Google has been making unauthorized pages for restaurants and using them to take a cut of fees from delivery orders through sites like Postmates, DoorDash and Grubhub, according to a lawsuit Tuesday in San Francisco federal court. Reuters reports: The proposed class action (PDF) filed by Left Field Holdings, a Florida franchisee of Lime Fresh Mexican restaurants, said Google has been creating illegitimate digital "storefronts" for restaurants and deceiving users into thinking that the restaurants approved them. The lawsuit says Google takes a cut from the delivery sites for orders made through the storefronts, and in some cases delivery sites pay Google to divert users to them.

Left Field said restaurants are charged up to 30% of each order in fees by delivery sites, and therefore see "little (if any)" profits from them. Google never received permission to sell the restaurants' food, designed the storefronts to look like they were restaurant-appproved, and placed a large "Order Online" button under restaurant search results to lure users to its storefronts, according to Left Field. [...] The lawsuit accuses Google of deceiving customers and violating federal trademark law starting in 2019. It asks for an undisclosed amount of money damages on behalf of Left Field and similarly affected restaurant owners and a ban on Google's alleged misuse of their trade names. In response to the lawsuit, a Google spokesperson said that the "Order Online" feature is meant to "connect customers with restaurants they want to order food from," and that it lets restaurants "indicate whether they support online orders or prefer a specific provider, including their own ordering website."

An anonymous reader quotes a report from Motherboard: Transparency organization Distributed Denial of Secrets has released what it says is 800GB of data from a section of Roskomnadzor, the Russian government body responsible for censorship in the country. On Distributed Denial of Secrets' website, the organization describes the data as coming from a hack and says that Anonymous claimed responsibility. Roskomnadzor is the agency that has in recent days announced a block of Facebook and other websites in the country as the war in Ukraine intensifies.

Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of Bashkortostan is in the west of the country. Motherboard found references to the Republic of Bashkortostan in some of the released files. The data is split into two main categories: a series of over 360,000 files totalling in at 526.9GB and which date up to as recently as March 5, and then two databases that are 290.6GB in size, according to Distributed Denial of Secrets' website. "The source, a part of Anonymous, urgently felt the Russian people should have access to information about their government. They also expressed their opposition to the Russian people being cut off from independent media and the outside world," wrote DDoSecrets on its website, as highlighted by Forbes.

"We will soon be releasing the raw data while we look for solutions to extracting the data. One appears to be a legal research database that was, according to the file timestamp, last modified in 2020. The other appears to be a database for HR procedures." Given the size of the leak and timing, they note "it's always possible that something could be modified or planted."

HBO was hit with a class action lawsuit on Tuesday alleging that it shares subscribers' viewing history with Facebook, in violation of a federal privacy law. Variety reports: A class action law firm, Bursor & Fisher, filed the suit in federal court in New York on behalf of two HBO Max subscribers, Angel McDaniel and Constance Simon. The suit alleges that HBO provides Facebook with customer lists, which allows Facebook to match customers' viewing habits with their Facebook profiles. The suit alleges that HBO never receives consent from subscribers to do this, thereby violating the Video Privacy Protection Act. The act was passed in 1988, after a reporter obtained Robert Bork's rental history from a video store.

The lawsuit argues that HBO knows that Facebook can combine such data because HBO is a major advertiser on Facebook, and it in fact uses that information to retarget Facebook ads to its own subscribers. HBO Max has a privacy policy on its website, in which it discloses that it and its partners use cookies to deliver personalized ads, among other purposes. But the VPPA requires that subscribers give separate consent to share their video viewing history. "In other words," the lawsuit states, "a standard privacy policy will not suffice."

An anonymous reader quotes a report from PCMag: DuckDuckGo is now down-ranking sites associated with Russian disinformation in response to the Kremlin's invasion of Ukraine, but some critics say the change amounts to censorship. DuckDuckGo CEO Gabriel Weinberg announced the down-ranking on Twitter. "Like so many others I am sickened by Russia's invasion of Ukraine and the gigantic humanitarian crisis it continues to create," he wrote in the tweet, which included the hashtag StandWithUkraine. "At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation," he added. Weinberg didn't elaborate on the decision, or how the down-ranking will work. [...] Weinberg was quick to defend the decision, saying it was necessary to provide relevant search results over disinformation. Not everyone is a fan of the decision. "So you are censoring your users? DDG now decides what is or isn't misinformation? This decision should be left to the user," wrote one user on Twitter.

"You've got that magic 'disinformation finder' eh?" wrote another user. "You're just sure you're going to only downrank things that are wrong?"

Others referenced DuckDuckGo's commitment to "unbiased search."

An anonymous reader quotes a report from TechCrunch: Another European privacy watchdog has sanctioned the controversial facial recognition firm, Clearview AI, which scrapes selfies off the Internet to amass a databased of some 10 billion of faces to power an identity-matching service it sells to law enforcement. Italy's data protection agency today announced a [roughly $22 million] penalty for breaches of EU law -- as well as ordering the controversial company to delete any data on Italians it holds and banning it from any further processing of citizens' facial biometrics. Its investigation was instigated following "complaints and reports," it said, noting that as well as breaches of privacy law it found the company had been tracking Italian citizens and people located in Italy.

"The findings revealed that the personal data held by the company, including biometric and geolocation data, are processed illegally, without an adequate legal basis, which certainly cannot be the legitimate interest of the American company," the Garante said in a press release. Other General Data Protection Regulation (GDPR) breaches it identified included transparency obligations (on account of Clearview not having adequately informed users of what it was doing with their selfies); violations of purpose limitation and having used user data for purposes other than those for which they were published online; and also breaches of data retention rules with no limit on storage. "Clearview AI's activity therefore violates the freedoms of the data subjects, including the protection of confidentiality and the right not to be discriminated against," the authority also said. CEO Hoan Ton-That said in a statement: "Clearview AI does not have a place of business in Italy or the EU, it does not have any customers in Italy or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR."

Ton-That added: "We only collect public data from the open internet and comply with all standards of privacy and law. I am heartbroken by the misinterpretation by some in Italy, where we do no business, of Clearview AI's technology to society. My intentions and those of my company have always been to help communities and their people to live better, safer lives."

The Georgia state Senate voted 33-21 on Tuesday to pass a bill that seeks to prohibit social media platforms from removing or censoring content amid an outcry from conservatives that their political views are being discriminated against, even though a similar Texas law has been put on hold by a federal court. The Associated Press reports: Senate Bill 393 moves to the House for more debate. It declares that social media companies that have more than 20 million users in the United States are common carriers and that they can't block people from receiving certain messages based on viewpoints, location, race, ethnicity, religion, political beliefs, gender, sexual orientation or disability. "What we are stating here is you cannot be discriminated against for your viewpoint, your gender, your age or other things in this 21st century public square," said Sen. Greg Dolezal, a Cumming Republican who is sponsoring the bill. Dolezal said companies could still pull down lewd, obscene or offensive materials.

But the technology industry says the measure is illegal, in part because it would unconstitutionally make private companies host speech they don't agree with. They also argue that private owners should be able to do as they please with their own property. Dolezal has acknowledged that the state would be sued if it passed the law, but argues that a challenge could be heard by the U.S. Supreme Court, breaking new and desirable ground. Researchers have not found widespread evidence that social media companies are biased against conservative news, posts or materials.

The bill says social media companies must publish how it moderates content, targets content to specific users, and how it boosts the reach or hides specific content. It also says social media companies have to publish a report every six months on how often they were alerted to potentially illegal content and how many times they removed or downplayed content and suspended or removed users. Anyone who doesn't think a company is following the law could file a civil lawsuit, including a class action, in Georgia courts.

An anonymous reader quotes a report from GIzmodo: Ormeus is a cryptocurrency that was launched in 2017, the brainchild of John and Tina Barksdale -- two siblings and self-identified crypto marketers -- who are now facing federal securities charges in connection with their business. In a complaint unsealed Tuesday, the Securities and Exchange Commission charged the siblings with defrauding their investors out of $124 million. In an accompanying federal indictment unsealed the same day, the Justice Department announced multiple charges against John Barksdale -- wire fraud, conspiracy to commit wire fraud, conspiracy to commit securities fraud. Both agencies allege that the duo used misleading and outright fraudulent marketing techniques to lure in investors to a coin that wasn't nearly as valuable as they claimed.

"As alleged, Barksdale operated like a traveling salesman and peddled lies, overstatements, and misrepresentations regarding a cryptocurrency called Ormeus Coin, which resulted in duping thousands of investors throughout the world," said Ricky J. Patel, Homeland Security Investigations New York Special Agent in Charge, in a statement. According to officials, the Barksdales claimed that their business was supported by "one of the largest crypto mining operations in the world" and that the company was raking in monthly mining revenue between $5.4 and $8 million. The Barksdales also heralded their token as a "new digital money system backed by a fully-audited industrial crypto-mining operation." But, according to federal officials, most of those claims were BS.

Officials say the Ormeus mining operations shut down in 2019 after drawing too little money, that it never reached even a million dollars per month. According to the DOJ, John Barksdale claimed to have $250 million worth of Bitcoin stored at the mining operation that would secure the token's value. In reality, the coins belonged to someone else, the indictment states. The indictment against him claims that misrepresentations and fabrications about the coin's value were promoted via Ormeus Global, a multi-level marketing company that used false and manipulative advertising to encourage hapless investors to go all-in on the coin.

Apple said on Tuesday it has filed a lawsuit against Israeli cyber firm NSO Group and its parent company OSY Technologies for alleged surveillance and targeting of U.S. Apple users with its Pegasus spyware. From a report: The iPhone maker said it is also seeking to ban NSO Group from using any Apple software, services or devices to prevent further abuse. Apple is the latest in a string of companies and governments to come after NSO, the maker of the Pegasus hacking tool that watchdog groups say targeted human rights workers and journalists.

For the last two years, Unified Patents, an international organization of over 200 businesses, has been winning the battle against patent trolls "to keep them from stealing from the companies and organizations that actually use patents' intellectual property (IP)," writes ZDNet's Steven Vaughan Nichols. "This is their story to date." From the report: Unified Patents brings the fight to the trolls. It deters patent trolls from attacking its members by making it too expensive for the troll to win. The group does this by examining troll patents and their activities in various technology sectors (Zones). The United Patents Open Source Software Zone (OSS Zone) is the newest of these Zones. [...] Even before OSS Zone was formally launched, Unified Patents along with the Open Invention Network (OIN), the world's largest patent non-aggression group, launched legal cases against poor quality PAE-owned (Patent Assertion Entities) patents. The Linux Foundation and Microsoft have also joined the OSS Zone to battle these bad patents. [...]

Together, United Patents uses open-source software evidence as proof to establish that the trolls often don't have a case. This is done using Inter Partes Review (IPR), a 2012 legal tool for showing that a bad patent never should have been granted in the first place. [Linux Foundation Executive Director Jim Zemlin] notes, "The Patent Trial and Appeal Board (PTAB)'s discretionary rulings on IPRs have changed the landscape around NPEs. These cases take a long time to be resolved. Typically, it takes from 12 to 24 months. That also makes them expensive for both the OSS Zone and the trolls. Keith Bergelt, the OIN's CEO, said "In other technology areas when patents go through the IPR process or are reexamined, there is a settlement around 20% of the time. In the OSS Zone, there are few settlements. This makes it more costly and difficult to administer, but also is difficult on the PAEs. When the success rate against their patents is over 95%, certain PAEs that would otherwise hope to settle have essentially given up on defending their patents." Still, with such a high success rate, it's worth the expense.

To date, Unified has overseen and managed 43 challenges. Of these, 12 patents were found invalid, another 23 cases have been instituted, and six are still in process. This has led to multiple settlements for Unified Patents members. These, in turn directly pass through to OIN's 3,600+ community members. For example, an Accelerated Memory Tech patent 6,513,062, was used by the troll IP Investments Group to claim that the open-source Redis, which manages cache resources on the cloud, violated the patent. Redis, not having any money, IP Investments Group instead went after Hulu, Citrix Systems, Barracuda Networks, Kemp Technologies, and F5 Networks for their use of Redis software. IP Investments Group gave up rather than fighting it out. Everyone who uses Redis wins. It's one small victory, but that's how the patent troll wars are won. And, with the United Patents' high-success rate in knocking out bad patents, slowly but surely the patent trolls are being driven back from not only open-source software but all software.

With sanctions against Russia starting to bite, the Kremlin is mulling ways to keep businesses and the government running. The latest is a creative twist on state asset seizures, only instead of the government taking over an oil refinery, for example, Russia is considering legalizing software piracy. Ars Technica reports: Russian law already allows for the government to authorize -- "without consent of the patent holder" -- the use of any intellectual property "in case of emergency related to ensuring the defense and security of the state." The government hasn't taken that step yet, but it may soon, according to a report from Russian business newspaper Kommersant, spotted and translated by Kyle Mitchell, an attorney who specializes in technology law. It's yet another sign of a Cyber Curtain that's increasingly separating Russia from the West.

The plan would create "a compulsory licensing mechanism for software, databases, and technology for integrated microcircuits," the Kommersant said. It would only apply to companies from countries that have imposed sanctions. While the article doesn't name names, many large Western firms -- some of which would be likely targets -- have drastically scaled back business in Russia. So far, Microsoft has suspended sales of new products and services in Russia, Apple has stopped selling devices, and Samsung has stopped selling both devices and chips. Presumably, any move by the Kremlin to "seize" IP would exempt Chinese companies, which are reportedly considering how to press their advantage. Smartphone-makers Xiaomi and Honor stand to gain, as do Chinese automakers. Still, any gains aren't guaranteed since doing business in Russia has become riddled with problems, spanning everything from logistics to finance.

Zelle, the payments platform used by millions of customers, is a popular target of scammers. But banks have been reluctant to make fraud victims whole -- despite owning the system. From a report: Consumers love payment apps like Zelle because they're free, fast and convenient. Created in 2017 by America's largest banks to enable instant digital money transfers, Zelle comes embedded in banking apps and is now by far the country's most widely used money transfer service. Last year, people sent $490 billion through Zelle, compared with $230 billion through Venmo, its closest rival. Zelle's immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There's no way for customers -- and in many cases, the banks themselves -- to retrieve the money.

Nearly 18 million Americans were defrauded through scams involving digital wallets and person-to-person payment apps in 2020, according to Javelin Strategy & Research, an industry consultant. "Organized crime is rampant," said John Buzzard, Javelin's lead fraud analyst. "A couple years ago, we were just starting to talk about it" on apps like Zelle and Venmo, Mr. Buzzard said. "Now, it's common and everywhere." The banks are aware of the widespread fraud on Zelle. When Mr. Faunce called Wells Fargo to report the crime, the customer service representative told him, "A lot of people are getting scammed on Zelle this way." Getting ripped off for $500 was "actually really good," Mr. Faunce said the rep told him, because "many people were getting hit for thousands of dollars."

Briefly banned in Ukraine, U.S. mobile-phone app Premise does defense work globally and has faced contributor safety issues. From a report: In 2019, Ukrainian users of a U.S.-based mobile-phone app offering paid, short-term tasks got what sounded like a straightforward assignment: Go into rural Ukraine and take smartphone photos of certain fields and farms around Odessa and Kyiv. But for one contributor, the job turned out to be anything but ordinary when one of the fields turned out to lie next to a military checkpoint. The contributor was chased off by armed soldiers, according to people familiar with the matter. The app's owner, Premise Data, said it immediately deleted the task from its platform after learning of the military checkpoint.

What that and other Ukrainian gig workers were doing was harvesting data for a U.S. Defense Department-funded research project. Descartes Labs, a government contractor that works with U.S. military and intelligence agencies, hired Premise to have its gig workers gauge how accurately the company's satellite algorithms were performing, the people said. Could they, for example, accurately tell barley from wheat in photos taken from space? Descartes's work was funded by DARPA, a research arm of the Pentagon, a Defense Department spokesperson said. Descartes declined to comment. Based in San Francisco, Premise is one of a number of companies offering a service that uses iPhone and Android smartphones around the world as tools for gathering intelligence and commercial information from afar, sometimes without the users knowing specifically who they are working for. The business model of companies like Premise has prompted questions about the safety and propriety of enlisting such people for government work --especially in potential or active conflict zones.

Last month a reporter for the New York Times tracked her husband using Apple AirTags, Tiles, and a GPS tracker. (With his permission...) "I was prepared for her to violate my privacy for the sake of journalism," that husband writes today.

"But what I was not prepared for was how easily my actions could be misinterpreted." [O]ne day I had to go into New York City for work — and Todd Heisler, a Times photographer, secretly followed me. [My wife] Kashmir was sending him live updates of my location. Confusion reigned almost immediately. As soon as I arrived in Manhattan, Todd captured me walking — or had I been caught in a potentially compromising position? A friend made light of the situation on Twitter after the article was published, saying it was "a nice touch" that the main picture with the article "shows you apparently emerging from a bar at 10 a.m." Needless to say, I was not drinking before lunch, but the diner where I had just eaten breakfast had a "cocktails" sign in the window....

Next, I entered the 72nd Street subway station but quickly doubled back, apparently losing my camera-toting tail in the process. Little did I know, Todd and Kashmir were texting in real time; he was worried I had "made" him. My Jason Bourne-like escape had spooked him. [When Kashmir received the text from the Times' photographer, "I reassured him that my husband is extremely unobservant and was probably just lost."] I was, in fact, oblivious to his presence. In truth, I had left my mask at the diner and had needed to buy another before I could get on the train to Brooklyn.

At lunch time, Kashmir texted me, "Are you somewhere fancy?" Perplexed, I responded no. I learned later her location trackers suggested that I had stopped at the private club Dumbo House. Imagine the interpretations! In fact, I was at a food court directly below Dumbo House eating a taco...

[W]hen I heard and saw all of these misinterpretations about my day, I couldn't help but think of all the people who might be surveilled without their consent, whether it's by a spouse, an employer or law enforcement.
His conclusion? While trackers have legitimate uses, there's also many ways they could be abused — and misinterpreted. Seeing a map of his every movement after the experiment, "it was unnerving to realize that the devices knew where I was, but that they had no idea what I was doing."

Or, as his wife puts it, "Even with location trackers and a photographer trailing my husband, I couldn't figure out what he was actually doing that day."

U.S. states and municipalities are launching new programs covering the costs of college tuition — or expanding existing programs, reports the Washington Post: At least seven tuition-free initiatives have publicly launched since November, according to the College Promise campaign, which advocates making the first two or more years of college free. The governors of Pennsylvania and Maine are pushing for new programs, while the University of Texas System Board of Regents recently approved a $300 million endowment to cover tuition for more students at its public institutions. College Promise programs, as tuition-free initiatives are commonly known, enjoy widespread support across the political spectrum. Forty-seven states and D.C. have at least one such program at the college, city or state level. There are 33 statewide programs that cover tuition at community colleges or universities and higher education, and experts say the number is likely to grow.

Critics of universal public college say the price tag is unsustainable. Opponents of tuition-free community college say too many of the schools have poor outcomes, with fewer than 40 percent of students earning a degree within six years. Advocates argue that could be remedied by providing more institutional dollars and financial aid to keep students on track....

A number of states have used federal pandemic funds to shore up College Promise programs. Michigan Gov. Gretchen Whitmer (D) used some of the state's allocation to create Futures for Frontliners, a scholarship for essential workers to attend community college. After the scholarship rolled out in 2020, about 100,000 people signed up, Whitmer said in an interview last year. Those who did not qualify were encouraged to apply for Michigan Reconnect, which covers community college tuition for residents 25 and older without a degree.

Cogent Communications, one of the world's largest internet intercontinental backbone providers, has cut ties with Russian customers over its invasion of Ukraine. The Verge reports: In a letter to Russian customers obtained by The Washington Post, Cogent cited "economic sanctions" and "the increasingly uncertain security situation" as the motives behind its total shutdown in the country. Cogent similarly told The Verge that it "terminated its contracts" with Russian customers in compliance with the European Union's move to ban Russian state-backed media outlets.

As Doug Madory, an internet analyst at network tracking company Kentik points out... unplugging Russia from Cogent's global network will likely result in slower connectivity, but won't completely disconnect Russians from the internet... Traffic from Cogent's former customers will instead fall back on other backbone providers in the country, potentially resulting in network congestion. There isn't any indication as to whether other internet backbone providers will also suspend services in Russia.

Digital rights activists have criticized Cogent's decision to disconnect itself from Russia, arguing that it could prevent Russian civilians from accessing credible information about the invasion. "Cutting Russians off from internet access cuts them off from sources of independent news and the ability to organize anti-war protests," Eva Galperin, the director of cybersecurity at the digital rights group Electronic Frontier Foundation, said on Twitter....

Cogent's goal is to prevent the Russian government from using the company's networks for cyberattacks and propaganda, The Post reports.
The Post argues that on a larger scale,"these moves bring Russia closer to the day when its online networks face largely inward, their global connections weakened, if not cut off entirely." "I am very afraid of this," said Mikhail Klimarev, executive director of the Internet Protection Society, which advocates for digital freedoms in Russia. "I would like to convey to people all over the world that if you turn off the Internet in Russia, then this means cutting off 140 million people from at least some truthful information. As long as the Internet exists, people can find out the truth. There will be no Internet — all people in Russia will only listen to propaganda...."

[E]ven two weeks ago, Russia's Internet was comparatively free and integrated into the larger online world, allowing civil society to organize, opposition figures to deliver their messages and ordinary Russians to gain ready access to alternative sources of news in an era when Putin was strangling his nation's free newspapers and broadcast stations.... Patrick Boehler, head of digital strategy at Radio Free Europe, said CrowdTangle data showed that independent news stories in the Russian language worldwide were getting shared many more times on social media than stories from state-run media. He said that once the Kremlin lost control of the narrative, it would have been hard to regain.

Now the last independent journalistic outposts are gone, and the Internet options are increasingly constricted through a combination of forces — all spurred by war in Ukraine but coming from both within and outside Russia.... Government censors also blocked access to the BBC, Voice of America, Radio Free Europe/Radio Liberty and Deutsche Welle, as well as major Ukrainian websites. The BBC, CNN and other international news organizations said they were suspending reporting in Russia because of a new law that could result in 15 years of prison for publishing what government officials deem false news on the war.
Meanwhile, Politico reminds us that even Oracle has shut down its Russian cloud service operations. Laura Manley, the executive director of Harvard University's Shorenstein Center on Media, Politics and Public Policy, said Russia is creating a perfect situation to control its narrative and limit outside coverage of its Ukrainian invasion by Western social media sources. "You have the lack of eyewitness information because you have critical infrastructure being shut off," she said. "So it's sort of a worst case scenario in terms of getting real-time accurate information."

America's National Security Agency (NSA) released a new report "that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks," writes ZDNet: NSA's report 'Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance' is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks. The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP).

The U.S. Cybersecurity and Infrastructure Security Agency is encouraging tech leaders to view the NSA document as part of its new push for all organizations in the US and elsewhere to raise defenses after the recent disk wiper malware targeting Ukrainian organizations. The document, from NSA's cybersecurity directorate, encourages the adoption of 'zero trust' networks....

The new report follows NSA's guidance to help people and organizations choose virtual private networks (VPN). VPN hardware for securing connections between remote workers to corporate networks became a prime target during the pandemic.
Thanks to long-time Slashdot reader Klaxton for sharing the link!

The Register reported this week on a group of software developers launching a group called Open Web Advocacy "to help online apps compete with native apps and to encourage or compel Apple to relax its iOS browser restrictions." The group (OWA), organized by UK-based developers Stuart Langridge, Bruce Lawson, and others, aims to promote a more open web by explaining subtle technical details to lawmakers and to help them understand anti-competitive aspects of web technology. Over the past few months, group members have been communicating with the UK Competitions and Markets Authority (CMA) to convince the agency that Apple's iOS browser policy harms competition.

In conjunction with the debut of the group's website, the OWA plans to release a technical paper titled "Bringing Competition to Walled Gardens," that summarizes the group's position and aims to help regulators in the UK and elsewhere understand the consequences of web technology restrictions.

The group is looking for like-minded developers to take up its cause.... The primary concern raised by Langridge and Lawson is that Apple's iOS App Store Guidelines require every browser running on iPhones and iPads to be based on WebKit, the open source project overseen by Apple that serves as the rendering engine for the company's Safari browser.
"The OWA is now urging Apple users to contact regulators and legislators in other jurisdictions to galvanize support and force Apple to end its restrictions around WebKit," reports MacRumors, "although such a move could make sideloading apps from the web a real possibility, and that is something Apple appears equally reluctant to allow.

Reuters reported today that Apple has now written to U.S. lawmakers "to dispute assertions that its concerns about the dangers of sideloading apps into phones were overblown...." Reuters points out that the U.S. Congress "is currently considering a bill aimed at reining in app stores run by Apple and Alphabet's Google, which would require companies to allow sideloading. Apple has argued that such a practice would be a security risk as it keeps tight control of the apps in the store in order to keep users safe."

But OWA organizer Bruce Lawson tells the Register that as things stand now, "at the moment, every browser on iOS, whether it be badged Chrome, Firefox or Edge is actually just a branded skin of Safari, which lags behind [other browsers] because it has no competition on iOS."

And something funny happened when the Register contacted Apple for a comment about why they're against App Store rule changes: To our astonishment, after having queries ignored for months, an Apple spokesperson responded, asking whether the company could correspond off-the-record. We replied that we would be happy to communicate off-the-record and then never heard back.

Or if we did, we couldn't say.

An anonymous reader quotes a report from ABC News: State attorneys general have launched a nationwide investigation into TikTok and its possible harmful effects on young users' mental health, widening government scrutiny of the wildly popular video platform. The investigation was announced Wednesday by a number of states led by California, Florida, Kentucky, Massachusetts, Nebraska, New Jersey, Tennessee and Vermont. U.S. lawmakers and federal regulators have criticized TikTok, citing practices and computer-driven promotion of content they say can endanger the physical and mental health of young users. The platform has an estimated 1 billion monthly users and is especially popular with teens and younger children. Last month, Texas opened an investigation into TikTok's alleged violations of children's privacy and facilitation of human trafficking.

"Our children are growing up in the age of social media -- and many feel like they need to measure up to the filtered versions of reality that they see on their screens," California Attorney General Rob Bonta said in a news release. "We know this takes a devastating toll on children's mental health and well-being." Bonta said the investigation aims determine if TikTok is violating the law in promoting its platform to young people. Government officials and child-safety advocates maintain that TikTok's computer algorithms pushing video content to users can promote eating disorders and even self-harm and suicide to young viewers. "We care deeply about building an experience that helps to protect and support the well-being of our community, and appreciate that the state attorneys general are focusing on the safety of younger users," the company said Wednesday. "We look forward to providing information on the many safety and privacy protections we have for teens."

An anonymous reader quotes a report from TechCrunch: When Erik Johnson couldn't get his university's mobile student ID app to reliably work, he sought to find a workaround. The app is fairly important, since it allows him and every other student at his university to pay for meals, get into events and even unlock doors to dorm rooms, labs and other facilities across campus. The app is called GET Mobile, and it's developed by CBORD, a technology company that brings access control and payment systems to hospitals and universities. But Johnson -- and the many who left the app one-star reviews in frustration -- said the app was slow and would take too long to load. There had to be a better way.

And so by analyzing the app's network data at the same time he unlocked his dorm room door, Johnson found a way to replicate the network request and unlock the door by using a one-tap Shortcut button on his iPhone. For it to work, the Shortcut has to first send his precise location along with the door unlock request or his door won't open. Johnson said as a security measure students have to be physically in proximity to unlock doors using the app, seen as a measure aimed at preventing accidental door openings across campus. It worked, but why stop there? If he could unlock a door without needing the app, what other tasks could he replicate?

Johnson didn't have to look far for help. CBORD publishes a list of commands available through its API, which can be controlled using a student's credentials, like his. But he soon found a problem: The API was not checking if a student's credentials were valid. That meant Johnson, or anyone else on the internet, could communicate with the API and take over another student's account without having to know their password. Johnson said the API only checked the student's unique ID, but warned that these are sometimes the same as a university-issued student username or student ID number, which some schools publicly list on their online student directories, and as such cannot be considered a secret. Johnson described the password bug as a "master key" to his university -- at least to the doors that are controlled by CBORD. As for needing to be in close proximity to a door to unlock it, Johnson said the bug allowed him to trick the API into thinking he was physically present -- simply by sending back the approximate coordinates of the lock itself. The vulnerability was fixed and session keys were invalidated shortly after TechCrunch shared details of the bug with CBORD.

An anonymous reader quotes a report from TorrentFreak: Sci-Hub founder Alexandra Elbakyan says that following a legal process, the Federal Bureau of Investigations has gained access to data in her Google account. Google itself informed her of the data release this week noting that due to a court order, the company wasn't allowed to inform her sooner. In January 2021, Twitter suspended the official Sci-Hub account so when site updates are published, they now tend to appear on Elbakyan's personal account. A new tweet this week reveals that Google was also required to hand over her account data.

In an email to Elbakyan dated March 2, 2022, Google advises that following a legal process issued by the FBI, Google was required to hand over data associated with Elbakyan's account. Exactly what data was targeted isn't made clear but according to Google, a court order required the company to keep the request a secret. [...] Google notes that since it is "not in a position" to provide Elbakyan with legal advice or to discuss the substance of the legal process, the Sci-Hub founder may wish to contact an attorney. The big question remains -- what exactly is the investigation about?

Given the scale of Sci-Hub and its notoriety around the world, it's certainly possible that a criminal copyright infringement investigation is underway in the United States that could feasibly lead to an indictment for Elbakyan and any cohorts involved in the operation. However, more serious allegations have been made in the past. Back in December 2019, The Washington Post reported that Elbakyan was being investigated by the US Justice Department on suspicion that she "may" be working with Russian intelligence to "steal U.S. military secrets from defense contractors." No solid evidence was published to back up those allegations but the publication did note that Elbakyan may have collected log-in credentials from journal subscribers in order to access academic literature, presumably so that it can be offered on Sci-Hub. "I know there are some reasons to suspect me: after all, I have education in computer security and was a hobby hacker in teenage years," said Elbakyan in a statement. "But hacking is not my occupation, and I do not have any job within any intelligence, either Russian or some another."

She added: "I think that whether I can be a Russian spy is being investigated by U.S. government since they learned about Sci-Hub, because that is very logical: a Russian project, that uses university accounts to access some information, of course that is suspicious. But in fact Sci-Hub has always been my personal enterprise."