An anonymous reader shares a report: Over the last few years the justified fixation on the bad behavior of Google, Amazon, Facebook and other Silicon Valley giants has let the abuses of the telecom sector fly under the radar. But a new FTC report showcases how when it comes to consumer privacy, broadband providers are every bit as terrible as you thought they were. The new FTC report studied the privacy practices of six unnamed broadband ISPs and their advertising arms, and found that the companies routinely collect an ocean of consumer location, browsing, and behavioral data. They then share this data with dodgy middlemen via elaborate business arrangements that often aren't adequately disclosed to broadband consumers.

"Even though several of the ISPs promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others and hide disclosures about such practices in fine print of their privacy policies," the FTC report said. The FTC also found that while many ISPs provide consumers tools allowing them to opt out of granular data collection, those tools are cumbersome to use -- when they work at all. "Many of the ISPs also claim to offer consumers choices about how their data is used and allow them to access such data," the FTC said. "The FTC found, however, that many of these companies often make it difficult for consumers to exercise such choices and sometimes even nudge them to share even more information." ISPs often provide privacy-specific website portals proclaiming to provide users with a wide variety of opt out options but these choices are often "illusory," the FTC found.

EFF: The Utah Supreme Court is the latest stop in EFF's roving campaign to establish your Fifth Amendment right to refuse to provide your password to law enforcement. Yesterday, along with the ACLU, we filed an amicus brief in State v. Valdez, arguing that the constitutional privilege against self-incrimination prevents the police from forcing suspects to reveal the contents of their minds. That includes revealing a memorized passcode or directly entering the passcode to unlock a device.

In Valdez, the defendant was charged with kidnapping his ex-girlfriend after arranging a meeting under false pretenses. During his arrest, police found a cell phone in Valdez's pocket that they wanted to search for evidence that he set up the meeting, but Valdez refused to tell them the passcode. Unlike many other cases raising these issues, however, the police didn't bother seeking a court order to compel Valdez to reveal his passcode. Instead, during trial, the prosecution offered testimony and argument about his refusal. The defense argued that this violated the defendant's Fifth Amendment right to remain silent, which also prevents the state from commenting on his silence. The court of appeals agreed, and now the state has appealed to the Utah Supreme Court.

An anonymous reader shares a report from Reuters: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available. Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.

VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups," said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. "REvil was top of the list." [...] U.S. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. software management company Kaseya in July. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom. But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.

After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement. "The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them." Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.

An anonymous reader quotes a report from CNBC: Responding to a growing controversy over investing practices, the Federal Reserve announced Thursday a wide-ranging ban on officials owning individual stocks and bonds and limits on other activities as well. The ban includes top policymakers such as those who sit on the Federal Open Market Committee, along with senior staff. Future investments will have to be confined to diversified assets such as mutual funds.

Fed officials can no longer have holdings in shares of particular companies, nor can they invest in individual bonds, hold agency securities or derivative contracts. The new rules replace existing regulations that, while somewhat restrictive, still allowed officials such as regional presidents to buy and sell stocks. "These tough new rules raise the bar high in order to assure the public we serve that all of our senior officials maintain a single-minded focus on the public mission of the Federal Reserve," Fed Chairman Jerome Powell said in a statement.

Under the new rules, the officials will have to provide 45 days' notice in advance of buying or selling any securities that are still allowed. They also will be required to hold the securities for at least a year, and they cannot buy or sell funds during "heightened financial market stress," a news release announcing the moves said. "I'm hopeful that swift action will allow us to put this behind us and get us back focused on the job ahead," Atlanta Fed President Raphael Bostic told CNBC during a "Closing Bell" interview.

Sony has been granted a patent that would allow livestream spectators and participants to remove players from a game. "Besides removing unskilled players, the system would allow spectators to pay for the privilege of removing players," reports Kotaku. From the report: In the patent document, Sony outlined a system in which spectators to a livestream can vote to remove a player from an ongoing game. The player would have no veto power over this decision, and they may be reassigned to a different match. The system would display the skill level of the current players and their statistics for the game, such as time played, ratings, and achievements. All of this would take place through "the cloud gaming system," whatever that means.

To avoid audience abuse of this system, a 60% voting threshold needs to be met in order to bench a player from a game. Spectators with a higher skill level will also have their votes counted more heavily in the election. Despite Sony claiming that this system would be beneficial for removing disrespectful "griefers" from matches, the patent also includes the ability for spectators to pay a fixed price or bid for the ability to remove players from a game. The text also mentions a system in which spectators can warn active players to improve their gameplay. Damn.

An anonymous reader quotes a report from Motherboard: Japanese police on Monday arrested a 43-year-old man for using artificial intelligence to effectively unblur pixelated porn videos, in the first criminal case in the country involving the exploitative use of the powerful technology. Masayuki Nakamoto, who runs his own website in the southern prefecture of Hyogo, lifted images of porn stars from Japanese adult videos and doctored them with the same method used to create realistic face swaps in deepfake videos. But instead of changing faces, Nakamoto used machine learning software to reconstruct the blurred parts of the video based on a large set of uncensored nudes and sold the content online. Penises and vaginas are pixelated in Japanese porn because an obscenity law forbids the explicit depictions of genitalia.

Nakamoto reportedly made about $96,000 by selling over 10,000 manipulated videos, though he was arrested specifically for selling 10 fake photos at about $20 each. Nakamoto pleaded guilty to charges of copyright violation and displaying obscene images and said he did it for money, according to NHK. He was caught when police conducted a "cyber patrol," the Japanese broadcaster reported. "This is the first case in Japan where police have caught an AI user," Daisuke Sueyoshi, a lawyer who's tried cybercrime cases, told VICE World News. "At the moment, there's no law criminalizing the use of AI to make such images." For example, Nakamoto was not charged with any offenses for violating the privacy of the actors in the videos.

The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. From a report: Under this new policy, foreign investors can only own up to 50% of China-based VPN companies. This allows China to retain state control over local and approved products while still offering a significant incentive for investment. Apart from VPNs, the policy update also includes changes in the investment caps on information services for app stores, internet connection services, and more. This comes as somewhat of a surprise for a country that has been fighting foreign VPNs for years now, hindering their presence in China and imposing fines and other penalties to users who ignored the banning orders.

District of Columbia Attorney General Karl Racine is adding Facebook CEO Mark Zuckerberg to a lawsuit over the Cambridge Analytica data-mining scandal. From a report: Racine announced the addition on Twitter this morning, saying his investigation had revealed that Zuckerberg was "personally involved in decisions related to Cambridge Analytica and Facebook's failure to protect user data." The 2018 lawsuit accuses Facebook (and now Zuckerberg) of misrepresenting its policies around third-party data access and compromising user privacy with lax protections. The attorney general's office alleges that Facebook violated the Consumer Protection Procedures Act and seeks civil damages for the offense. A judge allowed the case to proceed despite Facebook's efforts to halt it in 2019.

An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

An anonymous reader quotes a report from The Guardian: The UK government has announced plans to launch a $551 million (400 million pounds) package of investment alongside the US billionaire Bill Gates to boost the development of new green technologies. Boris Johnson said the deal would help power a "green industrial revolution" and develop emerging technologies that were currently too expensive to be commercially successful but were essential to hitting the government's climate goals. Speaking at a Global Investment Summit at the Science Museum in London on Tuesday, the prime minister said the partnership would help develop UK technology related to carbon capture and storage, long-term battery life, jet zero (zero-carbon aviation) and green hydrogen technology.

"I think these are all technologies that have massive potential but are currently underinvested in, by comparison with some others," Johnson said. "We will only achieve our ambitious climate goals if we rapidly scale up new technologies in areas like green hydrogen and sustainable aviation fuels -- technologies that seemed impossible just a few years ago." The UK has already pledged at least £200m to the development of new British green technologies. Gates announced on Tuesday that he would match the commitment via Breakthrough Energy Catalyst, a coalition of private investors he leads in funding innovative approaches to tackling the climate crisis.

As Paul Thurrott reports, Brave is removing Google Search as its default search engine. From the report: Going forward, the Brave web browser will default to Brave Search. "Brave Search has grown significantly since its release last June, with nearly 80 million queries per month," Brave CEO and co-founder Brendan Eich says. "Our users are pleased with the comprehensive privacy solution that Brave Search provides against Big Tech by being integrated into our browser. As we know from experience in many browsers, the default setting is crucial for adoption, and Brave Search has reached the quality and critical mass needed to become our default search option, and to offer our users a seamless privacy-by-default online experience."

Brave Search is built on top of an independent index, and doesn't track users, their searches, or their clicks, the firm says. And starting with Brave 1.3 on desktop and Android, and Brave 1.32 on iOS, it will be the default search engine in the browser, instead of Google, in the United States, Canada, and the United Kingdom. It is also replacing Qwant in France and DuckDuckGo in Germany, and Brave says that more locales will be added in the next several months. Existing users can keep their chosen search engine default, of course, and new users who prefer other search engines can configure as needed. Brave Search doesn't display ads today, but the free version of the service will soon be ad-supported. An ad-free Premium version is coming "in the near future," Brave says. Along with this search engine news, Brave announced the Web Discovery Project (WDP), "which it describes as a privacy-preserving system for users to anonymously contribute data to improve Brave Search results," writes Thurrott. "The WDP is an opt-in feature that protects user privacy and anonymity by ensuring that contributed data is not linked to individuals, their devices, or any set of users." It has a GitHub repo available to help you learn more about this system.

Jeremy Allison - Sam writes: Software Freedom Conservancy, a non-profit organization that promotes open-source software and defends the free software General Public License (GPL), announced today it has filed a lawsuit against Vizio for what it calls repeated failures to fulfill even the basic requirements of the GPL. The lawsuit alleges that Vizio's TV products, built on its SmartCast system, contain software that Vizio unfairly appropriated from a community of developers who intended consumers to have very specific rights to modify, improve, share, and reinstall modified versions of the software.

A hacker has breached the Argentinian government's IT network and stolen ID card details for the country's entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. From a report: The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen's personal information.

An anonymous reader quotes a report from The Register: In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology. The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times. Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child's identity against "encrypted faceprint templates," and will be held on servers on-site at the 65 schools that have so far signed up. He added: "In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale." He told the paper that with the system, the average transaction time was cut to five seconds per pupil. The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England. North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision. Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the "next step in cashless catering."

Oscar Gonzalez writes via CNET: In January, GameStop's stock price shot through the roof reaching a peak of $483. There were many questions about this sudden surge, especially from the Securities and Exchange Commission, which investigated the rise and fall of the so-called "meme stocks" at the start of the year. The SEC's probe found no wrongdoings when shares of GameStop, AMC and other companies began to skyrocket, according to a 45-page Staff Report on Equity and Options Market Structure Conditions in Early 2021 released (PDF) on Monday. Instead, it found the rise in stock prices was due to individual investors who shared information on social media platforms such as Reddit.

"January's events gave us an opportunity to consider how we can further our efforts to make the equity markets as fair, orderly, and efficient as possible," SEC Chair Gary Gensler said in a press release. "Making markets work for everyday investors gets to the heart of the SEC's mission. I would like to thank the staff for bringing their expertise to this important report, and for their ongoing work on to address the issues that January's events raised." There were also questions about the practices of short sellers who bet on GameStop shares to drop in price, as well as Robinhood, the stock trading app that paused the trading of the video game retailers' shares when the market was in a frenzy. However, the SEC didn't recommend any policy changes or take any action against the firms. The agency did point out these issues at the end of the report. It said there should be improved reporting on short sales to allow for better tracking by regulators. The agency also questioned whether "game-like features and celebratory animations" found in investing apps like Robinhood led investors to trade more stock than they would have done otherwise.

Earlier this year, device skin maker Dbrand released a set of black PS5 faceplates and baited Sony to sue them (because that's their shtick -- to come across sassy and harsh). Sony is now obliging. Kotaku reports: As The Verge reports, Dbrand's "Darkplates" have recently been removed from the company's store, and any purchasing links now redirect to a page that only lists all the news articles written about the plates, including [a Gizmodo story]. Why pull them now? Because the company received a cease & desist letter from Sony, part of which says: "It has come to SIE's attention that dbrand has been promoting and selling console accessories in a manner that is deeply concerning to our client. First, dbrand is selling faceplates for the PSS console (in both standard edition and digital edition configurations) that replicate SIE's protected product design. Any faceplates that take the form of our client's PSS product configuration, or any similar configuration, and are: produced and sold without permission from SIE violate our client's intellectual property rights in the distinctive console design. Second, dbrand is selling skins for SIE devices that feature the PlayStation Family Mark Your company may not sell products that bear unauthorized depictions of our client's PlayStation Marks. The below still from one of dbrand's instructional videos shows a dbrand skin bearing a design identical to the PlayStation Family Mark."

For their part, Dbrand have responded with a rambling corporate shitpost on Reddit, which opens with "much like your hopes and dreams, Darkplates are dead" before eventually settling into actual legal defenses of their position, saying the plates don't violate any existing trademarks. Dbrand suspects that Sony's actual motivation here is moving to shut down competitors before revealing its own, first-party replacement panels for the PS5.

New York Attorney General Letitia James on Monday ordered two unregistered cryptocurrency lending platforms to cease operating in the state within 10 days and requested three other platforms to send her office information about their activities and products. From a report: Due in part to a lack of clear regulations, crypto companies have been making various moves -- and finding out that not all regulators agree with them. James' office argued that virtual currency lending products are considered securities under the state's Martin Act, which requires companies offering such financial services to register with the attorney general's office in order to do business with New Yorkers.

couchslug writes: Canon, best nown for manufacturing camera equipment and printers for business and home users, is being sued for not allowing customers to use the scan or fax functions in multi-function devices if the ink runs out on numerous printer models. David Leacraft filed a class action lawsuit against Canon USA, alleging the company engaged in deceptive marketing and unjust enrichment practices.

"As the United States seeks to shore up its defenses against cyberattacks, the country is seeking to harness the skills of some of the country's most promising young minds," reports the Washington Post, "using a model that mirrors competitive video gaming, also known as esports."

Though it's a partnership between the federal government, academia and the private sector, it's being run by Katzcy, a northern Virginia-based digital marketing firm, the Post reports: U.S. Cyber Games, a project founded in April and funded by the National Institute of Standards and Technology's National Initiative for Cybersecurity Education, has assembled a team of 25 Americans, ages 18 to 26, who will compete against other countries in the inaugural International Cybersecurity Challenge, scheduled to be held in Greece in June 2022.

The cyber games consist of two broad formats, with the competitions organized and promoted to appeal to a generation raised on video gaming. The goal is to identify and train candidates for careers in cybersecurity. There are king-of-the-hill-type games where one team tries to break into a network while the other team tries to defend it. There are also capture-the-flag-type games where teams must complete a series of puzzles that follow the basic tenets of cybersecurity programs, like decrypting an encrypted file or analyzing secret network traffic...

The U.S. cyber team's head coach, retired Lt. Col. TJ O'Connor who served as a communications support officer with special forces, noted the unique platform presented by cybersecurity competitions. Unlike other forms of computer science education, O'Connor said, staying up to date on the latest developments in cybersecurity is difficult, with hackers constantly iterating on and developing new tactics to break through cyberdefenses. "Understanding the most likely attack is one thing you gain through Cyber Games. It's an attack-based curriculum, and then you can plan the most appropriate strategies when they occur," said O'Connor, who helped create and now chairs Florida Tech's cybersecurity program.

"A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them," reports the Register: From January 2016 through March 2021, according to the indictment, Talsma rented textbooks from the Amazon Rental program in order to sell them for a profit... His alleged fraud scheme involved using Amazon gift cards to rent the textbooks and prepaid MyVanilla Visa cards with minimal credit balances to cover the buyout price charged for books not returned. "These gift cards and MyVanilla Visa cards did not contain names or other means of identifying him as the person renting the textbooks," the indictment says. "Geoffrey Mark Talsma made sure that the MyVanilla Visa cards did not have sufficient credit balances, or any balance at all, when the textbook rentals were past due so that Amazon could not collect the book buyout price from those cards."

As the scheme progressed, the indictment says, Talsma "recruited individuals, including defendants Gregory Mark Gleesing, Lovedeep Singh Dhanoa, and Paul Steven Larson, and other individuals known to the grand jury, to allow him to use their names and mailing addresses to further continue receiving rental textbooks in amounts well above the fifteen-book limit..."

The indictment says the four alleged scammers stole 14,000 textbooks worth over $1.5m.
The U.S. Department of Justice adds If convicted, Talsma faces a maximum term of imprisonment of 20 years for each of the mail and wire fraud offenses; a maximum term of imprisonment of 10 years for interstate transportation of stolen property; and a maximum term of imprisonment of 5 years for making false statements to the FBI.

Additionally, if convicted of the aggravated identity theft charges, Talsma will serve a maximum term of imprisonment of four years consecutive to any sentence imposed for the other criminal offenses. Restitution and forfeiture of certain assets obtained with the proceeds of the scheme may also be ordered as a result of a conviction.