Electronic Frontier Foundation has dispatched a team of technologists and lawyers to a protest site in Standing Rock, North Dakota, to investigate "several reports of potentially unlawful surveillance." An anonymous reader writes: The EFF has "collected anecdotal evidence from water protectors about suspicious cell phone behavior, including uncharacteristically fast battery drainage, applications freezing, and phones crashing completely," according to a recent report. "Some water protectors also saw suspicious login attempts to their Google accounts from IP addresses originating from North Dakota's Information & Technology Department. On social media, many reported Facebook posts and messenger threads disappearing, as well as Facebook Live uploads failing to upload or, once uploaded, disappearing completely."

The EFF reports "it's been very difficult to pinpoint the true cause or causes," but they've targeted over 20 law enforcement agencies with public records requests, noting that "Of the 15 local and state agencies that have responded, 13 deny having any record at all of cell site simulator use, and two agencies -- Morton County and the North Dakota State Highway Patrol (the two agencies most visible on the ground) -- claim that they can't release records in the interest of "public safety"...
"Law enforcement agencies should not be allowed to sidestep public inquiry into the surveillance technologies they're using," EFF writes, "especially when citizens' constitutional rights are at stake... It is past time for the Department of Justice to investigate the scope of law enforcement's digital surveillance at Standing Rock and its consequences for civil liberties and freedoms in the digital world."

Ride-sharers have been using Uber and Lyft "carpool" apps to meet dates -- and now Uber's trying to stop it. An anonymous reader quotes SFGate: This week Uber updated their community guidelines to discourage passengers from using the ride-sharing app as a hook-up opportunity. Some Uber and Lyft riders have been using the car-pooling option as a way to meet or hook up with others. But Uber is not pleased and has advised users to not flirt or touch passengers. "It's OK to chat with other people in the car. But please don't comment on someone's appearance or ask whether they are single," Uber's guidelines state.
Their new policy now specifically states that "Uber has a no sex rule. That's no sexual conduct between drivers and riders, no matter what."

Cell-site simulators can intercept phone calls and even provide locations (using GPS data). But Virginia's state police force just revealed details about their actual use of the device -- and it's not pretty. Long-time Slashdot reader v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: the DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked seven of those times.
According to Virginia's ACLU director, "each of the 12 uses cost almost $50,000, and only 4 of them resulted in an arrest [raising] a significant question whether the more than half million dollars spent on the device and the vehicle...was a wise investment of public funds."

Friday humanity set a new record for the most money ever spent online in a single day -- and the most ever purchased on mobile devices. An anonymous reader writes: Online sales reached $3.34 billion yesterday, up 11.3% from the same day last year, according to a new report from Adobe Digital Insights. And most of that traffic came from mobile devices. In fact, yesterday became "the first day to ever generate over a billion dollars in online sales from mobile devices," according to their report. Although 64% of online sales came from desktop computers, 55% of the traffic to shopping sites still came from mobile devices -- 45% from smartphones, and 10% from tablets. (Just three years ago, only 20% of Black Friday sales came from mobile devices.)

The top-grossing products appeared to be iPads and Macbooks, Microsoft's Xbox, and Samsung and LG TVs, while the top-grossing toys were electric scooters, drones, Nerf guns and LEGO sets. The products mostly likely to be "out of stock" yesterday included the new NES Classic and the Nintendo 3DS XL Solgaleo Lunala (black edition), the Playstation VR bundle (and the PS4 "Call of Duty: Black Ops" bundle), and the Xbox One S bundle for Madden NFL 17.
The day after Black Friday is now being touted as "Small Business Saturday," a tradition started in 2010 when American Express partnered with the non-profit National Trust for Historic Preservation (and some civic-minded groups in Boston) to encourage people to shop in their local brick-and-mortar stores. American Express reported a $1.7 billion increase in sales on Small Business Saturday in 2015, "with 95 million customers reporting shopping small at local retailers, salons, restaurants and more."

Streetlight writes: Google is moving towards a physical presence in Best Buy stores...mimicking what Samsung has done. Hopefully the "stores" are staffed with competent professionals that know what they're selling and maybe provide some help to those who have purchased Google's hardware and software.
Google "is launching a store-within-a-store debuting in North America at select Best Buy locations in Canada," reports TechCrunch, adding that recently "Google also revealed that it would be creating a pop-up Experience Store for users to check out its new wares in New York City."

Hundreds of Google users lost their access to their emails, photos, documents, "and anything else linked to their Google identity," wrote the Guardian last week, reporting on "hundreds of people who took advantage of a loophole in US sales tax to make a small profit on Pixel phones" -- and got all of the Google accounts suspended. Long-time Slashdot reader RockDoctor writes: "The Google customers had all bought the phones from the company's Project Fi mobile carrier, and had them shipped directly to a reseller in New Hampshire, a US state with no sales tax. In return, the reseller split the profit with the customers," the Guardian adds.

People might ask, in a hurt tone of voice, "why are you doing this to me?" To which the obvious answer is "because we can, and you agreed to these (link to 3000 pages of text) terms and conditions, including our ability to do this"... The only question has been "When?", never "If?"
Update: Google "has reviewed banned users' appeals and re-enabled their accounts," reports The Guardian.

An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd.. This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.
It apparently affects more than 55 low-end/burner phones from BLU, Infinix Mobility, DOOGEE, LEAGOO, IKU Mobile, Beeline, and XOLO. According to the article, the binary performing the insecure updates "also includes code to hide its presence from the Android OS, along with two other binaries and their processes... Without SSL protection, this OTA system is an open backdoor for anyone looking to take control of it." Even worse, three domains were hard-coded into the binaries, two of which were unregistered, according to the researchers. "If an adversary had noticed this, and registered these two domains, they would've instantly had access to perform arbitrary attacks on almost 3,000,000 devices without the need to perform a Man-in-the-Middle attack."

An anonymous reader writes:The China Consumers Association (CCA) has asked Apple to investigate "a considerable number" of reports by users of iPhone 6 and 6s phones that the devices have been shutting off and cannot be turned back on again, it said on Tuesday. The reported problems specifically involve users seeing their iPhones automatically shut off despite 50-60 percent battery levels, and the involuntary shutting off in room temperature or colder environments, as well as the inability to turn the cellphone back on despite continuous battery charging, the statement said. "In view that Apple iPhone 6 and iPhone 6s series cellphones in China have a considerable number of users, and the number of people who've reported this problem is rather many, China Consumer Association has already made a query with Apple," the association said in a statement on its website.

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

Google is only expected to push the mobile web further now that there are 2 billion active Chrome installs. At the Chrome Dev Summit, Google's vice president of Chrome engineering and the conference's opening speaker said, "We have over 2 billion Chrome instances that are active," which makes Chrome a platform with immense power. The company is expected to reveal how the platform's unbeatable reach earns Chrome and browsers in general a place on the big stage. CNET reports: That power is essential to making Google's vision a reality. If it succeeds, that browser icon might be the one you reach for on your home screen a lot more often. Success on that front also could help restore the fortunes of the web, the closest the computing industry has come to freeing us from software that works only on one device or another, like a Windows laptop but not an iPhone. In an era when tech giants wield tremendous power, the web levels the playing field and makes it easier for new competitors to join the game. It's no wonder Google is pushing the mobile web. This month, browser usage on tablets and phones for the first time surpassed usage on PCs, analytics firm StatCounter said. In October, global mobile and tablet browsing accounted for 51.3% compared to the desktop's 48.7%. However, in other parts of the world the desktop is still king. For example, in the UK the desktop accounts for 55.6% of browsing, 58% in the U.S. and 55.1% in Australia. StatCounter CEO Aodhan Cullen said: "This should be a wake up call especially for small businesses, sole traders and professionals to make sure that their websites are mobile friendly. Many older websites are not. Mobile compatibility is increasingly important not just because of growing traffic but because Google favors mobile-friendly websites for its mobile search results."

A new Kickstarter campaign aims to sell you fingerprint stickers that, when applied to a pair of gloves, allow you to unlock a mobile device that's protected with a fingerprint scanner. The sticker is powered by Nanotips and is "made with an extremely adhesive conductive material that can be applied to any surface for touch capability." Gizmodo reports: You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside? We shouldn't, and these Taps stickers will allow you to use your mobile device's touchscreen and fingerprint reader, for unlocking your phone or making a purchase, even while your actual fingers (and fingerprints) are being kept warm and toasty inside a glove. After applying a textured stick to the tip of your glove, you just have to register it as an approved fingerprint using your smartphone's security settings. You might assume this would mean that anyone with a Taps sticker on their gloves could access anyone else's protected phone. But according to its creators, using nanoparticle technology every single Taps sticker has an individual and unique artificial print ensuring that only your gloves can access your device. That being said, there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints, so you'll have to weigh the security risks introduced versus the added convenience these offer.

Steve Ballmer once said Apple's iPhone would flop because it cost too much -- though he now admits that he failed to anticipate carriers subsidizing the cost of the phone. But that was only the beginning. An anonymous reader quotes Fortune: The former CEO of Microsoft says he and Gates drifted apart over Microsoft's move into the hardware business in the early 2010s, according to Bloomberg. Ballmer says he was the one who pushed for Microsoft to design smartphones and tablets at a time when Apple was already well established. He says Gates and the board seemed reluctant to do so. "There was a fundamental disagreement about how important it was to be in the hardware business," Ballmer told Bloomberg. "I had pushed Surface. The board had been a little -- little reluctant in supporting it. And then things came to a climax around what to do about the phone business."
Microsoft eventually took a $900 million write down for its first tablet, the Surface RT -- plus most of the value of their $9.5 billion acquisition of Nokia Oyj's handset unit as Microsoft pushed into hardware. "Ballmer's only regret: not doing it sooner," Bloomberg reports, adding that Surface is now profitable and this year will generate more than $4 billion in sales.

Orome1 quotes HelpNetSecurity: "Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a vice president at a global technology company. The name of the malicious package is 'com.android.protect', and it comes disguised as a Google Play Services app. It disables Samsung's SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher." The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.
According to the article, "chances are someone took advantage of the physical access they had to the device to do the dirty deed."

An anonymous reader quotes a report from TechCrunch: No one can claim there hasn't been ample warning. The Samsung Galaxy Note 7 saga dragged out over multiple months, encompassing two recalls, several travel bans and then, ultimately, the untimely end for the troubled handset. Even still, some people just have trouble letting go. Starting November 18, Note 7 owners will not be able to connect to mobile networks in New Zealand, courtesy of a joint effort by Samsung and the The New Zealand Telecommunications Forum (TCF) to "blacklist" the device. No calls, no texts, no mobile data. Users will still be able to access WiFi, but the device will essentially be turned into a big Samsung iPod Touch. Samsung New Zealand added that it will work to contact all remaining Note 7 owners twice prior to the shut down, "to ensure they have received adequate notice." It remains to be seen whether the company will take similar action in other markets. "Numerous attempts by all providers have been made to contact owners and ask them to bring the phones in for replacement or refund, this action should further aid the return of the remaining handsets," TCF's CEO said in a statement issued today.

Scientists from the University of California discuss how they plan on fixing broken devices with magnetic ink particles. "Just like the human skin is stretchable and self-healing, we wanted to impart a self-healing ability to printed electronics," Amay Bandodkar, a member of the research team, tells The New York Times. The Verge reports: Sensors printed with this ink would magnetically attach to each other when a rip or tear occurs, automatically fixing a device at the first sign of disintegration. The published study focused on creating sensors that can be incorporated with fabrics. The result is smart clothing that can repair cuts up to three millimeters long in 50 milliseconds. In a sample video, a sensor used to light a small bulb gets snipped in half. In seconds, magnets in the sensor pull the two sides back together and slowly light the bulb again. To create the self-healing effect, the team used pulverized neodymium magnets typically found in refrigerators and hard drives and combined them into the ink. This helps the researchers avoid the traditional process of adding chemicals and heat, which could take hours to complete. Bandodkar estimates that $10 worth of ink can create "hundreds of small devices" that can help reduce waste, since you won't need to throw these wearables and gadgets out when they're broken. "Within a few seconds it's going to self-heal, and you can use it over and over again."

Apple has just received a patent, titled "electronic devices with carbon nanotube printing circuits," that suggests future iPhones may be foldable -- at least to some degree. Geek reports: Based on the language in the patent, it doesn't sound like Apple is specifically talking about a device that has a fully bendable display. It mentions one that can bend "along edges of touch sensors or displays." The carbon nanotube PCBs provide flexibility for some of the phone's internals, but not all of them. Those other parts will likely be covered by other patents if Apple is genuinely working on a seamless foldable device. The usual caveats apply here. For now, this is simply yet another patent padding Apple's already massive portfolio. Could they be planning to release an iPhone that folds in half? Definitely.

MojoKid writes: There aren't many phones on the market currently that can boast an edge-to-edge display with minimal or no bezel on top and bottom, save for perhaps Xiaomi's recently unveiled Mi MIX. However, word on the web is that the field will expand by at least one more next year, and specifically with Samsung's Galaxy S8. This runs contrary to a previous rumor that the Galaxy S8 might only come with a curved edge display. That would be surprising since Samsung needs to sell as many Galaxy S8 phones as possible after the Galaxy Note 7 debacle. Only offering a curved edge model could be counterproductive to that goal, though offering an edge-to-edge display could be the spark Samsung needs. Park Won-sang, a principal engineer at Samsung Display noted the division would roll out a full-screen smartphone display with a "display area ratio [that] reaches more than 90 percent next year," during the iMiD 2016 display exhibition in Seoul last week. The engineer added that Samsung may even extend the display area ratio to 99 percent in the years ahead, which would mean virtually the entire front of the phone would be the screen. In case you're wondering, most of today's smartphones utilize a display area to bezel ratio of around 80 percent.

An anonymous reader writes: "High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device...Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop."

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking." In addition, security researchers "have already found ways to mine cloaked IP addresses. Speaking to New Scientist, team member Vasilios Mavroudis suggests that an app's always-on microphone access could be leveraged to monitor conversations (and, if you're not paranoid already, to decipher what you're typing). The 'beacons' that transmit ultrasound data can also be spoofed to manipulate apps' user data."

"Investigators are calling it a 'digital canvass' -- the high-tech equivalent of knocking on thousands of doors for information," reports the CBC, describing how an Ontario police department sent text messages to 7,500 potential witnesses of a homicide using phone numbers from a nearby cell tower's logs. Police obtained the numbers through a court order, and sent two texts -- one in English, and another one in French -- asking recipients to "voluntarily answer a few simple questions..." Slashdot reader itamblyn writes: On one hand, this seems like the natural progression from the traditional approach of canvassing local residents by putting up flyers and knocking on doors. On the other hand, I think one can reasonably ask -- Are we OK with this approach...? Do we want this to happen whenever there is a major crime?
The article adds that the police force "will keep the numbers on file until the killing is solved, officers said at a news conference on Wednesday... Investigators will also consider calling the numbers of people who don't respond voluntarily, but they would be required to obtain another court order to do so."

BUL2294 writes: Following the arrests earlier this month in India of call center employees posing as IRS or immigration agents, USA Today and Consumerist are reporting that the U.S. Department of Justice has charged 61 people in the U.S. and India of facilitating the scam, bilking millions from Americans thinking they were facing immediate arrest and prosecution. "According to the indictment (PDF) -- which covers 20 individuals in the U.S. and 32 people and five call centers in India -- since about 2012 the defendants used information obtained from data brokers and other sources to call potential victims impersonating officers from the IRS or U.S. Citizenship and Immigration Services," reports Consumerist. The report adds: "To give the calls an air of authenticity, the organization was able to 'spoof' phone numbers, making the calls appear to have really come from a federal agency. The callers would then allegedly threaten potential victims with arrest, imprisonment, fines, or deportation if they did not pay supposed taxes or penalties to the government. In instances when the victims agreed to pay, the DOJ claims that the call centers would instruct them to go to banks or ATMs to withdraw money, use the funds to purchase prepaid stored value cards from retail stores, and then provide the unique serial number to the caller. At this point, the operations U.S.-based counterparts would use the serial numbers to transfer the funds to prepaid reloadable cards. The cards would then be used to purchase money orders that were transferred into U.S. bank accounts of individuals or businesses. To make matters worse, the indictment claims that the prepaid debit cards were often registered using personal information of thousands of identity theft victims, and the wire transfers were directed by the organizations using fake names and fraudulent identifications. The operation would then use 'hawalas' -- a system in which money is transferred internationally outside of the formal banking system -- to direct the pilfered funds to accounts belonging to U.S.-based individuals.