An anonymous reader quotes a report from Ars Technica: An Amsterdam court today ordered one of the largest adult entertainment websites, xHamster, to remove all amateur footage showing recognizable people in the Netherlands who did not consent to be featured on the site. The ruling followed complaints raised by the Expertise Bureau for Online Child Abuse, known as EOKM, which identified 10 videos where xHamster could not verify it had secured permission from amateur performers to post. The court found that this violated European privacy laws and conflicted with a prior judgment from the Amsterdam court requiring porn sites to receive permission from all performers recognizably featured before posting amateur videos.

According to EOKM director Arda Gerkens, this ruling will require xHamster to clean up its site and is part of EOKM's larger plan to stop all porn sites from distributing amateur footage without consent. The Amsterdam court has given xHamster three weeks to comply with the order and remove all footage posted without consent, or face maximum fines per video up to $32,000 daily. Lawyers assisting EOKM on the case said the verdict had "major consequences for the entire porn industry," including bigger sites like Pornhub, which already was required to remove 10 million videos, as Vice reported in 2020. "Now it's xHamster's turn," Otto Volgenant of Boekx Advocaten said in EOKM's press release, noting that 30 million people visit xHamster daily.

On xHamster, only professional producers and verified members can upload content. The website requires everyone who creates an account to upload an ID and share a selfie to become verified. Before any verified member's upload is made public, xHamster moderators -- a team of 28 who use software approved by EOKM to identify illegal content -- conduct a review to block any illegal content. The website's terms of service require that each uploader provides a consent form from each person recognizably featured in all amateur content. Hammy Media told the court that it had already removed all violating content that EOKM had flagged in the case and provided assurances that moderators check to ensure the uploader is the same person as the performer. However, in his order, judge RA Dudok van Heel wrote that "it is sufficiently plausible for the time being that a large amount of footage is being made public on xhamster.com, of which it cannot be demonstrated that permission has been obtained from the persons who appear recognizable in the picture."

An anonymous reader quotes a report from The Verge: The New York Police Department is reenlisting Digidog, the four-legged robot that the city faced backlash for deploying a few years back, as reported earlier by The New York Times. NYC Mayor Eric Adams announced the news during a press event on Tuesday, stating that the use of Digidog in the city can "save lives." Digidog -- also known as Spot -- is a remote-controlled robot made by the Hyundai-owned Boston Dynamics. It's designed to work in situations that may pose a threat to humans, helping to do things like perform inspections in dangerous areas and monitor construction sites. However, Boston Dynamics also touts its use as a public safety tool, which the NYPD has tried in the past.

City officials say that the NYPD will acquire two robot dogs for a total of $750,000, according to the NYT, and that they will only be used during life-threatening situations, such as bomb threats. "I believe that technology is here; we cannot be afraid of it," Mayor Adams said during Tuesday's press conference. "A few loud people were opposed to it, and we took a step back — that is not how I operate. I operate on looking at what's best for the city." The Surveillance Technology Oversight Project (STOP), a group that advocates against the use of local and state-level surveillance, has denounced Mayor Adams' move. "The NYPD is turning bad science fiction into terrible policing," Albert Fox Cahn, STOP's executive director, says in a statement. "New York deserves real safety, not a knockoff robocop. Wasting public dollars to invade New Yorkers' privacy is a dangerous police stunt."

Denver legislators have just passed the first-ever agricultural Right to Repair bill. Today's landslide 44-16 vote in the House follows a successful vote in the Senate last month. iFixit reports: Once the Agricultural Right to Repair bill passes, manufacturers will be required to share all the parts, embedded software, firmware, tools, and documentation necessary for repair. One critical step remains: a signature by Governor Polis, who has signaled that he supports the legislation.

To support Right to Repair legislation near you, find your state on Repair.org -- or, if you're outside the US, look for your country's advocacy network here. The summary of HB23-1011 reads: "Starting January 1, 2024, the bill requires a manufacturer to provide parts, embedded software, firmware, tools, or documentation, such as diagnostic, maintenance, or repair manuals, diagrams, or similar information (resources), to independent repair providers and owners of the manufacturer's agricultural equipment to allow an independent repair provider or owner to conduct diagnostic, maintenance, or repair services on the owner's agricultural equipment.

The bill folds agricultural equipment into the existing consumer right-to-repair statutes, which statutes provide the following:

- A manufacturer's failure to comply with the requirement to provide resources is a deceptive trade practice;
- In complying with the requirement to provide resources, a manufacturer need not divulge any trade secrets to independent repair providers and owners; and
- Any new contractual provision or other arrangement that a manufacturer enters into that would remove or limit the manufacturer's obligation to provide resources to independent repair providers and owners is void and unenforceable; and
- An independent repair provider or owner is not authorized to make modifications to agricultural equipment that permanently deactivate any safety notification system or bring the equipment out of compliance with safety or emissions laws or to engage in any conduct that would evade emissions, copyright, trademark, or patent laws."

Hackers using spyware made by a little known cyber mercenary company used malicious calendar invites to hack the iPhones of journalists, political opposition figures, and an NGO worker, according to two reports. From a report: Researchers at Microsoft and the digital rights group Citizen Lab analyzed samples of malware they say was created by QuaDream, an Israeli spyware maker that has been reported to develop zero-click exploits -- meaning hacking tools that don't require the target to click on malicious links -- for iPhones. QuaDream has been able to mostly fly under the radar until recently. In 2021, Israeli newspaper Haaretz reported that QuaDream sold its wares to Saudi Arabia. The next year, Reuters reported that QuaDream sold an exploit to hack iPhones that was similar to one provided by NSO Group, and that the company doesn't operate the spyware, its government customers do -- a common practice in the surveillance tech industry.

QuaDream's customers operated servers from several countries around the world: Bulgaria, Czech Republic, Hungary, Romania, Ghana, Israel, Mexico, Singapore, United Arab Emirates (UAE), and Uzbekistan, according to internet scans done by Citizen Lab. Both Citizen Lab and Microsoft published groundbreaking new technical reports on QuaDream's alleged spyware on Tuesday. Microsoft said it found the original malware samples, and then shared them with Citizen Lab's researchers, who were able to identify more than five victims -- an NGO worker, politicians, and journalists -- whose iPhones were hacked. The exploit used to hack those targets was developed for iOS 14, and at the time was unpatched and unknown to Apple, making it a so-called zero-day. The government hackers who were equipped with QuaDream's exploit used malicious calendar invites with dates in the past to deliver the malware, according to Citizen Lab.

An anonymous reader quotes a report from Mirage News: One million smokers will be encouraged to swap cigarettes for vapes under a pioneering new "swap to stop" scheme designed to improve the health of the nation and cut smoking rates. As part of the world-first national scheme, almost one in five of all smokers in England will be provided with a vape starter kit alongside behavioral support to help them quit the habit as part of a series of new measures to help the government meet its ambition of being smoke-free by 2030 -- reducing smoking rates to 5% or less. Local authorities will be invited to take part in the scheme later this year and will design a scheme which suits its needs, including deciding which populations to prioritize.

In a speech today, Health Minister Neil O'Brien will also announce that following the success of local schemes, pregnant women will be offered financial incentives to help them stop smoking. This will involve offering vouchers, alongside behavioral support, to all pregnant women who smoke by the end of next year. The government will also consult on introducing mandatory cigarette pack inserts with positive messages and information to help people to quit smoking. Additionally, there will be a crackdown on illicit vape sales as part of measures to stop children and non-smokers take up the habit -- which is growing in popularity among young people. Health Minister Neil O'Brien said in a statement: "Up to two out of three lifelong smokers will die from smoking. Cigarettes are the only product on sale which will kill you if used correctly. We will offer a million smokers new help to quit. We will be funding a new national 'swap to stop' scheme -- the first of its kind in the world. We will work with councils and others to offer a million smokers across England a free vaping starter kit."

The U.S. Federal Trade Commission has approved a final consent order in its first-ever enforcement action over a case involving "review hijacking," or when a marketer steals consumer reviews of another product to boost the sales of its own. TechCrunch reports: In this case, the FTC has ordered supplements retailer The Bountiful Company, the maker of Nature's Bounty vitamins and other brands, to pay $600,000 for deceiving customers on Amazon where it used a feature to merge the reviews of different products to make some appear to have better ratings and reviews than they otherwise would have had if marketed under their own listings. The case exposes how sellers have been exploiting an Amazon feature that allows sellers to request the creation of "variation" relationships between different products and SKUs. The feature is meant to help marketers and consumers alike as it creates a single detail page on Amazon.com that shows similar products that are different only in narrow, specific ways, the FTC explains -- like items that come in a different color, size, quantity or flavor. For instance, a t-shirt may have a dozen SKUs associated with one another because the shirt comes in a wide variety of colors.

For shoppers, it's helpful to see all the options on one page so you can pick the item that best matches your needs and budget. In the case of supplements, the feature could be used to combine the same products by merging various SKUs featuring different quantities of the item in question, like bottles with 50, 100 or 200 pills, for example. However, The Bountiful Company exploited Amazon's feature to merge its newer products with older, well-established products which had different formulations, the FTC said. The FTC cited and screenshotted more than a dozen examples from 2020 and 2021 in its original complaint (PDF) against the vitamin and supplement maker, which in 2021 sold its core brands -- including Nature's Bounty and Sundown -- to Nestle. As a result of these product merges, consumers who happened across any of the newer products would believe them to be better received than they were in reality, as they were benefiting from the merged ratings and reviews of other, differentiated items.

"Boosting your products by hijacking another product's ratings or reviews is a relatively new tactic, but is still plain old false advertising," Samuel Levine, Director of the FTC's Bureau of Consumer Protection, said this February when the consent order was first announced ahead of its public comment period and finalized version. With today's decision, Bountiful will have to pay the Commission $600,000 as monetary relief for consumers. It's also prohibited from making similar types of misrepresentations and barred from using "deceptive review tactics that distort what consumers think about its products or services," the FTC said in a unanimous 4-0 decision.

An anonymous reader quotes a report from TorrentFreak: Z-Library appears to be shrugging off a criminal investigation as if nothing ever happened. The site continues to develop its shadow library and, following a successful fundraiser, now plans to expand its services to the physical book market. Z-Library envisions a book 'sharing' market, where its millions of users can pick up paperbacks at dedicated "Z-Points" around the globe. [...] With more than 12 million books in its archive, Z-Library advertised itself as the largest repository of pirated books on the Internet. This success was briefly interrupted late last year when the U.S. Government seized the site's main domain names. The enforcement action also led to the arrest of two alleged Russian operators of the site, who now find themselves at the center of a criminal investigation. A crackdown of this magnitude usually marks the end of a pirate site, but Z-Library appears to be going in the opposite direction. The site has made a full comeback with a more 'censorship-resistant' setup and recently collected tens of thousands of dollars in donations.

In a new message, posted this week, Z-Library thanks its userbase for their generous contributions, noting that it secured all the necessary funds to ensure continued development. Apparently, this includes support for offline sharing. In addition to offering millions of ebooks, Z-Library says that it's working on a new service that will help users to share physical copies with each other. "Books you have read should not gather dust on your shelf -- instead, they can get a second life in the hands of new readers! This helps to preserve the literary heritage and spread the knowledge and ideas contained in books to more people," they write. "[W]e want to organize 'Z-Points' -- collection and storage points for books that will be the link between those who share their books and those who need them. Book owners who are willing to share them with other users can send books to the nearest Z-Point in their region. And those who need books stored in these points will be able to receive them for their use."

This sounds like a P2P competitor for traditional libraries. Interestingly, however, Z-Library believes that existing libraries are ideally suited to become Z-Points. People can also volunteer to run a Z-Point from their own homes. Running a book lending point will require quite a bit of storage space and organizational effort so fulfillment centers and third-party logistics services are also welcome to join in. The Z-Point idea is still in the planning phase. According to Z-Library, users will be able to send books by mail. These can then be loaned by others and/or sent by mail when requested. This proposal is quite different from the traditional pirate ebook library Z-Library offers now. And loaning a book to someone is generally not seen as copyright infringement either unless it's a copied ebook.

The new management of FTX, headed by CEO John Ray III, on Sunday released its first interim report on control failures at the collapsed crypto exchange. There is a lot to digest. The Block: The 45-page report -- published Sunday afternoon by FTX Trading Ltd and its affiliated debtors -- describes in painstaking detail FTX's slapdash record-keeping, near non-existent cybersecurity defenses and its sparse expertise in key areas like finance. One of the more eye-catching items concerned Alameda Research, the trading firm that allegedly had access to billions of dollars in customer funds stored with FTX. The report states that Alameda "often had difficulty understanding what its positions were, let alone hedging or accounting for them."

Former CEO Sam Bankman-Fried, now under house arrest and facing a litany of criminal charges, described Alameda in internal communications as "hilariously beyond any threshold of any auditor being able to even get partially through an audit," according to the report. He went on: "Alameda is unauditable. I don't mean this in the sense of 'a major accounting firm will have reservations about auditing it'; I mean this in the sense of 'we are only able to ballpark what its balances are, let alone something like a comprehensive transaction history.' We sometimes find $50m of assets lying around that we lost track of; such is life."

An anonymous readers shared this report from the Washington Post: Brian Hood is a whistleblower who was praised for "showing tremendous courage" when he helped expose a worldwide bribery scandal linked to Australia's National Reserve Bank. But if you ask ChatGPT about his role in the scandal, you get the opposite version of events. Rather than heralding Hood's whistleblowing role, ChatGPT falsely states that Hood himself was convicted of paying bribes to foreign officials, had pleaded guilty to bribery and corruption, and been sentenced to prison.

When Hood found out, he was shocked. Hood, who is now mayor of Hepburn Shire near Melbourne in Australia, said he plans to sue the company behind ChatGPT for telling lies about him, in what could be the first defamation suit of its kind against the artificial intelligence chatbot.... "There's never, ever been a suggestion anywhere that I was ever complicit in anything, so this machine has completely created this thing from scratch," Hood said — confirming his intention to file a defamation suit against ChatGPT. "There needs to be proper control and regulation over so-called artificial intelligence, because people are relying on them...."

If it proceeds, Hood's lawsuit will be the first time someone filed a defamation suit against ChatGPT's content, according to Reuters. If it reaches the courts, the case would test uncharted legal waters, forcing judges to consider whether the operators of an artificial intelligence bot can be held accountable for its allegedly defamatory statements.
The article notes that ChatGPT prominently warns users that it "may occasionally generate incorrect information." And another Post article notes that all the major chatbots now include disclaimers, "such as Bard's fine-print message below each query: 'Bard may display inaccurate or offensive information that doesn't represent Google's views.'"

But the Post also notes that ChatGPT still "invented a fake sexual harassment story involving a real law professor, Jonathan Turley — citing a Washington Post article that did not exist as its evidence." Long-time Slashdot reader schwit1 tipped us off to that story. But here's what happened when the Washington Post searched for accountability for the error: In a statement, OpenAI spokesperson Niko Felix said, "When users sign up for ChatGPT, we strive to be as transparent as possible that it may not always generate accurate answers. Improving factual accuracy is a significant focus for us, and we are making progress...." Katy Asher, senior communications director at Microsoft, said the company is taking steps to ensure search results are safe and accurate. "We have developed a safety system including content filtering, operational monitoring, and abuse detection to provide a safe search experience for our users," Asher said in a statement, adding that "users are also provided with explicit notice that they are interacting with an AI system."

But it remains unclear who is responsible when artificial intelligence generates or spreads inaccurate information. From a legal perspective, "we just don't know" how judges might rule when someone tries to sue the makers of an AI chatbot over something it says, said Jeff Kosseff, a professor at the Naval Academy and expert on online speech. "We've not had anything like this before."

The Free Software Foundation certifies products that meet their standards in regard to users' freedom, control over the product, and privacy. And they put out a new "Respects Your Freedom" certification on Thursday for ThinkPenguin's free software gigabit mini VPN router, the TPE-R1400.

From the FSF's announcement: This is ThinkPenguin's first device to receive RYF certification in 2023, adding to their vast catalogue of certified devices from previous years. As with previous routers from ThinkPenguin, the Free Software Gigabit Mini VPN Router ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, the maintainer of libreCMC and a former FSF intern.

The router enables users to run their network connection through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers.

"We're pleased to see ThinkPenguin continue with their commitment to bringing out devices that put software freedom as their first priority under the RYF program. The release of this router shows that ThinkPenguin is committed to the privacy and freedom of their users," said the FSF's executive director, Zoë Kooyman....

"The latest version of ThinkPenguin's VPN router lets its users take advantage of gigabit per second Internet connections while protecting their rights and privacy," said FSF's copyright and licensing associate, Craig Topham.

America's Department of Justice just launched an investigation into the leaking of classified documents from the U.S. Department of Defense, reports the Washington Post.

"On Wednesday, images showing some of the documents began circulating on the anonymous online message board 4chan and made their way to at least two mainstream social media platforms, Telegram and Twitter." Earlier Friday, The Washington Post obtained dozens of what appeared to be photographs showing classified documents, dating to late February and early March, that range from worldwide intelligence briefings to tactical-level battlefield updates and assessments of Ukraine's defense capabilities. They outline information about the Ukrainian and Russian militaries, and include highly sensitive U.S. analyses about China and other nations. The materials also reference highly classified sources and methods that the United States uses to collect such information, alarming U.S. national security officials who have seen them.... The material that appeared online includes photographs of documents labeled "Secret" or "Top Secret," and began appearing on Discord, a chat platform popular with gamers, according to a Post review.

In some cases, it appears that the slides were manipulated. For instance, one image features combat casualty data suggesting the number of Russian soldiers killed in the war is far below what the Pentagon publicly has assessed. Another version of the image showed higher Russian casualty figures. Besides the information on casualties that appeared to be manipulated to benefit the Russian government, U.S. officials who spoke to The Post said many of the leaked documents did not appear to be forged and looked consistent in format with CIA World Intelligence Review reports distributed at high levels within the White House, Pentagon and the State Department....

The documents appear to have been drawn from multiple reports and agencies, and concern matters other than Ukraine. Two pages, for example, are purportedly a "CIA Operations Center Intelligence Update," and includes information about events concerning Russia, Hungary and Iran.... Rachel E. VanLandingham, a former Air Force attorney and expert on military law, said that whoever is responsible for the leak "is in a world of hurt." Such breaches, she said, constitute "one of the most serious crimes that exist regarding U.S. national security...."

Skepticism abounded Friday among both Russian and Ukrainian officials aware of reports about the leaks, with each side accusing the other of being involved in a deliberate act of disinformation.
The Post notes one defense official told them "hundreds — if not thousands" of people had access to the documents, so their source "could be anyone."

But the photographs received by the Post were apparently taken from printed documents, and "classified documents may only be printed from computers in a secure facility, and each transaction is electronically logged, said Glenn Gerstell, a former general counsel with the National Security Agency who emphasized that he was speaking only about general procedures. "The fact that the documents were printed out should significantly narrow the universe of the initial inquiry."

An anonymous reader quotes a report from Wired: The Russian government has banned more than 10,000 websites for content about the war in Ukraine since Moscow launched the full-scale invasion in February 2022. The blacklist includes Facebook, Twitter, Instagram, and independent news outlets. Over the past year, Russians living inside the country have turned to censorship circumvention tools such as VPNs to pierce through the information blockade. But as dozens of virtual private networks get blocked, leaving users scrambling to maintain their access to free information, local activists and developers are coming up with new solutions. One of them is Amnezia VPN, a free, open source VPN client.

"We even do not advertise and promote it, and new users are still coming by the hundreds every day," says Mazay Banzaev, Amnezia VPN's founder. Unlike commercial VPNs that route users through company servers, which can be blocked, Amnezia VPN makes it simple for users to buy and set up their own servers. This allows them to choose their own IP address and use protocols that are harder to block. "More than half of the commercial VPNs in Russia have been blocked because it's easy enough to block them: They do not block them by protocols, but by IP addresses," says Banzaev. "[Amnezia] is an order of magnitude more resilient than a typical commercial VPN." Amnezia VPN is similar to Outline, a free and open source tool developed by Jigsaw, a subsidiary of Google. Amnezia was created in 2020 during a hackathon supported by Russian digital rights organization Roskomsvoboda. Even then, "it was clear that things were moving toward stricter censorship," says Banzaev. [...]

It is unclear how many users the service has, since the organization doesn't have a way to monitor user numbers, Banzaev says. However, Amnezia offers a Telegram bot called AmneziaFree, which shares VPN configurations that help users access blocked platforms and news; it has almost 100,000 users. The bot is currently struggling with overload, and users are complaining about spotty service. Banzaev says the Amnezia team is working to add new servers on a limited budget, and that they are also working on a new version of the service. "Amnezia is not only used in Russia," notes Wired. "The service has spread to Turkmenistan, Iran, China, and other countries where users have been struggling with free access to the web."

With no discussion, the Arkansas House of Representatives overwhelmingly approved a bill that would require social media users in The Natural State to verify they're 18 years old or older to use the platforms. Arkansas Times reports: The proposal, backed by Gov. Sarah Sanders, is aimed at shielding minors from the harmful effects of social media. Young folks could use the platforms, but only if parents provide consent. Senate Bill 396, sponsored by Sen. Tyler Dees (R-Springdale) and Rep. Jon Eubanks (R-Paris), would require social media companies including Facebook, Instagram, Twitter and TikTok to contract with third-party companies to perform age verification. Users would have to provide the third-party company with a digital driver's license. Dees also sponsored a bill, now law, that requires anyone who wants to watch online pornography to verify they're an adult.

The social media bill squeaked through the Senate with 18 yes votes, the bare minimum, but passed the House 82-10 with four voting present (same as no). No one asked any questions of Eubanks -- who assured his colleagues that Facebook had "the AI and algorithms" to keep track of what users had parental consent without holding on to sensitive data -- but because it was amended (to among other things exempt LinkedIn, the most boring social media platform), the bill has to go back to the Senate, where perhaps it will meet some resistance. Utah's governor signed two bills into law last month requiring companies like Meta, Snap and TikTok to get parents permission before teens could create accounts on their platforms. "The laws also require curfew, parental controls and age verification features," adds Engadget.

An anonymous reader quotes a report from MacRumors: An Apple Store at the Alderwood Mall was burgled last weekend, with thieves infiltrating the location through a nearby coffee shop. According to Seattle's King 5 News, thieves broke into Seattle Coffee Gear, went into the bathroom, and cut a hole in the wall to get to the Apple Store backroom. The burglars were able to bypass the Apple Store's security system by using the adjacent coffee shop, stealing a total of 436 iPhones that were worth around $500,000.

According to Seattle Coffee Gear manager Eric Marks, the coffee shop is not noticeably adjacent to the Apple Store because of the way that the store is laid out. "I would have never suspected we were adjacent to the Apple Store, how it wraps around I mean," Marks told King 5 News. "So, someone really had to think it out and have access to the mall layout." Police were able to obtain surveillance footage of the theft, but as it is part of an active investigation, it has not yet been released. Nothing was stolen from the coffee shop, but it will cost $1,500 to replace locks and repair the bathroom wall.

Decentralized finance (DeFi) services that aren't compliant with anti-money laundering and terrorist financing rules pose "the most significant current illicit finance risk" in that corner of the crypto sector, according to the U.S. Department of the Treasury's first analysis of hazards from the technology. From a report: In an expected risk assessment, published Thursday, the Treasury Department said thieves, scammers, ransomware cyber criminals and actors for the Democratic People's Republic of Korea (DPRK) are using DeFi to launder proceeds from crime. On the basis of its findings, the department recommends an assessment of "possible enhancements" to U.S. anti-money laundering (AML) requirements and the rules for countering the financing of terrorism (CFT) as they should be applied to DeFi services. It also calls for input from the private sector to inform the next steps. "Clearly, we can't do this alone," said Brian Nelson, Treasury's undersecretary for terrorism and financial intelligence, in a Thursday webcast hosted by ACAMS, a global organization focused on preventing financial crime. "We call on the private sector to use the findings of the risk assessment to inform your own risk-mitigation strategies." The 40-page report warns that "DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously."

India amended its IT law on Thursday to prohibit Facebook, Twitter and other social media firms from publishing, hosting or sharing false or misleading information about "any business" of the government and said the firms will be required to rely on New Delhi's own fact-check unit to determine the authenticity of any claim in a blow to many American giants that identify the South Asian market as their largest by users. From a report: Failure to comply with the rule, which also impacts internet service providers such as Jio and Airtel, risks the firms losing their safe harbour protections. The rule, first proposed in January this year, gives a unit of the government arbitrary and overbroad powers to determine the authenticity of online content and bypasses the principles of natural justice, said New Delhi-headquartered digital rights group Internet Freedom Foundation.

The recently introduced RESTRICT Act, otherwise known as the "TikTok ban," is a dangerous substitute for comprehensive data privacy legislation, writes the Electronic Frontier Foundation in a blog post. From the post: As we wrote in our initial review of the bill, the RESTRICT Act would authorize the executive branch to block 'transactions' and 'holdings' of 'foreign adversaries' that involve 'information and communication technology' and create 'undue or unacceptable risk' to national security and more. We've explained our opposition to the RESTRICT Act and urged everyone who agrees to take action against it. But we've also been asked to address some of the concerns raised by others. We do that here in this post. At its core, RESTRICT would exempt certain information services from the federal statute, known as the Berman Amendments, which protects the free flow of information in and out of the United States and supports the fundamental freedom of expression and human rights concerns. RESTRICT would give more power to the executive branch and remove many of the commonsense restrictions that exist under the Foreign Intelligence Services Act (FISA) and the aforementioned Berman Amendments. But S. 686 also would do a lot more.

EFF opposes the bill, and encourages you to reach out to your representatives to ask them not to pass it. Our reasons for opposition are primarily that this bill is being used as a cudgel to protect data from foreign adversaries, but under our current data privacy laws, there are many domestic adversaries engaged in manipulative and invasive data collection as well. Separately, handing relatively unchecked power over to the executive branch to make determinations about what sort of information technologies and technology services are allowed to enter the U.S. is dangerous. If Congress is concerned about foreign powers collecting our data, it should focus on comprehensive consumer data privacy legislation that will have a real impact, and protect our data no matter what platform it's on -- TikTok, Facebook, Twitter, or anywhere else that profits from our private information. That's why EFF supports such consumer data privacy legislation. Foreign adversaries won't be able to get our data from social media companies if the social media companies aren't allowed to collect, retain, and sell it in the first place. EFF says it's not clear if the RESTRICT Act will even result in a "ban" on TikTok. It does, however, have potential to punish people for using a VPN to access TikTok if it is restricted. In conclusion, the group says the bill is similar to a surveillance bill and is "far too broad in the power it gives to investigate potential user data."

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.

An anonymous reader quotes a report from TechCrunch: For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients' information in a data breach notification filed with California's attorney general last week, blaming their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest. When reached for comment, Monument CEO Mike Russell confirmed more than 100,000 patients are affected.

In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share with tech giants information about visitors to their websites, and often used for analytics and advertising. The data shared with advertisers includes patient names, dates of birth, email and postal addresses, phone numbers and membership numbers associated with the companies and patients' insurance provider. The data also included the person's photo, unique digital ID, which services or plan the patient is using, appointment information and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment.

Monument's own website says these survey answers are "protected" and "used only" by its care team. Monument confirmed that it shared patients' sensitive data with advertisers since January 2020, and Tempest since November 2017. Both companies say they have removed the tracking code from their websites. But the tech giants are not obligated to delete the data that Monument and Tempest shared with them.

An anonymous reader quotes a report from MIT Technology Review: When computer science students and faculty at Carnegie Mellon University's Institute for Software Research returned to campus in the summer of 2020, there was a lot to adjust to. Beyond the inevitable strangeness of being around colleagues again after months of social distancing, the department was also moving into a brand-new building: the 90,000-square-foot, state-of-the-art TCS Hall. The hall's futuristic features included carbon dioxide sensors that automatically pipe in fresh air, a rain garden, a yard for robots and drones, and experimental super-sensing devices called Mites. Mounted in more than 300 locations throughout the building, these light-switch-size devices can measure 12 types of data -- including motion and sound. Mites were embedded on the walls and ceilings of hallways, in conference rooms, and in private offices, all as part of a research project on smart buildings led by CMU professor Yuvraj Agarwal and PhD student Sudershan Boovaraghavan and including another professor, Chris Harrison. "The overall goal of this project," Agarwal explained at an April 2021 town hall meeting for students and faculty, is to "build a safe, secure, and easy-to-use IoT [Internet of Things] infrastructure," referring to a network of sensor-equipped physical objects like smart light bulbs, thermostats, and TVs that can connect to the internet and share information wirelessly.

Not everyone was pleased to find the building full of Mites. Some in the department felt that the project violated their privacy rather than protected it. In particular, students and faculty whose research focused more on the social impacts of technology felt that the device's microphone, infrared sensor, thermometer, and six other sensors, which together could at least sense when a space was occupied, would subject them to experimental surveillance without their consent. "It's not okay to install these by default," says David Widder, a final-year PhD candidate in software engineering, who became one of the department's most vocal voices against Mites. "I don't want to live in a world where one's employer installing networked sensors in your office without asking you first is a model for other organizations to follow." All technology users face similar questions about how and where to draw a personal line when it comes to privacy. But outside of our own homes (and sometimes within them), we increasingly lack autonomy over these decisions. Instead, our privacy is determined by the choices of the people around us. Walking into a friend's house, a retail store, or just down a public street leaves us open to many different types of surveillance over which we have little control. Against a backdrop of skyrocketing workplace surveillance, prolific data collection, increasing cybersecurity risks, rising concerns about privacy and smart technologies, and fraught power dynamics around free speech in academic institutions, Mites became a lightning rod within the Institute for Software Research.

Voices on both sides of the issue were aware that the Mites project could have an impact far beyond TCS Hall. After all, Carnegie Mellon is a top-tier research university in science, technology, and engineering, and how it handles this research may influence how sensors will be deployed elsewhere. "When we do something, companies [and] other universities listen," says Widder. Indeed, the Mites researchers hoped that the process they'd gone through "could actually be a blueprint for smaller universities" looking to do similar research, says Agarwal, an associate professor in computer science who has been developing and testing machine learning for IoT devices for a decade. But the crucial question is what happens if -- or when -- the super-sensors graduate from Carnegie Mellon, are commercialized, and make their way into smart buildings the world over. The conflict is, in essence, an attempt by one of the world's top computer science departments to litigate thorny questions around privacy, anonymity, and consent. But it has deteriorated from an academic discussion into a bitter dispute, complete with accusations of bullying, vandalism, misinformation, and workplace retaliation. As in so many conversations about privacy, the two sides have been talking past each other, with seemingly incompatible conceptions of what privacy means and when consent should be required. Ultimately, if the people whose research sets the agenda for technology choices are unable to come to a consensus on privacy, where does that leave the rest of us?