An anonymous reader quotes a report from Wired: Last month, a young woman went to work at Sarzamineh Shadi, or Land of Happiness, an indoor amusement park east of Iran's capital, Tehran. After a photo of her without a hijab circulated on social media, the amusement park was closed, according to multiple accounts in Iranian media. Prosecutors in Tehran have reportedly opened an investigation. Shuttering a business to force compliance with Iran's strict laws for women's dress is a familiar tactic to Shaparak Shajarizadeh. She stopped wearing a hijab in 2017 because she views it as a symbol of government suppression, and recalls restaurant owners, fearful of authorities, pressuring her to cover her head. But Shajarizadeh, who fled to Canada in 2018 after three arrests for flouting hijab law, worries that women like the amusement park worker may now be targeted with face recognition algorithms as well as by conventional police work.

After Iranian lawmakers suggested last year that face recognition should be used to police hijab law, the head of an Iranian government agency that enforces morality law said in a September interview that the technology would be used "to identify inappropriate and unusual movements," including "failure to observe hijab laws." Individuals could be identified by checking faces against a national identity database to levy fines and make arrests, he said. Two weeks later, a 22-year-old Kurdish woman named Jina Mahsa Amini died after being taken into custody by Iran's morality police for not wearing a hijab tightly enough. Her death sparked historic protests against women's dress rules, resulting in an estimated 19,000 arrests and more than 500 deaths. Shajarizadeh and others monitoring the ongoing outcry have noticed that some people involved in the protests are confronted by police days after an alleged incident -- including women cited for not wearing a hijab. "Many people haven't been arrested in the streets," she says. "They were arrested at their homes one or two days later."

Although there are other ways women could have been identified, Shajarizadeh and others fear that the pattern indicates face recognition is already in use -- perhaps the first known instance of a government using face recognition to impose dress law on women based on religious belief. Mahsa Alimardani, who researches freedom of expression in Iran at the University of Oxford, has recently heard reports of women in Iran receiving citations in the mail for hijab law violations despite not having had an interaction with a law enforcement officer. Iran's government has spent years building a digital surveillance apparatus, Alimardani says. The country's national identity database, built in 2015, includes biometric data like face scans and is used for national ID cards and to identify people considered dissidents by authorities.

The brother of a former Coinbase product manager was sentenced on Tuesday to 10 months in prison after pleading guilty in what U.S. prosecutors have called the first insider trading case involving cryptocurrency. Reuters reports: Nikhil Wahi admitted to making trades based on confidential information from Coinbase, one of the world's largest cryptocurrency exchanges, when he pleaded guilty in September to a wire fraud conspiracy charge. Prosecutors said Ishan Wahi, the former product manager, shared the information with his brother and their friend Sameer Ramani about new digital assets that Coinbase was planning to let users trade. Ishan Wahi has pleaded not guilty, and Ramani is at large.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was "not an isolated error in judgment." "Today's sentence makes clear that the cryptocurrency markets are not lawless," Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon 'Several' Projects To Weather Downturns in Crypto Market

An investigation recently revealed how images of a minor and a tester on the toilet ended up on social media. iRobot said it had consent to collect this kind of data from inside homes -- but participants say otherwise. From a report: When Greg unboxed a new Roomba robot vacuum cleaner in December 2019, he thought he knew what he was getting into. He would allow the preproduction test version of iRobot's Roomba J series device to roam around his house, let it collect all sorts of data to help improve its artificial intelligence, and provide feedback to iRobot about his user experience. He had done this all before. Outside of his day job as an engineer at a software company, Greg had been beta-testing products for the past decade. He estimates that he's tested over 50 products in that time -- everything from sneakers to smart home cameras.

But what Greg didn't know -- and does not believe he consented to -- was that iRobot would share test users' data in a sprawling, global data supply chain, where everything (and every person) captured by the devices' front-facing cameras could be seen, and perhaps annotated, by low-paid contractors outside the United States who could screenshot and share images at their will. Greg, who asked that we identify him only by his first name because he signed a nondisclosure agreement with iRobot, is not the only test user who feels dismayed and betrayed. Nearly a dozen people who participated in iRobot's data collection efforts between 2019 and 2022 have come forward in the weeks since MIT Technology Review published an investigation into how the company uses images captured from inside real homes to train its artificial intelligence. The participants have shared similar concerns about how iRobot handled their data -- and whether those practices conform with the company's own data protection promises. After all, the agreements go both ways, and whether or not the company legally violated its promises, the participants feel misled.

An anonymous reader quotes a report from Motherboard: A team of security researchers managed to gain "super administrative access" into Reviver, the company behind California's new digital license plates which launched last year. That access allowed them to track the physical GPS location of all Reviver customers and change a section of text at the bottom of the license plate designed for personalized messages to whatever they wished, according to a blog post from the researchers. "An actual attacker could remotely update, track, or delete anyone's REVIVER plate," Sam Curry, a bug bounty hunter, wrote in the blog post. Curry wrote that he and a group of friends started finding vulnerabilities across the automotive industry. That included Reviver.

California launched the option to buy digital license plates in October. Reviver is the sole provider of these plates, and says that the plates are legal to drive nationwide, and "legal to purchase in a growing number of states." [...] In the blog post, Curry writes the researchers were interested in Reviver because the license plate's features meant it could be used to track vehicles. After digging around the app and then a Reviver website, the researchers found Reviver assigned different roles to user accounts. Those included "CONSUMER" and "CORPORATE." Eventually, the researchers identified a role called "REVIVER," managed to change their account to it, which in turn granted them access to all sorts of data and capabilities, which included tracking the location of vehicles. "We could take any of the normal API calls (viewing vehicle location, updating vehicle plates, adding new users to accounts) and perform the action using our super administrator account with full authorization," Curry writes. "We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package REVIVER plates) and update the default image used by the dealer when the newly purchased vehicle still had DEALER tags." Reviver told Motherboard in a statement that it patched the issues identified by the researchers. "We are proud of our team's quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections," the statement read.

"Cybersecurity is central to our mission to modernize the driving experience and we will continue to work with industry-leading professionals, tools, and systems to build and monitor our secure platforms for connected vehicles," it added.

Seattle public schools have sued the tech giants behind TikTok, Facebook, Instagram, YouTube and Snapchat, accusing them of creating a "mental health crisis among America's Youth." Engadget reports: The 91-page lawsuit (PDF) filed in a US district court states that tech giants exploit the addictive nature of social media, leading to rising anxiety, depression and thoughts of self-harm. "Defendants' growth is a product of choices they made to design and operate their platforms in ways that exploit the psychology and neurophysiology of their users into spending more and more time on their platforms," the complaint states. "[They] have successfully exploited the vulnerable brains of youth, hooking tens of millions of students across the country into positive feedback loops of excessive use and abuse of Defendants' social media platforms."

Harmful content pushed to users includes extreme diet plants, encouragement of self-harm and more, according to the complaint. That has led to a 30 percent increase between 2009 and 2019 of students who report feeling "so sad or hopeless... for two weeks or more in a row that [they] stopped doing some usual activities." That in turn leads to a drop in performance in their studies, making them "less likely to attend school, more likely to engage in substance use, and to act out, all of which directly affects Seattle Public Schools' ability to fulfill its educational mission." Section 230 of the US Communications Decency Act means that online platforms aren't responsible for content posted by third parties. However, the lawsuit claims that the provision doesn't protect social media companies for recommending, distributing and promoting content "in a way that causes harm."

AmiMoJo writes: Belarusian dictator Alexander Lukashenko has signed a new law that legalizes piracy of movies, music, TV shows and software owned by rightsholders from 'unfriendly countries'. The law also allows goods protected by intellectual property law to be imported from any country without obtaining permission from rightsholders.

Lukashenko's support for Russia's invasion of Ukraine led to new sanctions being imposed by the EU, U.S. and other countries. In common with Russia, Belarus relies on intellectual property owned by foreign rightsholders that are currently unable or unwilling to supply and/or license it. So, to ensure legal access to pirated movies, music, TV shows and software, the government drafted a new law to restrict intellectual property rights.

The American Farm Bureau Federation and machinery manufacturer Deere signed a memorandum of understanding on Sunday that ensures farmers have the right to repair their own farm equipment or go to an independent technician. From a report: As the agriculture sector accelerates its adoption of technology, the reliance on high-tech machinery such as GPS-guided combines and tractors has become more common-place.

But equipment makers such as Deere have generally required customers to use their parts and service divisions for repairs and until recently, only allowed authorized dealers the means and tools to access the complex computerized systems of their tractors and other machinery. The Farm Bureau's memorandum of understanding with Deere "will ensure farmers everywhere are able to repair our own equipment," Farm Bureau president Zippy Duvall said, speaking at the federation's convention in Puerto Rico.

Saturday night in the Silicon Valley city of San Jose, the assistant police chief tweeted out praise for their recently-upgraded Automatic License Plate Readers: Officers in Air3 [police helicopter], monitoring the ALPR system, got alerted to 3 stolen cars. They directed ground units to the cars. All 3 drivers in custody! No dangerous vehicle pursuits occurred, nor were they needed.

2 drivers tried to run away. But, you can't outrun a helicopter!"
There's photos — one of the vehicles appears to be a U-Haul pickup truck — and the tweet drew exactly one response, from San Jose mayor Matt Mahan: "Nice job...! Appreciate the excellent police work and great to see ALPRs having an impact. Don't steal cars in San Jose!"
Some context: The San Jose Spotlight (a nonprofit local news site) noted that prior to last year license plate readers had been mounted exclusively on police patrol cars (and in use since 2006). But last year the San Jose Police Department launched a new "pilot program" with four cameras mounted at a busy intersection, that "captured nearly 300,000 plate scans in just the last month, according to city data."

By August this had led to plans for 150 more stationary ALPR cameras, a local TV station reported. "Just this week, police said they solved an armed robbery and arrested a suspected shooter thanks to the cameras." During a forum to update the community, San Jose police also mentioned success stories in other cities like Vallejo where they've reported a 100% increase in identifying stolen vehicles. San Jose is now installing hundreds around the city and the first batch is coming in the next two to three months....

The biggest concern among those attending Wednesday's virtual forum was privacy. But the city made it clear the data is only shared with trained police officers and certain city staff, no out-of-state or federal agencies. "Anytime that someone from the San Jose Police Department accesses the ALPR system, they have to input a reason, the specific plates they are looking for and all of that information is logged so that we can keep track of how many times its being used and what its being used for," said Albert Gehami, Digital Privacy Officer for San Jose.
More privacy concerns were raised in September, reports the San Jose Spotlight: The San Jose City Council unanimously approved a policy Tuesday that formally bans the police department from selling any license plate data, using that information for investigating a person's immigration status or for monitoring legally protected activities like protests or rallies.

Even with these new rules, some privacy advocates and community groups are still opposed to the technology. Victor Sin, chair of the Santa Clara Valley Chapter of ACLU of Northern California, expressed doubt that the readers are improving public safety. He made the comments in a letter to the council from himself and leaders of four other community organizations. "Despite claims that (automated license plate reader) systems can reduce crime, researchers have expressed concerns about the rapid acquisition of this technology by law enforcement without evidence of its efficacy," the letter reads. Groups including the Asian Law Alliance and San Jose-Silicon Valley NAACP also said the city should reduce the amount of time it keeps license plate data on file down from one year.....

Mayor Sam Liccardo said he's already convinced the readers are useful, but added the council should try to find a way to measure their effect. "It's probably not a bad idea for us to decide what are the outcomes we're trying to achieve, and if there is some reasonable metric that captures that outcome in a meaningful way," Liccardo said. "Was this used to actually help us arrest anybody, or solve a crime or prevent an accident?"
An EFF position paper argues that "ALPR data is gathered indiscriminately, collecting information on millions of ordinary people." By plotting vehicle times and locations and tracing past movements, police can use stored data to paint a very specific portrait of drivers' lives, determining past patterns of behavior and possibly even predicting future ones — in spite of the fact that the vast majority of people whose license plate data is collected and stored have not even been accused of a crime.... [ALPR technology] allows officers to track everyone..."
Maybe the police officer's tweet was to boost public support for the technology? It's already led to a short report from another local news station: San Jose police recovered three stolen cars using their automated license-plate recognition technology (ALPR) on Saturday, according to officials with the San Jose Police Department.

Officers inside of Air3, one of SJPD's helicopters, spotted three stolen cars using ALPR before directing ground units their way. Police say no pursuits occurred, though two of the drivers tried to run away.

CNN reports that 32-year-old Katelyn McClure "has been sentenced to three years in state prison for her role in scamming more than $400,000 from GoFundMe donors, by claiming to be collecting money for a homeless man."
In 2017, McClure claimed she ran out of gas and was stranded on Interstate 95 in Philadelphia. The homeless man, Johnny Bobbitt Jr., supposedly saw her and gave her his last $20 for gas. McClure and her then-boyfriend, Mark D'Amico, posted about the "good deed" on social media, including a picture of her with Bobbitt on a highway ramp. They also started a GoFundMe campaign to raise money for the homeless veteran, saying they wanted to pay it forward to the good Samaritan and get him off the streets.

The story went viral and made national headlines, with more than 14,000 donors contributing. The scammers netted around $367,000 after fees, according to court documents.... Bobbitt, who received $75,000 from the fundraiser, according to prosecutors, took civil action against D'Amico and McClure and the scam soon became public.... D'Amico and Bobbitt were charged in 2018 alongside McClure for concocting the scheme, prosecutors said. McClure pleaded guilty to one count of theft by deception in the second degree in 2019, according to the Burlington County prosecutor.

Bobbitt pleaded guilty to conspiracy to commit theft by deception in 2019 and was sentenced to a five-year special probation period which includes drug treatment. D'Amico also pleaded guilty and agreed to a five-year term in New Jersey state prison, as well as restitution of GoFundMe and the donors, in 2019.
"The gas part is completely made up, but the guy isn't," McClure texted a friend (according to CNN). "I had to make something up to make people feel bad." So what happened to "the guy" from the highway ramp? Prosecutors note that if Bobbitt "fails to adhere to the tightly-structured regimen of treatment and recovery services, which includes frequent testing for drug use, he could be sentenced to five years in state prison."

And they add that the judge "also ruled that McClure, a former state Department of Transportation worker, is permanently barred from ever holding another position as a public employee."

Their statement points out that the 2017 campaign was at the time the largest fraud ever perpetrated through GoFundMe — which voluntarily reimbursed the 14,000-plus donors.

The Verge is decrying "a genre of video that derives its entertainment value from unwitting passersby" — like filming pedestrians in a neighborhood in New York City: Many viewers on TikTok ate it up, but others pushed back on the idea that there's humor in filming and posting an unsuspecting neighbor for content. This year, I saw more and more resistance to the practice that's become normal or even expected.... [P]eople who have been featured in videos unbeknownst to them have pointed out that even if there's no ill will, it's just unnerving and weird to be filmed by others as if you're bit characters in the story of their life. One TikTok user, @hilmaafklint, landed in a stranger's vlog when they filmed her to show her outfit. She didn't realize it had happened until another stranger recognized her and tagged her in the video.

"It's weird at best, and creepy and a safety hazard at worst," she says in a video....

Even before TikTok, public space had become an arena for constant content creation; if you step outside, there's a chance you'll end up in someone's video. It could be minimally invasive, sure, but it could also shine an unwanted spotlight on the banal moments that just happen to get caught on film. This makeshift, individualized surveillance apparatus exists beyond the state-sponsored systems — the ones where tech companies will hand over electronic doorbell footage without a warrant or where elected officials allow police to watch surveillance footage in real time. We're watched enough as it is.

So if you're someone who makes content for the internet, consider this heartfelt advice and a heads-up. If you're filming someone for a video, please ask for their consent.

And if I catch you recording me for content, I will smack your phone away.

"France's data protection authority, CNIL, fined Apple €8 million (about $8.5 million) Wednesday," reports Gizmodo, "for illegally harvesting iPhone owners' data for targeted ads without proper consent." It's an unusual sanction for the iPhone maker, which has faced fewer legal penalties over privacy than its Big Tech competitors. Apple makes privacy a selling point for its devices, plastering "Privacy. That's iPhone." across 40-foot billboards across the world.... Apple failed to "obtain the consent of French iPhone users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals," the CNIL said in a statement. The CNIL's fine calls out the search ads in Apple's App Store, specifically. A French court fined the company over $1 million in December over its commercial practices related to the App Store....

With iPhones running iOS 14.6 and below, Apple's Personalized Advertising privacy setting was turned on by default, leaving users to seek out the control on their own if they wanted to protect their information. That violates EU privacy law, according to the CNIL.... The newer versions of the iPhone operating system corrected the problem, presenting users with a prompt before the advertising data was collected. Gizmodo also notes this response from an Apple spokesperson. "We are disappointed with this decision given the CNIL has previously recognized that how we serve search ads in the App Store prioritizes user privacy, and we will appeal. Apple Search Ads goes further than any other digital advertising platform we are aware of by providing users with a clear choice as to whether or not they would like personalized ads."

Gizmodo calls France's fine "a signal that Apple may face a less friendly regulatory future in Europe."

"We are seeing, across the gamut, products that impact our privacy, products that create cybersecurity risks, that have overarchingly long-term environmental impacts, disposable products, and flat-out just things that maybe should not exist."

That's the CEO of the how-to repair site iFixit, introducing their third annual "Worst in Show" ceremony for the products displayed at this year's CES. But the show's slogan promises it's also "calling out the most troubling trends in tech." For example, the EFF's executive director started with two warnings. First, "If it's communicating with your phone, it's generally communicating to the cloud too." But more importantly, if a product is gathering data about you and communicating with the cloud, "you have to ask yourself: is this company selling something to me, or are they selling me to other people? And this year, as in many past years at CES, it's almost impossible to tell from the products and the advertising copy around them! They're just not telling you what their actual business model is, and because of that — you don't know what's going on with your privacy."

After warning about the specific privacy implications of a urine-analyzing add-on for smart toilets, they noted there was a close runner-up for the worst privacy: the increasing number of scam products that "are basically based on the digital version of phrenology, like trying to predict your emotions based upon reading your face or other things like that. There's a whole other category of things that claim to do things that they cannot remotely do."

To judge the worst in show by environmental impact, Consumer Reports sent the Associate Director for their Product Sustainability, Research and Testing team, who chose the 55-inch portable "Displace TV" for being powered only by four lithium-ion batteries (rather than, say, a traditional power cord).

And the "worst in show" award for repairability went to the Ember Mug 2+ — a $200 travel mug "with electronics and a battery inside...designed to keep your coffee hot." Kyle Wiens, iFixit's CEO, first noted it was a product which "does not need to exist" in a world which already has equally effective double-insulated, vaccuum-insulated mugs and Thermoses. But even worse: it's battery powered, and (at least in earlier versions) that battery can't be easily removed! (If you email the company asking for support on replacing the battery, Wiens claims that "they will give you a coupon on a new, disposable coffee mug. So this is the kind of product that should not exist, doesn't need to exist, and is doing active harm to the world.

"The interesting thing is people care so much about their $200 coffee mug, the new feature is 'Find My iPhone' support. So not only is it harming the environment, it's also spying on where you're located!"

The founder of SecuRepairs.org first warned about "the vast ecosystem of smart, connected products that are running really low-quality, vulnerable software that make our persons and our homes and businesses easy targets for hackers." But for the worst in show for cybersecurity award, they then chose Roku's new Smart TV, partly because smart TVs in general "are a problematic category when it comes to cybersecurity, because they're basically surveillance devices, and they're not created with security in mind." And partly because to this day it's hard to tell if Roku has fixed or even acknowledged its past vulnerabilities — and hasn't implemented a prominent bug bounty program. "They're not alone in this. This is a problem that affects electronics makers of all different shapes and sizes at CES, and it's something that as a society, we just need to start paying a lot more attention to."

And US Pirg's "Right to Repair" campaign director gave the "Who Asked For This" award to Neutrogena's "SkinStacks" 3D printer for edible skin-nutrient gummies — which are personalized after phone-based face scans. ("Why just sell vitamins when you could also add in proprietary refills and biometic data harvesting.")

CNN reports: Two men were arrested on New Year's Eve for allegedly shutting down four Washington state power substations in late December that led to power outages for thousands across Pierce County. Matthew Greenwood and Jeremy Crahan have been charged with conspiracy to damage energy facilities and Greenwood faces a separate charge of possessing illegal short-barreled rifles.... The two cut off power to thousands of locals and caused at least $3 million worth of damage, according to charging documents.

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Surveillance images cited in the court documents also showed images of one of the men and of the getaway car....

The two face up to 20 years behind bars if convicted of conspiring to attack energy facilities.
In addition, possession of an unregistered firearm is punishable by up to ten years in prison, according to a statement from the Department of Justice. But identifying the suspects was apparently pretty simple.

"When law enforcement served a search warrant on the home of the suspects, they recovered distinctive clothing pictured in the surveillance photos."

Thanks to long-time Slashdot reader schwit1 for sharing the story.

"More than half a million people who deposited money with collapsed crypto lender Celsius Network have been dealt a major blow to their hopes of recovering their funds," reports the Washington Post, "with the judge in the company's bankruptcy case ruling that the money belongs to Celsius and not to the depositors." The judge, Martin Glenn, found that Celsius's terms of use — the lengthy contracts that many websites publish but few consumers read — meant "the cryptocurrency assets became Celsius's property."

The ruling underscores the Wild West nature of the unregulated crypto industry. On Thursday, New York Attorney General Letitia James moved to impose a kind of order, or at least legal repercussions, on Celsius founder Alex Mashinsky, whom she accused in a lawsuit of defrauding hundreds of thousands of consumers.... And while Glenn's ruling won't affect FTX, whose terms of use were different, some analysts saw the ruling as spreading beyond Celsius.

"There are many other platforms that feature terms of use that are similar to Celsius's," said Aaron Kaplan, a lawyer with the financial-focused firm of Gusrae Kaplan Nusbaum and co-founder of his own crypto company. Customers need to "understand the risks that they are taking when depositing their assets onto insufficiently regulated platforms," he said.

Slashdot has covered the legal hijinx of Malibu Media over the years. Now Ars Technica reports that the studio could be destroyed by unpaid taxes: Over the past decade, Malibu Media has emerged as a prominent so-called "copyright troll," suing thousands of "John Does" for allegedly torrenting adult content hosted on the porn studio's website, "X-Art." Whether defendants were guilty or not didn't seem to matter to Malibu, critics claimed, as much as winning as many settlements as possible. As courts became more familiar with Malibu, however, some judges grew suspicious of the studio's litigiousness. As early as 2012, a California judge described these lawsuits as "essentially an extortion scheme," and by 2013, a Wisconsin judge ordered sanctions, agreeing with critics who said that Malibu's tactics were designed to "harass and intimidate" defendants into paying Malibu thousands in settlements.

By 2016, Malibu started losing footing in this arena — and even began fighting with its own lawyer. At that point, file-sharing lawsuits became less commonplace, with critics noting a significant reduction in Malibu's lawsuits over the next few years. Now, TorrentFreak reports that Malibu's litigation machine appears to finally be running out of steam — with its corporate status suspended in California sometime between mid-2020 and early 2021 after failing to pay taxes. Last month, a Texas court said that Malibu has until January 20 to pay what's owed in back taxes and get its corporate status reinstated. If that doesn't happen over the next few weeks, one of Malibu's last lawsuits on the books will be dismissed, potentially marking the end of Malibu's long run of alleged copyright trolling.

An anonymous reader quotes a report from Interesting Engineering: A program trained with the help of artificial intelligence is set to help a defendant contest his case in a U.S. court next month, New Scientist reported. Instead of addressing the court, the program, which will run on a smartphone, will supply appropriate responses through an earpiece to the defendant, who can then use them in the courtroom. [...] In a new development, a company, DoNotPay, which has been training AI, has now claimed that its program will be able to defend a speeding case that is due to be heard in a U.S. court in February 2023. Identities of the individual and the court remain under wraps, but we do know that the defendant is contesting a speeding ticket.

Since this is the AI's very first case, DoNotPay is ready to take on the burden of punishment if the AI's advice does not help the client. Since it is a speeding ticket, DoNotPay will pay for the speeding ticket. If it wins though, it will have a massive victory to its credit. The real big question, though, is whether this is legal in the court of law. CEO Joshua Browder told New Scientist that it had found a court where listening via an earpiece was within the rules, even though it might not be in the spirit of the rules.

An anonymous reader quotes a report from CNBC: A new law that went into effect this week requires most California employers to disclose salaries on job listings. The law affects every company with more than 15 employees looking to fill a job that could be performed from the state of California. It covers hourly and temporary work, all the way up to openings for highly paid technology executives. That means it's now possible to know the salaries top tech companies pay their workers. For example: A program manager in Apple's augmented reality group will receive base pay between $121,000 and $230,000 per year, according to an Apple posting Wednesday. A midcareer software engineer at Google Health can expect to make between $126,000 and $190,000 per year. A director of software engineering at Meta leading teams building network infrastructure will make at least $253,000 and as much as $327,000 in salary per year. Notably, these salary listings do not include any bonuses or equity grants, which many tech companies use to attract and retain employees.

California's pay transparency law is intended to reduce gender and race pay gaps and help minorities and women better compete in the labor market. For example, people can compare their current pay with job listings with the same job title and see if they're being underpaid. [...] But the new disclosures under the law might not tell the whole story of what a job pays. Companies can choose to display wide pay ranges, violating the spirit of the law, and the law doesn't require companies to reveal bonuses or equity compensation. The law could also penalize ambitious workers who are gunning for more money because of their experience or skills, the California Chamber of Commerce said last year when opposing the bill. Some employers might be wary of posting pay to prevent bidding wars for top talent.

There are two primary components to California Senate Bill No. 1162, which was passed in September and went into effect Jan. 1. First is the pay transparency component on job listings, which applies to any company with more than 15 employees if the job could be done in California. The second part requires companies with more than 100 employees to submit a pay data report to the state of California with detailed salary information broken down by race, sex and job category. Companies have to provide a similar report on the federal level, but California now requires more details. Employers are required to maintain detailed records of each job title and its wage history, and California's labor commissioner can inspect those records. California can enforce the law through fines and can investigate violations. The reports won't be published publicly under the new law.

schwit1 shares an excerpt from a Motherboard article: Some renters may savor the convenience of "smart home" technologies like keyless entry and internet-connected doorbell cameras. But tech companies are increasingly selling these solutions to landlords for a more nefarious purpose: spying on tenants in order to evict them or raise their rent. "You CAN raise rents in NYC!" reads the headline of one promotional email sent to landlords. It was a sales pitch from Teman, a tech company that makes surveillance systems for apartment buildings. Teman's sales pitch proposes a solution to a frustration for many New York City landlords, who have tenants living in older apartments that are protected by a myriad of rent control and stabilization laws. The company's email suggests a workaround: "3 Simple Steps to Re-Regulate a Unit." First, use one of Teman's automated products to catch a tenant breaking a law or violating their lease, such as by having unapproved subletters or loud parties. Then, "vacate" them and merge their former apartment with one next door or above or below, creating a "new" unit that's not eligible for rent protections. "Combine a $950/mo studio and $1400/mo one-bedroom into a $4200/mo DEREGULATED two-bedroom," the email enticed. Teman's surveillance systems can even "help you identify which units are most-likely open to moving out (or being evicted!)." [...]

Erin McElroy, a professor of American Studies at the University of Texas at Austin who tracks eviction trends, also says that digital surveillance of residential buildings is increasing, particularly in New York City, which she calls the "landlord tech epicenter." Any camera system can document possibly eviction-worthy behavior, but McElroy identified two companies, Teman and Reliant Safety, that use the biometrics of tenants with the explicit goal of facilitating evictions. These companies are part of an expanding industry known as "proptech," encompassing all the technology used for acquiring and managing real estate. A report by Future Market Insights predicts that proptech will quadruple its current value, becoming a $86.5 billion industry by 2023. It is also sprouting start-ups to ease all aspects of the business -- including the unsavory ones. [...]

Reliant Safety, which claims to watch over 20,000 apartment units nationwide, has a less colorful corporate pedigree. It is owned by the Omni Organization, a private developer founded in 2004 that "acquires, rehabilitates, builds and manages quality affordable housing throughout the United States," according to its website. The company claims it has acquired and managed more than 17,000 affordable housing units. Many of the properties it lists are in New York City. Omni's website features spotless apartment complexes under blue skies and boasts about sponsorship of after-school programs, food giveaways, and homeless transition programs. Reliant's website features videos that depict various violations detected by its surveillance cameras. The website has a page of "Lease Violations" it says its system has detected, which include things such as "pet urination in hallway," "hallway fistfight," "improper mattress disposal," "tenant slips in hallway," as well as several alleged assaults, videos of fistfights in hallways, drug sales at doorways and break-ins through smashed windows. Almost all of them show Black or brown people and almost all are labeled as being from The Bronx -- where, in 2016, Omni opened a 140-unit affordable housing building at 655 Morris Avenue that boasted about "state-of-the-art facial recognition building access" running on ubiquitous cameras in common areas. Reliant presents these as "case studies" and lists outcomes that include arrest and eviction. Part of its package of services is "illegal sublet detection" using biometrics submitted by tenants to suss out anyone not authorized to be there. While Reliant claims its products are rooting out illegal and dangerous activity, the use of surveillance and biometrics to further extend policing into minority communities are a major cause for concern to privacy advocates.

An anonymous reader quotes a report from Bleeping Computer: Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022. The incident involves threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen. While some of Slack's private code repositories were breached, Slack's primary codebase and customer data remain unaffected, according to the company.

The wording from the notice [1, 2] published on New Year's eve is as follows: "On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack's primary codebase."

Slack has since invalidated the stolen tokens and says it is investigating "potential impact" to customers. At this time, there is no indication that sensitive areas of Slack's environment, including production, were accessed. Out of caution, however, the company has rotated the relevant secrets. "Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. We will continue to investigate and monitor for further exposure," states Slack's security team. The good news, with regards to the most recent security update is that no action needs to be taken by customers, for now.

WhatsApp is launching proxy support for its users all over the world, the company announced on Thursday. The support will allow users to maintain access to WhatsApp if their connection is blocked or disrupted. From a report: Choosing a proxy enables users to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely. WhatsApp says connecting via proxy maintains the same level of privacy and security the app provides, and that personal messages will still be protected by end-to-end encryption. The company says messages will not be visible to anyone in between, not the proxy servers, WhatsApp or Meta.

"Our wish for 2023 is that these internet shutdowns never occur," WhatsApp wrote in a blog post. "Disruptions like we've seen in Iran for months on end deny people's human rights and cut people off from receiving urgent help. Though in case these shutdowns continue, we hope this solution helps people wherever there is a need for secure and reliable communication."