F-Droid has warned that Google's upcoming developer verification program will kill the free and open source app repository. Google announced plans several weeks ago to force all Android app developers to register their apps and identity with the company. Apps not validated by Google will not be installable on certified Android devices.

F-Droid says it cannot require developers to register with Google or take over app identifiers to register for them. The site operators say doing so would effectively take over distribution rights from app authors. Google plans to begin testing the verification scheme in the coming weeks and may charge registration fees. Unverified apps will start being blocked next year in Brazil, Indonesia, Singapore, and Thailand before expanding globally in 2027. F-Droid is calling on US and EU regulators to intervene.

Last week America's financial aid program announced that "the rate of fraud through stolen identities has reached a level that imperils the federal student aid programs."

Or, as the Associated Press suggests: Online classes + AI = financial aid fraud. "In some cases, professors discover almost no one in their class is real..." Fake college enrollments have been surging as crime rings deploy "ghost students" — chatbots that join online classrooms and stay just long enough to collect a financial aid check... Students get locked out of the classes they need to graduate as bots push courses over their enrollment limits.

And victims of identity theft who discover loans fraudulently taken out in their names must go through months of calling colleges, the Federal Student Aid office and loan servicers to try to get the debt erased. [Last week], the U.S. Education Department introduced a temporary rule requiring students to show colleges a government-issued ID to prove their identity... "The rate of fraud through stolen identities has reached a level that imperils the federal student aid program," the department said in its guidance to colleges.

An Associated Press analysis of fraud reports obtained through a public records request shows California colleges in 2024 reported 1.2 million fraudulent applications, which resulted in 223,000 suspected fake enrollments. Other states are affected by the same problem, but with 116 community colleges, California is a particularly large target. Criminals stole at least $11.1 million in federal, state and local financial aid from California community colleges last year that could not be recovered, according to the reports... Scammers frequently use AI chatbots to carry out the fraud, targeting courses that are online and allow students to watch lectures and complete coursework on their own time...

Criminal cases around the country offer a glimpse of the schemes' pervasiveness. In the past year, investigators indicted a man accused of leading a Texas fraud ring that used stolen identities to pursue $1.5 million in student aid. Another person in Texas pleaded guilty to using the names of prison inmates to apply for over $650,000 in student aid at colleges across the South and Southwest. And a person in New York recently pleaded guilty to a $450,000 student aid scam that lasted a decade.
Fortune found one community college that "wound up dropping more than 10,000 enrollments representing thousands of students who were not really students," according to the school's president. The scope of the ghost-student plague is staggering. Jordan Burris, vice president at identity-verification firm Socure and former chief of staff in the White House's Office of the Federal Chief Information Officer, told Fortune more than half the students registering for classes at some schools have been found to be illegitimate. Among Socure's client base, between 20% to 60% of student applicants are ghosts... At one college, more than 400 different financial-aid applications could be tracked back to a handful of recycled phone numbers. "It was a digital poltergeist effectively haunting the school's enrollment system," said Burris.

The scheme has also proved incredibly lucrative. According to a Department of Education advisory, about $90 million in aid was doled out to ineligible students, the DOE analysis revealed, and some $30 million was traced to dead people whose identities were used to enroll in classes. The issue has become so dire that the DOE announced this month it had found nearly 150,000 suspect identities in federal student-aid forms and is now requiring higher-ed institutions to validate the identities of first-time applicants for Free Application for Federal Student Aid (FAFSA) forms...

Maurice Simpkins, president and cofounder of AMSimpkins, says he has identified international fraud rings operating out of Japan, Vietnam, Bangladesh, Pakistan, and Nairobi that have repeatedly targeted U.S. colleges... In the past 18 months, schools blocked thousands of bot applicants because they originated from the same mailing address; had hundreds of similar emails with a single-digit difference, or had phone numbers and email addresses that were created moments before applying for registration.
Fortune shares this story from the higher education VP at IT consulting firm Voyatek. "One of the professors was so excited their class was full, never before being 100% occupied, and thought they might need to open a second section. When we worked with them as the first week of class was ongoing, we found out they were not real people."

The Quadriga cryptocurrency exchange that saw millions of dollars disappear just as its founder died was a "fraud" and Ponzi scheme, according to the Ontario Securities Commission. CBC.ca reports: The regulator said Thursday that Vancouver-based Quadriga's late founder Gerald Cotten committed fraud by opening accounts under aliases and crediting himself with fictitious currency and crypto asset balances, which he traded with unsuspecting clients. Cotten, the OSC said in a new report, ran into a shortfall in assets available to satisfy client withdrawals when the price of the crypto assets changed. He started running a Ponzi scheme that covered the shortfall with other clients' deposits, the agency determined.

"What happened at Quadriga was an old-fashioned fraud wrapped in modern technology," the OSC said. "Quadriga did not consider its business to involve securities trading and it did not register with any securities regulator. This lack of registration facilitated Cotten's ability to commit a large-scale fraud without detection. So did the absence of internal oversight over Cotten." On Thursday, the OSC attributed about $115 million of the $169 million clients lost to Cotten's "fraudulent" trading. Another $28 million was lost when Cotten used client assets on three external crypto asset trading platforms without authorization or disclosure. The OSC said he also misappropriated millions in client assets to fund his "lavish" lifestyle and because he was in sole control of the company ever since 2016, he "ran the business as he saw fit, with no proper system of internal oversight or controls or proper books and records." "Ernst & Young, Quadriga's bankruptcy trustee, was only able to recover $46 million in assets to pay out to clients," the report adds.

An anonymous reader quotes a report from Ars Technica: [T]he U.S. has traditionally paid for the upkeep of its roads via direct taxation of gasoline and diesel fuel, which means that as our fleet becomes more fuel-efficient, that revenue will drop in relation to the total number of vehicle miles traveled each year. As a result, some states are starting to grapple with the problem of how to get drivers to pay for the roads they use in cars that use less or even no gas per mile. At the start of this year, Utah has begun a pilot Road Usage Charge program, coupled to an increase in registration fees for alternative fuel vehicles. Assuming a state gas tax of 30c/gallon and 15,542 miles/year driven, Utah says it collects $777 a year from a 6mpg heavy truck, $311 from a pickup getting 15mpg, $187 from a 25mpg sedan, $93 from a 50mpg hybrid, and nothing from anyone driving a battery EV.

So in 2020, Utah is increasing vehicle registration fees. In 2019, registering a BEV in Utah would cost $60; in 2020 that will be $90, increasing to $120 in 2021. PHEV fees were $26 in 2019, increasing to $39 this year and $52 in 2021, and not-plug-in hybrid fees have gone from $10 to $15, increasing to $20 next year. An extra $30 a year -- or even $60 a year -- is pretty small in the grand scheme of things, particularly considering how much cheaper an EV is to run. But Utahns with EVs have an alternative. Instead of paying that flat fee, they can enroll in the pilot program that involves fitting a telematics device to the car. The device tracks the actual number of miles driven on Utah's roads. These are billed at a rate of 1.5c/mile, but only until the total equals whatever that year's registration fee for the vehicle would have been; participating in the pilot means you could pay less than you would otherwise, but Utah's Department of Transportation says that participants would not ever be charged more than that year's registration fee. The data will be collected by a contractor called Emovis, which operates toll roads around the U.S. As for Oregon -- another state working to solve this problem, the state is increasing its state gas tax by 2c/gallon, and like Utah, it's also increasing vehicle registration fees. "Now, fees for registering your car in Oregon will depend on how many miles per gallon your car gets; a two-year registration for something that gets below 19mpg will cost $122, rising to $132 for a vehicle between 20â"39mpg, then $152 for a vehicle that gets 40mpg or better, and $306 for a BEV," reports Ars Technica.

Thankfully, if you own a 40+mpg vehicle or a BEV, you can cut that two-year fee to $86 by enrolling in OReGO. However, you will need to fit your qualifying car with a telematics device to track the actual miles traveled on the state's roads. "Those are billed at 1.8c/mile -- Oregon evidently decided its roads are worth a little more than those in Utah -- but you can then get credited for any fuel tax you pay in the state," the report adds.

"At least 20 web hosting providers have hastily notified customers today, Saturday, December 7, that they plan to shut down on Monday, giving their clients two days to download data from their accounts before servers are shut down and wiped clean," reports ZDNet.

And no refunds are being provided: All the services offer cheap low-end virtual private servers [and] all the websites feature a similar page structure, share large chunks of text, use the same CAPTCHA technology, and have notified customers using the same email template. All clues point to the fact that all 20 websites are part of an affiliate scheme or a multi-brand business ran by the same entity...

As several users have pointed out, the VPS providers don't list physical addresses, don't list proper business registration information, and have no references to their ownership... A source in the web hosting industry who wanted to remain anonymous told ZDNet that what happened this weekend is often referred to as "deadpooling" -- namely, the practice of setting up a small web hosting company, providing ultra-cheap VPS servers for a few dollars a month, and then shutting down a few months later, without refunding customers.

"This is a systemic issue within the low-end market, we call it deadpooling," the source told us. "It doesn't happen often at this scale, however."
ZDNet provided this alphabetical list of the 20 companies: ArkaHosting, Bigfoot Servers, DCNHost, HostBRZ, HostedSimply, Hosting73, KudoHosting, LQHosting, MegaZoneHosting, n3Servers, ServerStrong, SnowVPS, SparkVPS, StrongHosting, SuperbVPS, SupremeVPS, TCNHosting, UMaxHosting, WelcomeHosting, X4Servers.

However, "A user who was impacted by his VPS provider's shutdown also told ZDNet that the number of VPS providers going down is most likely higher than 20, as not all customers might have shared the email notification online, with others."

An anonymous reader quotes a report from the BBC: People who fly model aircraft are angry that proposed drone rules could damage their much-loved hobby. They argue they should not be classed as drone pilots. The new laws are intended to make airspace safer amid increasing drone use. The British Model Flying Association (BMFA) met the Aviation Minister Baroness Vere this week to discuss its concerns. The Civil Aviation Authority (CAA) is currently consulting on proposals for a drone registration scheme that is due to become law in November. It has received 6,000 responses from BMFA members. David Phipps, chief executive of BMFA, said the proposed rules, which would see all pilots of unmanned aerial vehicles required to register, pay for a license and take competency tests every three years are "disproportionate" for model-aircraft flyers.

"We have established an excellent safety record that surpasses commercial aviation over a century of flying. European laws grant special recognition to model flying, saying it should be treated differently but the UK has not done this." He acknowledged that while "some" would regard the proposed registration fee of 16.50 pounds as "not a lot of money", it still represented "a barrier to entry" especially for young people getting involved in the hobby. He added that plans for a safety test "which will be answering a few questions on the CAA's website" were far less rigorous than his organization's own safety tests. He worried that many of his members would simply ignore the new rules and "go under the radar." "It is becoming more and more obvious that we as aero modelers are being targeted because of the commercial value of the airspace that we occupy," said Cliff Evans, a model aircraft hobbyist who's unhappy with the new proposals. "I and all other modelers that I know find this offensive and unnecessary."

The American Registry for Internet Numbers, Ltd. (ARIN) has won a legal case against an elaborate multi-year scheme to defraud the Internet community of approximately 735,000 IPv4 addresses, the organization has revealed. An anonymous reader writes: While the specifics of the findings are not released, John Curran, ARIN President and CEO said the fraud was detected as a result of an internal due diligence process. ARIN is a nonprofit member-based organization responsible for distributing Internet number resources in the US, Canada, and parts of the Caribbean. The emerging IPv4 address transfer market and increasing demand have resulted in more attempts to obtain IPv4 addresses fraudulently. This is the first arbitration ever brought under an ARIN Registration Services Agreement, and related proceedings in the U.S. District Court for the Eastern District of Virginia. ARIN was able to prove an intricate scheme to fraudulently obtained resources that included many falsely notarized officer attestations sent to ARIN.

EqualCitizens.US reports on growing opposition to the CLASSICS Act proposed by the U.S. Congress, which grants blanket copyright protection to all audio works created before 1972, leaving some of them copyrighted until 2067. Importantly, the Act doesn't require artists or the rights holder to register for the copyright. Rather, any and all pre-1972 sound recordings would be copyrighted, greatly limiting the public's access to these works. Various organizations and scholars have responded. Equal Citizens along with a coalition of internet freedom and democracy reform organizations, is sending this letter to the Senate Judiciary Committee to urge its members to reject this Act in its entirety, or at a minimum, at least require registration of pre-1972 works. Otherwise, if the Act passes as is, famous artists and wealthy corporations will benefit greatly while the public will get absolutely nothing in return, as Professor Lawrence Lessig notes in Wired....

This act will limit access to past works and stifle creativity for new works. It would effectively remove many existing works, including some popular documentaries, podcasts, etc., from the public arena. The Coalition recommends adding a registration requirement to secure the extended copyright term, such that works that nobody claimed could be allowed to enter the public domain. As this TechCrunch report on the coalition letter explains:

By having artists and rights owners register, it solves the problem for everyone. Anyone who wants to have their pre-1972 works brought into the new scheme can easily achieve that, but orphan works will enter the public domain as they ought to.
"Either way," Lessig writes, "it is finally clear that the Supreme Court's prediction that the copyright owners would be satisfied with the copyright protection provided by the Sonny Bono Act turns out not to be true."

Craig Wright, the nChain chief scientist who previously claimed to be the pseudonymous bitcoin creator Satoshi Nakamoto, is being sued for a whopping $10 billion for stealing $5 billion in bitcoin from a former business partner. CoinDesk reports: The lawsuit is being brought by Ira Kleiman on behalf of the estate of his brother, Dave, who has been linked to the earliest days of bitcoin. Kleiman, a forensic computer investigator and author, passed away in 2013 following a battle with MRSA. At the heart of the new lawsuit, according to a complaint filed in the U.S. District Court for the Southern District of Florida on Feb. 14, is an alleged hoard of more than 1.1 million bitcoins, which Ira Kleiman's lawyers say is worth in excess of $10 billion. He is being represented by Boies Schiller Flexner LLP.

Wright, court records show, has been accused of allegedly conducting "a scheme against Dave's estate to seize Dave's bitcoins and his rights to certain intellectual property associated with the Bitcoin technology." "As part of this plan, Craig forged a series of contracts that purported to transfer Dave's assets to Craig and/or companies controlled by him. Craig backdated these contracts and forged Dave's signature on them," attorneys for the plaintiff wrote. Included alongside the complaint are a number of additional filings, including the business registration for a firm called W&K Info Defense Research LLC, in which Kleiman and Wright were business partners. In addition to the roughly 1.1 million bitcoins, Ira Kleiman is also seeking compensation for the intellectual property his lawyers claim arose from the partnership between his deceased brother and Wright.

An anonymous reader writes Seoul city has today announced that it will be launching a luxury taxi service this summer to rival the global cab-hailing app Uber, adding to the obstacles that the U.S.-based firm is currently facing in the Asian market. The government's move comes after the country's transport department rejected a proposal from Uber last week for a new driver registration, and enforced its stance against Uber operating in the area. The new premium service will be introduced in Seoul city in August with 100 luxury and mid-sized saloon cars. "We will provide a premium tax service which excels that of Uber..." the Seoul government said in a statement. It stated that a taxi association would be partners of the scheme to help establish the service, but added no detail regarding which company they would be working with.

symbolset writes "Just 40 miles west on the Kansas Turnpike from Kansas City Kansas sits Lawrence, KS. With the slow rollout of Google fiber in their neighbor city, it was looking like their 89,000 people were not going to get the gigabit fiber to the home for quite some time. Up steps Wicked Broadband, a local ISP. With a plan remarkably similar to Google's they look to build out fiber to the home, business, and so on with gigabit speed and similar rates, symmetric bandwidth and no caps. Wicked Fiber's offer is different than Google Fiber's, with more tiers — with cute names. The "Flying Monkey" gigabit plan is $100/month, "Tinman" at 100Mbps is $70/month. They offer TV as well but strangely put Internet streaming and Roku to the fore. They are even using Google's method of installing first in the neighborhoods with the most pre-registration to optimize efficiency, and installing only where there is enough demand. It seems Google's scheme to inspire competition in broadband access is working — if Wicked Fiber gets enough subscribers to make it pay. If this succeeds it may inspire similar ISPs near us to step up to gigabit fiber so let's root for them."

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.

judgecorp writes "ICANN is to be congratulated for succeeding in expanding the Internet beyond the Latin alphabet. However, the organization is facing a harder task in extending the Internet's global top-level domains (gTLDs) — its proposal to open up the gTLD space has been plagued by controversy and delays. INCANN faces struggles with trademark owners and competing businesses — but even so it is being criticized for acting slowly (as seen in transcripts from the recent meeting in Seoul). It now seems likely the body will have a pre-registration scheme to gauge demand and placate critics by getting something moving on new gTLDs."

You posted your questions for Herbert H. Thompson, PhD, on November 3rd and 4th. He decided to wait to answer until after the election in case there was a flagrant voting machine problem he could include in his answers -- and there has been at least one, but it is probably not a "security" problem per se, and is a long way from being resolved in any case. So here we go. Good food for thought here.

Slashback tonight brings some clarifications and updates to previous Slashdot stories including: Reuters offers correction to Wikipedia slam, Lord of the Rings stage show ends, duct tape holds NASA together again, UK ISP rejects BPI request, Maine renews middle-school laptop program, British ID cards get a rethink, and China to further regulate internet use -- Read on for details.

rw2 asks: "So I run a little political website and have had problems for years with users basically trolling the place. This is a problem that sites like Slashdot deal with through the familiar moderation scheme. Unfortunately that doesn't scale well to smaller sites. There are a couple reasons for this: a smaller sample size makes it easy to mess with the system; and with only several hundreds of people visiting everyday, it's hard to get regular enough moderation. So the question goes back to one of trust metrics. Advogato has a neat hack to deal with this, but even they have barely enough users to make it Work. Surely I'm not the first to desire this. I can think of several stumbling blocks sociologically. But technologically this is a dead simple idea. Has someone looked into developing such a system?"

When you "purchase" software, what do you get? Increasingly, the answer is: nothing. Nothing tangible; no rights; and no resale value. This rant is spurred by Microsoft's changes to its distribution policy for all future editions of Windows. No longer will you receive a CD which is capable of installing the operating system with your new computer - Original Equipment Manufacturers are forbidden to ship you one, even though you just paid ~$100 for the software, and even though the change makes customers less than happy. Meanwhile, Adobe's chairman has the gall to tell us it's our own fault. I take a look at the future of software licensing.

Well, I seriously doubt any of you were going to buy the latest endeavour from Mr. Gates, but I've got two simply scintillating reviews, courtesy of Jon Katz and Doc Technical (Of The Story of Ping fame. Which, BTW, I know ended up on Amazon. We had it first *grin*.) Click below for some excellent Monday morning reading.