This week America's Department of Defense "created an office to track unidentified objects in space and air, [and] under water," reports Space.com, "or even those that appear to travel between these domains." UFOs, or as they are now known, unidentified aerial phenomena (UAP) have been receiving newfound levels of government scrutiny not seen in decades. Multiple hearings and classified briefings have taken place in the halls of the U.S. Congress in recent months, and many lawmakers have expressed concern that America's airspace may not be as safe as we think due to the many sightings of unidentified objects military aviators and other armed forces personnel have reported.

With that in mind, the Department of Defense announced the creation of this new office in a statement published Wednesday (July 20). The office is known as the All-domain Anomaly Resolution Office, or AARO, and was established within the Office of the Under Secretary of Defense for Intelligence and Security... The office has six primary lines of effort: surveillance, collection and reporting; system capabilities and design; intelligence operations and analysis; mitigation and defeat; governance; and science and technology.
A statement from the U.S. Department of Defense spells out its mission:

• To synchronize efforts across the Department of Defense, and with other U.S. federal departments and agencies
• To detect, identify and attribute objects of interest in, on or near military installations, operating areas, training areas, special use airspace and other areas of interest
• As necessary, to mitigate any associated threats to safety of operations and national security.

Long-time Slashdot reader schwit1 notes the office already has its own Twitter feed, providing "updates and information relative to our examinations of unidentified anomalous phenomena across space, air, and maritime domains."

An anonymous reader quotes a report from Ars Technica: US Senators Ben Ray Lujan (D-N.M.) and Cory Booker (D-N.J.) want to ban Internet data caps. The senators today introduced the "Uncap America Act," which would "prohibit predatory data caps that force families to pay high costs and unnecessary fees to access high-speed broadband," they said in a press release. "A broadband Internet access service provider shall not impose a data cap except when tailored primarily for the purposes of reasonable network management or managing network congestion," the bill says. The proposed law would order the Federal Communications Commission to issue "regulations to define the conditions under which a data cap is to be considered tailored to the purpose of reasonable network management or managing network congestion."

Data caps that don't comply with the exceptions would violate the Communications Act. "While certain broadband Internet access service networks may require practices to effectively manage congestion, those practices should be tailored to improve equitable access among consumers," the bill says. "Unnecessary data caps limit participation in the digital economy and are contrary to the public interest." The bill can be expected to attract fierce opposition from the broadband industry and would face long odds of passing through the Senate and House. If it does become law, it would likely prohibit the home Internet data caps imposed by Comcast and others, which clearly exist for financial purposes and not for any network management need.

While the Lujan/Booker bill leaves key details up to the FCC, it provides a comprehensive definition of what counts as a data cap under the proposed law. The bill says a data cap is "a limit on the amount of bits or other units of information a customer of a broadband Internet access service provider may download or upload during a period of time specified by the broadband Internet service access provider before the customer is charged a fee for additional usage; is subject to an increasing cost per bit or other unit of information; is charged for an incremental block of usage; or experiences a reduction of access speed; or that the customer is otherwise discouraged or prevented from exceeding." The proposed law would apply to home Internet services and mobile data plans, as it uses a definition of broadband service in US law that includes "mass-market retail service by wire or radio." But the FCC would be able to define different rules for different types of connections, Lujan's office told Ars.

An anonymous reader quotes a report from Ars Technica: Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users to quickly receive support for common questions involving Atlassian products. The company warned the passcode was "trivial to obtain."

The company said that Questions for Confluence had 8,055 installations at the time of publication. When installed, the app creates a Confluence user account named disabledsystemuser, which is intended to help admins move data between the app and the Confluence Cloud service. The hardcoded password protecting this account allows for viewing and editing of all non-restricted pages within Confluence. "A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to," the company said. "It is important to remediate this vulnerability on affected systems immediately."

A day later, Atlassian was back to report that "an external party has discovered and publicly disclosed the hardcoded password on Twitter," leading the company to ratchet up its warnings. "This issue is likely to be exploited in the wild now that the hardcoded password is publicly known," the updated advisory read. "This vulnerability should be remediated on affected systems immediately." The company warned that even when Confluence installations don't actively have the app installed, they may still be vulnerable. Uninstalling the app doesn't automatically remediate the vulnerability because the disabledsystemuser account can still reside on the system. To figure out if a system is vulnerable, Confluence users can use these instructions Atlassian provided for locating such accounts.

According to the company, the two ways to fix the issue are to disable or remove the "disabledsystemuser" account.

The Cyberspace Administration of China has fined ride-sharing company DiDi global $1.2 billion for more than 64 billion illegal acts of data collection that it says were carried out maliciously and threatened national security. The Register reports: The Administration enumerated DiDi's indiscretions as follows:

- 53.976 billion pieces of information indicating travellers' intentions were analyzed without informing passengers;
- 8.323 billion pieces of information were accessed from users' clipboards and lists of apps;
- 1.538 billion pieces of information about the cities in which users live were analyzed without permission;
- 304 million pieces of information describing users' place of work;
- 167 million user locations were gathered when users evaluated the DiDi app while it ran in the background;
- 153 million pieces of information revealing the drivers' home and business location;
- 107 million pieces of passenger facial recognition information;
- 57.8 million pieces of driver's ID number information in plain text;
- 53.5092 million pieces of age information;
- 16.3356 million pieces of occupation information;
- 11.96 million screenshots were harvested from users' smartphones;
- 1.3829 million pieces of family relationship information;
- 142,900 items describing drivers' education.

The Administration (CAC) also found DiDi asked for irrelevant permissions on users' smartphones and did not give an accurate or clear explanation for processing 19 types of personal information. The fine levied on DiDi is not a run of the mill penalty. The Administration's Q&A about the incident points out that the fine is a special administrative penalty because DiDi flouted China's Network Security Law, Data Security Law, and Personal Information Protection Law -- and did so for seven years in some cases. [...] DiDi appears to have got the message. It has apologized for its actions, accepted the fine, and vowed to ensure it does not repeat its mistakes.

An anonymous reader quotes a report from Ars Technica: Federal Communications Commission Chairwoman Jessica Rosenworcel has ordered mobile carriers to explain what geolocation data they collect from customers and how they use it. Rosenworcel's probe could be the first step toward stronger action -- but the agency's authority in this area is in peril because Congress is debating a data privacy law that could preempt the FCC from regulating carriers' privacy practices.

Rosenworcel sent letters of inquiry Tuesday "to the top 15 mobile providers," the FCC announced. The chairwoman's letters asked carriers "about their policies around geolocation data, such as how long geolocation data is retained and why and what the current safeguards are to protect this sensitive information," the FCC said. The letters also "probe carriers about their processes for sharing subscriber geolocation data with law enforcement and other third parties' data-sharing agreements. Finally, the letters ask whether and how consumers are notified when their geolocation information is shared with third parties," the FCC said. "Mobile Internet service providers are uniquely situated to capture a trove of data about their own subscribers, including the subscriber's actual identity and personal characteristics, geolocation data, app usage, and web browsing data and habits," the letters say. Under US communications law, carriers are prohibited from using or sharing private information except under specific circumstances. Rosenworcel told carriers to answer the questions by August 3.

[...] Among other things, Rosenworcel's letters ask carriers to describe in detail the geolocation data they collect and retain from customers, to explain why such data is retained for current and former subscribers, how long the data is retained for, a description of safeguards used to protect the data, and what country or countries the geolocation data is stored in. The letters also ask for details regarding how data retention policies are disclosed to subscribers, data deletion policies, and whether subscribers can opt out of data retention. A second list of questions focused on data sharing asks for each carrier's "process and policies for sharing subscriber geolocation data with law enforcement;" for descriptions of "the arrangements, agreements, and circumstances in which [the carrier] shares subscriber geolocation data with third parties that are not law enforcement;" and whether subscribers are "notified of the sharing of their geolocation information with third parties that are not law enforcement." The data-sharing section also probes whether the carriers let customers opt out of programs that share data with third parties. Because geolocation data is highly sensitive and can be combined with other types of data, "the ways in which this data is stored and shared with third parties is of utmost importance to consumer safety and privacy," Rosenworcel told carriers in the letters. Further reading: Homeland Security Records Show 'Shocking' Use of Phone Data, ACLU Says

British business minister Kwasi Kwarteng on Wednesday said he had issued (PDF) an order preventing the acquisition of intellectual property related to vision sensing technology by a Chinese company on national security grounds. Reuters reports: The order, issued under the National Security and Investment Act, prevents Beijing Infinite Vision Technology Co. from buying the intellectual property from the University of Manchester that would have allowed them to develop, test, manufacture, use and sell licensed products. "There is potential that the technology could be used to build defense or technological capabilities which may present national security risk to the United Kingdom," said the order, published by the government. "A SCAMP vision sensor does not output regular images as most sensor do, but rather the results of sensor analysis that provides details of what the senor is seeing," notes Asia Financial.

"This means it can do much more and deliver more valuable information. The technology is used in advanced applications in areas such as robotics, virtual reality, autos and surveillance."

An anonymous reader quotes a report from Gizmodo: Meta CEO Mark Zuckerberg and former COO Sheryl Sandberg will have to provide testimony to a federal court to discuss their alleged involvement in the company's notorious Cambridge Analytica scandal, over half a decade since it first captured the world's attention. [...] Cambridge Analytica was a British political consulting firm that used Facebook user data to target and lobby potential voters ahead of the 2016 election in favor of Donald Trump. The ensuing scandal helped trigger an investigation from the Federal Trade Commission that resulted in Facebook agreeing to a record-setting $5 billion settlement over its privacy practices.

A new filing (PDF) in the Northern District of California Tuesday shows Zuckerberg and Sandberg agreed to be deposed for six and five hours respectively in September of this year. This comes as part of a class action lawsuit filed against Meta, claiming the company violated consumer privacy laws when it shared user data with Cambridge Analytica back in 2015. [...] In addition to Zuckerberg and Sandberg, the court's also seeking to depose Meta's newly named CTO Javier Olivan -- who previously served as the company's Chief Growth Officer -- as well as a handful of other "key witnesses." Olivan's deposition is expected to last three hours. According to Tuesday's filing Meta will also hand over 1,200 documents "previously withheld as privileged." Plaintiffs in the case previously accused Meta and the law firm representing it of "stonewalling," during the court's discovery phase.

A California court has ordered employer-rating site Glassdoor to hand over the identities of users who claimed they had negative experiences working for New Zealand toy giant Zuru. The Guardian reports: In a decision that could prompt unease for online platforms that rely on anonymity to attract candid reviews, Glassdoor was ordered to provide the information so Zuru could undertake defamation proceedings against the reviewers in New Zealand. Glassdoor is an international website where people post anonymous reviews of their current or former employers. Zuru is an international toy manufacturer that was founded in New Zealand and now has a billion-dollar turnover. After an anonymous person or people wrote reviews alleging that Zuru was a "toxic" workplace, the company began pursuing a defamation suit against them -- but first had to find out their identities.

California district court judge Alex Tse wrote in his decision that the reviews refer to Zuru as a "[b]urn out factory" with a "toxic culture," where an "incompetent" management team "consistently talk[s] down" to employees and treats them like "dirt." The judge wrote that the reviews make Zuru "sound like a horrible place to work." Zuru says these and similar statements in the reviews are false and have cost them financially. The company argued that it "has had to expend money, time, and resources in combatting the negative publicity, negative perception, and harm to [Zuru's] reputation that the [r]eviews have caused."

It wants to sue the reviewers for defamation in New Zealand, the country where the company was founded and where the reviewer or reviewers allegedly worked. Tse ruled that New Zealand's defamation laws are the relevant ones in this case, and ordered that Glassdoor hand over identifying information. New Zealand has stricter defamation laws than the US, where there are far greater free speech protections. Tse wrote: "There's good reason to tread lightly in applying US free-speech principles abroad. Our country's commitment to free speech isn't universally shared; and even in other countries that protect free speech, a different balance is often struck between the right to free speech and the right to protect one's reputation. Glassdoor wants to safeguard anonymous speech on its website. Zuru wants to protect its reputation. Both interests can't simultaneously be accommodated." In a statement, Glassdoor said it was "deeply disappointed in the court's decision, which was effectively decided under New Zealand law." They added: "In this and many other cases worldwide, Glassdoor fights vigorously to protect and defend the rights of our users to share their opinions and speak freely and authentically about their workplace experiences."

Glassdoor said it had fought a number of defamation-type cases, and they "prevail in the vast majority of these types of cases. To date, we have succeeded in protecting the anonymity of our users in more than 100 cases filed against our users."

An anonymous reader quotes a report from The New York Times: While working at Twitter from 2013 to 2015, Ahmad Abouammo was responsible for helping celebrities, journalists and other notable figures in the Middle East promote their Twitter accounts. He handled requests for Twitter's coveted blue verification badges and arranged tours of the San Francisco headquarters. But the Justice Department says he misused his access to Twitter user data, gathering the personal information of political dissidents and passing it to Saudi Arabia in exchange for a luxury watch and hundreds of thousands of dollars.

Mr. Abouammo, who is charged with acting as an agent of a foreign power inside the United States, committing wire fraud and laundering money, is set to stand trial this week in federal court in San Francisco. "We look forward to vindicating Mr. Abouammo and for him to have his day in court," said Angela Chuang, a lawyer representing him. The government expects Mr. Abouammo's legal team to argue that he worked lawfully as a consultant to Saudi Arabia, according to a court filing. Ms. Chuang declined to comment on legal strategy. The case, which illustrates the Saudi government's intensity in pursuing information about its critics, is unfolding at a delicate point in diplomacy between the United States and Saudi Arabia.

[...] Mr. Abouammo was charged in 2019 along with another former Twitter employee, Ali Alzabarah. The Justice Department said the men had used their Twitter access to dig up information about thousands of users and shared the information with Ahmed Almutairi, who the department said had served as their go-between with Saudi officials. Mr. Almutairi previously ran a social media marketing company that did work for the Saudi royal family. The men gathered "private user data, such as device identifiers, phone numbers, IP addresses, all of which could have been used by the Saudi government to identify and locate the individuals behind the accounts, including political dissidents," the Justice Department said in a court filing. When Twitter management confronted Mr. Alzabarah, he fled to Saudi Arabia, the Justice Department said. He and Mr. Almutairi remain wanted by U.S. law enforcement. Mr. Abouammo, who worked briefly at Amazon after leaving Twitter, was arrested in Seattle in 2019. He is free on bail but traveled to the San Francisco Bay Area for the trial. The report notes the "fraught" timing for U.S.-Saudi relations, as President Biden just returned from his first visit to the kingdom in hopes of securing closer Saudi-Israeli relations and relief from high gas prices. "It is also a fraught moment for Twitter, as the company faces heightened scrutiny over its data security practices and wages a high-stakes legal battle against Elon Musk, who is trying to back out of a deal to acquire the social media company," adds the report.

An installation-art company called META (or Meta.is) announced Tuesday that it will be suing Meta (or Facebook) for trademark violation, alleging that Zuckerberg's name change violated the smaller company's established brand. The Verge reports: "On October 28, 2021, Facebook seized our META mark and name, which we put our blood, sweat, and tears into building for over twelve years," reads a post on the smaller company's site. "Today, after eight months of trying to negotiate with Facebook in good faith to no avail, we were left with no choice but to file a lawsuit against them."

Much of the case hinges on Facebook's many privacy scandals, which Meta.is argues has made it impossible to share the name. "Meta can no longer provide goods and services under the META mark," the complaint argues, "because consumers are likely to mistakenly believe that Meta's goods and services emanate from Facebook and that Meta is associated with the toxicity that is inextricably linked with Facebook."

Meta.is holds a valid trademark for the name but may still be facing an uphill battle in court, given the broad range of trademark applications Facebook has made since the name change became official -- including separate marks for messaging, social networks, and financial services. There are also a number of trademarks claiming the Meta name for non-tech products, including a hard seltzer and manufacturer of prosthetic limbs.

An anonymous reader quotes a report from TorrentFreak: An Italian court has ordered Cloudflare to block three torrent sites on its public DNS resolver 1.1.1.1. The anti-piracy measures were requested by local music industry group FIMI and anti-piracy group FPM. [...] Rightsholders agree that there's no silver bullet to stop piracy, but they argue that Cloudflare can and should do more to address the problem. In a case before the Court of Milan, they argued that Cloudflare should go even further. In court, anti-piracy outfit FPM and the music group FIMI pointed out that Cloudflare's DNS resolver is problematic too. This DNS resolver helps people to access pirate sites, even when the sites are not using Cloudflare's CDN services. As such, Cloudflare should be required to block problematic sites on its DNS servers too. After hearing these arguments the Milan Court agreed. It issued an interim injunction that requires Cloudflare to block three torrent sites: kickasstorrents.to, limetorrents.pro and ilcorsaronero.pro. These sites are already blocked by ISPs in Italy following an order from local regulator AGCOM.

This is the first time that Cloudflare has been ordered to make pirate sites unavailable through its public DNS resolver 1.1.1.1. This is an important expansion since many Italians switched to public DNS resolvers to bypass ISP blocking measures. With the court order, rightsholders can remove this shortcut. "We welcome the Court's decision which will further strengthen the ongoing infringing site blocking program performed by AGCOM in Italy, whilst also increasing the efficiency of the enforcement actions carried out by the rightsholders to protect their online content," says FIMI CEO Enzo Mazza. [...] In theory, similar injunctions could follow against other DNS providers as well, including Google and OpenDNS. "The ruling opens the door to others that offer similar services, such as Google," Mazza told local media.

NSO Group's Pegasus spyware was used to target Thai pro-democracy protesters and leaders calling for reforms to the monarchy. "We forensically confirmed that at least 30 individuals were infected with NSO Group's Pegasus spyware," reports Citizen Lab. "The observed infections took place between October 2020 and November 2021." Here's an excerpt from the report: Introduction: Surveillance & Repression in Thailand: The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin's sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).

Findings: Pegasus Infections in Thailand: On November 23, 2021, Apple began sending notifications to iPhone users targeted by state-backed attacks with mercenary spyware. The recipients included individuals that Apple believes were targeted with NSO Group's FORCEDENTRY exploit. Many Thai civil society members received this warning. Shortly thereafter, multiple recipients of the notification made contact with the Citizen Lab and regional groups. In collaboration with Thai organizations iLaw and DigitalReach, forensic evidence was obtained from notification recipients, and other suspected victims, who consented to participate in a research study with the Citizen Lab. We then performed a technical analysis of forensic artifacts to determine whether these individuals were infected with Pegasus or other spyware. Victims publicly named in this report consented to be identified as such, while others chose to remain anonymous, or have their cases described with limited detail.

Civil Society Pegasus Infections: We have identified at least 30 Pegasus victims among key civil society groups in Thailand, including activists, academics, lawyers, and NGO workers. The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and predominantly targeted key figures in the pro-democracy movement. In numerous cases, multiple members of movements or organizations were infected. Many of the victims included in this report have been repeatedly detained, arrested, and imprisoned for their political activities or criticism of the government. Many of the victims have also been the subject of lese-majeste prosecutions by the Thai government. While many of the infections were detected on the devices of prominent figures, hacking was also observed against individuals who are not publicly involved in the protests. Speculatively, this may reflect the attackers' intent to uncover details about how opposition movements were organized, and may have been prompted by specific financial transactions that would have been known to Thai financial institutions and the government, but not the public.

An anonymous reader quotes a report from TechCrunch: Amazon filed a lawsuit Monday against the administrators of more than 10,000 Facebook groups that coordinate cash or goods for buyers willing to post bogus product reviews. The global groups served to recruit would-be fake reviewers and operated in Amazon's online storefronts in the U.S., the U.K., France, Germany, Spain, Japan and Italy. If 10,000 Facebook groups sounds like a lot, it's apparently the sum total of groups Amazon has reported to Facebook since 2020. The company notes that past legal action it's taken has been effective and "shut down multiple major review brokers," and yet here we are. They've been suing people for this stuff since all the way back in 2015.

The company named one group, "Amazon Product Review," which boasted more than 40,000 members until Facebook removed it earlier in 2022. That one evaded detection through the time-honored, AI-eluding strategy of swapping a few letters around in phrases that would get it busted. Amazon says that it will leverage the discovery process to "identify bad actors and remove fake reviews commissioned by these fraudsters that haven't already been detected by Amazon's advanced technology, expert investigators and continuous monitoring." The monitoring might be continuous but it's clear that thousands and thousands of illegitimate reviews push products across the online retailer's massive digital storefront every day, all around the world. And regulators are taking notice -- something that's bound to light a little fire under everyone's favorite online shopping monolith.

Denmark is effectively banning Google's services in schools, after officials in the municipality of Helsingor were last year ordered to carry out a risk assessment around the processing of personal data by Google. TechCrunch reports: In a verdict published last week, Denmark's data protection agency, Datatilsynet, revealed that data processing involving students using Google's cloud-based Workspace software suite -- which includes Gmail, Google Docs, Calendar and Google Drive -- "does not meet the requirements" of the European Union's GDPR data privacy regulations. Specifically, the authority found that the data processor agreement -- or Google's terms and conditions -- seemingly allow for data to be transferred to other countries for the purpose of providing support, even though the data is ordinarily stored in one of Google's EU data centers.

Google's Chromebook laptops, and by extension Google Workspace, are used in schools across Denmark. But Datatilsynet focused specifically on Helsingor for the risk assessment after the municipality reported a "breach of personal data security" back in 2020. While this latest ruling technically only applies to schools in Helsingor for now, Datatilsynet notes that many of the conclusions it has reached will "probably apply to other municipalities" that use Google Chromebooks and Workspace. It added that it expects these other municipalities "to take relevant steps" off the back of the decision it reached in Helsingor. The ban is effective immediately, but Helsingor has until August 3 to delete user data. A Google spokesperson told TechCrunch in a statement: "We know that students and schools expect the technology they use to be legally compliant, responsible, and safe. That's why for years, Google has invested in privacy best practices and diligent risk assessments, and made our documentation widely available so anyone can see how we help organizations to comply with the GDPR.

Schools own their own data. We only process their data in accordance with our contracts with them. In Workspace for Education, students' data is never used for advertising or other commercial purposes. Independent organizations have audited our services, and we keep our practices under constant review to maintain the highest possible standards of safety and compliance."

Russia has hit Google with a $373 million fine for failing to restrict access to "prohibited" material about the war in Ukraine and other content. The BBC reports: Roskomnadzor, the country's communications regulator, said the information included "fake" reports that discredited Russia's military and posts urging people to protest. It called the US tech giant a "systematic" violator of its laws. Google did not comment immediately.

The company's local subsidiary declared bankruptcy last month. The move came after Russian authorities seized its local bank account, allowing them to recover 7.2bn roubles that the firm had been ordered to pay for similar reasons last year. [...] The fine announced on Monday, which was calculated as a share of the firm's local revenue, marks the biggest penalty ever imposed on a tech company in Russia, according to state media.

An anonymous reader quotes a report from Politico: The Trump administration's immigration enforcers used mobile location data to track people's movements on a larger scale than previously known, according to documents that raise new questions about federal agencies' efforts to get around restrictions on warrantless searches. The data, harvested from apps on hundreds of millions of phones, allowed the Department of Homeland Security to obtain data on more than 336,000 location data points across North America, the documents show. Those data points may reference only a small portion of the information that CBP has obtained.

These data points came from all over the continent, including in major cities like Los Angeles, New York, Chicago, Denver, Toronto and Mexico City. This location data use has continued into the Biden administration, as Customs and Border Protection renewed a contract for $20,000 into September 2021, and Immigration and Customs Enforcement signed another contract in November 2021 that lasts until June 2023. The American Civil Liberties Union obtained the records from DHS through a lawsuit it filed in 2020. It provided the documents to POLITICO and separately released them to the public on Monday.

The documents highlight conversations and contracts between federal agencies and the surveillance companies Babel Street and Venntel. Venntel alone boasts that its database includes location information from more than 250 million devices. The documents also show agency staff having internal conversations about privacy concerns on using phone location data. In just three days in 2018, the documents show that the CBP collected data from more than 113,000 locations from phones in the Southwestern United States -- equivalent to more than 26 data points per minute -- without obtaining a warrant. The documents highlight the massive scale of location data that government agencies including CBP and ICE received, and how the agencies sought to take advantage of the mobile advertising industry's treasure trove of data. "It was definitely a shocking amount," said Shreya Tewari, the Brennan fellow for the ACLU's Speech, Privacy and Technology Project. "It was a really detailed picture of how they can zero in on not only a specific geographic area, but also a time period, and how much they're collecting and how quickly."

Imagine you are working on your novel on your home computer. It's nearly finished; you have already written approximately one million words. All of a sudden, the online word processing software tells you that you can no longer open the draft because it contains illegal information. Within an instant, all your words are lost. This is what happened in June to a Chinese novelist writing under the alias Mitu. From a report: She had been working with WPS, a domestic version of cloud-based word processing software such as Google Docs or Microsoft Office 365. In the Chinese literature forum Lkong on June 25, Mitu accused WPS of "spying on and locking my draft," citing the presence of illegal content.

The news blew up on social media on July 11 after a few prominent influencer accounts belatedly picked it up. It became the top trending topic on Weibo that day, with users questioning whether WPS is infringing on their privacy. Since then, The Economic Observer, a Chinese publication, has reported that several other online novelists have had their drafts locked for unclear reasons in the past. Mitu's complaint triggered a social media discussion in China about censorship and tech platform responsibility. It has also highlighted the tension between Chinese users' increasing awareness of privacy and tech companies' obligation to censor on behalf of the government. "This is a case where perhaps we are seeing that these two things indeed might collide," says Tom Nunlist, an analyst on China's cyber and data policy at the Beijing-based research group Trivium China.

"Facebook has started to use a different URL scheme for site links," writes the technology blog Ghacks, "to combat URL stripping technologies that browsers such as Firefox or Brave use to improve privacy and prevent user tracking." Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser's Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well....

It is no longer possible to remove the tracking part of the URL, as Facebook merged it with part of the required web address.

Black Parrot (Slashdot reader #19,622) shared this report from ScienceInsider: When the U.S. government released a much-anticipated report on UFOs a year ago, many were perplexed that it couldn't explain 143 of the 144 sightings it examined. (In the single closed case, the report concluded the mystery object was a large, deflating balloon.) "Where are the aliens?" cracked one headline.

The truth was still out there. So was any sense of who had conducted the analysis, because the Office of the Director of National Intelligence, which released the study, provided no details about who had investigated the cases. Last week, however, a former Department of Defense astrophysicist and reality TV personality named Travis Taylor asserted that he was the 'chief scientist' for the congressionally mandated study. The revelation shocked UFO skeptics in the science community. They note that Taylor has made extraordinary claims during TV appearances, including to have "seen more UFOs than I can count," and that he's been tracked by supernatural entities that caused his car and appliances to malfunction....

In fact, Taylor did serve in a lead role with the government's Unidentified Aerial Phenomena (UAP) Task Force, which produced 2021's fuzzy UFO report, Pentagon spokesperson Susan Gough confirmed to ScienceInsider. But Taylor was "informally referred to ... as the chief scientist as efforts to assemble a larger team were underway," and it was not a full-time position. (Taylor did not respond to requests for comment....)

Taylor's critics are simply astonished by what they call his antiscientific embrace of the supernatural — and the Pentagon's willingness to work with him. "I'm starting to see why [the government's] task force was so unsuccessful in identifying its Unidentified Aerial Phenomena!" wrote Robert Sheaffer, a UFO skeptic and author, on his blog.

Two members of the U.S. Congress urged America's Federal Trade Commission "to address deceptive practices in the Virtual Private Network industry," reports the Verge: With abortion becoming illegal or restricted in several states, more people are looking to conceal their messages and search history, as police can use this information to prosecute someone seeking the procedure. In their letter, Anna Eshoo (D-CA) and Senator Ron Wyden ask the FTC to clamp down on VPN providers that engage in deceptive advertising, or make false assertions about the range of their service's privacy. The lawmakers cite research from Consumer Reports that indicate 75 percent of the most popular VPNs "misrepresented their products" or made misleading claims that could give "abortion-seekers a false sense of security." Eshoo and Wyden also call attention to reports accusing various VPN services of misusing user data, as well as "a lack of practical tools or independent research to audit VPN providers' security claims...."

"We urge the Federal Trade Commission to take immediate action... to curtail abusive and deceptive data practices in companies providing VPN services to protect internet users seeking abortions." Eshoo and Wyden also ask that the FTC develop a brochure that informs anyone seeking an abortion about online privacy, as well as outlines the risks and benefits of using a VPN.