocacy behind Epyc 2. I've been in this business since the mid-'80s, and I've never seen this level of advocacy for a new processor ever before. And it was critical that AMD set this new bar; I guess this was an extra record they set, but AMD can legitimately argue that it is the new market leader, at least in terms of both raw and price performance, in the HPC in the server segment.

"I think this also showcases how badly Intel is bleeding support after abandoning the IDF (Intel Developer Forum) conference."

Twitter has disclosed more bugs related to how it uses personal data for ad targeting that means it may have shared users data with advertising partners even when a user had expressly told it not to. TechCrunch reports: Back in May the social network disclosed a bug that in certain conditions resulted in an account's location data being shared with a Twitter ad partner, during real-time bidding (RTB) auctions. In a blog post on its Help Center about the latest "issues" Twitter says it "recently" found, it admits to finding two problems with users' ad settings choices that mean they "may not have worked as intended." It claims both problems were fixed on August 5. Though it does not specify when it realized it was processing user data without their consent.

The first bug relates to tracking ad conversions. This meant that if a Twitter user clicked or viewed an ad for a mobile application on the platform and subsequently interacted with the mobile app Twitter says it "may have shared certain data (e.g., country code; if you engaged with the ad and when; information about the ad, etc)" with its ad measurement and advertising partners -- regardless of whether the user had agreed their personal data could be shared in this way. It suggests this leak of data has been happening since May 2018 -- which is also the day when Europe's updated privacy framework, GDPR, came into force. Twitter specifies that it does not share users' names, Twitter handles, email or phone number with ad partners. However it does share a user's mobile device identifier, which GDPR treats as personal data as it acts as a unique identifier. The second issue Twitter discloses in the blog post also relates to tracking users' wider web browsing to serve them targeted ads. Here Twitter admits that, since September 2018, it may have served targeted ads that used inferences made about the user's interests based on tracking their wider use of the Internet -- even when the user had not given permission to be tracked.

Facebook has built tools to track posts on Facebook and WhatsApp that talk about its executives, products, or moves Bloomberg reported on Monday. The company has been, for years, routinely using these tools to "snuff out" posts that it deems to offer untrue characterization of its services or people. From the report: Many companies monitor social media to learn what customers are saying about them. But Facebook's position is unique. It owns the platform it's watching, an advantage that may help Facebook track and reach users more effectively than other firms. And Facebook has been saddled with so many real problems recently that sometimes misinformation can stick. Stormchaser is just one of multiple tools Facebook has deployed to manage its reputation, which has taken a dramatic hit thanks to its role in spreading Russian misinformation during the U.S. election and numerous privacy scandals. The company employs hundreds of public relations officials and spent $13 million on government lobbying in 2018. Zuckerberg and Facebook Chief Operating Officer Sheryl Sandberg have become so intertwined with the company's image that Facebook routinely collects public survey data to understand how the general public views them -- data that shapes what the executives say and do publicly. Facebook's response: "We didn't use this internal tool to fight false news because that wasn't what it was built for, and it wouldn't have worked," the spokeswoman wrote in an email. "The tool was built with simple technology that helped us detect posts about Facebook based on keywords, so we could consider whether to respond to product confusion on our own platform. Comparing the two is a false equivalence." The New York Times' tech columnist Kevin Roose, writes: You could write a dissertation about this quote, and the difference between what Facebook considers "product confusion" (wrong stuff about us, which must be removed immediately) and "false news" (wrong stuff about other people, which is protected free speech).

Troy Hunt, the owner and founder of the well-known and respected data breach notification website "Have I Been Pwned," announced today that he's actively looking for a buyer.

"To date, every line of code, every configuration and every breached record has been handled by me alone. There is no 'HIBP team,' there's one guy keeping the whole thing afloat," Hunt wrote. "It's time for HIBP to grow up. It's time to go from that one guy doing what he can in his available time to a better-resourced and better-funded structure that's able to do way more than what I ever could on my own." Motherboard reports: Over the years, Have I Been Pwned has become the repository for data breaches on the internet, a place where users can search for their email address and see whether they have been part of a data breach. It's now also a service where people can sign up to get notified whenever their accounts get breached. It's perhaps the most useful, free, cybersecurity service in the world. Hunt said he's already had informal conversations with some organizations that might be interested in buying the service. Hunt said he's engaged the financial consulting firm KPMG to look for a buyer.

In the post, Hunt shared some staggering numbers that explain just how big Have I Been Pwned has become: 8 billion breached records, nearly 3 million people subscribed to notifications, who have been emailed about a breach 7 million times, 150,000 unique visitors to the site on a normal day, 10 million on an abnormal day. Regardless of who buys the site, Hunt made a series of commitments on the future of Have I Been Pwned: searches should remain free for consumers, the platform should expand and grow, and, finally, he wants to stay involved in some capacity.

The US Navy is seeking to create an archive of at least 350 billion social media posts from around the world, in order to study how people talk online. From a report: The military project team has not specified which social media platform it intends to collect the data from. The posts must be publicly available, come from at least 100 different countries and include at least 60 different languages. They should also date between 2014 and 2016. The details were revealed in a tender document from the Naval Postgraduate School for a firm to provide the data. Applications have now closed. Additional requirements included: the posts must come from at least 200 million unique users; no more than 30% can come from a particular country; at least 50% must be in a language other than English; location information must be included in at least 20% of the records; private messaging and user information will not form part of the database.

You asked, he answered!

Bill Ottman, founder and CEO of social networking site Minds.com, has answered more than a dozen questions that Slashdot readers sent his way. Ottman has addressed a wide-range of queries surrounding how Minds.com makes use of tokens; how many users the platform has; and, who is Minds.com aimed for. You can read his answers below. For those of you who are going to give Minds.com a try, you can find Slashdot there.

Early Facebook investor Roger McNamee published a scathing 3,000-word article adapted from his new book Zucked: Waking Up to the Facebook Catastrophe. Here's just one example of what's left him "shocked and disappointed": Facebook (along with Google and Twitter) has undercut the free press from two directions: it has eroded the economics of journalism and then overwhelmed it with disinformation. On Facebook, information and disinformation look the same; the only difference is that disinformation generates more revenue, so it gets better treatment.... At Facebook's scale -- or Google's -- there is no way to avoid influencing the lives of users and the future of nations. Recent history suggests that the threat to democracy is real. The efforts to date by Facebook, Google and Twitter to protect future elections may be sincere, but there is no reason to think they will do anything more than start a game of whack-a-mole with those who choose to interfere. Only fundamental changes to business models can reduce the risk to democracy.
Google and Facebook "are artificially profitable because they do not pay for the damage they cause," McNamee argues, adding that some medical researchers "have raised alarms noting that we have allowed unsupervised psychological experiments on millions of people."

But what's unique is he's offering specific suggestions to fix it.

• "I want to set limits on the markets in which monopoly-class players like Facebook, Google and Amazon can operate. The economy would benefit from breaking them up. A first step would be to prevent acquisitions, as well as cross subsidies and data sharing among products within each platform."

• "Another important regulatory opportunity is data portability, such that users can move everything of value from one platform to another. This would help enable startups to overcome an otherwise insurmountable barrier to adoption."

• "Given that social media is practically a public utility, I think it is worth considering more aggressive strategies, including government subsidies."

• "There need to be versions of Facebook News Feed and all search results that are free of manipulation."

• "I would like to address privacy with a new model of authentication for website access that permits websites to gather only the minimum amount of data required for each transaction.... it would store private data on the device, not in the cloud. Apple has embraced this model, offering its customers valuable privacy and security advantages over Android."

• "No one should be able to use a user's data in any way without explicit, prior consent. Third-party audits of algorithms, comparable to what exists now for financial statements, would create the transparency necessary to limit undesirable consequences."

• "There should be limits on what kind of data can be collected, such that users can limit data collection or choose privacy. This needs to be done immediately, before new products like Alexa and Google Home reach mass adoption."

DerbyCon 9.0, the upcoming edition of the popular InfoSec conference in September, will be its last. From an official announcement: When we first started DerbyCon, our goal was to create a conference where we could all come together to collaborate and share as a community, but most importantly as a profession. DerbyCon 1.0 was a huge gamble for us both personally and financially, but we believed in what we were doing, and it worked. For those that don't know the history of DerbyCon, it started off inside of a pizza shop as an idea between a few friends. Our goal was to create an affordable conference that shared a lot of what we had experienced in our early days in security. The ideas of collaboration, community, and the betterment of the industry and the safety of technology were at the forefront. At the end of DerbyCon 1.0, we realized that the conference was a huge success and our dream became a reality.

[...] What we have had to deal with on the back-end the past few years is more than just running a conference and sharing with friends. The conference scene in general changed drastically and small pocket groups focus on outrage and disruption where there is no right answer (regardless of how you respond, it's wrong), instead of coming together, or making the industry better. There is a small, yet vocal group of people creating negativity, polarization, and disruption, with the primary intent of self-promotion to advance a career, for personal gain, or for more social media followers. Individuals that would have us be judge, jury, and executioner for people they have had issues with outside of the conference that has nothing to do with the conference itself.

Instead of working hard in research, being a positive force in the industry, or sharing their own unique experiences (which makes us better as a whole), they tear others down in order to promote themselves. This isn't just about DerbyCon, it is present at other conferences as well and it's getting worse each year. We've spoken with a number of conference organizers, and each year it becomes substantially more difficult to host a conference where people can come together in large group settings. It's not just conferences either. This behavior is happening all over the place on social media, in our industry, targeting people trying to do good. As a community, we add fuel to fire, attack others, and give them a platform in one massive toxic environment. We do this all in fear of repercussions from upsetting others. Until this pattern changes, it will continue to get worse.

An anonymous reader quotes a report from Gizmodo: It's not a great time to visit the UK as a tourist. Besides all the Brexit nonsense and the December weather, one of our greatest tourist spots is under scaffolding and silent. Poor old Big Ben (and its Elizabeth Tower) are undergoing refurbishment at the moment, so there's not much to see if you want to snap a photo of the famous view. Snapchat's decided the way to fix this is with a Westminster-specific Snapchat Lens. When you activate the lens and point the Snap camera at the tower, the scaffolding peels back and Large Benjamin is there in all his glory again. Eitan Pilipski, VP of the Snap Camera Platform, said in a statement: "We are thrilled to unwrap Big Ben for our Snapchat community in London. This holiday, we wanted to showcase the imaginative power of Snap's Augmented Reality experiences by deconstructing the scaffolding around Big Ben -- at least for a few special moments. We believe that every great AR experience reveals new possibilities. Our goal was to bring together the most cutting edge mapping and imaging technologies to create the kind of unique, location-specific experience that only Snap -- and perhaps Father Christmas -- can deliver."

Netflix CEO Reed Hastings loves to identify sleep as the biggest competition of its service. "Sometimes employees at Netflix think, 'Oh my god, we're competing with FX, HBO, or Amazon, but think about it. If you didn't watch Netflix last night: What did you do? There's such a broad range of things that you did to relax and unwind, hang out, and connect -- and we compete with all of that," he once said. "You get a show or a movie you're really dying to watch, and you end up staying up late at night, so we actually compete with sleep," he added. Turns out, Hastings does not need to look that far for competition.

From a report: Despite Netflix and Amazon investing billions of dollars in producing original content, they are struggling to make inroads in emerging markets. YouTube, on the other hand, is growing rapidly, becoming a daily habit for even new internet users. In India, for instance, YouTube reaches 245 million unique users each month, or 85 percent of all internet users in the country, the company told VentureBeat. About 60 percent of all YouTube traffic in India comes from outside of its six major cities. [Globally, YouTube has 1.9 billion monthly active users.]

As consumption on YouTube grows, creators are also finding loyal audiences. In India alone, YouTube now has more than 600 channels with more than 1 million subscribers, up from 20 channels in 2016. Record label T-Series, which is fighting with PewDiePie for the title of most-subscribed YouTube channel, took 10 years to get to its first 10 million subscribers. In the last two years, it has grown to 60 million subscribers. Globally, YouTube says the number of channels with more than 1 million subscribers has grown by 75 percent this year.

Globally, YouTube told VentureBeat that 75 percent of the platform's watch time occurs on a mobile device. The average watch time for a mobile user is 60 minutes per day. Or in other words, this is the time a user could have spent watching Netflix. According to eMarketer's estimates, an average user would spend about 86 minutes per day watching digital videos on streaming services this year.

Tim Berners-Lee, writing for The New York Times: All technologies come with risks. We drive cars despite the possibility of serious accidents. We take prescription drugs despite the danger of abuse and addiction. We build safeguards into new innovations so we can manage the risks while benefiting from the opportunities. The web is a global platform -- its challenges stretch across borders and cultures. Just as the web was built by millions of people collaborating around the world, its future relies on our collective ability to make it a better tool for everyone.

As we forge the web of tomorrow, we need a set of guiding principles that can define the kind of web we want. Identifying these will not be easy -- any agreement that covers a diverse group of countries, cultures and interests will never be. But I believe it's possible to develop a set of basic ideals that we can all agree on, and that will make the web work better for everyone, including the 50 percent of the world's population that has yet to come online.

Governments, companies and individuals all have unique roles to play. The World Wide Web Foundation, an organization I founded in 2009 to protect the web as a public good, has drawn up a set of core principles outlining the responsibilities that each party has to protect a web that serves all of humanity. We're asking everyone to sign on to these principles and join us as we create a formal Contract for the Web in 2019. The principles specify that governments are responsible for connecting their citizens to an open web that respects their rights.

Facebook will now freely allow developers to build competitors to its features upon its own platform. Today Facebook announced it will drop Platform Policy section 4.1, which stipulates "Add something unique to the community. Don't replicate core functionality that Facebook already provides." TechCrunch reports: Facebook had previously enforced that policy selectively to hurt competitors that had used its Find Friends or viral distribution features. Apps like Vine, Voxer, MessageMe, Phhhoto and more had been cut off from Facebook's platform for too closely replicating its video, messaging or GIF creation tools. The move will significantly reduce the risk of building on the Facebook platform. It could also cast it in a better light in the eyes of regulators. Anyone seeking ways Facebook abuses its dominance will lose a talking point. And by creating a more fair and open platform where developers can build without fear of straying too close to Facebook's history or road map, it could reinvigorate its developer ecosystem. In a statement to TechCrunch, a Facebook spokesperson said: "We built our developer platform years ago to pave the way for innovation in social apps and services. At that time we made the decision to restrict apps built on top of our platform that replicated our core functionality. These kind of restrictions are common across the tech industry with different platforms having their own variant including YouTube, Twitter, Snap and Apple. We regularly review our policies to ensure they are both protecting people's data and enabling useful services to be built on our platform for the benefit of the Facebook community. As part of our ongoing review we have decided that we will remove this out of date policy so that our platform remains as open as possible. We think this is the right thing to do as platforms and technology develop and grow."

At its developer conference Wednesday, Samsung introduced its new Infinity Flex Display, a foldable OLED screen that can allow manufacturers like Samsung to create new, unique devices such as a phone that folds out to become a tablet-like device with a larger display. From a report: "The foldable display lays the foundation for a new kind of mobile experience," said DJ Koh, president and CEO of Samsung IT and mobile communications division, in a statement. "We are excited to work with developers on this new platform to create new value for our customers." Although the product shown Wednesday was just a prototype, the company plans to release a consumer product that features the technology in the coming months. In addition to creating the hardware, Samsung has partnered with Google to work on the software to make sure apps work seamlessly regardless of whether the display is folded in a "smartphone-like" mode or opened fully as akin to a tablet.

Virtual reality is a modern-day beacon of escapism -- a way to fully immerse yourself in other worlds -- and it's seeing unprecedented applications. The market, no surprise, is exploding, with some industry groups estimating a $60 billion global market by 2022. As business booms, however, people who are using the tech are reporting a growing number of physical side effects -- like VR arm, but worse: eye strain, dizziness, headaches, nausea, and even dissociative experiences. From a report: VR companies recommend that people take frequent breaks and moderate their VR time when they're first starting out. "As you become accustomed to the virtual reality experience, you can begin increasing the amount of time you use Daydream View," reads one line of the health and safety information included with Google's VR platform. But what happens when it's your job to build these escapist technologies? The potential health risks for everyday consumers are compounded for those who make VR products for a living.

When VR bigwig Jeremy Bailenson founded Stanford University's Virtual Human Interaction Lab, in 2003, two items were even more important than the VR equipment he was using: "We had to keep a bucket in the lab and a mop nearby," Bailenson says. Today, he institutes a strict 20-minute limit on headset time for people in his lab. These health effects produce unique challenges for VR developers. "We have to understand not just the good but also the downsides of this technology. There a lot of questions we need to answer," Bailenson says. "The whole point of VR is it takes you out of your space, but you can't be doing that for many hours a day."

[...] Suddenly rotating around a virtual environment using handled controllers or quickly looking left and right in the VR space without any concomitant physical movement in the real world tend to physically affect Jonathan Yomayuza, VR technical director at the Emblematic Group, a creative firm based in Southern California. [...] The feeling Yomayuza describes is common among people who work with or use VR.

"BuzzFeed has this story about proposals to make social media bots identify themselves as fake people," writes an anonymous Slashdot reader. "[It's] based on a paper by a law professor and a fellow researcher." From the report: General concerns about the ethical implications of misleading people with convincingly humanlike bots, as well as specific concerns about the extensive use of bots in the 2016 election, have led many to call for rules regulating the manner in which bots interact with the world. "An AI system must clearly disclose that it is not human," the president of the Allen Institute on Artificial Intelligence, hardly a Luddite, argued in the New York Times. Legislators in California and elsewhere have taken up such calls. SB-1001, a bill that comfortably passed the California Senate, would effectively require bots to disclose that they are not people in many settings. Sen. Dianne Feinstein has introduced a similar bill for consideration in the United States Senate.

In our essay, we outline several principles for regulating bot speech. Free from the formal limits of the First Amendment, online platforms such as Twitter and Facebook have more leeway to regulate automated misbehavior. These platforms may be better positioned to address bots' unique and systematic impacts. Browser extensions, platform settings, and other tools could be used to filter or minimize undesirable bot speech more effectively and without requiring government intervention that could potentially run afoul of the First Amendment. A better role for government might be to hold platforms accountable for doing too little to address legitimate societal concerns over automated speech. [A]ny regulatory effort to domesticate the problem of bots must be sensitive to free speech concerns and justified in reference to the harms bots present. Blanket calls for bot disclosure to date lack the subtlety needed to address bot speech effectively without raising the specter of censorship.

News outlet The Intercept on Monday published a report that reveals eight AT&T-owned locations: two in California, one in Washington, another in Washington, D.C., one in New York, one in Texas, one in Illinois, and one in Georgia, that serve as backbone or "peering" facilities that the NSA has secretly been using for eavesdropping purposes. Spokespeople of AT&T, which refers to the aforementioned peering sites as "Service Node Routing Complexes", and NSA, could neither confirm or deny the report's findings. From the report: The NSA considers AT&T to be one of its most trusted partners and has lauded the company's "extreme willingness to help." It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T's customers. According to the NSA's documents, it values AT&T not only because it "has access to information that transits the nation," but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T's massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

[...] While network operators would usually prefer to send data through their own networks, often a more direct and cost-efficient path is provided by other providers' infrastructure. If one network in a specific area of the country is overloaded with data traffic, another operator with capacity to spare can sell or exchange bandwidth, reducing the strain on the congested region. This exchange of traffic is called "peering" and is an essential feature of the internet.

Because of AT&T's position as one of the U.S.'s leading telecommunications companies, it has a large network that is frequently used by other providers to transport their customers' data. Companies that "peer" with AT&T include the American telecommunications giants Sprint, Cogent Communications, and Level 3, as well as foreign companies such as Sweden's Telia, India's Tata Communications, Italy's Telecom Italia, and Germany's Deutsche Telekom.