An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State. "Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."

An anonymous reader quotes a report from CBC News: The head of a company specializing in cryptocurrency was kidnapped and held for ransom in downtown Toronto during rush hour Wednesday. Police were called about a kidnapping in the area of University Avenue and Richmond Street W. just before 6 p.m., says a spokesperson with the Toronto Police Service. The suspects forced the victim into a vehicle and made a demand for money, the spokesperson said. The man was later located in Centennial Park in Etobicoke uninjured.

CBC Toronto has learned the victim is Dean Skurka, the president and CEO of Toronto-based financial firm WonderFi. He was released after a ransom of $1 million was paid electronically, a source close to the investigation said. Police say the investigation is ongoing and have not released any further details. [...] The alleged kidnapping happened the same day WonderFi released its third quarter earnings results, showing a 153 per cent increase compared to its third quarter in 2023.

An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.

An anonymous reader quotes a report from Reuters: Australia Prime Minister Anthony Albanese said on Thursday the government would legislate for a ban on social media for children under 16, a policy the government says is world-leading. "Social media is doing harm to our kids and I'm calling time on it," Albanese told a news conference. Legislation will be introduced into parliament this year, with the laws coming into effect 12 months after it is ratified by lawmakers, he added. There will be no exemptions for users who have parental consent.

"The onus will be on social media platforms to demonstrate they are taking reasonable steps to prevent access," Albanese said. "The onus won't be on parents or young people." Communications Minister Michelle Rowland said platforms impacted would include Meta Platforms' Instagram and Facebook, as well as Bytedance's TikTok and Elon Musk's X. Alphabet's YouTube would likely also fall within the scope of the legislation, she added.

Intel faces a class-action lawsuit alleging its 13th and 14th generation desktop processors from 2022 and 2023 are defective, causing system instability and frequent crashes. The suit claims that Intel knew of the issue but continued marketing the processors anyway. The Register reports: The plaintiff, Mark Vanvalkenburgh of Orchard Park, New York, purchased an Intel Core i7-13700K from Best Buy in January 2023, according to the complaint [PDF]. "After purchasing the product, Plaintiff learned that the processor was defective, unstable, and crashing at high rates," the complaint claims. "The processor caused issues in his computer, including random screen blackouts and random computer restarts. These issues were not resolved even after he attempted to install a patch issued by Intel for its 13th Generation processors."

The potential class-action lawsuit cites various media reports and social media posts dating back to December 2022 that describe problems with Intel's 13th and 14th generation processors, known as Raptor Lake. These reports document unexplained failures and system instability, as well as a higher-than-expected rate of product returns. "By late 2022 or early 2023, Intel knew of the defect," the complaint says. "Intel's Products undergo pre-release and post-release testing. Through these tests, Intel became aware of the defect in the processors." And because Intel continued making marketing claims touting the speed and performance of its products, with no mention of any defect, the complaint alleges that Intel committed fraud by omission, breached implied warranty, and violated New York General Business Law.

The federal government of Canada has ordered TikTok to shut down its operations in the country, citing national security concerns. However, Canadians will still be able to access the app and use it to create content. "The decision to use a social media application or platform is a personal choice," said Innovation Minister Francois-Philippe Champagne.

"We came to the conclusion that these activities that were conducted in Canada by TikTok and their offices would be injurious to national security. I'm not at liberty to go into much detail, but I know Canadians would understand when you're saying the government of Canada is taking measures to protect national security, that's serious." CBC News reports: Champagne urged Canadians to use TikTok "with eyes wide open." Critics have claimed that TikTok users' data could be obtained by the Chinese government. "Obviously, parents and anyone who wants to use social platform should be mindful of the risk," he said. The decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may harm Canada's national security.

Former CSIS director David Vigneault told CBC News it's "very clear" from the app's design that data gleaned from its users "is available to the government of China" and its large-scale data harvesting goals. "Most people can say, 'Why is it a big deal for a teenager now to have their data [on TikTok]?' Well in five years, in 10 years, that teenager will be a young adult, will be engaged in different activities around the world," he said at the time. "As an individual, I would say that I would absolutely not recommend someone have TikTok."

An anonymous reader quotes a report from The Guardian: The US supreme court grappled on Wednesday with a bid by Meta's Facebook to scuttle a federal securities fraud lawsuit brought by shareholders who accused the social media platform of misleading them about the misuse of user data. The justices heard arguments in Facebook's appeal of a lower court's decision allowing the 2018 class action suit led by Amalgamated Bank to proceed. The suit seeks unspecified monetary damages in part to recoup the lost value of the Facebook stock held by the investors. It is one of two cases coming before them this month -- the other one involving artificial intelligence chipmaker Nvidia on 13 November -- that could lead to rulings making it harder for private litigants to hold companies to account for alleged securities fraud.

At issue is whether Facebook broke the law when it failed to detail the prior data breach in subsequent business-risk disclosures, and instead portrayed the risk of such incidents as purely hypothetical. Facebook argued in a supreme court brief that it was not required to reveal that its warned-of risk had already materialized because "a reasonable investor" would understand risk disclosures to be forward-looking statements. "When we think about these questions, we're not looking only to lies or complete false statements," the liberal justice Elena Kagan told Kannon Shanmugam, the lawyer for Facebook. "We're also looking to misleading statements or misleading omissions." The conservative justice Samuel Alito asked Shanmugam: "Isn't it the case that an evaluation of risks is always forward-looking?" "It is. And that is essentially what underlies our argument here," Shanmugam responded.

The plaintiffs accused Facebook of misleading investors in violation of the Securities Exchange Act, a 1934 federal law that requires publicly traded companies to disclose their business risks. They claimed the company unlawfully withheld information from investors about a 2015 data breach involving British political consulting firm Cambridge Analytica that affected more than 30 million Facebook users. Edward Davila, a US district judge, dismissed the lawsuit but the San Francisco-based ninth US circuit court of appeals revived it. The supreme court's ruling is expected by the end of June.

An anonymous reader quotes a report from TorrentFreak: Rightsholders have asked Google to remove more than 10 billion 'copyright infringing' URLs from its search results. The search engine doesn't celebrate the milestone in any way, but the takedown notices document intriguing shifts in volume over time, as well as shifting takedown interests. [...] The path to 10 billion was turbulent. When Google first made DMCA details public it was processing a few million DMCA takedown requests in a year. That number swiftly increased to hundreds of millions and eventually reached a billion DMCA requests in 2016.

The exponential growth curve eventually flattened out and around 2017, the takedown volume started to decline. The decrease was in part due to various anti-piracy algorithms making pirated content less visible in search results. By downranking pirate sites, infringing content became harder to find. As a result, Google processed fewer takedown notices, a welcome change for both rightsholders and the search engine. Today, Google continues to make pirate sites less visible in search, but the reduction in takedown notices didn't last. On the contrary, over the past several months, Google search processed a record number of DMCA notices.

Last summer, the search giant recorded the 7 billionth takedown request and after that the numbers shot up, adding billions more in the year that followed. The company is now handling removal requests at a rate of roughly 2.5 billion per year; a new record. This represents more than 50 million takedown requests per week and roughly 5,000 every minute. [...] While the 10 billionth reported URL is undoubtedly a milestone, this number is largely driven by a few rightsholders, reporting outfits, and domain names. The aforementioned takedown outfit Link-Busters, for example, accounts for roughly 15% of all reported links, nearly 1.5 billion. Similarly, the ten most prolific rightsholders, including the BPI, HarperCollins, and VIZ Media, are responsible for 40% of all reported links. These ten companies are only a tiny fraction of the 600,000 rightsholders that reported pirated links, however. A small group of domains also receives a disproportionate amount of attention. In total, 5,400,061 domains have been reported, with the top domains having dozens of millions of flagged URLs each. However, most domains have only a few flagged links, some of which are erroneous.

During an operation across 95 countries from April to August 2024, Interpol arrested 41 individuals and dismantled over 1,000 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime. BleepingComputer reports: Interpol said its enforcement action was backed by intelligence provided by private cybersecurity firms like Group-IB, Kaspersky, Trend Micro, and Team Cymru, leading to the identification of over 30,000 suspicious IP addresses. Eventually, roughly 76% of those were taken down, 59 servers were seized, and 43 electronic devices were confiscated, which will be examined to retrieve additional evidence. In addition to the 41 individuals who were arrested, the authorities are also investigating another 65 persons suspected of associating with illicit activities.

A former teacher has filed a federal lawsuit against PowerSchool, alleging the education technology giant illegally sells student data to third parties without proper consent. Emily Cherkin, lead plaintiff in the class action suit filed in San Francisco, claims PowerSchool has amassed 345 terabytes of data from 440 school districts, including sensitive information about students' health, behavior, and academic records. The company provides software services to more than 60 million students across 90 of the largest U.S. school districts.

The lawsuit alleges PowerSchool sells anonymized student data to over 100 partners, including educational consultants and government agencies, while marketing its analytics for workforce and policy planning. The company's Naviance college-planning software alone tracks 6 million high school students. PowerSchool has denied the allegations.

App developers Musi and Sarafan Mobile have sued Apple and Google in California federal court over app removals they claim were unjustified, highlighting tensions over the tech giants' intellectual property enforcement policies. Musi's music-streaming app was removed after YouTube complained about interface infringement, while Sarafan's "Reely" app was taken down following Instagram's claims about logo similarity.

Both developers say the platforms breached their agreements by removing apps without sufficient evidence. The lawsuits underscore broader concerns about Apple and Google's dominance in app distribution. Their private IP dispute systems operate outside traditional legal frameworks, with platforms making unilateral decisions that can effectively shut down businesses, according to University of New Hampshire law professor Peter Karol. [...]

"In a court proceeding, you can see here's a complaint with the allegations, and then we have the defendant respond, and then we have a judge come out with an opinion saying, 'Is the mark valid? Is the mark infringed?'" said Lisa Ramsey, law professor at University of San Diego. Google and Apple's systems, meanwhile, are "a black box."

The clash between law's need for finality and science's evolving nature is creating serious justice problems, an opinion piece on Scientific American argued on Monday. Two recent cases highlight this: Robert Roberson faces execution based on now-discredited shaken baby syndrome science, while the Menendez brothers' life sentences are being questioned due to improved understanding of childhood trauma's effects on violence.

Scientific understanding in criminal justice has repeatedly proven wrong. Texas executed Cameron Todd Willingham in 2004 based on invalidated arson science. The FBI found errors in 90% of their reviewed hair analysis cases. Courts still accept bite mark evidence despite experts failing to distinguish human from animal bites. The legal system fails in two critical ways, the story argues: Judges don't properly screen out bad science despite their "gatekeeper" role established in Daubert v. Merrell Dow, and courts resist reopening cases when scientific understanding changes.

While some states like Texas and California have laws allowing appeals based on updated science, implementation remains weak. Roberson has spent 20 years on death row and the Menendez brothers 28 years in prison while courts drag their feet on reviewing their cases with current scientific knowledge. The piece argues that constitutional due process requires allowing convicts to challenge their cases when the science underlying their convictions proves faulty. The system can reform by enforcing stricter scientific evidence standards and creating clear paths to challenge convictions based on outdated science.

An anonymous reader shared this report from the Los Angeles Times: Los Angeles County has filed suit against the world's largest beverage companies — Coca-Cola and Pepsi — claiming the soda and drink makers lied to the public about the effectiveness of plastic recycling and, as a result, left county residents and ecosystems choking in discarded plastic... The Los Angeles County suit alleges — in a vein similar to that of [California attorney general] Bonta's suit against Exxon Mobil — that the global beverage companies misrepresented the environmental impact of their plastic bottles, "despite knowing that plastics cannot be readily disposed of without associated environmental impacts."

"Coke and Pepsi need to stop the deception and take responsibility for the plastic pollution problems" their products are causing, said Los Angeles County Board of Supervisors Chair Lindsey P. Horvath... Currently, just 9% of the world's plastics are recycled. The rest ends up being incinerated, sent to landfills, or discarded on the landscape, where they are often flushed into rivers or out to sea. At the same time, there is growing concern about the health and environmental consequences of microplastics — the bits of degraded plastic that slough off as the product ages, or is used, or washed. The tiny particles have been detected in every ecosystem on the planet that has been surveyed, as well as nearly every living organism examined... According to the county's statement, the two companies have consistently ranked as the world's "top plastic polluters...."

The beverage maker lawsuit was filed in Los Angeles Superior Court by County Counsel Dawyn R. Harrison on behalf of the people of the state of California... "The goal of this lawsuit is to stop the unfair and illegal conduct, to address the marketing practices that deceive consumers, and to force these businesses to change their practices to reduce the plastic pollution problem in the County and in California," Harrison said in a statement. "My office is committed to protecting the public from deceptive business practices and holding these companies accountable for their role in the plastic pollution crisis."

Millions of U.S. cellphone users could be vulnerable to Chinese government surveillance, warns a Washington Post columnist, "on the networks of at least three major U.S. carriers."

They cite six current or former senior U.S. officials, all of whom were briefed about the attack by the U.S. intelligence community. The Chinese hackers, who the United States believes are linked to Beijing's Ministry of State Security, have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies — and the U.S. government believes they likely continue to have access to the system.... The U.S. government and the telecom companies that are dealing with the breach have said very little publicly about it since it was first detected in August, leaving the public to rely on details trickling out through leaks...

The so-called lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of Sept. 11, 2001, to allow federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real time, depending on the warrant. Many of these cases are authorized under the Foreign Intelligence Surveillance Act (FISA), which is used to investigate foreign spying that involves contact with U.S. citizens. The system is also used for legal wiretaps related to domestic crimes.

It is unknown whether hackers were able to access records about classified wiretapping operations, which could compromise federal criminal investigations and U.S. intelligence operations around the world, multiple officials told me. But they confirmed the previous reporting that hackers were able to both listen in on phone calls and monitor text messages. "Right now, China has the ability to listen to any phone call in the United States, whether you are the president or a regular Joe, it makes no difference," one of the hack victims briefed by the FBI told me. "This has compromised the entire telecommunications infrastructure of this country."

The Wall Street Journal first reported on Oct. 5 that China-based hackers had penetrated the networks of U.S. telecom providers and might have penetrated the system that telecom companies operate to allow lawful access to wiretapping capabilities by federal agencies... [After releasing a short statement], the FBI notified 40 victims of Salt Typhoon, according to multiple officials. The FBI informed one person who had been compromised that the initial group of identified targets included six affiliated with the Trump campaign, this person said, and that the hackers had been monitoring them as recently as last week... "They had live audio from the president, from JD, from Jared," the person told me. "There were no device compromises, these were all real-time interceptions...." [T]he duration of the surveillance is believed to date back to last year.
Several officials told the columnist that the cyberattack also targetted senior U.S. government officials and top business leaders — and that even more compromised targets are being discovered. At this point, "Multiple officials briefed by the investigators told me the U.S. government does not know how many people were targeted, how many were actively surveilled, how long the Chinese hackers have been in the system, or how to get them out."

But the article does include this quote from U.S. Senate Intelligence Committee chairman Mark Warner. "It is much more serious and much worse than even what you all presume at this point."

One U.S. representative suggested Americans rely more on encrypted apps. The U.S. is already investigating — but while researching the article, the columnist writes, "The National Security Council declined to comment, and the FBI did not respond to a request for comment..." They end with this recommendation.

"If millions of Americans are vulnerable to Chinese surveillance, they have a right to know now."

"It's that time again," writes USA Today, noting that Sunday morning millions of Americans (along with millions more in Canada, Europe, parts of Australia, and Chile) "will set their clocks back an hour, and many will renew their twice-yearly calls to put an end to the practice altogether..." Experts say the time changes are detrimental to health and safety, but agree that the answer isn't permanent DST. "The medical and scientific communities are unified ... that permanent standard time is better for human health," said Erik Herzog, a professor of biology and neuroscience at Washington University in St. Louis and the former president of the Society for Research on Biological Rhythms...

Springing forward an hour in March is harder on us than falling back in November. The shift in spring is associated with an increase in heart attacks, and car accident rates also go up for a few days after, he said. But the answer isn't permanent daylight saving time, according to Herzog, who said that could be even worse for human health than the twice-yearly changes. By looking at studies of people who live at the easternmost edge of time zones (whose experience is closest to standard time) and people who live at the westernmost edge (more like daylight saving time), scientists can tell that health impacts of earlier sunrises and sunsets are much better. Waking up naturally with the sun is far better for our bodies than having to rely on alarm clocks to wake up in the dark, he said.

Herzog said Florida, where [Senator Marco] Rubio has championed the Sunlight Protection Act, is much less impacted by the negative impacts of daylight saving time because it's as far east and south as you can get in the U.S., while people in a state like Minnesota would have much more time in the dark in the morning.
The article also reminds U.S. readers that "No state can adopt permanent daylight saving time unless U.S. Congress passes a law to authorize it first." Nevertheless... Oklahoma became the most recent state to pass a measure authorizing permanent daylight saving time, pending Congressional approval, in April. Nineteen other states have passed laws or resolutions to move toward daylight saving time year-round, if Congress were ever to allow it, according to the National Conference of State Legislatures...

Only two states and some territories never have to set their clocks forward or backward... [Hawaii and Arizona, except for the Navajo Nation.]