×
Facebook

Facebook Warns Growth To 'Decelerate Significantly', Mandates Vaccine For US Staff (reuters.com) 113

Facebook said on Wednseday it expects revenue growth to "decelerate significantly." It also announced that it would require anyone working at its U.S. offices to be vaccinated against COVID-19. Google announced a similar policy earlier this morning. Reuters reports: The warning overshadowed the company's beat on Wall Street estimates for quarterly revenue, bolstered by increased advertising spending as businesses build their digital presence to cater to consumers spending more time and money online. Facebook said it expects Apple's recent update to its iOS operating system to impact its ability to target ads and therefore ad revenue in the third quarter. The iPhone maker's privacy changes make it harder for apps to track users and restrict advertisers from accessing valuable data for targeting ads.

Monthly active users came in at 2.90 billion, up 7% from the same period last year but missing analyst expectations of 2.92 billion and marking the slowest growth rate in at least three years, according to IBES data from Refinitiv. "The user growth slowdown is notable and highlights the engagement challenges as the world opens up. But importantly, Facebook is the most exposed to Apple's privacy changes, and it looks like it is starting to have an impact to the outlook beginning in 3Q," said Ygal Arounian, an analyst at Wedbush Securities. Brian Wieser, GroupM's global president of business intelligence, said all social media companies would see slower growth in the second half of the year and that it would take more concrete warnings about activity in June and July for anyone to anticipate a "meaningful deceleration."

Electronic Frontier Foundation

EFF Sues US Postal Office For Records About Covert Social Media Spying Program (eff.org) 57

The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the U.S. Postal Service and its inspection agency seeking records about a covert program to secretly comb through online posts of social media users before street protests, raising concerns about chilling the privacy and expressive activity of internet users. From the press release: Under an initiative called Internet Covert Operations Program, analysts at the U.S. Postal Inspection Service (USPIS), the Postal Service's law enforcement arm, sorted through massive amounts of data created by social media users to surveil what they were saying and sharing, according to media reports. Internet users' posts on Facebook, Twitter, Parler, and Telegraph were likely swept up in the surveillance program. USPIS has not disclosed details about the program or any records responding to EFF's FOIA request asking for information about the creation and operation of the surveillance initiative. In addition to those records, EFF is also seeking records on the program's policies and analysis of the information collected, and communications with other federal agencies, including the Department of Homeland Security (DHS), about the use of social media content gathered under the program.

Media reports revealed that a government bulletin dated March 16 was distributed across DHS's state-run security threat centers, alerting law enforcement agencies that USPIS analysts monitored "significant activity regarding planned protests occurring internationally and domestically on March 20, 2021." Protests around the country were planned for that day, and locations and times were being shared on Parler, Telegram, Twitter, and Facebook, the bulletin said. "We're filing this FOIA lawsuit to shine a light on why and how the Postal Service is monitoring online speech. This lawsuit aims to protect the right to protest," said Houston Davidson, EFF public interest legal fellow. "The government has never explained the legal justifications for this surveillance. We're asking a court to order the USPIS to disclose details about this speech-monitoring program, which threatens constitutional guarantees of free expression and privacy."

China

Tencent's WeChat Suspends New User Registration for Security Compliance (reuters.com) 15

Tencent's WeChat has temporarily suspended registration of new users in mainland China as it undergoes a technical upgrade "to align with relevant laws and regulations," China's dominant instant messaging platform said on Tuesday. From a report: "We are currently upgrading our security technology to align with all relevant laws and regulations," the company said in a statement to Reuters. "During this time, registration of new Weixin personal and official accounts has been temporarily suspended. Registration services will be restored after the upgrade is complete, which is expected in early August," it added. Weixin is the Chinese name for WeChat. [...] China is in the process of tightening policies towards privacy and data security. It is readying a Personal Information Protection Law, which calls for tech platforms to impose stricter measures to ensure secure storage of user data.
Privacy

Is Your Phone Infected With Pegasus? (fossbytes.com) 75

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Chrome

Google Updates Timeline For Unpopular Privacy Sandbox, Which Will Kill Third-Party Cookies In Chrome By 2023 (theregister.com) 27

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies. The Register reports: The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023." Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 -- just a couple of months away -- and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as "harmful to the web in its current form," is scheduled to end around mid-November.

Google said that "extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly," so the dates are not set in stone. There is no suggestion that any of the proposals will be withdrawn; the company appears to believe it can alleviate concerns by tweaking rather than abandoning its proposals. Discussion of the various pieces is set to take place in the W3C Web Incubator Community Group (WICG), though at a FLEDGE WICG Call last week, Google's Michael Kleber, tech lead for Privacy Sandbox, suggested that the W3C would not be deciding which technologies are implemented, at least in the context of FLEDGE (formerly TURTLEDOVE), which enables auctions for personalized ads in a more private manner than today.

FLEDGE is competing for attention with the Microsoft-devised PARAKEET and MaCAW. Asked by Julien Delhommeau, staff system architect at adtech company Xandr, if the WICG would get a say in whether FLEDGE or PARAKEET/MaCAW would be adopted, Kleber said: "The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers. The goal isn't to have one winner and everyone else losing -- the goal of W3C is to put out a bunch of ideas, understand the positives of each, and come to a chimera that has the most necessary features. Every browser seems to want convergence, long term, so figuring out how to make convergence happen is important." [...] According to Kleber, when asked if personalized advertising could be removed from the web, he said "while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." He made this claim on the basis that "Google makes most of its money from the ads that appear on Google Search," which do not require tracking technology.

United States

Consumer Losses Top $500 Million Due To Covid-Related Fraud (cnbc.com) 15

Consumer losses due to Covid-related fraud top $500 million, according to data from the Federal Trade Commission. From a report: The agency has received more than 558,000 complaints from consumers related to the pandemic since the start of 2020. About 60% of the complaints were associated with fraud, citing an aggregate loss of $501 million through July 22. The typical person lost about $370, according to the agency. "Scammers always take advantage of disasters, manmade or natural," said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America, an advocacy group. Criminals have used multiple avenues to steal money from unsuspecting Americans, including fraud related to online shopping, travel and government stimulus funds during the pandemic, according to federal data.
Facebook

Facebook is Now Aggressively Courting a New Partner: Churches (yahoo.com) 126

When the 150,000-member "megachurch" Hillsong opened a branch in Atlanta, its pastor Sam Collier says Facebook suggested using it to explore how churches can "go further farther on Facebook..." reports the New York Times: He is partnering with Facebook, he said, "to directly impact and help churches navigate and reach the consumer better."

"Consumer isn't the right word," he said, correcting himself. "Reach the parishioner better."

Facebook's involvement with churches has been intense: For months Facebook developers met weekly with Hillsong and explored what the church would look like on Facebook and what apps they might create for financial giving, video capability or livestreaming. When it came time for Hillsong's grand opening in June, the church issued a news release saying it was "partnering with Facebook" and began streaming its services exclusively on the platform.

Beyond that, Mr. Collier could not share many specifics — he had signed a nondisclosure agreement...

"Together we are discovering what the future of the church could be on Facebook..."

[Facebook] has been cultivating partnerships with a wide range of faith communities over the past few years, from individual congregations to large denominations, like the Assemblies of God and the Church of God in Christ. Now, after the coronavirus pandemic pushed religious groups to explore new ways to operate, Facebook sees even greater strategic opportunity to draw highly engaged users onto its platform. The company aims to become the virtual home for religious community, and wants churches, mosques, synagogues and others to embed their religious life into its platform, from hosting worship services and socializing more casually to soliciting money. It is developing new products, including audio and prayer sharing, aimed at faith groups...

The partnerships reveal how Big Tech and religion are converging far beyond simply moving services to the internet. Facebook is shaping the future of religious experience itself, as it has done for political and social life... The collaborations raise not only practical questions, but also philosophical and moral ones... There are privacy worries too, as people share some of their most intimate life details with their spiritual communities. The potential for Facebook to gather valuable user information creates "enormous" concerns, said Sarah Lane Ritchie, a lecturer in theology and science at the University of Edinburgh...

"Corporations are not worried about moral codes," she said. "I don't think we know yet all the ways in which this marriage between Big Tech and the church will play out."
Last month Facebook held a summit "which resembled a religious service," the Times reports, at which Chief Operating Officer Sheryl Sandberg said churches were a natural fit for Facebook "because fundamentally both are about connection."

But the article also notes the 6-million member Church of God in Christ "received early access to several of Facebook's monetization features," testing paid subscriptions for exclusive church content, as well as real-time donations during services. But "Leaders decided against a third feature: advertisements during video streams."
United States

For Million of Americans, Unemployment Benefits Require Facial Recognition Scanning (cnn.com) 152

Millions of Americans "are being instructed to use ID.me, along with its facial recognition software, to get their unemployment benefits," reports CNN. The software compares their photo ID with a selfie video they take on their phone with the company's software — but some privacy advocates are concerned: A rapidly growing number of U.S. states, including Colorado, California and New York, turned to ID.me in hopes of cutting down on a surge of fraudulent claims for state and federal benefits that cropped up during the pandemic alongside a tidal wave of authentic unemployment claims. As of this month, 27 states' unemployment agencies had entered contracts with ID.me, according to the company, with 25 of them already using its technology. ID.me said it is in talks with seven more...

The company's rapid advance at state unemployment agencies marks the latest chapter in the story of facial recognition software's spread across the United States. It also highlights how this controversial technology gained a foothold during the pandemic and now appears destined to remain part of our lives for the foreseeable future...

Several ID.me users told CNN Business about problems they had verifying their identities with the company, which ranged from the facial recognition technology failing to recognize their face to waiting for hours to reach a human for a video chat after encountering problems with the technology. A number of people who claim to have had issues with ID.me have taken to social media to beg the company for help with verification, express their own concerns about its face-data collection or simply rant, often in response to ID.me's own posts on Twitter... From ID.me's perspective, its service is making it easier for a wide range of people to access essential government services, as it avoids the common practice of using information gleaned from data brokers and credit bureaus as a means of checking identities. The company said this lets it give a green light to those who don't have a credit history, or may have changed their name, for instance — people who might otherwise have more trouble getting verified.

However, it doesn't sit well with employee and privacy advocates and civil rights groups interviewed by CNN Business. They have concerns about the facial recognition technology itself and for the ID.me verification process's reliance on access to a smartphone or computer and the internet, which may be out of reach for the people to whom unemployment dollars are most critical... ID.me said it does not sell user data — which includes biometric and related information such as selfies people upload, data related to facial analyses, and recordings of video chats users participate in with ID.me — but it does keep it. Biometric data, like the facial geometry produced from a user's selfie, may be kept for years after a user closes their account... In March, ID.me announced raising $100 million in funding from investors including hedge fund Viking Global Investors and CapitalG, which is Google parent company Alphabet's independent growth fund. With that funding round, ID.me said it was valued at $1.5 billion... "We're verifying more than 1% of the American adult population each quarter, and that's starting to compress more to like 45 or 50 days," Hall said. The company has more than 50 million users, he said, and signs up more than 230,000 new ones each day.

CNN also quotes a man who complains the state never gave him an option. "If I wanted unemployment, I had no choice but to do this."
Businesses

Amazon Wants Apartment Buildings to Install a 'Key' System that Lets Them Enter the Lobby (pennlive.com) 178

"Amazon is tired of ringing doorbells," reports the Associated Press. "The online shopping giant is pushing landlords around the country — sometimes with financial incentives — to give its drivers the ability to unlock apartment-building doors themselves with a mobile device." The service, dubbed Key for Business, is pitched as a way to cut down on stolen packages by making it easy to leave them in lobbies and not outside. Amazon benefits because it enables delivery workers to make their rounds faster. And fewer stolen packages reduce costs and could give Amazon an edge over competitors. Those who have installed the device say it reduces the constant buzzing by delivery people and is a safer alternative to giving out codes to scores of delivery people.

But the Amazon program, first announced in 2018, may stir security and privacy concerns as it gains traction. The company said that it does background checks on delivery people and that they can unlock doors only when they have a package in hand to scan. But tenants may not know that Amazon drivers have access to their building's front doors, since Amazon leaves it up to the building to notify them...

Amazon didn't respond to questions about potential hacking. The company has already installed the device in thousands of U.S. apartment buildings but declined to give a specific number... Amazon salespeople have been fanning out to cities across the country to knock on doors, make cold calls or approach building managers on the street to urge them to install the device. The company has even partnered with local locksmiths to push it on building managers while they fix locks. Amazon installs the device for free and sometimes throws in a $100 Amazon gift card to whoever lets them in.

Cellphones

Church Official Exposed Through America's 'Vast and Largely Unregulated Data-Harvesting' (nytimes.com) 101

The New York Times' On Tech newsletter shares a thought-provoking story: This week, a top official in the Roman Catholic Church's American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.

I know that people will have complex feelings about this matter. Some of you may believe that it's acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it's a priest who may have broken his vow of celibacy. To me, though, this isn't about one man. This is about a structural failure that allows real-time data on Americans' movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America's vast and largely unregulated data-harvesting industries. The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone.

This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with. This data is often packaged in bulk and is anonymous in theory, but it can often be traced back to individuals, as the tale of the Catholic official shows...

Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age.

We can now choose a different path.

"Data brokers are the problem," writes the EFF, arguing that the incident "shows once again how easy it is for anyone to take advantage of data brokers' stores to cause real harm." This is not the first time Grindr has been in the spotlight for sharing user information with third-party data brokers... But Grindr is just one of countless apps engaging in this exact kind of data sharing. The real problem is the many data brokers and ad tech companies that amass and sell this sensitive data without anything resembling real users' consent.

Apps and data brokers claim they are only sharing so-called "anonymized" data. But that's simply not possible. Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don't include a legal name. In particular, there's no such thing as "anonymous" location data. Data points like one's home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations. Another piece of the puzzle is the ad ID, another so-called "anonymous" label that identifies a device. Apps share ad IDs with third parties, and an entire industry of "identity resolution" companies can readily link ad IDs to real people at scale.

All of this underlines just how harmful a collection of mundane-seeming data points can become in the wrong hands... That's why the U.S. needs comprehensive data privacy regulation more than ever. This kind of abuse is not inevitable, and it must not become the norm.

United Kingdom

Hole Blasted In Guntrader: UK Firearms Sales Website's CRM Database Breached, 111K Users' Info Spilled Online (theregister.com) 63

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Register reports: The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community. Guntrader spokesman Simon Baseley told The Register that Guntrader.uk had emailed all the users affected by the breach on July 21 and issued a further update yesterday.

Guntrader is roughly similar to Gumtree: users post ads along with their contact details on the website so potential purchasers can get in touch. Gun shops (known in the UK as "registered firearms dealers" or RFDs) can also use Guntrader's integrated gun register product, which is advertised as offering "end-to-end encryption" and "daily backups", making it (so Guntrader claims) "the most safe and secure gun register system on today's market." [British firearms laws say every transfer of a firearm (sale, drop-off for repair, gift, loan, and so on) must be recorded, with the vast majority of these also being mandatory to report to the police when they happen...]

The categories of data in the stolen database are: Latitude and longitude data; First name and last name; Police force that issued an RFD's certificate; Phone numbers; Fax numbers; bcrypt-hashed passwords; Postcode; Postal addresses; and User's IP addresses. Logs of payments were also included, with Coalfire's Barratt explaining that while no credit card numbers were included, something that looks like a SHA-256 hashed string was included in the payment data tables. Other payment information was limited to prices for rifles and shotguns advertised through the site.
The Register recommends you check if your data is included in the hack by visiting Have I Been Pwned. If you are affected and you used the same password on Guntrader that you used on other websites, you should change it as soon as possible.
Privacy

NSO Group CEO Says Law-Abiding Citizens Have 'Nothing To Be Afraid Of' (appleinsider.com) 117

The CEO of NSO Group, whose spyware tools have reportedly been used to target journalists and activists, says that people who aren't criminals shouldn't be afraid of being surveilled AppleInsider reports: Shalev Hulio, 39, recently spoke to Forbes after investigations indicated that NSO Group's Pegasus spyware was used by authoritarian governments to hack and surveil the mobile devices of world leaders, high-profile journalists, and activists. NSO Group says that it sells its tools to governments to help them catch serious criminals like terrorists or gangsters. However, Hulio admitted that it can't control what governments ultimately do with the tools. "We are selling our products to governments. We have no way to monitor what those governments do," he said.

Hulio did note that NSO Group has mechanisms in place to detect when abuse happens so that the company can "shut them down." He says that NSO Group has "done it before and will continue to do so. On the other hand, he said that NSO Group shouldn't be responsible for government misuse. Additionally, Hulio said that the average smartphone has nothing to worry about. While NSO Group's spyware can break into the latest iPhones running up-to-date software, often without any action from the user, it's only aimed at criminals. "The people that are not criminals, not the Bin Ladens of the world -- there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices," Hulio said.

Technology

Flexible Computer Processor is the Most Powerful Plastic Chip Yet (newscientist.com) 25

Could a flexible processor stuck on your produce track the freshness of your cantaloupe? That's the idea behind the latest processor from UK computer chip designer Arm, which says such a device could be manufactured for pennies by printing circuits directly onto paper, cardboard or cloth. From a report: The technology could give trillions of everyday items such as clothes and food containers the ability to collect, process and transmit data across the internet -- something that could be as convenient for retailers as it is concerning for privacy advocates.

In recent decades, processors have reduced in size and price to the point that they are now commonly used in everything from televisions to washing machines and watches. But almost all chips manufactured today are rigid devices created on silicon wafers in highly specialised and costly factories where dozens of complex chemical and mechanical processes take up to eight weeks from start to finish. Now, Arm has developed a 32-bit processor called PlasticARM with circuits and components that are printed onto a plastic substrate, just as a printer deposits ink on paper. James Myers at Arm says the processor can run a variety of programs, although it currently uses read-only memory so is only able to execute the code it was built with. Future versions will use fully programmable and flexible memory.

Technology

India Considering Phased Roll Out of Central Bank Digital Currency (techcrunch.com) 31

India's central bank is considering launching a digital currency, according to a top executive, giving a clear indication of its intentions for the first time after previously stating that it was studying the idea. From a report: T Rabi Sankar, the deputy governor of Reserve Bank of India, said at a conference today that the central bank is considering introducing the nation's digital currency in a "phased" manner while legal changes are made to the South Asian nation's foreign-exchange rules and IT laws. The digital currency, which will be backed by sovereign, will lower the economy's reliance on cash, enable cheaper and smoother international settlements, and protect people from the volatility of privacy cryptocurrencies, he said. "Every idea has to wait for its time, and the time for CBDC [central bank digital currency] is near. We have carefully evaluated the risks," he told an audience at a conference held by think-tank Vidhi Centre for Legal Policy.
Privacy

The Inevitable Weaponization of App Data Is Here (vice.com) 77

After years of warning from researchers, journalists, and even governments, someone used highly sensitive location data from a smartphone app to track and publicly harass a specific person. From a report: In this case, Catholic Substack publication The Pillar said it used location data ultimately tied to Grindr to trace the movements of a priest, and then outed him publicly as potentially gay without his consent. The Washington Post reported on Tuesday that the outing led to his resignation.

The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information. "Experts have warned for years that data collected by advertising companies from Americans' phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right," Senator Ron Wyden told Motherboard in a statement, responding to the incident

Privacy

Pegasus Spyware Seller: Blame Our Customers Not Us For Hacking (bbc.com) 104

The maker of powerful spy software allegedly used to hack the phones of innocent people says blaming the company is like "criticising a car manufacturer when a drunk driver crashes." From a report: NSO Group is facing international criticism, after reporters obtained a list of alleged potential targets for spyware, including activists, politicians and journalists. Investigations have begun as the list, of 50,000 phone numbers, contained a small number of hacked phones. Pegasus infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group has said the software is intended for use against criminals and terrorists and made available to only military, law enforcement and intelligence agencies from countries with good human-rights records. But a consortium of news organisations, led by French media outlet Forbidden Stories, has published dozens of stories based around the list, including allegations French President Emmanuel Macron's number was on it and may have been targeted.
Privacy

Judge Forces US Capitol Rioter To Unlock Laptop Seized By FBI (cnn.com) 391

An anonymous reader quotes a report from CNN: A federal judge forced a US Capitol rioter to unlock his laptop Wednesday after prosecutors argued that it likely contained footage of the January 6 insurrection from his helmet-worn camera. The judge granted the Justice Department's request to place Capitol riot defendant Guy Reffitt in front of his laptop so they could use facial recognition to unlock the device. The maneuver happened after the hearing ended and Reffitt's lawyer confirmed to CNN that the laptop was unlocked. Investigators seized the laptop and other devices earlier this year pursuant to a search warrant.

Reffitt has been in jail since his arrest in January. His case received national attention after his son spoke publicly about how Reffitt had threatened to kill family members if they turned him into the FBI. The case became an example of how former President Donald Trump's lies tore some families apart -- Reffitt's son and daughter testified against him in court or before the grand jury. He pleaded not guilty to five federal crimes, including bringing a handgun to the Capitol grounds during the insurrection and obstructing justice by allegedly threatening his family. The felony gun charge was added last month, and undercuts false claims from Trump and prominent Republican lawmakers that the rioters weren't armed and that they had "no guns whatsoever." The case raised intriguing constitutional questions about the right against self-incrimination, but Judge Dabney Friedrich agreed with prosecutors that the unlocking was within the law.
"As the court here noted, requiring a defendant to expose his face to unlock a computer can be lawful, and is not far removed from other procedures that are now routinely approved by courts, with proper justification: standing in a lineup, submitting a handwriting or voice exemplar, or submitting a blood or DNA sample," CNN senior legal analyst Elie Honig said in an email.

Honig said judges try to strike a balance "between respecting a defendant's privacy and other rights on the one hand, and enabling prosecutors to obtain potentially crucial evidence with minimal intrusion on the defendant's rights, on the other." The "potentially crucial evidence" here may include footage of the handgun that Reffitt brought to the Capitol or comments he made about his intentions that day.
Privacy

Telegram Founder Listed in Leaked Pegasus Project Data (theguardian.com) 23

Amid the varied cast of people whose numbers appear on a list of individuals selected by NSO Group's client governments, one name stands out as particularly ironic. Pavel Durov, the enigmatic Russian-born tech billionaire who has built his reputation on creating an unhackable messaging app, finds his own number on the list. From a report: Durov, 36, is the founder of Telegram, which claims to have more than half a billion users. Telegram offers end-to-end encrypted messaging and users can also set up "channels" to disseminate information quickly to followers. It has found popularity among those keen to evade the snooping eyes of governments, whether they be criminals, terrorists or protesters battling authoritarian regimes. In recent years, Durov has publicly rubbished the security standards of competitors, particularly WhatsApp, which he has claimed is "dangerous" to use. By contrast, he has positioned Telegram as a plucky upstart determined to safeguard the privacy of its users at all costs.
Privacy

Venmo Drops the Global Social Feed That Could Make Your Payments Visible To Strangers (theverge.com) 19

Venmo announced it's removing its global social feed on Tuesday, the payment appâ(TM)s notorious feature that allows strangers to potentially view payments you make and receive on Venmo. From a report: Now Venmo's social elements will be limited to your actual friends on the app in the "friends feed" without you having to toggle any features in the app. The company buried the change in a blog post detailing an update to the Venmo app. [...] Until recently, Venmo also offered users no control over who saw their friends list within the app, which is potentially incriminating in an entirely separate way from seeing the content of a transaction. After Buzzfeed News discovered President Biden's Venmo account and the accounts of people in his inner circle via the friends list, the company added additional privacy controls for the visibility of your Venmo contacts.
Privacy

France Investigates Report Morocco Had Macron's Phone Hacked (bloomberg.com) 39

France is looking into a news report that the phone of French President Emmanuel Macron may have been tapped on behalf of Morocco using spyware developed by Israel's NSO group, his office said Tuesday. From a report: A Moroccan surveillance agency attempted to access his private conversations in 2019, according to an international investigation cited by France Info, which took part in the project. Other heads of state and government members -- including about 15 French ministers or ex-ministers were also targeted -- the probe showed. Morocco has denied responsibility, France Info reported. The Pegasus spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, activists and business executives worldwide, according to the investigation led by the Paris-based not-for-profit Forbidden Stories, which relied on evidence extracted from the phones through forensic analysis by Amnesty International.

slashdot Top Deals