During a 92-minute presentation Wednesday on the state of the free software movement, Richard Stallman spoke at length on a wide variety of topics, including the need for freedom-respecting package systems.

But Stallman also shared his deepest thoughts on a topic dear to the hearts of Slashdot readers: privacy and currency: I won't order from online stores, because I can't pay them . For one thing, the payment services require running non-free JavaScript... [And] to pay remotely you've got to do it by credit card, and that's tracking people, and I want to resist tracking too.... This is a really serious problem for society, that you can't order things remotely anonymously.

But GNU Taler is part of the path to fixing that. You'll be able to get a Taler token from your bank, or a whole bunch of Taler tokens, and then you'll be able to use those to pay anonymously.

Then if the store can send the thing you bought to a delivery box in your neighborhood, the store doesn't ever have to know who you are.
But there's another issue Stallman touched on earlier in his talk: There is a proposed U.S. law called KOSA which would require mandatory age-verification of users -- which means mandatory identification of users, which is likely to mean via face recognition. And it would be in every commercial software application or electronic service that connects to the internet.... [It's] supposedly for protecting children. That's one of the favorite excuses for surveillance and repression: to protect the children. Whether it would actually protect anyone is dubious, but they hope that won't actually be checked.... You can always propose a completely useless method that will repress everyone....
So instead, Stallman suggests that age verification could be handled by.... GNU Taler: Suppose there's some sort of service which charges money, or even a tiny amount of money, and is only for people over 16, or people over 18 or whatever it is. Well, you could get from your bank a Taler token that says the person using this token is over 16. This bank has verified that.... So then the site only needs to insist on a 16-or-over Taler token, and your age is verified, but the site has no idea who you are.

Unfortunately that won't help if user-identifying age-tracking systems are legislated now. The code of Taler works, but it's still being integrated with a bank so that people could actually start to use it with real businesses.
Read on for Slashdot's report on Stallman's remarks on cryptocurrencies and encryption, or jump ahead to...

• Can GNU Taler accounts be frozen?
• Why cryptocurrency shouldn't replace banking
• The problem with VPN apps - and how interoperable encryption could protect your freedom

CNN reports on "an ironic effect" of efforts to remove books from libraries in America. "The more certain books are singled out, the more people want to read them."

And for some U.S. teenagers, "banned book clubs, recent book banning attempts have been a springboard for wider discussions around censorship." The Banned Book Club at Firefly Bookstore [started by 8th grader Joslyn Diffenbaugh] read George Orwell's "Animal Farm" as its first pick. While the satirical novella, which makes a pointed critique of totalitarianism, isn't one of the books currently being challenged in the US, it was banned in the Soviet Union until its fall and was rejected for publication in the UK during its wartime alliance with the USSR. And it faced challenges in Florida in the '80s for being "pro-communist." That history made for some thought-provoking conversations. "It taught a lot because it had references to different forms of government that maybe some adults didn't like their kids reading about, even though it was run by pigs," Diffenbaugh said. "I really thought it shouldn't have been banned for those reasons, or at all."

Teenagers at the Common Ground Teen Center in Washington, Pennsylvania, formed a banned book club soon after a Tennessee school district voted to remove "Maus" from an eighth grade curriculum. But while the graphic novel about the Holocaust was the catalyst for the club, says director Mary Jo Podgurski, the first title they chose to read was, fittingly, "Fahrenheit 451" — the 1953 dystopian novel about government censorship that itself has been challenged over the years. "Obviously this whole idea of taking away books that they wanted to read or that they thought they should read sparked a nerve in them," said Podgurski, an educator and counselor who oversees the Common Ground Teen Center....

Since reading "Fahrenheit 451," the club has also discussed "Animal Farm" and "1984," which has been challenged for its political themes and sexual content. So far, the young readers at the Common Ground Teen Center have been puzzled as to why those books were once deemed inappropriate. "I often wonder, do adults understand what kids have in their phones?" Podgurski said. "They have access to everything. Saying 'don't read this book' shows that you're not understanding teen culture. Young people have access to much information. What they need is an adult to help them process it."

Jonathan Haidt, a social psychologist at the New York University's School of Business, argues in the Atlantic that social-media platforms "trained users to spend more time performing and less time connecting." But that was just the beginning.

He now believes this ultimately fueled a viral dynamic leading to "the continual chipping-away of trust" in a democracy which "depends on widely internalized acceptance of the legitimacy of rules, norms, and institutions." The most recent Edelman Trust Barometer (an international measure of citizens' trust in government, business, media, and nongovernmental organizations) showed stable and competent autocracies (China and the United Arab Emirates) at the top of the list, while contentious democracies such as the United States, the United Kingdom, Spain, and South Korea scored near the bottom (albeit above Russia).... Mark Zuckerberg may not have wished for any of that. But by rewiring everything in a headlong rush for growth — with a naive conception of human psychology, little understanding of the intricacy of institutions, and no concern for external costs imposed on society — Facebook, Twitter, YouTube, and a few other large platforms unwittingly dissolved the mortar of trust, belief in institutions, and shared stories that had held a large and diverse secular democracy together.
In the last 10 years, the article argues, the general public — at least in America — became "uniquely stupid." And he's not just speaking about the political right and left, but within both factions, "as well as within universities, companies, professional associations, museums, and even families." The article quotes former CIA analyst Martin Gurri's comment in 2019 that the digital revolution has highly fragmented the public into hostile shards that are "mostly people yelling at each other and living in bubbles of one sort or another."

The article concludes that by now U.S. politics has entered a phase where truth "cannot achieve widespread adherence" and thus "nothing really means anything anymore--at least not in a way that is durable and on which people widely agree." It even contemplates the idea of "highly believable" disinformation generated by AI, possibly by geopolitical adversaries, ultimately evolving into what the research manager at the Stanford Internet Observatory has described as "an Information World War in which state actors, terrorists, and ideological extremists leverage the social infrastructure underpinning everyday life to sow discord and erode shared reality."

But then the article also suggests possible reforms: The Facebook whistleblower Frances Haugen advocates for simple changes to the architecture of the platforms, rather than for massive and ultimately futile efforts to police all content. For example, she has suggested modifying the "Share" function on Facebook so that after any content has been shared twice, the third person in the chain must take the time to copy and paste the content into a new post. Reforms like this...don't stop anyone from saying anything; they just slow the spread of content that is, on average, less likely to be true.

Perhaps the biggest single change that would reduce the toxicity of existing platforms would be user verification as a precondition for gaining the algorithmic amplification that social media offers. Banks and other industries have "know your customer" rules so that they can't do business with anonymous clients laundering money from criminal enterprises. Large social-media platforms should be required to do the same.... This one change would wipe out most of the hundreds of millions of bots and fake accounts that currently pollute the major platforms.... Research shows that antisocial behavior becomes more common online when people feel that their identity is unknown and untraceable.

In any case, the growing evidence that social media is damaging democracy is sufficient to warrant greater oversight by a regulatory body, such as the Federal Communications Commission or the Federal Trade Commission. One of the first orders of business should be compelling the platforms to share their data and their algorithms with academic researchers.

The members of Gen Z--those born in and after 1997--bear none of the blame for the mess we are in, but they are going to inherit it, and the preliminary signs are that older generations have prevented them from learning how to handle it.... Congress should update the Children's Online Privacy Protection Act, which unwisely set the age of so-called internet adulthood (the age at which companies can collect personal information from children without parental consent) at 13 back in 1998, while making little provision for effective enforcement. The age should be raised to at least 16, and companies should be held responsible for enforcing it. More generally, to prepare the members of the next generation for post-Babel democracy, perhaps the most important thing we can do is let them out to play. Stop starving children of the experiences they most need to become good citizens: free play in mixed-age groups of children with minimal adult supervision...
The article closes with its own note of hope — and a call to action: In recent years, Americans have started hundreds of groups and organizations dedicated to building trust and friendship across the political divide, including BridgeUSA, Braver Angels (on whose board I serve), and many others listed at BridgeAlliance.us. We cannot expect Congress and the tech companies to save us. We must change ourselves and our communities.

The nonprofit online news site Virginia Mercury investigated their state police departments' "real-time location warrants," which are "addressed to telephone companies, ordering them to regularly ping a customers' phone for its GPS location and share the results with police." Public records requests submitted to a sampling of 18 police departments around the state found officers used the technique to conduct more than 7,000 days worth of surveillance in 2020. Court records show the tracking efforts spanned cases ranging from high-profile murders to minor larcenies.... Seven departments responded that they did not have any relevant billing records, indicating they don't use the technique. Only one of the departments surveyed, Alexandria, indicated it had an internal policy governing how their officers use cellphone tracking, but a copy of the document provided by the city was entirely redacted....

Drug investigations accounted for more than 60 percent of the search warrants taken out in the two jurisdictions. Larcenies were the second most frequent category. Major crimes like murders, rapes and abductions made up a fraction of the tracking requests, accounting for just under 25 of the nearly 400 warrants filed in the jurisdictions that year.
America's Supreme Court "ruled that warrantless cellphone tracking is unconstitutional back in 2012," the article points out — but in practice those warrants aren't hard to get. "Officers simply have to attest in an affidavit that they have probable cause that the tracking data is 'relevant to a crime that is being committed or has been committed'.... There's been limited public discussion or awareness of the kinds of tracking warrants the judiciary is approving." "I don't think people know that their cell phones can be converted to tracking devices by police with no notice," said Steve Benjamin, a criminal defense lawyer in Richmond who said he's recently noticed an uptick in cases in which officers employed the technique. "And the reality of modern life is everyone has their phone on them during the day and on their nightstand at night. ... It's as if the police tagged them with a chip under their skin, and people have no idea how easily this is accomplished."
The case for these phone-tracking warrants?

• The executive director of the Virginia Association of Chiefs of Police tells the site that physical surveillance ofen requires too many resources — and that cellphone tracking is safer. "It may be considered an intrusive way of gathering data on someone, but it's certainly less dangerous than physical tracking."
• A spokesperson for the Chesterfield County police department [responsible for 64% of the state's tracking] argued that "We exist to preserve human life and protect the vulnerable, and we will use all lawful tools at our disposal to do so." And they added that such "continued robust enforcement efforts" were a part of the reason that the county's still-rising number of fatal drug overdoses had not risen more.

The site also obtained bills from four major US cellphone carriers, and reported how much they were charging police for providing their cellphone-tracking services:

• "T-Mobile charged $30 per day, which comes to $900 per month of tracking."
• "AT&T charged a monthly service fee of $100 and an additional $25 per day the service is utilized, which comes to $850 per 30 days of tracking..."
• "Verizon calls the service 'periodic location updates,' charging $5 per day on top of a monthly service fee of $100, which comes to $200 per 30 days of tracking."
• "Sprint offered the cheapest prices to report locations back to law enforcement, charging a flat fee of $100 per month."

Thanks to Slashdot reader Beerismydad for sharing the article!

"Cryptocurrency has changed the game of cybercrime," argues Vice's Christian Devolu, in a new episode of their video series CRYPTOLAND. "Hackers and cybergangs have been locking down the data of large corporations, police departments, and even hospitals, and demanding ransom — and guess what they're asking for? Cryptocurrency!"

In short, argues an article accompanying the episode, cryptocurrency "gave birth to the ransomware epidemic."

Slashdot reader em1ly shares one highlight from the video: The team visits a school district in Missouri ["just one of around 1,000 U.S. schools hacked last year with ransomware"] that was the victim of a ransomware attack. ["Luckily, the school's backups were not impacted...."]
Another interesting observation from the article: When ransom payments do happen, companies like Chainalysis can track the Bitcoin through the blockchain, identifying the hackers' wallets and collaborating with law enforcement in an attempt to recover the funds or identify the hackers themselves.

An anonymous reader quotes a report from Yahoo Finance: A single mom who signed up for a $30,000 income-share agreement at a for-profit coding bootcamp has filed a lawsuit in California, alleging she entered the agreement under "false pretenses." Redmond, Washington-based Emily Bruner is suing Bloom Institute of Technology, formerly known as Lambda School, and its head Austen Allred, alleging they misrepresented job placement rates, operated without a license during her course of study, and hid the "true nature" of the school's financial interest in students' success. "I feel like Lambda misled me at every turn -- about their job placement rates and about how they would prepare us for jobs in the field. I was even more shocked when I found out they were operating illegally," Bruner said in a press release. "I took time away from my young son and other career opportunities to participate in a program based on lies," added Bruner, who's seeking a refund from the school as well as monetary damages. "While I'm thankful I opted out of arbitration so I can have my day in court, I wish my classmates who were also misled could be here with me."

Income-share agreements, known as ISAs, are an alternative type of student loan financing where a borrower receives a loan, then pays a percentage of their income after graduation. The terms of an ISA depends on various factors, such as their major topic of study and projected future earnings. [...] Bruner, the plaintiff, signed her ISA on June 29, 2019 when she was living in New Mexico because she could not pay the full tuition amount to attend Lambda full-time, according to the lawsuit. She says she moved back home to North Carolina to live with her parents, who would help her take care of her baby. She took out $30,000 for its six- and 12-month computer science programs offered by San Francisco-based Lambda, according to the complaint. Bruner started school in September 2019 and finished the following August. Students at Lambda agree to pay 17% of their post-Lambda salary for 24 months once they make more than $50,000 a year, according to the lawsuit.

After graduating, she couldn't find a job as a web developer or a software engineer, and was, according to the lawsuit, told by employers that "she did not have the technical skills for the job, and that her education had not prepared her to be a web developer." Bruner ended up going back to program management, a field she was working in prior to attending Lambda. In the lawsuit, she alleged that Lambda misrepresented the fact that it did not have necessary approval from the state regulator, the California Bureau for Postsecondary Education. She also alleged that the school falsified and misrepresented the school's job placement rates. Finally she also alleged that the school hid the true nature of its financial interest in students' success -- specifically by "falsely representing" that Lambda only was compensated when students found jobs and earned income.

Apple's controversial App Tracking Transparency feature available in iOS 14.5 is expected to have a significant impact on Facebook, Twitter, Snap, and YouTube in 2022. According to a report by Lotame, big tech platforms' revenue could drop by almost $16 billion. 9to5Mac reports: For those who don't remember, ATT requires that applications ask permission from users before tracking them across other apps and websites. For example, when you open the Facebook app, you'll see a prompt that says the app would like to track you across other apps and services. There will be two options from which to choose: "Ask App not to Track" or "Allow."

Talking about Facebook, Lotame's report shows that Zuckerberg's company will take the biggest hit as the privacy changes will cost it $12.8 billion in revenue: "The effects of these changes on these companies are hard to isolate because all four players are still growing extremely strongly, still taking share from the last bastions of traditional media and gaining share in digital media as privacy regulations make it harder and harder for independent publishers and technologies to execute,' said Mike Woosley, Chief Operating Officer at Lotame. 'To add to the complexity, the pandemic has introduced volatile and unpredictable gyrations in the pacing of media spend.'"

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones -- and that these apps have the ability to access audio data when muted, or actually do so. The research is described in a paper titled, "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing App." The Register reports: Among the apps studied -- Zoom (Enterprise), Slack, Microsoft Teams/Skype, Cisco Webex, Google Meet, BlueJeans, WhereBy, GoToMeeting, Jitsi Meet, and Discord -- most presented only limited or theoretical privacy concerns. The researchers found that all of these apps had the ability to capture audio when the mic is muted but most did not take advantage of this capability. One, however, was found to be taking measurements from audio signals even when the mic was supposedly off. "We discovered that all of the apps in our study could actively query (i.e., retrieve raw audio) the microphone when the user is muted," the paper says. "Interestingly, in both Windows and macOS, we found that Cisco Webex queries the microphone regardless of the status of the mute button." They found that Webex, every minute or so, sends network packets "containing audio-derived telemetry data to its servers, even when the microphone was muted."

This telemetry data is not recorded sound but an audio-derived value that corresponds with the volume level of background activities. Nonetheless, the data proved sufficient for the researchers to construct an 82 per cent accurate background activity classifier to analyze the transmission and infer the likely activity among six possibilities -- e.g. cooking, cleaning, typing, etc. -- in the room where the app is active. Worse still from a security standpoint, while other apps encrypted their outgoing data stream before sending it to the operating system's socket interface, Webex did not. "Only in Webex were we able to intercept plaintext immediately before it is passed to the Windows network socket API," the paper says, noting that the app's monitoring behavior is inconsistent with the Webex privacy policy. The app's privacy policy states Cisco Webex Meetings does not "monitor or interfere with you your [sic] meeting traffic or content." After the researchers reached out about their findings, Cisco altered Webex so it no longer transmits microphone telemetry data. "Cisco is aware of this report, and thanks the researchers for notifying us about their research," said a Cisco spokesperson. "Webex uses microphone telemetry data to tell a user they are muted, referred to as the 'mute notification' feature. Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex."

An anonymous reader quotes a report from Motherboard: A new class-action lawsuit filed in California targets Otonomo, a data broker that harvests location data from tens of millions of vehicles around the world and then sells access to that information. Otonomo says it has systems in place that protect peoples' privacy. But in June last year, Motherboard published an investigation based on a set of Otonomo data and used the information to find where people likely lived, worked, and where else they drove. At the time, experts said that Otonomo could face legal consequences because of how it handles consent and its data. The new lawsuit focuses specifically on those issues.

"Defendant Otonomo Inc. is a data broker that secretly collects and sells real-time GPS location information from more than 50 million cars throughout the world, including from tens of thousands in California. This data allows Otonomo -- and its paying clients -- to easily pinpoint consumers' precise locations at all times of day and gain specific insight about where they live, work, and worship, and who they associate with," the lawsuit, filed by lawyers from Edelson PC, reads. Courthouse News first reported on the lawsuit. The plaintiff in the case is Saman Mollaei, a citizen of California. The lawsuit does not explain how it came to the conclusion that Otonomo is tracking tens of thousands of people in California. Otonomo originally started in Israel and has an office in California.

Mollaei drives a 2020 BMW X3, and when the vehicle was delivered to him, it contained an electronic device that allowed Otonomo to track its real-time location, according to the lawsuit. Importantly, the lawsuit alleges that Mollaei did not provide consent for this tracking, adding that "At no time did Otonomo receive -- or even seek -- Plaintiff's consent to track his vehicle's locations or movements using an electronic tracking device." More broadly, the lawsuit claims that Otonomo "never requests (or receives) consent from drivers before tracking them and selling their highly private and valuable GPS location information to its clients." The lawsuit says that because Otonomo is "secretly" tracking vehicle locations, it has violated the California Invasion of Privacy Act (CIPA), which bans the use of an "electronic tracking device to determine the location or movement of a person" without consent. In a previous report, Motherboard discovered that Otonomo established agreements with 16 OEM car manufacturers to source location data from their vehicles, which total over 40 million. They also source data from navigation apps and satnavs. The data, which is "relatively easy to deanonymize," is then sold to thousands of different organizations.

An anonymous reader quotes a report from TorrentFreak: Privacy-centered search engine DuckDuckGo has completely removed the search results for many popular pirates sites including The Pirate Bay, 1337x, and Fmovies. Several YouTube ripping services have disappeared, too and even the homepage of the open-source software youtube-mp3 is unfindable. [...] The lack of results is not tied to a specific country and manually fiddling with the region settings didn't change anything either. Apparently, DuckDuckgo has simply removed all thepiratebay.org URLs from its index. This whole-site removal isn't limited to The Pirate Bay either. When we do similar searches for 1337x.to, NYAA.se, Fmovies.to, Lookmovie.io, and 123moviesfree.net, no results appear. For RarBG.to and Fitgirl-repacks we only get one result, instead of the hundreds of thousands we see on other search engines.

The absence of results doesn't only apply to pirate sites themselves. For example, there are no results for the streaming portals Flixtor and Primewire. In addition, the associated status pages, which merely include links to the official domains, are not indexed either. Even several popular stream-rippers have been completely wiped from the search results. That includes 2conv.com, Flvto.bid, and several others. The most surprising omission, by far, is that the official site for the open-source software youtube-dl is not indexed by DuckDuckGo. This site certainly doesn't host or link to any copyright-infringing material. We don't know why the official youtube-dl.org website is not in DuckDuckGo's search results, but at least the official GitHub repository is still findable. DuckDuckGo has yet to explain why these domain names aren't showing up in its search results. "It wouldn't be a surprise if the move is copyright-related," says TorrentFreak.

UPDATE 4/18/22: A spokesperson from DuckDuckGo reached out to us and provided the following statement: "After looking into this, our records indicate that YouTube-dl and The Pirate Bay were never removed from our search results when you searched for them directly by name or URL, which the vast majority of people do (it's rare for people to use site operators or query operators in general)."

They added: "We are having issues with our site: operator, and not just for these sites, but now at least the official site should be coming up for them when you use the site: operator for them. Some of the other sites routinely change domain names and have spotty availability, and so naturally come in and out of the index but should be available as of now."

DC Attorney General Karl Racine has filed a motion asking the court to reconsider its decision to dismiss the antitrust lawsuit he filed against Amazon in 2021. From a report: In the original lawsuit, Racine accused the e-commerce giant of "illegally abusing and maintaining its monopoly power by controlling prices across the online retail market." Third-party sellers that use Amazon's Marketplace have to abide by the company's agreement, which includes a fair pricing policy. If they sell their goods for lower prices elsewhere, Amazon could remove their items' buy box, suspend their shipment option and even terminate their selling privileges for "serious or repeated cases."

The company stopped telling sellers back in 2019 in the midst of antitrust scrutiny that they couldn't sell their products for cheaper prices elsewhere. However, the company later added back a clause under its fair pricing policy that's nearly identical. Racine argued that since sellers price their goods with Amazon's cut in mind, the policy artificially raises prices even on sellers' own websites and on competing e-commerce platforms.

An anonymous reader shares a report: A federal class-action lawsuit involving Maple Heights and 2,000 other U.S. communities against Netflix and Hulu took a detour Wednesday through the Ohio Supreme Court, with Maple Heights officials asking state justices to define the streaming giants as "video service providers." If the Supreme Court agrees, the streaming services would be subject to the same video service provider fees paid by cable companies. Those fees in Ohio are 5% of the companies' gross revenues they earn in the city and go directly into city coffers. The streaming companies argued they are instead "specified digital products" under state law. Therefore, they pay state sales taxes, and Ohio would lose money if the court determines they owe the local franchise fees since they would be exempt from state sales tax under Ohio law. The Ohio Supreme Court will determine whether Netflix and Hulu are video service providers, among other legal questions, in the coming months. After the Ohio Supreme Court issues an opinion, the case in federal court in Cleveland can resume. That case involves around 2,000 cities, but U.S. District Judge James Gwin directed the Ohio Supreme Court to answer legal questions first.

Privacy is one of the selling points of Apple products. But for employees who develop these products, it can be a pain. The Information: Apple doesn't collect a lot of customer data from its services, including Apple Maps, the Siri voice assistant and its paid video-streaming service, according to more than a dozen former employees. And the customer data it does collect from products like the App Store and Apple Music aren't widely accessible to employees who work on those and other products, these people said. That makes it difficult for Apple to mimic popular features developed by its competitors, which collect more data and have fewer restrictions on employee access to such information, they said.

Look at Apple TV+. The paid video-streaming service, unlike its bigger rivals, doesn't collect demographic info about customers or a history of what they have watched, according to a person with direct knowledge of the situation at Apple. That means Apple TV+ employees can't analyze how customers move from one piece of content to another, making it next to impossible to recommend more videos to them based on their preferences -- a contrast to Netflix, Disney and other streaming services, which use such data to get customers to watch more videos. [...] From Apple's app recommendations to new features for Siri and the company's Goldman Sachs-backed credit card, Apple engineers and data scientists often have to find creative or costly ways to make up for the lack of access to data. In some cases, as with Apple TV+, employees simply have to accept limitations on what they can do.

As part of its global anti-piracy mission, the Alliance for Creativity and Entertainment (ACE) has been trying to shut down Pelisplushd.net, a massive pirate streaming site with roughly 70 million visits per month. After tracking down its operator in the remote countryside of Peru, the anti-piracy group says the site is no more. TorrentFreak reports: In a statement published Wednesday, ACE officially announced that it was behind the closure of Pelisplushd.net. The anti-piracy group labeled the platform the second-largest Spanish-language 'rogue website' in the entire Latin American region with 383.5 million visits in the past six months and nearly 75 million visits in February 2022. In Mexico alone, the site had more visitors than hbomax.com, disneyplus.com and primevideo.com, a clear problem for those platforms which are all ACE members.

"This is a huge win for the ACE team based in Latin America as we work to protect the legitimate digital ecosystem throughout the region," said Jan van Voorn, Executive Vice President and Chief of Global Content Protection for the Motion Picture Association. "The successful action against the operator of Pelisplushd.net was only made possible because of evidence that we gathered from previous operations conducted in other countries in Latin America. "This speaks volumes about ACE's ability to crack current cases utilizing years of past gathered intelligence and highlights the global, strategic approach that determines our actions around the world."

The operator of Pelisplushd is yet to be named but ACE reveals that after a positive identification, the anti-piracy group tracked him down to the "remote countryside of Peru." That took place in March and soon after, ACE says the operator agreed to turn over his domains. As far as we can tell the main domain at Pelisplushd.net is not yet completely in ACE/MPA hands but a full transfer will probably take place later.

Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea (DPRK) with technical info on how to evade sanctions. BleepingComputer reports: The sanctions imposed by the International Emergency Economic Powers Act (IEEPA) and Executive Order 13466 forbid the export of any goods, services, or technology to the DPRK without a Department of the Treasury license issued by the Office of Foreign Assets Control (OFAC). Griffith, who worked as a special projects developer and research scientist for the Ethereum Foundation, was arrested in November 2019 by the FBI following a presentation in North Korea on how the country could use cryptocurrency and blockchain tech (i.e., smart contracts) to launder money and evade sanctions.

Despite being denied permission by the US Department of State, Griffith went to the North Korean conference knowing that doing so without a license from the OFAC would violate US sanctions against the DPRK. According to court documents, the cryptocurrency expert asked to receive his travel visa on a separate paper and not on his US passport, likely to avoid creating physical evidence of his travel to North Korea.

At the DPRK Cryptocurrency Conference, "Griffith and his co-conspirators also answered specific questions about blockchain and cryptocurrency technologies for the DPRK audience, including individuals whom Griffith understood worked for the North Korean government." DOJ said today. He also tried recruiting "other US citizens to travel to North Korea and provide similar services to DPRK persons and attempted to broker introductions for the DPRK to other cryptocurrency and blockchain service providers." During the DPRK Cryptocurrency Conference, he also talked about how North Korea could use cryptocurrency to gain financial independence from the global banking system.

"Club Penguin Rewritten," a popular remake of Club Penguin enjoyed by thousands of gamers, has been seized by the City of London Police, with three people in connection with the site's shuttering reportedly arrested for allegedly distributing copyrighted material. "Over 140,000 users were members of a Discord server for the game until today, when every message on the Discord disappeared," reports TechCrunch. From the report: In 2007, Disney purchased Club Penguin -- the children's RPG that served as my first introduction to online fandom -- for a whopping $700 million. Even then, as a child with little context about tech industry acquisitions, the purchase seemed foreboding (at least my friends thought so on the Miniclip forums, where I fraudulently claimed to be 13). But eventually, those of us who were dedicated fans of virtual sledding games and dance parties grew out of it, and after once boasting 200 million users, the game was shut down due to lack of interest in 2017. Disney tried to shuttle remaining players to a new mobile game called Club Penguin Island, but it only lasted for a year. But ever since the end of Club Penguin -- when the iceberg finally tipped in a strangely emotional moment -- there have always been remakes out there for nostalgic adults to relive their days of collecting puffles, dancing in the pizza shop and speed-running bans.

Only one message on the Discord remains, posted early this morning by an admin: "CPRewritten is shutting down effective immediately due to a full request by Disney," the admin said. "We have voluntarily given control over the website to the police for them to continue their copyright investigation." TechCrunch reached out to the City of London Police and Disney to verify these claims but did not hear back before publication. In 2020, Disney shut down "Club Penguin Online," another copy of the game that acquired over a million new players during the pandemic.

A police officer in Santa Ana, California, admitted to blaring Disney favorites from a squad car PA system in an attempt to keep citizens' videos of their actions off of YouTube. Jalopnik reports: It just so happens they woke up a sleeping city council member, who took police to task for their annoying and suspicious tactic. Using copyright infringement against those who record police actions hasn't really work so far, which may be why this officer decided to really blare Disney tunes during an investigation of a car theft. At the moment, the video posted by Santa Ana Audits is still up after being posted six days ago, so it's safe to say this officer woke up an entire community for nothing.

Santa Ana PD release a statement on Twitter acknowledging the video. Santa Ana PD told Vice that using squad car audio system is not department policy. YouTube won't always remove a video for copyright infringement. Sometimes the site will place an ad on the video, with proceeds going to the copyright holder.

An anonymous reader quotes a report from Motherboard: Last year, T-Mobile confirmed it was breached after hackers offered to sell the personal data of 30 million of its customers for 6 bitcoin worth around $270,000 at the time. According to court documents unsealed today and reviewed by Motherboard, a third-party hired by T-Mobile tried to pay the hackers for exclusive access to that data and limit it from leaking more widely. The plan ultimately failed, and the criminals continued to sell the data despite the third-party giving them a total of $200,000. But the news unearths some of the controversial tactics that might be used by companies as they respond to data breaches, either to mitigate the leak of stolen information or in an attempt to identify who has breached their networks.

On Tuesday, the Department of Justice unsealed an indictment against Diogo Santos Coelho, who it alleges is the administrator of a popular hacking site called RaidForums. Law enforcement also uploaded a banner to the RaidForums site announcing they had taken over its domain. Coelho was arrested in the United Kingdom in March. Included in the affidavit in support of request for his extradition to the United States is a section describing a particular set of data that was advertised on RaidForums in August. [...] The document does not name the victim company, instead referring to it as Company 3, but says another post confirmed that the data belonging to "a major telecommunications company and wireless network operator that provides services in the United States.

The document goes on to say that this company "hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals." An employee of this third-party posed as a potential buyer and used the RaidForums' administrator's middleman service to buy a sample of the data for $50,000 in Bitcoin, the document reads. That employee then purchased the entire database for around $150,000, with the caveat that SubVirt would delete their copy of the data, it adds. The purpose of the deletion would be that this undercover customer would be the only one with a copy of the stolen information, greatly limiting the chance of it leaking out further. That's not what happened. The document says that "it appears the co-conspirators continued to attempt to sell the databases after the third-party's purchase." Company 3, the unnamed telecommunications firm that hired this third-party, was T-Mobile, according to Motherboard's review of the timeline and information included in the court records. The third-party that paid cybercriminals $200,000 may have been Mandiant, though the security company has yet to confirm with Motherboard. In March, Mandiant announced it was being acquired by Google.

DuckDuckGo's privacy-focused browsing app is available in beta on Mac, but you'll have to join a private waitlist to gain access. From a report: Just like the mobile browsing app, DuckDuckGo on Mac uses the DuckDuckGo search engine by default, automatically blocks web trackers, and comes with the famous "Fire" button that burns up your browsing history and tabs in a single click. The browsing app also comes with a new feature that's supposed to help block those pesky cookie consent pop-ups that appear when you first open a website. DuckDuckGo says it will clear them on 50 percent of sites, while automatically selecting the option that blocks or minimizes the cookies that track you. Allison Goodman, the senior communications manager at DuckDuckGo, told The Verge that the company plans on increasing this coverage "significantly" as the beta progresses. You'll also gain access to a privacy feed that appears on DuckDuckGo's homepage.