The city of Miami on Wednesday uploaded a copy of the Bitcoin white paper to its municipal website, joining a growing chorus of governments and companies now hosting bitcoin's original blueprint. From a report: Mayor Francis Suarez emphasized his commitment to "turn Miami into a hub for crypto innovation" in his tweet announcing the upload. He's been pumping the U.S. city's potential as a landing ground for California tech expats for weeks on social media. Miami is the "first municipal government to host Satoshi's white paper," Suarez asserted. Also see: Twitter thread on who else is participating.

An anonymous reader quotes a report from The Verge: In a hearing on her nomination for Commerce Department secretary on Tuesday, Rhode Island Governor Gina Raimondo told lawmakers that she will pursue changes to Section 230 if confirmed. Responding to questions posed by Sen. Ron Johnson (R-WI), Raimondo said that she would use the tools available through the Commerce Department's National Telecommunications and Information Administration (NTIA) to convene stakeholders, industry leaders, lawmakers and others to identify the means of reform to the pivotal internet law.

"I think platform accountability is important because I've seen in my own state that misinformation hurts people," Raimondo said. "But of course, that reform would have to be balanced against the fact that these businesses rely upon user-generated content for their innovation, and they've created many thousands of jobs." [...] It's unclear how the Biden administration plans to address Section 230 concerns, but Raimondo's comments offer some insight into what could come in the future. In an interview with The New York Times last year, Biden said that the law should be "revoked." Once Trump signed his social media order, a Biden campaign spokesperson told The Verge that he still wanted to repeal the law but disagreed with the former president's executive order.

When it comes to addressing monopoly power in the tech industry, Raimondo said she would leave those decisions up to Congress and the Federal Trade Commission. Still, Raimondo told Johnson, "I believe in competition and innovation and as it relates to social media companies, I think they need to be held accountable for what they put on their platform. "We have to hold these companies accountable," Raimondo said.

Google says its new machine learning algorithms could replace cookie-based ad targeting without invading your privacy. Axios reports: Google has been testing a new API (a software interface) called Federated Learning of Cohorts (FLoC) that acts as an effective replacement signal for third-party cookies. The API exists as a browser extension within Google Chrome. The company said Monday that tests of FLoC to reach audiences show that advertisers can expect to see at least 95% of the conversions per dollar spent on ads when compared to cookie-based advertising. FLoC uses machine learning algorithms to analyze user data and then create a group of thousands of people based off of the sites that an individual visits. The data gathered locally from the browser is never shared. Instead, the data from the much wider cohort of thousands of people is shared, and that is then used to target ads.

It's a big deal that Google says it's close to coming up with a technology that will replace cookies, because one of the toughest parts of phasing cookies out of internet ad-targeting is that there hasn't been a great solution for what to replace them with. [...] Google has other proposals to replace cookies in the works, so it's not guaranteed that FLoC will be the answer, but the company said it's highly encouraged by what it has seen so far.

An anonymous reader quotes a report from ZDNet: A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher. The dating site's data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases. The leaked data, a 1.2 GB file, appears to be a dump of the site's users database.

The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps. Some of the most sensitive data points included in the file include: Real names; Email addresses; City, state, and ZIP details; Body details; Dating preferences; Marital status; Birth dates; Latitude and longitude; IP addresses; Bcrypt-hashed account passwords; Facebook user IDs; and Facebook authentication tokens. Messages exchanged by users were not included in the leaked file; however, this does not make the entire incident less sensitive. The data leak, which is still available for download, was released by a threat actor who goes by the name of ShinyHunters. They also were responsible for leaking the details of millions of users registered on Teespring.

Dutch police arrested two individuals late last week for allegedly selling data from the Dutch health ministry's COVID-19 systems on the criminal underground. From a report: The arrests came after an investigation by RTL Nieuws reporter Daniel Verlaan who discovered ads for Dutch citizen data online, advertised on instant messaging apps like Telegram, Snapchat, and Wickr. The ads consisted of photos of computer screens listing data of one or more Dutch citizens. The reporter said he tracked down the screengrabs to two IT systems used by the Dutch Municipal Health Service (GGD) -- namely CoronIT, which contains details about Dutch citizens who took a COVID-19 test, and HPzone Light, one of the DDG's contact-tracing systems. Verlaan said the data had been sold online for months for prices ranging from $36 to $60 per person. Buyers would receive details such as home addresses, emails, telephone numbers, dates of birth, and a person's BSN identifier (Dutch social security number).

Last week the Democratic party took control of all three branches of the U.S. government — and the BBC's North America technology reporter notes they dislike Facebook even more now than during the Cambridge Analytica scandal: Since then, Democrats — Joe Biden included — have been appalled by what Facebook has allowed on its platform. Talking to a CNN anchor in late 2019 Joe Biden said, "You can't do what they can do on Facebook, and say anything at all, and not acknowledge when you know something is fundamentally not true. I just think it's all out of hand." When you're a billionaire, perhaps it doesn't matter that the president doesn't like you much. But what President Biden has a chance to do now is restructure Big Tech and reformulate the relationship that social media companies have with their users.

That could be devastating for Facebook.

Its most obvious problem is the potential repealing of Section 230... Joe Biden has said he wants it removed. In fact, in that same New York Times interview from a year ago he said he wanted it "revoked immediately". That could spell disaster for Zuckerberg. Suddenly all the things people post, all of the defamatory and fraudulent things people say — would be the responsibility of Facebook. It's hard to see how Facebook functions in its current form without Section 230.

And that's before we get into Facebook's anti-trust problems. It's currently being sued by the Federal Trade Commission (FTC) and 46 states for "illegally maintaining its monopoly position" by buying up the competition. The FTC has also said it's looking at "unwinding Facebook's prior acquisitions of Instagram and WhatsApp" — i.e. breaking the firm up. Facebook will, of course, fight that. But Biden seems a pretty willing ally to those who want to split up Big Tech. In 2019, he said that breaking up companies such as Facebook was "something we should take a really hard look at".

Jameel Jaffer, a media legal expert at Columbia University, told me: "I would expect the Biden administration to be pretty aggressive in enforcing the anti-trust laws. And to have the whole spectrum of harms in mind, not just the democratic harms, but harms relating to user privacy and consumer welfare."

President Biden is even reportedly thinking of creating an anti-trust tsar, designed specifically to restore competition in areas like Big Tech.

In March Andrew Yang's nonprofit gave $1,000 one-time grants to a thousand residents in the Bronx. This week a new article in the New Yorker asks one of those grant recipients how they feel about Yang's newest proposal as he runs to be New York's mayor: to give the city's public-housing residents billions of dollars in a "Borough Bucks" currency that would hopefully recirculate in the community: "I was like, you know, am I the only person here that would love to live in a society where we can actually barter our talents and skills, instead of depending on this economy that's not working for us?"

Yang made a similar point when I asked him about the origins of the Borough Bucks proposal. "If you're going to invest resources in a community, your preference is that the resources circulate within the community, particularly if you can serve multiple goals," he said. "They're just imaginative ways for communities to unlock resources."
The article also notes that in an earlier run for the U.S. presidency, "his pitch was that the economy needed to be modernized to account for automation and other technological advances. In his mayoral run, his pitch is that New York City should become the 'anti-poverty' city." But they explored the larger question of whether Yang sees a growing acceptance for universal basic incomes: I asked Yang about the debate, now happening in Congress, about whether Biden should push for fourteen-hundred-dollar stimulus checks in the next bailout package, or two-thousand-dollar checks, or two thousand dollars a month until the economy rebounds. Yang said that he favored the last proposal.

I asked him how he felt about the fact that even as other candidates in the race were attacking him, several — Eric Adams, the former nonprofit executive Dianne Morales, and the City Council member Carlos Menchaca — had expressed interest in the U.B.I. policies he had championed. "I would love to check out their plans," Yang said. "It's an idea whose time has come. I'm certainly very proud to have contributed to the idea's popularity, but anyone who wants to adapt a version of it, like, fantastic."

Threatpost reports: On the heels of a ransomware attack against the Scottish Environmental Protection Agency (SEPA), attackers have now reportedly published more than 4,000 files stolen from the agency — including contracts and strategy documents.

After hitting SEPA on Christmas Eve with the attack, cybercriminals encrypted 1.2GB of information. The attack has affected SEPA's email systems, which remain offline as of Thursday, according to the agency. However, SEPA, which is Scotland's environmental regulator, stressed on Thursday that it will not "engage" with the cybercriminals. "We've been clear that we won't use public finance to pay serious and organized criminals intent on disrupting public services and extorting public funds," said SEPA chief executive Terry A'Hearn in a statement... SEPA's email and other systems remain down, and "what is now clear is that with infected systems isolated, recovery may take a significant period," according to the agency in its update. "A number of SEPA systems will remain badly affected for some time, with new systems required..."

The incident also points to ransomware actors evolving from previously destroying critical data or bringing companies' services and operations to a standstill, to now threatening to disclose sensitive data publicly, Joseph Carson, chief security scientist and Advisory CISO at Thycotic told Threatpost.

"Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared," reports WIRED, saying the site raises clear privacy concerns: The site's creator tells WIRED that he used simple, open source machine-learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people's deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know, or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone... "It's entirely possible that a lot of people who were on this website now will face real-life consequences for their actions...."

A recent upgrade to the site adds hyperlinks from faces to the video source, so that visitors can click on any face and see what the person was filmed doing on Parler. The Faces of the Riot creator, who says he's a college student in the "greater DC area," intends that added feature to help contextualize every face's inclusion on the site and differentiate between bystanders, peaceful protesters, and violent insurrectionists. He concedes that he and a co-creator are still working to scrub "non-rioter" faces, including those of police and press who were present. A message at the top of the site also warns against vigilante investigations, instead suggesting users report those they recognize to the FBI, with a link to an FBI tip page....

McDonald has previously both criticized the power of facial recognition technology and himself implemented facial recognition projects like ICEspy, a tool he launched in 2018 for identifying agents of the Immigration and Customs Enforcement agency... He sees Faces of the Riot as "playing it really safe" compared even to his own facial recognition experiments, given that it doesn't seek to link faces with named identities. "And I think it's a good call because I don't think that we need to legitimize this technology any more than it already is and has been falsely legitimized," McDonald says.

But McDonald also points out that Faces of the Riot demonstrates just how accessible facial recognition technologies have become. "It shows how this tool that has been restricted only to people who have the most education, the most power, the most privilege is now in this more democratized state," McDonald says.

Business Insider reports: The bitcoin price was set for its biggest one-week fall since September on Saturday morning, having slipped around 10% since Monday...

Bitcoin came under selling pressure this week after Janet Yellen, Joe Biden's pick for Treasury secretary, suggested the use of cryptocurrencies should be "curtailed" because they were used mainly for "illicit financing".
Writing at Nasdaq.com on Thursday, CoinDesk shared a link to U.S. Treasury Secretary nominee Janet Yellen's later written responses to the same questions, where Yellen states that bitcoin and other cryptocurrencies also offer potential benefits to the U.S. and its allies.

"At the same time, it also presents opportunities for states and non-state actors looking to circumvent the current financial system and undermine American interests. For example, the Central Bank of China just issued its first digital currency." I think it is important we consider the benefits of cryptocurrencies and other digital assets, and the potential they have to improve the efficiency of the financial system. At the same time, we know they can be used to finance terrorism, facilitate money laundering, and support malign activities that threaten U.S. national security interests and the integrity of the U.S. and international financial systems.

I think we need to look closely at how to encourage their use for legitimate activities while curtailing their use for malign and illegal activities. If confirmed, I intend to work closely with the Federal Reserve Board and the other federal banking and securities regulators on how to implement an effective regulatory framework for these and other fintech innovations.

Inside.com's developer newsletter spotted this code repository story: GitHub posted a DMCA notice it received from the Motion Picture Association (MPA) last week asking the platform to take down a repository associated with NYAA.si, a popular torrent site specializing in anime content. The DMCA captured attention as the code doesn't belong to the MPA. Rather, the MPA argues the code is used for the development of the site, which allows for copyright infringement, while the repo also makes it possible to create NYAA clones.

The news comes a few months after GitHub restored the youtube-dl repository and created a $1m legal defense fund to help open source developers fight unwarranted DMCA Section 1201 takedown claims. At the same time, the platform also announced it will be improving its Section 1201 claim review process to make it harder to take down repos.
But the next day, the newsletter reported GitHub had reversed the takedown: The company explains the notice didn't meet its DMCA Takedown Policy requirements as it failed to "establish that the code is preconfigured to infringe." GitHub adds that it also restored any content that was disabled because of the notice.
Some context from TorrentFreak: This isn't the first time the MPA has gone after the anime torrent site. Last November we reported that the anti-piracy group sent cease and desist letters to several people who are allegedly connected to the site, describing it as an "Anime Cartel".
TorrentFreak's latest update: A few weeks ago, the Motion Picture Association tried to shut the project down by going after several people who are allegedly linked to the site. Framing NYAA as an "Anime Cartel", the movie group demanded a total shutdown and tens of thousands of dollars in settlements...

This takedown request initially succeeded as GitHub disabled the repository earlier this week. Before doing so, the platform reached out to the developers and gave them the option to respond or make changes, but that request went unanswered. Without a response from the developers, this is usually where things end. In this case, however, GitHub decided to carry out another review after the project was taken down, perhaps in part motivated by the news coverage. "While we didn't hear back from the maintainers, we chose to do another review ourselves to proactively see how we could resolve the issue," a GitHub spokesperson informs TorrentFreak...

[A]t the time of writing the NYAA repository is up and running again. The MPA still has the option to provide additional information about the allegedly-infringing nature of the code, which would then trigger another review.

GitHub stresses that it's their purpose to make sure that developers can host code within the boundaries of the law. Unless the entire repository is infringing, it's standard policy to allow developers to respond to DMCA claims before any content is removed.

An anonymous reader quotes a report from The New York Times: A military arm of the intelligence community buys commercially available databases containing location data from smartphone apps and searches it for Americans' past movements without a warrant, according to an unclassified memo obtained by The New York Times. Defense Intelligence Agency analysts have searched for the movements of Americans within a commercial database in five investigations over the past two and a half years, agency officials disclosed in a memo they wrote for Senator Ron Wyden, Democrat of Oregon.

The disclosure sheds light on an emerging loophole in privacy law during the digital age: In a landmark 2018 ruling known as the Carpenter decision, the Supreme Court held that the Constitution requires the government to obtain a warrant to compel phone companies to turn over location data about their customers. But the government can instead buy similar data from a broker -- and does not believe it needs a warrant to do so. "D.I.A. does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes," the agency memo said.

Mr. Wyden has made clear that he intends to propose legislation to add safeguards for Americans' privacy in connection with commercially available location data. In a Senate speech this week, he denounced circumstances "in which the government, instead of getting an order, just goes out and purchases the private records of Americans from these sleazy and unregulated commercial data brokers who are simply above the law." He called the practice unacceptable and an intrusion on constitutional privacy rights. "The Fourth Amendment is not for sale," he said.

The Federal Trade Commission issued multimillion-dollar fines against three bot-powered ticket scalping operations. The Verge reports: The FTC says these organizations bought over 150,000 event tickets over the past four years, nabbing them with automated tools that evaded online purchasing limits. After reselling these tickets for an estimated $26.1 million, they've been accused of breaking a 2016 anti-bot law -- the first time this law has been applied.

Regulators reached a proposed settlement with the ticket selling groups, including $31.6 million in fines. However, most of these fines were suspended because of an inability to pay. The three groups will pay a total of $3.7 million instead, and they'll have to maintain records demonstrating their future compliance with the law. The settlement must still be approved by a judge. [...] While the complaints don't specify which shows the scalpers were targeting, they note that the list includes many sporting events and other performances, including Elton John concerts.

An anonymous reader quotes a report from Gizmodo: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. Telesforo Aviles, 35, pleaded guilty to a count of computer fraud in federal court this week, confessing that he inappropriately accessed the accounts of customers some 9,600 times over the course of several years. He is alleged to have done this to over 200 customers.

Authorities say that the IT technician "took note of which homes had attractive women, then repeatedly logged into these customers' accounts in order to view their footage for sexual gratification." He did this by adding his personal email address to customer accounts, which ultimately hooked him into "real-time access to the video feeds from their homes." Aviles, who now faces up to five years in prison, sometimes "claimed he needed to add himself temporarily in order to 'test' the system; in other instances, he added himself without their knowledge," officials said. "This defendant, entrusted with safeguarding customers' homes, instead intruded on their most intimate moments," acting U.S. Attorney Prerak Shah said in a statement. "We are glad to hold him accountable for this disgusting betrayal of trust." The scandal has inspired multiple lawsuits -- three of which are ongoing. ADT tried using confidentiality agreements to keep some customers silent.

The company told BuzzFeed that it is "continuing to respond to the lawsuits and has resolved the concerns of most of the 220 impacted customers, including those who have retained attorneys to address the issue."

A federal judge has denied Parler's request for a court order blocking Amazon from kicking the social media app off its platform, marking yet another setback in Parler's efforts to get back online. From a report: Judge Barbara Rothstein issued a ruling on Thursday saying that Parler had not met the legal requirements for a temporary restraining order or preliminary injunction. That decision does not end the litigation, but it does mean that the court will not force Amazon Web Services to allow Parler back onto its cloud hosting platform. Amazon's move effectively kicked Parler off the public internet. Parler, the alternative social media platform favored by the far-right, had sued AWS earlier this month after AWS claimed Parler did not do enough to remove instances of incitement from its website.

Microsoft has been granted a patent that would allow the company to make a chatbot using the personal information of deceased people. The Independent reports: The patent describes creating a bot based on the "images, voice data, social media posts, electronic messages," and more personal information. "The specific person [who the chat bot represents] may correspond to a past or present entity (or a version thereof), such as a friend, a relative, an acquaintance, a celebrity, a fictional character, a historical figure, a random entity etc," it goes on to say.

"The specific person may also correspond to oneself (e.g., the user creating/training the chat bot)," Microsoft also describes -- implying that living users could train a digital replacement in the event of their death. Microsoft has even included the notion of 2D or 3D models of specific people being generated via images and depth information, or video data.

The idea that you would be able, in the future, to speak to a simulation of someone who has passed on is not new. It is famously the plot of the Black Mirror episode "Be Right Back," where a young woman uses a service to scrape data from her deceased partner to create a chatbot -- and eventually a robot.

As of December 8, Apple has been requiring developers to provide privacy label information to their apps, outlining the data that each app collects from users when it is installed. Many app developers have included the labels, but there's one notable outlier -- Google. schwit1 shares a report from MacRumors: Google has not updated its major apps like Gmail, Google Maps, Chrome, and YouTube since December 7 or before, and most Google apps have to date have not been updated with the Privacy Label feature. The Google Translate, Google Authenticator, Motion Stills, Google Play Movies, and Google Classroom apps do include privacy labels even though they have not been updated recently, but Google's search app, Google Maps, Chrome, Waze, YouTube, Google Drive, Google Photos, Google Home, Gmail, Google Docs, Google Assistant, Google Sheets, Google Calendar, Google Slides, Google One, Google Earth, YouTube Music, Hangouts, Google Tasks, Google Meet, Google Pay, PhotoScan, Google Voice, Google News, Gboard, Google Podcasts, and more do not display the information.

On January 5, Google told TechCrunch that the data would be added to its iOS apps "this week or the next week," but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps. "To lightly paraphrase former Google CEO Eric Schmidt: If your data harvesting is something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," adds schwit1.

President Joe Biden has named Jessica Rosenworcel, the FCC's leading Democrat, as acting FCC chairwoman. She is replacing Ajit Pai, who concluded his four years as chairman yesterday. Engadget reports: Rosenworcel is known as defender of net neutrality policies, and as an advocate for closing the "homework gap," a reference to students who lack high-speed internet at home. As acting chair, Rosenworcel will lead the FCC until the Senate confirms a permanent replacement. With Pai's departure, there's currently one spot open at the FCC for Biden to fill.

An anonymous reader quotes a report from Reuters: The House Oversight and Reform Committee on Thursday asked the FBI to investigate the role Parler, a social media website and app popular with the American far right, played a role in the violence at the U.S. Capitol. Representative Carolyn Maloney, who chairs the panel, cited press reports that detailed violent threats on Parler against state elected officials for their role in certifying the election results before the Jan. 6 attack that left five dead. She also noted numerous Parler users have been arrested and charged with threatening violence against elected officials or for their role in participating in the attack.

Maloney asked the FBI to review Parler's role "as a potential facilitator of planning and incitement related to the violence, as a repository of key evidence posted by users on its site, and as a potential conduit for foreign governments who may be financing civil unrest in the United States." Maloney asked the FBI to review Parler's financing and its ties to Russia after she noted the company had re-emerged. Maloney cited Justice Department charges against a Texas man who used a Parler account to post threats regarding the riots that he would return to the Capitol on Jan. 19 "carrying weapons and massing in numbers so large that no army could match them." The Justice Department said the threats were viewed by other social media users tens of thousands of times. While Parler has reappeared online thanks to a cloud services company based in Russia, it doesn't appear to be hosted via Amazon Web Services anytime soon. According to NPR, a U.S. district judge sided with Amazon, arguing "that it is within Amazon's right to punish the company over its refusal [to remove posts that threatened public safety]." Slashdot reader fropenn first shared the story.

An anonymous reader quotes a report from Ars Technica: Cryptocurrencies could come under renewed regulatory scrutiny over the next four years if Janet Yellen, Joe Biden's pick to lead the Treasury Department, gets her way. During Yellen's Tuesday confirmation hearing before the Senate Finance Committee, Sen. Maggie Hassan (D-N.H.) asked Yellen about the use of cryptocurrency by terrorists and other criminals. "Cryptocurrencies are a particular concern," Yellen responded. "I think many are used -- at least in a transactions sense -- mainly for illicit financing." She said she wanted to "examine ways in which we can curtail their use and make sure that [money laundering] doesn't occur through those channels."
UPDATE: Yellen's written remarks the next day also suggest America "consider the benefits of cryptocurrencies and other digital assets, and the potential they have to improve the efficiency of the financial system."

But they still also add that "At the same time, we know they can be used to finance terrorism, facilitate money laundering, and support malign activities that threaten U.S. national security interests and the integrity of the U.S. and international financial systems."