An anonymous reader quotes a report from The Intercept: In March, two veteran Facebook engineers found themselves grilled about the company's sprawling data collection operations in a hearing for the ongoing lawsuit over the mishandling of private user information stemming from the Cambridge Analytica scandal. The hearing, a transcript of which was recently unsealed (PDF), was aimed at resolving one crucial issue: What information, precisely, does Facebook store about us, and where is it? The engineers' response will come as little relief to those concerned with the company's stewardship of billions of digitized lives: They don't know.

The admissions occurred during a hearing with special master Daniel Garrie, a court-appointed subject-matter expert tasked with resolving a disclosure impasse. Garrie was attempting to get the company to provide an exhaustive, definitive accounting of where personal data might be stored in some 55 Facebook subsystems. Both veteran Facebook engineers, with according to LinkedIn two decades of experience between them, struggled to even venture what may be stored in Facebook's subsystems. "I'm just trying to understand at the most basic level from this list what we're looking at," Garrie asked. "I don't believe there's a single person that exists who could answer that question," replied Eugene Zarashaw, a Facebook engineering director. "It would take a significant team effort to even be able to answer that question." When asked about how Facebook might track down every bit of data associated with a given user account, Zarashaw was stumped again: "It would take multiple teams on the ad side to track down exactly the -- where the data flows. I would be surprised if there's even a single person that can answer that narrow question conclusively." [...]

Facebook's stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine. The special master at times seemed in disbelief, as when he questioned the engineers over whether any documentation existed for a particular Facebook subsystem. "Someone must have a diagram that says this is where this data is stored," he said, according to the transcript. Zarashaw responded: "We have a somewhat strange engineering culture compared to most where we don't generate a lot of artifacts during the engineering process. Effectively the code is its own design document often." He quickly added, "For what it's worth, this is terrifying to me when I first joined as well."

The Indian government is looking to tax winnings of online games as the sector grows in popularity. Quartz reports: Direct tax officials are scrutinizing the data for up to 58,000 crore rupees ($7.2 billion) won over the past three years on an online gaming platform, The Indian Express newspaper reported. Authorities have urged taxpayers to file taxes on such undeclared winnings for the past two assessment years, 2019-20 and 2020-21, the report said.

"Some may have earned more and some less... They are usually in a ledger account and they merge win and loss, it (data) is humongous," Nitin Gupta, chairman of the Central Board of Direct Taxes, told The Indian Express. More than 20,000 taxpayers have filed updated returns for both 2020-21 and 2021-22 until Sept. 02, with undeclared tax payments valued at over Rs50 crore.

In May, India's finance ministry proposed 28% GST on all earnings from online games, regardless of whether the game is based on skill or chance. The GST council will now review this during its meeting this month. [...] The proposed taxation of 28%, along with 30% income tax on winnings, takes the total tax rate on online gaming between 45-50%, industry experts said. This could spell "game over" for the fledgeling industry.

Elizabeth Holmes -- the founder of blood testing startup Theranos and the poster child for misleading investors, media, and innocent people looking for medical care through a web of deceit -- wants a do-over. She is requesting a new trial, according to a document filed Tuesday in the Southern District Court of California. Gizmodo reports: The motion for a new trial, authored by Holmes' attorneys, hinges on "newly discovered evidence," specifically: the alleged testimony regrets of Adam Rosendorff. Rosendorff was a lab director at Theranos and later, testified as a key witness in the case against Holmes and her ex-boyfriend/partner in crime Ramesh "Sunny" Balwani. His original testimony lasted multiple days and emphasized the pressure that Theranos employees were under to demonstrate the faulty diagnostic technology worked, even when it didn't.

"I felt that it was a question on my integrity as a physician not to remain there and to continue to bolster results I essentially didn't have faith in," Rosendorff said while on the witness stand in 2021, according to CNBC. "I came to understand that management was not sincere in diverting resources to solve issues." Now, Holmes and her lawyers are claiming that Rosendorff left a voicemail and then showed up at Holmes' residence on August 8 in a desperate bid to communicate that he "felt he had done something wrong, apparently in connection with Ms. Holmes' trial." The motion, supposedly paraphrasing Rosendorff, says that the former Theranos employee stated, "the government made things seem worse than they were."

In the document, Holmes' legal team wrote, "Under any interpretation of his statements, the statements warrant a new trial under Rule 33. But, at a minimum, and to the extent the Court has any doubt about whether a new trial is required, the Court should order an evidentiary hearing and permit Ms. Holmes to subpoena Dr. Rosendorff to testify about his concerns." Holmes was found guilty in January on four of 11 charges defrauding the company's investors and patients. She was found not guilty on four counts.

In July, Balwani was found guilty of 12 counts of conspiracy and fraud against certain investors and patients.

An anonymous reader quotes a report from the Associated Press: One of the strictest internet privacy laws in the United States has withstood a legal challenge, as a group of telecommunication providers has dropped its bid to overturn the Maine standard. Maine created one of the toughest rules in the nation for internet service providers in 2020 when it began enforcing an "opt-in" web privacy standard. The law stops the service providers from using, disclosing, selling or providing access to customers' personal information without permission.

Industry associations swiftly sued with a claim that the new law violated their First Amendment rights. A federal judge rejected that challenge, but legal wrangling continued. The groups, which include the country's biggest telecommunications providers, filed to dismiss the lawsuit on Sept. 2, said Maine Attorney General Aaron Frey. Frey said the state's privacy law held up despite the efforts of an "army of industry lawyers organized against us," and now other states can follow Maine's lead. "Maine's Legislature wisely sought to protect Maine residents by restricting the disclosure and use of their most private and personal information," Frey said.

The Maine Legislature passed the bill, proposed by former Democratic state Sen. Shenna Bellows, who is now Maine's secretary of state, in 2019. Internet service providers then sued in February 2020, and attorneys for Maine have been in court defending the law since. The proposal stemmed from a Maine effort to bring back rules implemented during President Barack Obama's tenure that were repealed by Congress during President Donald Trump's term. Industry plaintiffs agreed to reimburse Maine for more than $55,000 in costs incurred defending the law, Frey said. Maine is also home to the strictest facial recognition law of its kind. It was passed last July and "prohibits government use of facial recognition except in specifically outlined situations, with the most broad exception being if police have probable cause that an unidentified person in an image committed a serious crime, or for proactive fraud prevention," reports Motherboard.

"Crucially, the law plugs loopholes that police have used in the past to gain access to the technology, like informally asking other agencies or third parties to run backchannel searches for them. Logs of all facial recognition searches by the BMV must be created and are designated as public records."

An anonymous reader quotes a report from Bloomberg: A high-profile push by Congress to rein in the nation's biggest internet companies is at risk of failing with time running out to pass major legislation ahead of midterm elections. Alphabet's Google, Apple, Amazon.com and Meta and their trade groups have poured almost $95 million into lobbying since 2021 as they seek to derail the American Innovation and Choice Online Act, which has advanced further than any US legislative effort to address the market power of some of the world's richest companies. After a nearly two-year battle, the bill is now at a critical juncture as the Senate returns this week for a final stretch before the November midterms. Backers of the measure swear they have the necessary votes, yet it's unclear if they do, and the Senate will be busy with other must-pass spending legislation.

Although clipping the wings of tech giants through antitrust reform had support from both Republicans and Democrats during this Congress, a likely GOP majority in the House next year is expected to focus on allegations that internet platforms squelch conservative viewpoints. That's why tech lobbyists have been trying to run out the clock. Leading Republicans like California's Kevin McCarthy, who is on track to become Speaker under a GOP majority, have publicly opposed the antitrust push. The legislation's sponsors can see the window narrowing. Antitrust advocates were expecting a vote before Congress adjourned for four weeks in August. But Schumer told donors in July that it didn't have enough votes to pass.

The bill has 13 co-sponsors in the Senate, where it would need 60 votes to pass and be sent to the House. Supporters like Yelp's head of public policy Luther Lowe, a longtime Google critic, argue that enough undecided lawmakers would vote for the measure if it came to the floor. A Schumer spokesperson said he's working with the bill's sponsors to find the necessary votes and he still plans to bring it to the floor. The bill was approved by both the House and Senate Judiciary Committees on strong bipartisan votes. Several amendments have addressed concerns about privacy and security issues. What hasn't killed the bill "has made it stronger," said Yelp's Lowe. The measure seeks to restrict the companies from favoring their own products, so that competitors who depend on these platforms to reach consumers wouldn't be at a disadvantage. That could impact the design of Google Maps, the display of Apple Music on an iPhone or the prominence of Amazon Basics on the company's e-commerce site. "I don't see it going to the floor," said Michael Petricone, senior vice president of government affairs at the Consumer Technology Association, a trade group that counts Amazon, Google and Facebook among its members. "With an election coming up, I expect senators to come back and focus on issues that are popular with voters. Tech regulation is not one of those issues."

India has summoned executives of Wikipedia after a cricketer's page on the online encyclopedia was edited with links to a separatist movement. The country's IT ministry made the order on Monday to seek clarification from Wikipedia executives over the incident. From a report: A key IT minister publicly expressed his concern about the edits to the page of cricketer Arshdeep Singh, suggesting that some people from Pakistan were behind the act and were attempting to disrupt peace in the South Asian market. The Wikipedia page of Singh, who had several lapses in a game between India and Pakistan on Sunday, was edited to incorrectly say that he had been selected to play for Khalistan, a fictitious independent homeland sought by some separatists groups. Rajeev Chandrasekhar, India's Junior IT Minister, said in a tweet that no intermediary, a service with over 5 million users, can permit deliberate misinformation campaign of this kind. Such acts "violates our govt's expectation of safe & trusted internet," he tweeted.

A simple digital card praising Islamist militants for an attack on a Taliban position in Afghanistan last month is the first known nonfungible token created and disseminated by a terrorist sympathizer, according to former senior U.S. intelligence officials. From a report: It is a sign that Islamic State and other terror groups may be preparing to use the emerging financial technology to sidestep Western efforts to eradicate their online fundraising and messaging, they said. The NFT, visible on at least one NFT trading website and titled "IS-NEWS #01," bears Islamic State's emblem. It was created by a supporter of the group, likely as an experiment to test a new outreach and funding strategy for ISIS, the former officials said.

Regulators and national-security officials have expressed concern about the potential for terrorists to exploit new financial technologies and markets, including NFTs. "It was only a matter of time," said Yaya Fanusie, a former economic and counterterrorism analyst at the Central Intelligence Agency. An NFT is a unit of data stored on a blockchain -- a database of transactions organized without the need for a central trusted authority. The technology first emerged as a means of tracking, valuing and trading digital assets, but developers say that it has much broader applications, such as digital concert tickets and branded collectibles like digital trading cards.

Seven years ago, Slashdot reader #66,542 announced "Panopticlick 2.0," a site showing how your web browser handles trackers.

But it was just one of the many privacy-protecting projects Peter Eckersley worked on, as a staff technologist at the EFF for more than a decade. Eckersley also co-created Let's Encrypt, which today is used by hundreds of millions of people.

Friday the EFF's director of cybersecurity announced the sudden death of Eckersley at age 43. "If you have ever used Let's Encrypt or Certbot or you enjoy the fact that transport layer encryption on the web is so ubiquitous it's nearly invisible, you have him to thank for it," the announcement says. "Raise a glass."

Peter Eckersley's web site is still online, touting "impactful privacy and cybersecurity projects" that he co-created, including not just Let's Encrypt, Certbot, and Panopticlick, but also Privacy Badger and HTTPS Everywhere. And in addition, "During the COVID-19 pandemic he convened the the stop-covid.tech group, advising many groups working on privacy-preserving digital contact tracing and exposure notification, assisting with several strategy plans for COVID mitigation." You can also still find Peter Eckersley's GitHub repositories online.

But Peter "had apparently revealed recently that he had been diagnosed with cancer," according to a tribute posted online by security company Sophos, noting his impact is all around us: If you click on the padlock in your browser [2022-09-0T22:37:00Z], you'll see that this site, like our sister blog site Sophos News, uses a web certificate that's vouched for by Let's Encrypt, now a well-established Certificate Authority (CA). Let's Encrypt, as a CA, signs TLS cryptographic certificates for free on behalf of bloggers, website owners, mail providers, cloud servers, messaging services...anyone, in fact, who needs or wants a vouched-for encryption certificate, subject to some easy-to-follow terms and conditions....

Let's Encrypt wasn't the first effort to try to build a free-as-in-freedom and free-as-in-beer infrastructure for online encryption certificates, but the Let's Encrypt team was the first to build a free certificate signing system that was simple, scalable and solid. As a result, the Let's Encrypt project was soon able to to gain the trust of the browser making community, to the point of quickly getting accepted as a approved certificate signer (a trusted-by-default root CA, in the jargon) by most mainstream browsers....

In recent years, Peter founded the AI Objectives Institute, with the aim of ensuring that we pick the right social and economic problems to solve with AI:

"We often pay more attention to how those goals are to be achieved than to what those goals should be in the first place. At the AI Objectives Institute, our goal is better goals."

"There's been a big rise in ransomware attacks targeting Linux," reports ZDNet, "as cyber criminals look to expand their options and exploit an operating system that is often overlooked when businesses think about security." According to analysis by cybersecurity researchers at Trend Micro, Linux servers are "increasingly coming under fire" from ransomware attacks, with detections up by 75% over the course of the last year as cyber criminals look to expand their attacks beyond Windows operating systems.

Linux powers important enterprise IT infrastructure including servers, which makes it an attractive target for ransomware gangs — particularly when a perceived lack of threat to Linux systems compared with Windows means that cybersecurity teams might choose to focus on defending Windows networks against cybercrime. Researchers note that ransomware groups are increasingly tailoring their attacks to focus specifically on Linux systems. For example, LockBit is one of the most prolific and successful ransomware operations of recent times and now offers the option of a Linux-based variant that is designed to target Linux systems and has been used to conduct attacks in the wild....

And it isn't just ransomware groups that are increasingly turning their attentions towards Linux — according to Trend Micro, there's been a 145% increase in Linux-based cryptocurrency-mining malware attacks, where cyber criminals secretly exploit the power of infected computers and servers to mine for cryptocurrency for themselves. One of the ways cyber criminals are compromising Linux systems is by exploiting unpatched vulnerabilities. According to the report, these flaws include CVE-2022-0847 — also known as Dirty Pipe — a bug that affects the Linux kernel from versions 5.8 and up, which attackers can use to escalate their privileges and run code. Researchers warn that this bug is "relatively easy to exploit".
The article recommends installing all security patches as soon as they're available — and implementing multi-factor authentication across your organization.

And yes, it's the real ZDNet. They've just re-designed their web site...

The Seattle Times reports: Meta, Facebook's parent company, repeatedly and intentionally violated Washington campaign-ad transparency law and must pay penalties yet to be determined, a judge ruled Friday.

The court also denied Meta's attempt to invalidate Washington's decades-old transparency law, according to Attorney General Bob Ferguson, whose office has repeatedly sued Meta over its failure to abide by the law.... In a statement, Ferguson said his office defeated Facebook's "cynical attempt" to gut Washington's campaign-finance transparency law. "On behalf of the people of Washington, I challenge Facebook to accept this decision and do something very simple — follow the law," he said.

Meta did not immediately respond to a request for comment.

Washington's transparency law, originally passed by voters through an initiative in 1972, requires ad sellers such as Meta to disclose the names and addresses of political ad buyers, the targets of such ads and the total number of views of each ad.
Meta says that rather than comply with the law, Facebook has stopped serving campaign ads altogether in Washington, GeekWire reports, "after determining that the company wouldn't be able to reasonably comply with the law."

But "The current suit against Meta, filed in April 2020, asserts that the company continued to accept political ads in the state after promising to stop." The judge will now consider fines and a potential injunction against the social media giant, reported Eli Sanders, a Seattle journalist who covered the dispute for years for The Stranger newspaper and more recently in his Wild West newsletter....

In court filings, Meta called Washington state "an outlier," arguing that the disclosure law violates the First Amendment by unfairly targeting political speech, and imposing onerous timelines for disclosing what Meta considers unreasonable degrees of detail to people who request information about political ads.

A federal judge on Thursday tentatively declined to overturn the jury conviction of disgraced Theranos CEO Elizabeth Holmes on four felony counts of fraud and conspiracy. That leaves the former Silicon Valley star a step closer to serving prison time. Politico reports: U.S. District Judge Edward Davila won't make that decision final until Oct. 17, when he is scheduled to sentence Holmes in the same San Jose, California, courtroom where a jury found her guilty of duping investors in her much-hyped blood-testing startup. Holmes, 38, faces up to 20 years in prison and a $250,000 fine, plus restitution, for lying to investors about a Theranos technology she hailed as a revolution in healthcare but which in practice produced dangerously inaccurate results.

An anonymous reader quotes a report from MarketWatch: The Internal Revenue Service inadvertently posted what is normally confidential information involving about 120,000 individuals before discovering the error and removing the data from its website, officials said Friday. The data are from Form 990-T (PDF), which is often required for people with individual retirement accounts who earn certain types of business income within those retirement plans. That typically includes people whose IRAs are invested in master limited partnerships, real estate or other assets that generate income, not those whose IRAs are solely invested in securities.

The disclosures included names, contact information and financial information about income within those IRAs. It didn't include Social Security numbers, full individual income information or other data that could affect a taxpayer's credit, the Treasury Department determined, according to a letter that the administration is sending to key members of Congress on Friday. The IRS and Treasury Department blamed a human coding error that happened last year when Form 990-T began to be electronically filed. The nonpublic data was mistakenly included with the public data and all of it was available for searching and downloading on the agency's website. The Wall Street Journal, which routinely analyzes nonprofit tax filings, downloaded at least some of the data before its removal.

U.S. electronics giant Samsung has confirmed a data breach affecting customers' personal information. From a report: In a brief notice, Samsung said it discovered the security incident in late-July and that an "unauthorized third party acquired information from some of Samsung's U.S. systems." The company said it determined customer data was compromised on August 4. Samsung said Social Security numbers and credit card numbers were not affected, but some customer information -- name, contact and demographic information, date of birth, and product registration information -- was taken.

Faruk Fatih Ozer, the founder and CEO of the now-defunct crypto exchange Thodex, has been arrested in the Albanian city of Vlore. PC Gamer reports: Ozer fled following the collapse of Thodex in April 2021: he initially claimed a halt in trading was due to cyberattacks, and that investors' money was safe, before disappearing. Almost immediately afterwards, Turkish police arrested dozens of Thodex employees and seized the firm's computers. It subsequently emerged that, in April 2021, Thodex had moved approximately $125 million worth of bitcoin to the established US crypto exchange Kraken. Given the number of investors in Thodex left with nothing, this looks like straightforward theft from a failing business.

It's not the whole story, either. Cryptocrime analysis firm Chainanalysis addressed Thorex specifically in its overview of 2021, in the wider context of a total $2.8 billion worth of crypto scams over this year being 'rug pulls': wherein a seemingly legitimate business is set up, operates as normal for a while, then suddenly all the money is gone. It's large-scale fraud. "We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users' ability to withdraw funds," says the Chainanalysis report. That works out at an estimate of around $2.5 billion of crypto.

Six people have already been jailed for their role in Thodex, including family members of Ozer, while 20 other prosecutions are ongoing. The Turkish daily Harriyet reports that state prosecutors are out to set an example: "A prison sentence of 40,564 years is sought for each of these 21 people, including Ozer, as over 2,000 people are included in the indictment as complainants."

"Major VPN services have shut down service in India, as there is no way to comply with a new law without breaching their own privacy protection standards," reports 9to5Mac. "The law also applies to iCloud Private Relay, but Apple has not yet commented on its own plans." The Wall Street Journal reports: Major global providers of virtual private networks, which let internet users shield their identities online, are shutting down their servers in India to protest new government rules they say threaten their customers' privacy [...] Such rules are "typically introduced by authoritarian governments in order to gain more control over their citizens," said a spokeswoman for Nord Security, provider of NordVPN, which has stopped operating its servers in India. "If democracies follow the same path, it has the potential to affect people's privacy as well as their freedom of speech," she said [...]

Other VPN services that have stopped operating servers in India in recent months are some of the world's best known. They include U.S.-based Private Internet Access and IPVanish, Canada-based TunnelBear, British Virgin Islands-based ExpressVPN, and Lithuania-based Surfshark. ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom." The government's move "severely undermines the online privacy of Indian residents," Private Internet Access said. "Customers in India will be able to connect to VPN servers in other countries," adds 9to5Mac. "This is the same approach taken in Russia and China, where operating servers within those countries would require VPN companies to comply with similar legislation."

"Cloud storage services are also subjected to the new rules, though there would be little practical impact on Apple here. iCloud does not use end-to-end encryption, meaning that Apple holds a copy of your decryption key, and can therefore already comply with government demands for information."

Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported they were surreptitiously tracking users' browsing history and inserting tracking code into specific ecommerce sites they visited. ArsTechnica: The five extensions flagged by McAfee purport to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, company researchers said, the extensions kept a running list of each site a user visited and took additional actions when users landed on specific sites. The extensions sent the name of each site visited to the developer-designated site d.langhort.com, along with a unique identifier and the country, city, and zip code of the visiting device. If the site visited matched a list of ecommerce sites, the developer domain instructed the extensions to insert JavaScript into the visited page. The code modified the cookies for the site so that the extension authors receive affiliate payment for any items purchased. To help keep the activity covert, some of the extensions were programmed to wait 15 days after installation before beginning the data collection and code injection.

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people's movements months back in time, according to public records and internal emails obtained by The Associated Press. schwit1 shares a report: Police have used "Fog Reveal" to search hundreds of billions of records from 250 million mobile devices, and harnessed the data to create location analyses known among law enforcement as "patterns of life," according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used.It relies on advertising identification numbers, which Fog officials say are culled from popular cellphone apps such as Waze, Starbucks and hundreds of others that target ads based on a person's movements and interests, according to police emails. That information is then sold to companies like Fog.

The High Court in Delhi ordered Telegram to share the personal details of copyright-infringing users with rightsholders. The messaging app refused to do so, citing privacy concerns and freedom of speech, but the court waved away these defenses, ordering the company to comply with Indian law. TorrentFreak reports: Telegram doesn't permit copyright infringement and generally takes swift action in response. This includes the removal of channels that are dedicated to piracy. For some copyright holders that's not enough, as new 'pirate' channels generally surface soon after. To effectively protect their content, rightsholders want to know who runs these channels. This allows them to take action against the actual infringers and make sure that they stop pirating. This argument is the basis of an infringement lawsuit filed in 2020.

The case in question was filed by Ms. Neetu Singh and KD Campus. The former is the author of various books, courses, and lectures, for which the latter runs coaching centers. Both rightsholders have repeatedly complained to Telegram about channels that shared pirated content. In most cases, Telegram took these down, but the service refused to identify the infringers. As such, the rightsholders asked the court to intervene. The legal battle culminated in the Delhi High Court this week via an order compelling Telegram to identify several copyright-infringing users. This includes handing over phone numbers, IP addresses, and email addresses.

The order was issued despite fierce opposition. One of Telegram's main defenses was that the user data is stored in Singapore, which prohibits the decryption of personal information under local privacy law. The Court disagrees with this argument, as the ongoing infringing activity is related to Indian works and will likely be tied to Indian users. And even if the data is stored elsewhere, it could be accessed from India. Disclosing the personal information would not be a violation of Singapore's privacy law either, the High Court adds, pointing out that there is an exception if personal details are needed for investigation or proceedings.

Telegram also brought up the Indian constitution, which protects people's privacy, as well as the right to freedom of speech and expression. However, that defense was unsuccessful too. Finally, Telegram argued that it is not required to disclose the details of its users because the service merely acts as an intermediary. Again, the Court disagrees. Simply taking infringing channels offline isn't good enough in this situation, since infringers can simply launch new ones, as if nothing had happened.

Dashlane announced today that it's integrating passkeys into its cross-platform password manager. "We said, you know what, our job is to make security simple for users," says Dashlane CEO JD Sherman, "and this is a great tool to do that. So we should actually be thinking about ushering in this passwordless era." The Verge reports: Passwords are dying, long live passkeys. Practically the entire tech industry seems to agree that hexadecimal passwords need to die, and that the best way to replace them is with the cryptographic keys that have come to be known as passkeys. Basically, rather than having you type a phrase to prove you're you, websites and apps use a standard called WebAuthn to connect directly to a token you have saved -- on your device, in your password manager, ultimately just about anywhere -- and authenticate you automatically. It's more secure, it's more user-friendly, it's just better. The transition is going to take a while, though, and even when you can use passkeys, it'll be a while before all your apps and websites let you do so.

Going forward, Dashlane users can start to set up passkeys to log into sites and apps where they previously would have created passwords. And whereas systems like Apple's upcoming implementation in iOS 16 will often involve taking a picture of a QR code to log in, Dashlane says it can make the process even simpler because it has apps for most platforms and an extension for most browsers.

An anonymous reader quotes a report from the Guardian: The US National Security Agency (NSA) tried to persuade its British counterpart to stop the Guardian publishing revelations about secret mass data collection from the NSA contractor, Edward Snowden, according to a new book. Sir Iain Lobban, the head of Government Communications Headquarters (GCHQ), was reportedly called with the request in the early hours of June 6, 2013 but rebuffed the suggestion that his agency should act as a censor on behalf of its US partner in electronic spying.

The late-night call and the British refusal to shut down publication of the leaks was the first of several episodes in which the Snowden affair caused rifts within the Five Eyes signals intelligence coalition, recounted in a new book to be published on Thursday, The Secret History of Five Eyes, by film-maker and investigative journalist Richard Kerbaj. According to Kerbaj, Lobban was aware of the importance of the particularly special relationship between the US and UK intelligence agencies but thought "the proposition of urging a newspaper to spike the article for the sake of the NSA seemed a step too far." "It was neither the purpose of his agency nor his own to deal with the NSA's public relations," Kerbaj writes.

In October 2013, the then prime minister, David Cameron, later threatened the use of injunctions or other "tougher measures" to stop further publication of Snowden's leaks about the mass collection of phone and internet communications by the NSA and GCHQ. However, the DA-Notice committee, the body which alerts the UK media to the potential damage a story might cause to national security, told the Guardian at the time that nothing it had published had put British lives at risk. In the new book, Kerbaj reports that the US-UK intelligence relationship was further strained when the head of the NSA, Gen Keith Alexander, failed to inform Lobban that the Americans had identified Snowden, a Hawaii-based government contractor, as the source of the stories, leaving the British agency investigating its own ranks in the search for the leaker. GCHQ did not discover Snowden's identity until he went public in a Guardian interview. "It was a chilling reminder of how important you are, or how important you're not," a senior British intelligence insider is quoted as saying in the book. The book also alleges that members of Five Eyes were outraged by the revelations but weren't prepared to challenge the Americans "out of anxiety that they could be cut off from the flow of intelligence," reports the Guardian. Only the British representatives openly questioned U.S. practices, although they too "decided to bite their tongues when it came to frustration with their U.S. counterparts..."

Sir Kim Darroch, the former UK national security adviser, is quoted in the book as saying: "The US give us more than we give them so we just have to basically get on with it."