×
Google

Apple and Google Introduce Alerts for Unwanted Bluetooth Tracking 11

Apple and Google have launched a new industry standard called "Detecting Unwanted Location Trackers" to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple's AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.
The Courts

Big Three Carriers Pay $10 Million To Settle Claims of False 'Unlimited' Advertising (arstechnica.com) 33

Jon Brodkin reports via Ars Technica: T-Mobile, Verizon, and AT&T will pay a combined $10.2 million in a settlement with US states that alleged the carriers falsely advertised wireless plans as "unlimited" and phones as "free." The deal was announced yesterday by New York Attorney General Letitia James. "A multistate investigation found that the companies made false claims in advertisements in New York and across the nation, including misrepresentations about 'unlimited' data plans that were in fact limited and had reduced quality and speed after a certain limit was reached by the user," the announcement said.

T-Mobile and Verizon agreed to pay $4.1 million each while AT&T agreed to pay a little over $2 million. The settlement includes AT&T subsidiary Cricket Wireless and Verizon subsidiary TracFone. The settlement involves 49 of the 50 US states (Florida did not participate) and the District of Columbia. The states' investigation found that the three major carriers "made several misleading claims in their advertising, including misrepresenting 'unlimited' data plans that were actually limited, offering 'free' phones that came at a cost, and making false promises about switching to different wireless carrier plans."

"AT&T, Verizon, and T-Mobile lied to millions of consumers, making false promises of free phones and 'unlimited' data plans that were simply untrue," James said. "Big companies are not excused from following the law and cannot trick consumers into paying for services they will never receive." The carriers denied any illegal conduct despite agreeing to the settlement. In addition to payments to each state, the carriers agreed to changes in their advertising practices. It's unclear whether consumers will get any refunds out of the settlement, however.
These are the following changes the three carriers agreed upon, as highlighted by the NY attorney general's office:

- "Unlimited" mobile data plans can only be marketed if there are no limits on the quantity of data allowed during a billing cycle.
- Offers to pay for consumers to switch to a different wireless carrier must clearly disclose how much a consumer will be paid, how consumers will be paid, when consumers can expect payment, and any additional requirements consumers have to meet to get paid.
- Offers of "free" wireless devices or services must clearly state everything a consumer must do to receive the "free" devices or services.
- Offers to lease wireless devices must clearly state that the consumer will be entering into a lease agreement.
- All "savings" claims must have a reasonable basis. If a wireless carrier claims that consumers will save using its services compared to another wireless carrier, the claim must be based on similar goods or services or differences must be clearly explained to the consumer.

The advertising restrictions are to be in place for five years.
Privacy

Maryland Passes Two Bills Limiting Tech Platforms' Ability To Track Users (theverge.com) 19

An anonymous reader quotes a report from The Verge: The Maryland legislature passed two bills over the weekend limiting tech platforms' ability to collect and use consumers' data. Maryland Governor Wes Moore is expected to sign one of those bills, the Maryland Kids Code, on Thursday, MoCo360 reports. If signed into law, the other bill, the Maryland Online Privacy Act, will go into effect in October 2025. The legislation would limit platforms' ability to collect user data and let users opt out of having their data used for targeted advertising and other purposes. Together, the bills would significantly limit social media and other platforms' ability to track their users -- but tech companies, including Amazon, Google, and Meta, have opposed similar legislation. Lawmakers say the goal is to protect children, but tech companies say the bills are a threat to free speech.

Part of the Maryland Kids Code -- the Maryland Age-Appropriate Design Code Act -- will go into effect much sooner, on October 1st. It bans platforms from using "system design features to increase, sustain, or extend the use of the online product," including autoplaying media, rewarding users for spending more time on the platform, and spamming users with notifications. Another part of the legislation prohibits certain video game, social media, and other platforms from tracking users who are younger than 18.
"It's meant to rein in some of the worst practices with sensible regulation that allows companies to do what's right and what is wonderful about the internet and tech innovation, while at the same time saying, 'You can't take advantage of our kids,'" Maryland state Delegate Jared Solomon, one of the bill's sponsors, said in a press conference Wednesday.

"We are technically the second state to pass a kids code," Solomon told The New York Times. "But we are hoping to be the first state to withstand the inevitable court challenge that we know is coming."
Privacy

Dell Says Data Breach Involved Customers' Physical Addresses (techcrunch.com) 18

Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers' names and physical addresses. TechCrunch: In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating "an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell."

Dell wrote that the information accessed in the breach included customer names, physical addresses, and "Dell hardware and order information, including service tag, item description, date of order and related warranty information." Dell did not say if the incident was caused by malicious outsiders or inadvertent error. The breached data did not include email addresses, telephone numbers, financial or payment information, or "any highly sensitive customer information," according to the company. The company downplayed the impact of the breach in the message.

Patents

US Patent and Trademark Office Confirms Another Leak of Filers' Address Data (techcrunch.com) 13

An anonymous reader quotes a report from TechCrunch: The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address -- which can include their home address -- appeared in public records between August 23, 2023 and April 19, 2024. U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency's website, about 14,000 applicants' private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research. The agency took blame for the incident, saying the addresses were "inadvertently exposed as we transitioned to a new IT system," according to the email to affected applicants, which TechCrunch obtained. "Importantly, this incident was not the result of malicious activity," the email said. Upon discovery of the security lapse, the agency said it "blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access."
Last June, the USPTO inadvertently exposed about 61,000 applicants' private addresses "in a years-long data spill in part through the release of its bulk datasets," reports TechCrunch. It told affected individuals that the issue was fixed.
Security

Ransomware Crooks Now SIM Swap Executives' Kids To Pressure Their Parents (theregister.com) 13

An anonymous reader quotes a report from The Register: Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. "We saw situations where threat actors essentially SIM swap the phones of children of executives, and start making phone calls to executives, from the phone numbers of their children," Charles Carmakal, Mandiant's CTO, recounted during a Google Security Threat Intelligence Panel at this year's RSA Conference in San Francisco on Monday.

"Think about the psychological dilemma that the executive goes through – seeing a phone call from the children, picking up the phone and hearing that it's somebody else's voice? Sometimes, it's caller ID spoofing. Other times, we see demonstrated SIM swapping family members." Either way, it's horrifying. It's the next step in the evolution of ransomware tactics, which have now moved far beyond simply encrypting victims' files and even stealing their data. "There are a few threat actors that really have no rules of engagement in terms of how far [they] try to coerce victims," Carmakal noted, recalling ransomware incidents in which the criminals have directly contacted executives, their family members, and board members at their homes.

The criminals have moved from just staging an attack against a company, its customers and their data, and becomes "more against the people," he added. It changes the calculation involved in deciding whether to pay the extortion demand, Carmakal said. "It's less about 'do I need to protect my customers?' But more about 'how do I better protect my employees and protect the families of employees?' That's a pretty scary shift."

Supercomputing

Defense Think Tank MITRE To Build AI Supercomputer With Nvidia (washingtonpost.com) 43

An anonymous reader quotes a report from the Washington Post: A key supplier to the Pentagon and U.S. intelligence agencies is building a $20 million supercomputer with buzzy chipmaker Nvidia to speed deployment of artificial intelligence capabilities across the U.S. federal government, the MITRE think tank said Tuesday. MITRE, a federally funded, not-for-profit research organization that has supplied U.S. soldiers and spies with exotic technical products since the 1950s, says the project could improve everything from Medicare to taxes. "There's huge opportunities for AI to make government more efficient," said Charles Clancy, senior vice president of MITRE. "Government is inefficient, it's bureaucratic, it takes forever to get stuff done. ... That's the grand vision, is how do we do everything from making Medicare sustainable to filing your taxes easier?" [...] The MITRE supercomputer will be based in Ashburn, Va., and should be up and running late this year. [...]

Clancy said the planned supercomputer will run 256 Nvidia graphics processing units, or GPUs, at a cost of $20 million. This counts as a small supercomputer: The world's fastest supercomputer, frontier in Tennessee, boasts 37,888 GPUs, and Meta is seeking to build one with 350,000 GPUs. But MITRE's computer will still eclipse Stanford's Natural Language Processing Group's 68 GPUs, and will be large enough to train large language models to perform AI tasks tailored for government agencies. Clancy said all federal agencies funding MITRE will be able to use this AI "sandbox." "AI is the tool that is solving a wide range of problems," Clancy said. "The U.S. military needs to figure out how to do command and control. We need to understand how cryptocurrency markets impact the traditional banking sector. ... Those are the sorts of problems we want to solve."

United States

TikTok Sues US Government Over Law Forcing Sale or Ban (nytimes.com) 169

Less than two weeks after President Biden signed a bill that will force TikTok's Chinese owner, ByteDance, to sell the popular social media app or face a ban in the United States, TikTok said it sued the federal government on Tuesday, arguing the law was unconstitutional. From a report: TikTok said that the law violated the First Amendment by effectively removing an app that millions of Americans use to share their views and communicate freely. It also argued that a divestiture was "simply not possible," especially within the law's 270-day timeline, pointing to difficulties such as Beijing's refusal to sell a key feature that powers TikTok in the United States.

"For the first time in history, Congress has enacted a law that subjects a single, named speech platform to a permanent, nationwide ban, and bars every American from participating in a unique online community with more than one billion people worldwide," the company said in the 67-page petition it provided, which initiates the lawsuit. "There is no question: The act will force a shutdown of TikTok by Jan. 19, 2025." TikTok is battling for its survival in the United States, with the fight set to play out primarily in courts over the next few months. While lawmakers who passed the bill have said the app is a national security threat because of its ties to China, the courts must now weigh those concerns against TikTok's argument that a sale or ban would violate the First Amendment free-speech rights of its users and hurt small businesses that owe their livelihood to the platform.

Privacy

In Argentina, Facing Surging Inflation, 500K Accept Worldcoin's Offer of $50 for Iris-Scanning (restofworld.org) 66

Wednesday Rest of World noticed an overlooked tech story in Argentina: Olga de León looked confused as she walked out of a nightclub on the edge of Buenos Aires on a recent Tuesday afternoon. She had just had her iris scanned. "No one told me what they'll do with my eye," de León, 57, told Rest of World. "But I did this out of need." De León, who lives off the $95 pension she receives from the state, had been desperate for money. Persuaded by her nephew, she agreed to have one of her irises scanned by Worldcoin, Sam Altman's blockchain project. In exchange, she received nearly $50 worth of WLD, the company's cryptocurrency.

De León is one of about half a million Argentines who have handed their biometric data over to Worldcoin. Beaten down by the country's 288% inflation rate and growing unemployment, they have flocked to Worldcoin Orb verification hubs, eager to get the sign-up crypto bonus offered by the company. A network of intermediaries — who earn a commission from every iris scan — has lured many into signing up for the practice in Argentina, where data privacy laws remain weak. But as the popularity of Worldcoin skyrockets in the country, experts have sounded the alarm about the dangers of giving away biometric data. Two provinces are now pushing for legal investigations. "Seeing that [iris scans have] been banned in European countries, shouldn't we be trying to stop it, too?" Javier Smaldone, a software consultant and digital security expert, told Rest of World.

Last month Worldcoin's web site announced that more than 10 million people in 160 countries had created a World ID and compatible wallet (performing 75 million transactions) — and that 5,195,475 people had also verified their World ID using Worldcoin's iris-scanning Orb.

But the article notes a big drop in the number of countries even allowing Worldcoin's iris-scanning — from 25 to just eight. While in less than a year Worldcoin opened nearly 60 centers across Argentina...
Government

Can Technology Help Reduce Drunk-Driving Deaths? (msn.com) 155

An anonymous reader shared this report from the Wall Street Journal: Drunken-driving deaths in the U.S. have risen to levels not seen in nearly two decades, federal data show, a major setback to long-running road-safety efforts. At the same time, arrests for driving under the influence have plummeted, as police grapple with challenges like hiring woes and heightened concern around traffic stops... About 13,500 people died in alcohol impairment-related crashes in 2022, according to data released in April by the National Highway Traffic Safety Administration. That is 33% above 2019's toll and on par with 2021's. The last time so many people died as a result of accidents involving intoxicated drivers was in 2006.
That's still down from the early 1980s, when America was seeing over 20,000 drunk-driving deaths a year, according to the article. "By 2010, that number had fallen to around 10,000 thanks to high-profile public-education campaigns by groups like MADD, tougher laws, and aggressive enforcement that included sobriety checkpoints and typically yielded well over a million DUI arrests annually."

But some hope to solve the problem using technology: Many activists and policymakers are banking on the promise of built-in devices to prevent a car from starting if the driver is intoxicated, either by analyzing a driver's exhaled breath or using skin sensors to gauge the blood-alcohol level. NHTSA issued a notice in December that it said lays the groundwork for potential alcohol-impairment detection technology standards in all new cars "when the technology is mature."
And Glenn Davis, who manages Colorado's highway-safety office, "pointed to Colorado's extensive use of ignition interlock systems that require people convicted of DUI to blow into a tube to verify they are sober in order for their car to start. He said the office promotes nondriving options such as Lyft and Uber."
Government

America's Federal Regulators Are Preparing More Lawsuits Against Crypto Companies (politico.com) 23

A "string of legal victories" by America's market-regulating Securities and Exchange Commission "has jolted some of crypto's biggest players," reports Politico — even as they're seeking more credibility with U.S. lawmakers: Judges have recently rebuked claims that the SEC lacks authority to police the market. Coinbase, the largest U.S. exchange, lost a bid to throw out charges that it is violating investor-protection rules. And a New York jury found one-time billionaire entrepreneur Do Kwon and his firm liable for fraud. Now, the crackdown is about to expand, with the SEC preparing for a new round of lawsuits. "The SEC just keeps winning," said John Reed Stark, a former agency attorney and prominent crypto critic. "The law is catching up...."

[I]t's the SEC crackdown that is raising foundational questions about crypto's future. [SEC Chairman Gary] Gensler has been among the industry's most implacable foes, saying most crypto tokens are unregistered securities that are being sold illegally and blasting the industry as "rife with fraud, scams, bankruptcies and money laundering." His opposition has been so unwavering that many in the industry are holding out hope that he leaves the agency after the November elections...

[T]he SEC's enforcement sweep appears to be on the brink of spreading across the crypto world. Consensys is facing potential charges from the agency, according to the company's lawsuit. And the SEC recently warned Uniswap Labs, a decentralized finance company that created one of the world's largest DeFi exchanges, that staff was preparing to sue.

Uniswap executives have vowed to fight the agency in court.

Government

The US Just Mandated Automated Emergency Braking Systems By 2029 (caranddriver.com) 286

Come 2029, all cars sold in the U.S. "must be able to stop and avoid contact with a vehicle in front of them at speeds up to 62 mph," reports Car and Driver.

"Additionally, the system must be able to detect pedestrians in both daylight and darkness. As a final parameter, the federal standard will require the system to apply the brakes automatically up to 90 mph when a collision is imminent, and up to 45 mph when a pedestrian is detected." Notably, the federal standardization of automated emergency braking systems includes pedestrian-identifying emergency braking, too. Once implemented, the NHTSA projects that this standard will save at least 360 lives a year and prevent at least 24,000 injuries annually. Specifically, the federal agency claims that rear-end collisions and pedestrian injuries will both go down significantly...

"Automatic emergency braking is proven to save lives and reduce serious injuries from frontal crashes, and this technology is now mature enough to require it in all new cars and light trucks. In fact, this technology is now so advanced that we're requiring these systems to be even more effective at higher speeds and to detect pedestrians," said NHTSA deputy administrator Sophie Shulman.

Thanks to long-time Slashdot reader sinij for sharing the article.
Privacy

When a Politician Sues a Blog to Unmask Its Anonymous Commenter 79

Markos Moulitsas is the poll-watching founder of the political blog Daily Kos. Thursday he wrote that in 2021, future third-party presidential candidate RFK Jr. had sued their web site.

"Things are not going well for him." Back in 2021, Robert F. Kennedy Jr. sued Daily Kos to unmask the identity of a community member who posted a critical story about his dalliance with neo-Nazis at a Berlin rally. I updated the story here, here, here, here, and here.

To briefly summarize, Kennedy wanted us to doxx our community member, and we stridently refused.

The site and the politician then continued fighting for more than three years. "Daily Kos lost the first legal round in court," Moulitsas posted in 2021, "thanks to a judge who is apparently unconcerned with First Amendment ramifications given the chilling effect of her ruling."

But even then, Moulitsas was clear on his rights: Because of Section 230 of the Communications Decency Act, [Kennedy] cannot sue Daily Kos — the site itself — for defamation. We are protected by the so-called safe harbor. That's why he's demanding we reveal what we know about "DowneastDem" so they can sue her or him directly.
Moulitsas also stressed that his own 2021 blog post was "reiterating everything that community member wrote, and expanding on it. And so instead of going after a pseudonymous community writer/diarist on this site, maybe Kennedy will drop that pointless lawsuit and go after me... consider this an escalation." (Among other things, the post cited a German-language news account saying Kennedy "sounded the alarm concerning the 5G mobile network and Microsoft founder Bill Gates..." Moulitsas also noted an Irish Times article which confirmed that at the rally Kennedy spoke at, "Noticeable numbers of neo-Nazis, kitted out with historic Reich flags and other extremist accessories, mixed in with the crowd.")

So what happened? Moulitsas posted an update Thursday: Shockingly, Kennedy got a trial court judge in New York to agree with him, and a subpoena was issued to Daily Kos to turn over any information we might have on the account. However, we are based in California, not New York, so once I received the subpoena at home, we had a California court not just quash the subpoena, but essentially signal that if New York didn't do the right thing on appeal, California could very well take care of it.

It's been a while since I updated, and given a favorable court ruling Thursday, it's way past time to catch everyone up.

New York is one of the U.S. states that doesn't have a strict "Dendrite standard" law protecting anonymous speech. But soon the blog founder discovered he had allies: The issues at hand are so important that The New York Times, the E.W.Scripps Company, the First Amendment Coalition, New York Public Radio, and seven other New York media companies joined the appeals effort with their own joint amicus brief. What started as a dispute over a Daily Kos diarist has become a meaningful First Amendment battle, with major repercussions given New York's role as a major news media and distribution center.

After reportedly spending over $1 million on legal fees, Kennedy somehow discovered the identity of our community member sometime last year and promptly filed a defamation suit in New Hampshire in what seemed a clumsy attempt at forum shopping, or the practice of choosing where to file suit based on the belief you'll be granted a favorable outcome. The community member lives in Maine, Kennedy lives in California, and Daily Kos doesn't publish specifically in New Hampshire. A perplexed court threw out the case this past February on those obvious jurisdictional grounds....

Then, last week, the judge threw out the appeal of that decision because Kennedy's lawyer didn't file in time — and blamed the delay on bad Wi-Fi...

Kennedy tried to dismiss the original case, the one awaiting an appellate decision in New York, claiming it was now moot. His legal team had sued to get the community member's identity, and now that they had it, they argued that there was no reason for the case to continue. We disagreed, arguing that there were important issues to resolve (i.e., Dendrite), and we also wanted lawyer fees for their unconstitutional assault on our First Amendment rights...

On Thursday, in a unanimous decision, a four-judge New York Supreme Court appellate panel ordered the case to continue, keeping the Dendrite issue alive and also allowing us to proceed in seeking damages based on New York's anti-SLAPP law, which prohibits "strategic lawsuits against public participation."

Thursday's blog post concludes with this summation. "Kennedy opened up a can of worms and has spent millions fighting this stupid battle. Despite his losses, we aren't letting him weasel out of this."
The Military

US Official Urges China, Russia To Declare AI Will Not Control Nuclear Weapons 85

Senior Department arms control official Paul Dean on Thursday urged China and Russia to declare that artificial intelligence would never make decisions on deploying nuclear weapons. Washington had made a "clear and strong commitment" that humans had total control over nuclear weapons, said Dean. Britain and France have made similar commitments. Reuters reports: "We would welcome a similar statement by China and the Russian Federation," said Dean, principal deputy assistant secretary in the Bureau of Arms Control, Deterrence and Stability. "We think it is an extremely important norm of responsible behaviour and we think it is something that would be very welcome in a P5 context," he said, referring to the five permanent members of the United Nations Security Council.
Government

Senators Want Limits On TSA Use of Facial Recognition Technology For Airport Screening (pbs.org) 29

A bipartisan group of senators, led by Jeff Merkley, John Kennedy, and Roger Marshall, is advocating for limitations on the Transportation Security Administration's use of facial recognition technology due to concerns about privacy and civil liberties. PBS reports: In a letter on Thursday, the group of 14 lawmakers called on Senate leaders to use the upcoming reauthorization of the Federal Aviation Administration as a vehicle to limit TSA's use of the technology so Congress can put in place some oversight. "This technology poses significant threats to our privacy and civil liberties, and Congress should prohibit TSA's development and deployment of facial recognition tools until rigorous congressional oversight occurs," the senators wrote.

The effort, led by Sens. Jeff Merkley, D-Ore., John Kennedy, R-La., and Roger Marshall, R-Kan., "would halt facial recognition technology at security checkpoints, which has proven to improve security effectiveness, efficiency, and the passenger experience," TSA said in a statement. The technology is currently in use at 84 airports around the country and is planned to expand in the coming years to the roughly 430 covered by TSA.

Slashdot Top Deals