Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Government

Theresa May Becomes UK's 'Spy Queen' and New Prime Minister (arstechnica.co.uk) 238

An anonymous reader writes from a report via Ars Technica: Theresa May has become the new British Prime Minister. As she sat down with the Queen on Wednesday, a controversial surveillance draft legislation that looks to significantly increase surveillance of Brits' online activity will be debated during its second committee stage day in the House of Lords. Ars Technica reports: "The Investigatory Powers Act could be in place within months of May arriving at Number 10 -- if peers and legal spats fail to scupper its passage through parliament -- after MPs recently waved it through having secured only minor amendments to the bill. As home secretary, May fought for six years to get her so-called Snoopers' Charter onto the statute books." According to Ars Technica, Theresa May's key political moments on the Investigatory Powers Bill start in 1997 when she became the Member of Parliament for Maidenhead. During her opposition years, her home affairs record shows that she generally votes against the Labour government's more draconian measures on topics such as anti-terrorism and ID cards. Mid-2009: May votes against requiring ISPs to retain certain categories of communications data, which they generate or process, for a minimum period of 12 months. 2010: She was appointed home secretary in coalition government between the Conservatives and junior partner the Liberal Democrats. 2011: The previous government's shelved Interception Modernization Program is rebranded as the Communications Capabilities Development Program (CCDP) by home office under May. Mid-2012: The CCDP morphs into Communications Data Bill, which is brought before parliament. Late-2012: May's Snoopers' Charter bid fails as deputy PM Nick Clegg orders the home office to go back to the drawing board. Mid-2014: May rushes what she characterizes as an "emergency" Data Retention and Investigatory Powers Bill through parliament, after the European Court of Justice invalidates the Data Retention Directive for failing to have adequate privacy safeguards in place. Late-2015: British security services have intercepted bulk communications data of UK citizens for years, May reveals to MPs for the first time as she brings her revamped Snoopers' Charter bid -- this time dubbed the Investigatory Powers Bill (IPB) -- before parliament. Mid-2016: MPs support thrust of IPB as it passes through the House of Commons. July 13, 2016: Theresa May becomes the UK's new prime minister as peers in the House of Lords undertake a second day of committee stage scrutiny of the Investigatory Powers Bill. UPDATE 7/13/16: Boris Johnson, the former London mayor who led the Brexit campaign, has been made foreign secretary by the new Prime Minister Theresa May.
Government

UK Gov't Creating Secret Mega Database On Citizens Without Informing Parliament (theregister.co.uk) 70

Alexander J Martin, reporting for The Register: The Home Office is secretly creating a centralised database on the good folk of Britain without presenting the capability increases to the public or subjecting them to Parliamentary scrutiny. The Register can reveal the project, which was described as simply a "replatforming" of the department's aging IT infrastructure, has already begun to roll out, with the "first wave" of changes being delivered in what it is calling the Technology Platforms for Tomorrow (TPT) programme. TPT will lay the foundations for this mega database by ushering in "core infrastructure, compute platforms and Live Service capability" changes, primarily using Hadoop, the open source software framework for centralising databases and allowing batch queries and analyses to be run across them in bulk.
Facebook

Facebook Begins Tracking Non-Users Around the Internet (theverge.com) 124

Amar Toor, reporting for The Verge: Facebook will now display ads to web users who are not members of its social network, the company announced Thursday, in a bid to significantly expand its online ad network. As The Wall Street Journal reports, Facebook will use cookies, "like" buttons, and other plug-ins embedded on third-party sites to track members and non-members alike (Editor's note: link swapped with a non-paywall source). The company says it will be able to better target non-Facebook users and serve relevant ads to them, though its practices have come under criticism from regulators in Europe over privacy concerns. Facebook began displaying a banner notification at the top of its News Feed for users in Europe today, alerting them to its use of cookies as mandated under an EU directive.Mark Wilson of BetaNews adds that Facebook has outlined these changes in its cookies policy page. As part of which, the company is now allowing Facebook users to opt-out of the ad scheme by making changes to their Facebook settings. For users that don't have a Facebook account, they can opt-out through Digital Advertising Alliance in the United States and Canada, and the European Interactive Digital Adverting Alliance in Europe.
Google

Google Assistant and Google Home: Amazon Echo, But From Google (arstechnica.com) 80

At its developer conference I/O, Google on Wednesday unveiled Google Home, a small round gadget with microphones and speakers that listens and responds to your questions and commands. As you may have guessed, Google Home will compete with Amazon Echo. The company also announced Assistant. Ars Technica reports: Google's conversational assistant is in the same vein as Cortana and Siri, Google Assistant. Google Assistant will be on phones and wearables too, and Google says that it will be better at picking out the context of what you're doing than any of the competitors. As an example, when standing near Cloud Gate, better known as The Bean, in Chicago, you can ask Google Assistant "Who designed this?" Based on your location alone, Assistant will understand that you're probably referring to the large shiny sculpture in front of you, and answer "Anish Kapoor."The Google Home will be available for purchase later this year. CNET has more details.
Privacy

Revealed: What Info the FBI Can Collect With a National Security Letter 93

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.
The Internet

US Rep. Joe Barton Has a Plan To Stop Terrorists: Shut Down Websites (arstechnica.com) 275

Earthquake Retrofit writes: In an FCC oversight hearing, U.S. Representative Joe Barton (R-TX) asked Chairman Tom Wheeler if it's possible to shut down websites used by ISIS and other terrorist groups. He said, "Isn't there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they've declared war against us, our way of life, they've threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation." Wheeler pointed out that the legal definition of "lawful intercept" did not support such actions, but added that Congress could expand the law to validate the concept. Meanwhile, the Senate Intelligence Committee is exploring the idea of using the recent terror attacks in France as ammunition to force tech companies away from end-to-end encryption. "Lawmakers said it was time to intensify discussions over what technology companies such as Apple and Google could do to help unscramble key information on devices such as iPhones and apps like WhatsApp, where suspected terrorists have communicated."
Advertising

Ad Networks Using Inaudible Sound To Link Phones, Tablets and Other Devices (arstechnica.com) 223

ourlovecanlastforeve writes with a link to Ars Technica's report of a new way for ads to narrow in on their target: high-pitched sounds that can make ad tracking cross devices and contexts. From the article: The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.
Advertising

Viewing Data Harvested From Smart TVs Used To Push Ads To Other Screens? (securityledger.com) 148

chicksdaddy writes: In the latest episode of EULA overreach, electronics maker Vizio Holdings has been called out by the non profit investigative reporting outfit ProPublica for an on-by-default feature on its smart TVs called "Smart Interactivity" that analyzes both broadcast and streamed content viewed using the device. ProPublica noted that the company's privacy policy failed to clearly describe the tracking behavior, which included the collection of information such as the date, time, channel and whether the program was viewed live or recorded.

According to ProPublica, the monitoring of viewing information through IP addresses, while it does not identify individuals, can be combined with other data available in commercial databases from brokers such as Experian, creating a detailed picture of an individual or household. Vizio has since updated its privacy policy with a supplement that explains how "Smart Interactivity" works.

The bigger issue may be what that updated privacy policy reveals. As The Security Ledger notes, the updated Vizio privacy policy makes clear that the company will combine "your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements." Those advertisements "may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV."

In other words, TV viewing patterns will be used to serve ads to any device user who happens to be connected to the same network as the Vizio Smart TV — an obvious problem for households with a mix of say... adults and children?! Vizio does provide instructions for disabling the Smart Interactivity features and says that "connected" features of the device aren't contingent on monitoring. That's better than some other vendors. In 2014, for example, LG used a firmware update for its smart televisions to link the "smart" features of the device to viewer tracking and monitoring. Viewers who applied the update, but refused to consent to monitoring were not able to use services like Netflix and YouTube.

Privacy

Nine Out of Ten of the Internet's Top Websites Are Leaking Your Data 133

merbs writes: The vast majority of websites you visit are sending your data to third-party sources, usually without your permission or knowledge. That's not exactly breaking news, but the sheer scale and ubiquity of that leakage might be. Tim Libert, a privacy researcher, has published new peer-reviewed research that sought to quantify all the "privacy compromising mechanisms" on the one million most popular websites worldwide. His conclusion? "Findings indicate that nearly 9 in 10 websites leak user data to parties of which the user is likely unaware."
United Kingdom

UK Plans To Allow Warrantless Searches of Internet History (telegraph.co.uk) 136

whoever57 writes: The UK government plans to require ISPs and telcoms companies to maintain browsing and email history of UK residents for a period of 12 months and make the data available to police on request without a warrant. "The new powers would allow the police to seize details of the website and searches being made by people they wanted to investigate." Exactly how they expect the ISPs to provide search histories now that most Google searches use SSL isn't explained (and probably not even considered by those proposing the legislation). Similarly with Gmail and other email providers using SMTP TLS and IMAPS, much email is opaque to ISPs. Will this drive more use of VPNs and TOR? This comes alongside news that UK police used powers granted to them by anti-terrorism laws to seize a journalist's laptop.
Advertising

Targeting Tools Help Personalize TV Advertising 60

schwit1 writes: Surgical marketing messages are taken for granted on the Internet. Yet, they are just now finding their way onto television, where the audience is big though harder to target. As brands shift more of their spending to the Web where ads are more precise, the TV industry is pushing back. Using data from cable set-top boxes that track TV viewing, credit cards and other sources, media companies including Comcast's NBCUniversal, Time Warner's Turner, and Viacom are trying to compete with Web giants like Google and Facebook and help marketers target their messages to the right audience. Where can I get adblock for my FiOS?
Privacy

Red Star Linux Adds Secret Watermarks To Files 100

An anonymous reader writes: ERNW security analyst Florian Grunow says that North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags. He particularizes that files including Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers. Red Star's development team seems to have created some quite interesting custom additions to Linux kernel and userspace, based on which Grunow has written a technical analysis.
Communications

FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN 385

SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.
Privacy

A New Form of Online Tracking: Canvas Fingerprinting 194

New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...
Communications

NSA Collecting Millions of Faces From Web Images 136

Advocatus Diaboli (1627651) writes "The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents. The spy agency's reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency's ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed."

Slashdot Top Deals

The clash of ideas is the sound of freedom.

Working...