An unknown individual has leaked the source code and business data of video streaming platform Twitch via a torrent file posted on the 4chan discussion board earlier today. From a report: The leaker said they shared the data as a response to the recent "hate raids" --coordinated bot attacks posting hateful and abusive content in Twitch chats -- that have plagued the platform's top streamers over the summer. "Their community is [...] a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories," the leaker said earlier today. The leaker claims that the leak contains the "entirety of twitch.tv, with commit history going back to its early beginnings, mobile, desktop and video game console Twitch clients, various proprietary SDKs and internal AWS services used by Twitch, every other property that Twitch owns including IGDB and CurseForge, an unreleased Steam competitor from Amazon Game Studios, and Twitch SOC internal red teaming tools."

Twitch has confirmed the breach. In a tweet it said, "We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available."

Evolved Apes is described on NFT marketplace OpenSea as "a collection of 10,000 unique NFTs trapped inside a lawless land." They are "fighting for survival, only the strongest ape will prevail," it says, referring to the project's much-hyped fighting game, which has not materialized. From a report: A week after the project launch, the anonymous developer known as Evil Ape who promised that game, vanished along with the project's official Twitter account and website. But they left traces behind on the blockchain that shows they siphoned 798 ether ($2.7 million) out of the project's funds in multiple transfers. The funds, derived from the initial public sale of NFTs and commissions on the secondary market, were meant for project-related expenses like marketing.

Evolved Ape investors noticed several red flags leading up to Evil Ape's rug pull. After the public sale on September 24, the announcements seemed suspiciously unprofessional and several of the leaders were not around anymore, one investor who requested anonymity due to the ongoing fallout from the scam told Motherboard. But they chalked it down to lack of experience at the time. "I don't think this giant storm was ever what was expected," the investor said. According to Mike_Cryptobull, who did not share their real name due to their standing in the community, the Evolved Apes community discovered that the social-media competition winners (a marketing activity to create buzz) hadn't received their NFT prizes from the project, and the artist hadn't been paid either.

Victims of ransomware attacks would be required to report payments to their hackers within 48 hours under a proposal from Democratic Senator Elizabeth Warren and Democratic Representative Deborah Ross. From a report: The Ransom Disclosure Act would give the Department of Homeland Security data on ransomware payments, including the amount of money demanded and paid, and the type of currency used. The lawmakers say this is essential to bolster the U.S. government's understanding of how hackers operate and the extent of the ransomware threat. "Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals," Warren said in a statement on Tuesday.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

Ukrainian police have reportedly arrested two members of a ransomware gang -- and while some have fingered REvil, no firm details have been published by cops from multiple countries. The Register reports: A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "two prolific ransomware operators known for their extortionate demands," claimed to be up to [$81.3 million]. One of the two suspects arrested on September 28, according to the National Police of Ukraine, was a "hacker." The other allegedly "helped to withdraw money obtained by criminal means." $1.3m in cryptocurrency was said to have been frozen. A multinational police operation with input from France's National Gendarmerie and the US Federal Bureau of Investigation helped lead the Ukraine cops to their targets, with support from Europol and Interpol.

The 25-year-old suspect allegedly deployed "virus software," compromising remote-working software, with one attack vector being "through spam-mailings on corporate e-mail boxes of malicious content." "In total, the hacker attacked more than 100 foreign companies in North America and Europe," said the Ukrainian police, adding that they blamed the 25-year-old arrestee for causing $150m of damage to Western organizations. [...] Numerous people speculated on Twitter that the latest Ukrainian arrests were members of the REvil ransomware gang. This was based solely on Europol's claim that the two main accused had once issued an "extortionate" [$81.3 million] ransom demand, which has not been repeated by cops in Ukraine. REvil once issued a ransom demand for $70 millionagainst managed service provider Kaseya) but that is not the same sum...

Clearview AI has stoked controversy by scraping the web for photos and applying facial recognition to give police and others an unprecedented ability to peer into our lives. Now the company's CEO wants to use artificial intelligence to make Clearview's surveillance tool even more powerful. From a report: It may make it more dangerous and error-prone as well. Clearview has collected billions of photos from across websites that include Facebook, Instagram, and Twitter and uses AI to identify a particular person in images. Police and government agents have used the company's face database to help identify suspects in photos by tying them to online profiles. The company's cofounder and CEO, Hoan Ton-That, tells WIRED that Clearview has now collected more than 10 billion images from across the web -- more than three times as many as has been previously reported. Ton-That says the larger pool of photos means users, most often law enforcement, are more likely to find a match when searching for someone. He also claims the larger data set makes the company's tool more accurate.

Clearview combined web-crawling techniques, advances in machine learning that have improved facial recognition, and a disregard for personal privacy to create a surprisingly powerful tool. Ton-That demonstrated the technology through a smartphone app by taking a photo of the reporter. The app produced dozens of images from numerous US and international websites, each showing the correct person in images captured over more than a decade. The allure of such a tool is obvious, but so is the potential for it to be misused. Clearview's actions sparked public outrage and a broader debate over expectations of privacy in an era of smartphones, social media, and AI. [...] The pushback has not deterred Ton-That. He says he believes most people accept or support the idea of using facial recognition to solve crimes. "The people who are worried about it, they are very vocal, and that's a good thing, because I think over time we can address more and more of their concerns," he says.

Some of Clearview's new technologies may spark further debate. Ton-That says it is developing new ways for police to find a person, including "deblur" and "mask removal" tools. The first takes a blurred image and sharpens it using machine learning to envision what a clearer picture would look like; the second tries to envision the covered part of a person's face using machine learning models that fill in missing details of an image using a best guess based on statistical patterns found in other images. These capabilities could make Clearview's technology more attractive but also more problematic. It remains unclear how accurately the new techniques work, but experts say they could increase the risk that a person is wrongly identified and could exacerbate biases inherent to the system.

The Guardian reports on "a new breed of scambaiters...taking over TikTok and YouTube."

And one of them has more than 1.5 million followers across both video platforms. "Three to four days a week, for one or two hours at a time, Rosie Okumura, 35, telephones thieves and messes with their minds," reports the Guardian: For the past two years, the LA-based voice actor has run a sort of reverse call centre, deliberately ringing the people most of us hang up on — scammers who pose as tax agencies or tech-support companies or inform you that you've recently been in a car accident you somehow don't recall. When Okumura gets a scammer on the line, she will pretend to be an old lady, or a six-year-old girl, or do an uncanny impression of Apple's virtual assistant Siri. Once, she successfully fooled a fake customer service representative into believing that she was Britney Spears. "I waste their time," she explains, "and now they're not stealing from someone's grandma...."

Batman became Batman to avenge the death of his parents; Okumura became a scambaiter after her mum was scammed out of $500... Thankfully, the bank was able to stop the money leaving her mother's account, but Okumura wanted more than just a refund. She asked her mum to give her the number she'd called and called it herself, spending an hour and 45 minutes wasting the scammer's time. "My computer's giving me the worst vibes," she began in Kim Kardashian's voice. "Are you in front of your computer right now?" asked the scammer. "Yeah, well it's in front of me, is that... that's like the same thing?" Okumura put the video on YouTube and since then has made over 200 more videos, through which she earns regular advertising revenue (she also takes sponsorships directly from companies).

"A lot of it is entertainment — it's funny, it's fun to do, it makes people happy," she says when asked why she scambaits. "But I also get a few emails a day saying, 'Oh, thank you so much, if it weren't for that video, I would've lost $1,500.'" Okumura isn't naive — she knows she can't stop people scamming, but she hopes to stop people falling for scams. "I think just educating people and preventing it from happening in the first place is easier than trying to get all the scammers put in jail...."
The Guardian also describes Jim Browning, a Northern Irish YouTuber with nearly 3.5 million subscribers who's been posting scambaiting videos for seven years. "Browning regularly gets access to scammers' computers and has even managed to hack into the closed-circuit TV footage of call centres in order to identify individuals. He then passes this information to the 'relevant authorities' including the police, money-processing firms and internet service providers...."

And they also tell the story of an American software engineer who joined with friends to convince a scammer he'd been offered a high-paying job — only to end up stranded in Laos after paying for a 600-miles flight.

"He was crying... that was the one where I was like, 'Ah, maybe I'm taking things a little too far.'"

An Iowa data scientist with a computer engineering degree and a Harvard MBA has come forward as the whistleblower leaking damaging information about Facebook to the Wall Street Journal — and that's just the beginning. They've now also filed at least eight complaints with America's Securities and Exchange Commission, "which has broad oversight over financial markets and has the power to bring charges against companies suspected of misleading investors," reports the Washington Post. To buttress the complaints, the whistleblower secretly copied "tens of thousands" of pages of internal Facebook research, according to a report tonight on the CBS News show 60 Minutes, which summarizes her ultimate conclusion: "that the company is lying to the public about making significant progress against hate, violence and misinformation.

"One study she found from this year says 'We estimate that we may action as little as 3 to 5% of hate, and about 0.6% of violence and incitement on Facebook. Despite being the best in the world at it." Another internal Facebook document admits point-blank that "We have evidence from a variety of sources that hate speech, divisive political speech and misinformation on Facebook and the family of apps are affecting societies around the world."

60 Minutes points out that Facebook "has 2.8 billion users, which is 60% of all internet-connected people on Earth."

[Whistleblower Frances] Haugen told us the root of Facebook's problem is in a change that it made in 2018 to its algorithms — the programming that decides what you see on your Facebook news feed... "One of the consequences of how Facebook is picking out that content today is it is optimizing for content that gets engagement, or reaction. But its own research is showing that content that is hateful, that is divisive, that is polarizing, it's easier to inspire people to anger than it is to other emotions... Facebook has realized that if they change the algorithm to be safer, people will spend less time on the site, they'll click on less ads, they'll make less money."
60 Minutes reports that Facebook was even contacted by "major political parties across Europe," according to leaked internal documents which say the parties specifically complained that a change Facebook's algorithm "has forced them to skew negative in their communications on Facebook... leading them into more extreme policy positions." (Or, as 60 Minutes puts it, "The European political parties were essentially saying to Facebook the way you've written your algorithm is changing the way we lead our countries." The whistleblower sees their position as "You are forcing us to take positions that we don't like, that we know are bad for society. We know if we don't take those positions, we won't win in the marketplace of social media." Haugen says Facebook understood the danger to the 2020 Election. So, it turned on safety systems to reduce misinformation — but many of those changes, she says, were temporary. "And as soon as the election was over, they turned them back off or they changed the settings back to what they were before, to prioritize growth over safety. And that really feels like a betrayal of democracy to me." Facebook says some of the safety systems remained. But, after the election, Facebook was used by some to organize the January 6th insurrection....

After the attack, Facebook employees raged on an internal message board copied by Haugen. "...Haven't we had enough time to figure out how to manage discourse without enabling violence?"
The whistleblower will now appear Tuesday before a U.S. Senate Commerce consumer protection subcommittee — and has already shared some of their documents with Congressional offices probing Facebook, according to the Washington Post. "It's important because Big Tech is at an inflection point," the whistleblower's lawyer tells the newspaper. They argue that ultimately Big Tech "touches every aspect of our lives — whether it's individuals personally or democratic institutions globally. With such far reaching consequences, transparency is critical to oversight.

"And lawful whistleblowing is a critical component of oversight and holding companies accountable."

"Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves," reports ZDNet: REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil lease their ransomware out to other crooks in exchange for a cut of the profits these affiliates make by extorting Bitcoin payments in exchange for the ransomware decryption keys that the victims need. But it seems that cut isn't enough for those behind REvil: it was recently disclosed that there's a secret backdoor coded into their product, which allows REvil to restore the encrypted files without the involvement of the affiliate. This could allow REvil to takeover negotiations with victims, hijack the so-called "customer support" chats — and steal the ransom payments for themselves.

Analysis of underground forums by cybersecurity researchers at Flashpoint suggests that the disclosure of the REvil backdoor hasn't gone down well with affiliates. One forum user claimed to have had suspicions of REvil's tactics, and said their own plans to extort $7 million from a victim was abruptly ended. They believe that one of the REvil authors took over the negotiations using the backdoor and made off with the money.

Miami is a city "that unblushingly loves rule-breaking and money," according to a new article in New York magazine, wondering whether Miami could ever really replace Silicon Valley as "a more natural home — and maybe even an accelerant — for the next generation of disruption fiends." On December 4, Delian Asparouhov, a venture capitalist in San Francisco, posted, "ok guys hear me out, what if we move silicon valley to Miami," and Miami mayor Francis Suarez, lying in bed at home in Coconut Grove, replied, "How can I help...?" Ever since, Suarez has been on a mission to rebrand Miami — long a place to spend money, rather than earn it — as a haven for founders who feel underappreciated in more calcified urban climes. He bought (with money from a venture capitalist) billboards in San Francisco featuring his Twitter handle and an invitation to "DM me." As he put it, "I saw the tsunami coming, got out my surfboard, and started paddling."

The flood of new Miamians who have arrived, full or part time, during the pandemic includes tech investors (Peter Thiel, David Sacks), cryptocurrency bulls (Anthony Pompliano, Ari Paul), new-media tycoons (Bryan Goldberg, Dave Portnoy), start-up founders (Alexandra Wilkis Wilson, Steven Galanis), and many more who aren't yet billionaires but think the Magic City will give them their best shot... The boom is visible in the city's crane-spiked skyline, too, with deals for Spotify, Microsoft, Apple, and TikTok either signed or in the offing. In greater South Florida, a related incursion by the finance industry — Goldman Sachs, Citadel, Elliott — is in full swing... In July, according to Redfin, Miami was the top migration destination for home buyers in the U.S., while San Francisco had the largest homeowner exodus. Suarez told me about a playful text he recently received from the mayor there, London Breed: "Stop stealing my techies." He says he replied, "Sorry, London, I love you, but no."

Already, Suarez has made gains in turning Miami into the most cryptocurrency-friendly city in the U.S. In the past six months, the world's largest bitcoin conference happened here; a crypto exchange called FTX paid $135 million for the naming rights to the NBA arena (edging out the hometown porn studio BangBros); and a city-sanctioned currency called MiamiCoin debuted, generating millions in fees for municipal coffers. Suarez also accepts campaign contributions in bitcoin. He's running for reelection this November and looks certain to win, thanks in part to hefty donations and cheerleading from Silicon Valley eminences...

The tech case for Miami isn't wholly persuasive. (The most notable local start-up is a company that sells kibble.) But it is infectious.
The article notes, for example, that "For all his enthusiasm, Suarez acknowledges that a robust tech ecosystem needs one thing he can't simply market into existence: a standout university" (with a world-class engineering department to fuel startups). Suarez's solution appears to be offering Miami land parcels to Florida Polytechnic University for a possible satellite campus teaching DeFi/crypto/blockchain/NFT technologies.

The article also points out the possibility of global warming-induced hurricanes and rising sea levels, the city's widening income gap and rising cost of living, and Miami's record number of pediatric-ICU COVID admissions.

"American luxury retailer Neiman Marcus Group has just disclosed a major data breach impacting approximately 4.6 million customers," reports Ars Technica.

"The breach occurred sometime in May 2020 after 'an unauthorized party' obtained the personal information of some Neiman Marcus customers from their online accounts." Neiman Marcus is working with law enforcement agencies and has selected cybersecurity company Mandiant to assist with the investigation. Thursday, Neiman Marcus disclosed that its 2020 data breach impacted about 4.6 million customers with Neiman Marcus online accounts. The personal information of these customers was potentially compromised during the incident. The bits of information include:

- Names, addresses, contact information

- Usernames and passwords of Neiman Marcus online accounts

- Payment card numbers and expiration dates (although no CVV numbers)

- Neiman Marcus virtual gift card numbers (without PINs)

- Security questions of Neiman Marcus online accounts
"Although the data breach occurred over a year ago, Neiman Marcus states it became aware of the incident this September."

Last month U.S. President Biden issued "a mandate that all companies with more than 100 workers require vaccination or weekly testing," remembers the New York Times, and "also moved to mandate shots for health care workers, federal contractors and a vast majority of federal workers, who could face disciplinary measures if they refuse."

So what happened next? Until now, the biggest unknown about mandating COVID-19 vaccines in workplaces has been whether such requirements would lead to compliance or to significant departures by workers unwilling to get shots — at a time when many places were already facing staffing shortages. So far, a number of early mandates show few indications of large-scale resistance. "Mandates are working," said John Swartzberg, a physician and professor at the School of Public Health at the University of California, Berkeley. "If you define 'working' by the percentage of people getting vaccinated and not leaving their jobs in droves."

Unlike other incentives — "prizes, perks, doughnuts, beer, we've seen just about everything offered to get people vaccinated" — mandates are among the few levers that historically have been effective in increasing compliance, said Swartzberg, who has tracked national efforts to increase rates of inoculation...

[T]he pushback has been less dramatic than initially feared. At Houston Methodist Hospital, which mandated vaccines this summer for 25,000 employees, for example, only about 0.6% of employees quit or were fired. Dorit Reiss, a professor at the University of California Hastings College of the Law in San Francisco who is tracking employer mandates, said that, despite their propensity for backlash and litigation, mandates generally increase vaccine compliance because the knowledge that an order is coming has often been enough to prompt workers to seek inoculation before courts even can weigh in. Mandates are becoming more commonplace as several other states have imposed requirements for workers. In New York, Rhode Island, Maine, Oregon and the District of Columbia, health care workers must get vaccinated to remain employed.
The Times's article (original URL here) provides statistics from specific examples:

• "When Tyson Foods announced Aug. 3 that it would require coronavirus vaccines for all 120,000 of its U.S. employees, less than half of its workforce was inoculated. Nearly two months later, 91% of the company's U.S. workforce is fully vaccinated, said Dr. Claudia Coplein, Tyson's chief medical officer."

• "In New York, where some 650,000 employees at hospitals and nursing homes were to have received at least one vaccine dose by the start of this week, 92% were in compliance, state officials said. That was up significantly from a week ago, when 82% of the state's nursing home workers and at least 84% of its hospital workers had received at least one dose."

• "As California's requirement that all health care workers be vaccinated against the coronavirus took effect Thursday, major health systems reported that the mandate had helped boost their vaccination rates to 90% or higher."

ZDNet reports: Some of the world's largest tech giants — Amazon, Google, Microsoft, IBM, Salesforce/Slack, Atlassian, SAP, and Cisco — have joined forces to establish the Trusted Cloud Principles in what they are claiming is their commitment to protecting the rights of their customers... Some of the specific principles that have been founded by the signatories include governments should seek data directly from enterprise customers first, rather than cloud providers, other than in "exceptional circumstances"; customers should have a right to notice when governments seek to access customer data directly from cloud service providers; and there should be a clear process for cloud providers to challenge government access requests for customers' data, including notifying relevant data protection authorities, to protect customers' interests.

Also outlined in the principles is the point that governments should create mechanisms to raise and resolve conflicts with each other such that cloud service providers' legal compliance in one country does not amount to a violation of law in another; and governments should support cross-border data flows. At the same time, the cloud service providers acknowledge that under the principles they recognise international human rights law enshrines a right to privacy, and the importance of customer trust and customers' control and security of their data. The signatories also said they commit to supporting laws that allow governments to request data through a transparent process that abides by human right standards; international legal frameworks to resolve conflicting laws related to data access, privacy, and sovereignty; and improved rules and regulations at the national and international levels that protect the safety, privacy, and security of cloud customers and their ownership of data...

The Trusted Cloud Principles come days after a separate data cloud framework was stood up between Amazon Web Services, Google, IBM, Microsoft and other major tech giants, plus the EDM Council, a cross-industry trade association for data management and analytics. Under the Cloud Data Management Capabilities (CDMC) framework there are six components, 14 capabilities, and 37 sub-capabilities that sets out cloud data management capabilities, standards, and best practices for cloud, multi-cloud, and hybrid-cloud implementations while also incorporating automated key controls for protecting sensitive data.

sciencehabit shares a report from Science.org: In late 1791 and early 1792, on the eve of the French Revolutionary Wars, Queen Marie Antoinette engaged in a secret correspondence with her confidant and rumored lover, Swedish Count Axel von Fersen. Nearly 50 letters from that exchange survive at the French National Archives. But certain passages in 15 of the letters were unreadable, obscured by redactions made with swirls of dark ink. Now, researchers have revealed the words beneath 45 of these alterations using x-ray technology. They have also discovered the censor's identity: von Fersen, himself. The idea that von Fersen made the redactions is "a revelation," says Catriona Seth, a professor of French literature at the University of Oxford who was not involved with the work. Historians had thought the letters were censored in the second half of the 19th century -- most likely by von Fersen's great-nephew -- to protect the writers' reputations. Now, she says, scholars will need to rethink the cover-up -- and the reasons behind it.

The newly legible passages are largely sentimental, phrases like "made my heart happy," and "you that I love." Comments on politics and world events, meanwhile, remain uncensored. But even these seemingly intimate phrases don't definitively tell historians anything new about Marie Antoinette and von Fersen's relationship, Seth says. Scholars, she notes, already knew Marie Antoinette had "a very deep affection for him." Still, she adds, the letters offer "direct insight into the thoughts and feelings of Marie Antoinette." In the future, the techniques in this study could be used in combination with machine algorithms to automatically transcribe old texts, the researchers say, making it easier to understand these important documents -- and others like them. The researchers published their findings in the journal Science Advances.

samleecole shares a report from Motherboard: Some former OnlyFans support staff employees still had access to users' data -- including sensitive financial and personal information -- even after they stopped working for the company used by sex workers to sell nudes and porn videos. According to a former OnlyFans employee who asked to remain anonymous because they feared retaliation, some ex-employees still had access to Zendesk, a popular customer service software used by many companies including OnlyFans, to track and respond to customer support tickets, long after leaving the company. OnlyFans uses Zendesk to respond to both users who post content and those who just pay to view that content. According to the source and OnlyFans users who spoke to Motherboard, depending on what a user is seeking help with, support tickets may contain their credit card information, drivers' licenses, passports, full names, addresses, bank statements, how much they have earned on OnlyFans or spent, Know Your Customer (KYC) selfies where the creator holds up an ID next to their face for verification, and model release forms. "It's a shame that they have this large company and feel they can play with people's lives like this," the former employee said. "There are already so many things they are in trouble for and privacy should not be one of them. Everyone on that platform, especially sex workers, need to have their information be safe and it isn't."

An anonymous reader quotes a report from BuzzFeed News: Noises linked to mysterious injuries among US diplomats in Cuba were most likely caused by crickets -- not microwave weapons -- according to a declassified scientific review commissioned by the US State Department and obtained by BuzzFeed News. The State Department report was written by the JASON advisory group, an elite scientific board that has reviewed US national security concerns since the Cold War. It was completed in November of 2018, two years after dozens of US diplomats in Cuba and their families reported hearing buzzing noises and then experiencing puzzling neurological injuries, including pain, vertigo, and difficulty concentrating. Originally classified as "secret," the report concluded that the sounds accompanying at least eight of the original 21 Havana syndrome incidents were "most likely" caused by insects. That same scientific review also judged it "highly unlikely" that microwaves or ultrasound beams -- now widely proposed by US government officials to explain the injuries -- were involved in the incidents. And though the report didn't definitively conclude what caused the injuries themselves, it found that "psychogenic" mass psychology effects may have played a role.

"No plausible single source of energy (neither radio/microwaves nor sonic) can produce both the recorded audio/video signals and the reported medical effects," the JASON report concluded. "We believe the recorded sounds are mechanical or biological in origin, rather than electronic. The most likely source is the Indies short-tailed cricket." The report's findings fly in the face of a medical report commissioned by the State Department and published by a National Academies of Sciences panel last year, which found that microwaves were the "most plausible" cause of the symptoms. That panel was not provided with the JASON report as part of its assessment, the NAS told BuzzFeed News.

The Supreme Court of California has thrown out Oracle's appeal against a decision to award $3 billion damages to HPE in a case which dates back a decade and relates to Big Red's commitment to develop on Itanium hardware. From a report:On Wednesday, the court denied a review of Oracle's appeal against a summary judgement, apparently without comment or any written dissents. The decision follows a ruling made in the California Court of Appeal that affirmed HPE's $3.14bn win for alleged contract violation, stating that an agreement between the firms had created a legal obligation for Oracle to support software on HPE's Itanium server. The case hinged on the companies' statements that they had a "longstanding strategic relationship" and a "mutual desire to continue to support their mutual customers." The agreement stated that Oracle, for its part, "will continue to offer its product suite on HP platforms" while HPE "will continue to support Oracle products (including Oracle Enterprise Linux and Oracle VM) on its hardware." The ruling reads: "We conclude that the second sentence, moreover, does more than declare an aspiration or intent to continue working together, as Oracle claims. It commits the parties to continue the actions specified (Oracle offering its product suite and HP supporting the products)," as it had done previously.

The Federal Trade Commission is considering strengthening online privacy protections, including for children, in an effort to bypass legislative logjams in Congress. WSJ: The rules under consideration could impose significant new obligations on businesses across the economy related to how they handle consumer data, people familiar with the matter said. The early talks are the latest indication of the five-member commission's more aggressive posture under its new chairwoman, Lina Khan, a Democrat who has been a vocal critic of big business, particularly large technology companies. Congressional efforts to assist the FTC in tackling perceived online privacy problems will also be the focus of a Senate Commerce Committee hearing Wednesday. If the agency chooses to move forward with an initiative, any broad new rule would likely take years to implement.

In writing new privacy rules, the FTC could follow several paths, the people said: It could look to declare certain business practices unfair or deceptive, using its authority to police such conduct. It could also tap a less-used legal authority that empowers the agency to go after what it considers unfair methods of competition, perhaps by viewing certain businesses' data-collection practices as exclusionary. The agency could also address privacy protections for children by updating its rules under the 1998 Children's Online Privacy Protection Act. And it could use its enforcement powers to target individual companies, as some privacy advocates urge.

The Wall Street Journal: More than 130 federal judges have violated U.S. law and judicial ethics by overseeing court cases involving companies in which they or their family owned stock. A Wall Street Journal investigation found that judges have improperly failed to disqualify themselves from 685 court cases around the nation since 2010. The jurists were appointed by nearly every president from Lyndon Johnson to Donald Trump. About two-thirds of federal district judges disclosed holdings of individual stocks, and nearly one of every five who did heard at least one case involving those stocks. Alerted to the violations by the Journal, 56 of the judges have directed court clerks to notify parties in 329 lawsuits that they should have recused themselves. That means new judges might be assigned, potentially upending rulings. When judges participated in such cases, about two-thirds of their rulings on motions that were contested came down in favor of their or their family's financial interests.

An anonymous reader quotes a report from Ars Technica: LiquidVPN's business model was a fierce one, thriving on the fence of the law. In webpages seen by Ars, the VPN company boasted itself as "the best VPN for torrenting" that would also let you "unblock ISP banned streams," otherwise restricted due to copyright takedown requests. Furthermore, LiquidVPN customers were really in for a treat with "High Quality Popcorn Time Streams" thrown into the mix. And, of course, this was all a "DMCA Free Zone," since, much like any logless VPN provider, Liquid did not have the ability to forward DMCA notices to users downloading infringing content. Except, Liquid listed all of these features on its website explicitly and glamorized all of the possibilities. And imagine doing all these things seven days of the week without the risk of getting caught by your ISP or anyone else, reassured the VPN provider with a "full-refund" guarantee. Transparency can be a good thing when presenting your product, except when your marketing claims surpass the legal gray area.

Unsurprisingly, in March this year, several filmmakers filed a lawsuit with the Florida District Court against LiquidVPN. This month, these plaintiffs are asking the court to issue a default judgment against LiquidVPN for the defendant's failure to plead or show up at the most recent court hearing. According to court documents (PDF), movie production firms argue LiquidVPN should not be extended "safe harbor" protections, as the defendant didn't establish a repeat-infringer policy or appoint a registered DMCA agent. The ask for $9,900,000 comprises the maximum statutory damage amount of $150,000 for each of the 66 works listed in the complaint. Additionally, $1,650,000 has been sought against LiquidVPN for "secondary liability as to DMCA violations." The asks don't stop there, however. The list of demands extends for LiquidVPN to permanently suspend accounts of repeat infringers, dismissing their "no log" policy. But the face of the LiquidVPN website is already nowhere to be seen. For weeks, the homepage has been unreachable, although the client area remains accessible.