Opera has launched its Web3 "Crypto Browser" into beta with features like a built-in crypto wallet, easy access to cryptocurrency/NFT exchanges, support for decentralized apps (dApps) and more. From a report: The aim is to "simplify the Web3 user experience that is often bewildering for mainstream users," Opera EVP Jorgen Arnensen said in statement. A key feature is the built-in non-custodial wallet that will support blockchains including Ethereum, Bitcoin, Celo and Nervos from the get-go. It also announced partnerships with Polygon and others. The idea is to let you access your crypto without the need for any extensions, with the option of using third-party wallets as well. You can purchase cryptocurrencies via a fiat to crypto on-ramp, swap crypto directly in-wallet, send and receive it and check your wallet balance. It even has a secure clipboard that ensures other apps can't data when you copy/paste. The other primary function is support for Web3, aka blockchain-based decentralized internet, aka the buzzy new thing among crypto enthusiasts (and skeptics). On top of providing extra security via blockchain encryption, it allows users to access things like GameFi "where you can earn as you play your way through all sorts of metaverses," Opera notes. It also offers a "Crypto Corner" with the latest blockchain news that also "lets you grow your Web3 skills," according to Opera.

New submitter sperm shares a report from the BBC: The Beijing Winter Olympics app that all Games attendees must use contains security weaknesses that leave users exposed to data breaches, analysts say. The My2022 app will be used by athletes, audience members and media for daily Covid monitoring. The app will also offer voice chats, file transfers and Olympic news.

But cybersecurity group Citizen Lab says the app fails to provide encryption on many of its files. China has dismissed the concerns. Questions about the app come amid a rise in warnings about visitors' tech security ahead of the Games, which begin on 4 February. People attending the Beijing Olympics should bring burner phones and create email accounts for their time in China, cyber security firm Internet 2.0 said on Tuesday. Several countries have also reportedly told athletes to leave their main devices at home. The report also says that it's found a "censorship keywords" list built into the app, and a feature that allows people to flag other "politically sensitive" expressions.

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. From the report: One key objective: mobilizing public opinion against Facebook's decision to encrypt its Messenger app. The Home Office has hired the M&C Saatchi advertising agency -- a spin-off of Saatchi and Saatchi, which made the "Labour Isn't Working" election posters, among the most famous in UK political history -- to plan the campaign, using public funds. According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt -- placing an adult and child (both actors) in a glass box, with the adult looking "knowingly" at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

Google took to Twitter this weekend to complain that iMessage is just too darn influential with today's kids. Ron Amadeo writes via Ars Technica: The company was responding to a Wall Street Journal report detailing the lock-in and social pressure Apple's walled garden is creating among US teens. iMessage brands texts from iPhone users with a blue background and gives them additional features, while texts from Android phones are shown in green and only have the base SMS feature set. According to the article, "Teens and college students said they dread the ostracism that comes with a green text. The social pressure is palpable, with some reporting being ostracized or singled out after switching away from iPhones." Google feels this is a problem.

"iMessage should not benefit from bullying," the official Android Twitter account wrote. "Texting should bring us together, and the solution exists. Let's fix this as one industry." Google SVP Hiroshi Lockheimer chimed in, too, saying, "Apple's iMessage lock-in is a documented strategy. Using peer pressure and bullying as a way to sell products is disingenuous for a company that has humanity and equity as a core part of its marketing. The standards exist today to fix this."

The "solution" Google is pushing here is RCS, or Rich Communication Services, a GSMA standard from 2008 that has slowly gained traction as an upgrade to SMS. RCS adds typing indicators, user presence, and better image sharing to carrier messaging. It is a 14-year-old carrier standard, though, so it lacks many of the features you would want from a modern messaging service, like end-to-end encryption and support for non-phone devices. Google tries to band-aid over the aging standard with its "Google Messaging" client, but the result is a lot of clunky solutions that don't add up to a good modern messaging service. Since RCS replaces SMS, Google has been on a campaign to get the industry to make the upgrade. After years of protesting, the US carriers are all onboard, and there is some uptake among the international carriers, too. The biggest holdout is Apple, which only supports SMS through iMessage. "Google clearly views iMessage's popularity as a problem, and the company is hoping this public-shaming campaign will get Apple to change its mind on RCS," writes Amadeo in closing. "But Google giving other companies advice on a messaging strategy is a laughable idea since Google probably has the least credibility of any tech company when it comes to messaging services. If the company really wants to do something about iMessage, it should try competing with it."

Further reading:
Eddy Cue Wanted To Bring iMessage To Android In 2013
Apple Says iMessage On Android 'Will Hurt Us More Than Help Us'

Signal founder Moxie Marlinspike is stepping down as CEO of the company, he announced in a blog post on Monday. Executive chairman Brian Acton will serve as acting CEO until a replacement is found. From a report: "Every day, I'm struck by how boundless Signal's potential looks, and I want to bring in someone with fresh energy and commitment to make the most of that," Marlinspike wrote. "I now feel very comfortable replacing myself as CEO based on the team we have." The company has met with several CEO candidates "over the last few months," Marlinspike wrote, but the search remains ongoing. Founded in 2014, Signal has grown into one of the most trusted and robust apps for encrypted messaging. The service has more than 40 million monthly users and is regularly recommended in security guides. Established as a nonprofit, the company is not supported by advertising or app sales, instead relying on donations and a recently launched sustainer program.

Gizmodo writes that "It's hard to blame someone for running away from a burning building. The same can be applied to Silicon Valley, where the head of public relations at Meta, Facebook's parent company, is stepping down." His departure comes as the tech giant struggles to put out several PR fires, most notable among them the fallout from the "Facebook Papers," a series of damning reports first published by the Journal last fall that included thousands of leaked internal documents.
"The central thesis of Haugen's leaks is that that Facebook and its executives know about the problems Facebook helps ignite and proliferate, from political lies to eating disorders, and don't do enough to stop them," writes Insider.com. They add that whistleblower Haugen "has also taken aim at the company's efforts to expand encryption to increase user privacy, suggesting such a move may make it easier for Facebook to ignore countries conducting espionage on its platforms."

And they note that Facebook also lost its VP of Product Communications, Roberta Thomson.

The Wall Street Journal reports that the departure of communications head John Pinette is "creating a void at the top of the department managing the controversies surrounding the tech giant." John Pinette had overseen the company's external communications since 2019. Prior to joining what was then Facebook, Pinette handled business and philanthropic dealings for deceased Microsoft co-founder Paul Allen. He also ran communications for Alphabet Inc.'s Google in Asia and advised Microsoft co-founder Bill Gates in past jobs.

In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

A Forbes associate editor covering privacy, cybercrime, and security/surveillance reports on a recently-revealed search warrant.

Instead of investigating a photo, it asked Google to provide information on a suspect who allegedly owned graphic illegal cartoons involving children: That kind of content is potentially illegal to own under U.S. law and can be detected by Google's anti-child sexual material (CSAM) systems, a fact not previously discussed in the public domain, the warrant reveals.... Google also uses machine learning tools to look at files and analyze them for any sign they're of abused children....

As per its legal requirements, Google handed information on what it found, as well as the IP addresses used to access the images, to the National Center for Missing and Exploited Children (NCMEC), which then passed on the findings to the DHS Homeland Security Investigations unit. Investigators used the IP addresses provided by Google to identify the suspect as the alleged owner of the cartoons, and searched his Google account, receiving back information on emails to and from the defendant. It appears the suspect may actually be a known artist. As no charges have been filed, Forbes isn't publishing his name, but the man identified in the warrant had won several small Midwest art competitions, and one artwork from the 1990s had been mentioned in a major West Coast newspaper...

Google, meanwhile, has in recent years released transparency reports showing how many times it reports issues to NCMEC. The figures reveal a disturbing trend. In the first six months of 2021, it found more than 3.4 million pieces of potentially illegal content in 410,000 separate reports. That was up from 2.9 million in 365,000 reports in the last six months of 2020, and well over double that from January to June 2020, when 1.5 million pieces of CSAM material were discovered and reported to NCMEC in 180,000 reports...

As Google doesn't end-to-end encrypt its communications tools like Gmail or its file storage tech like Drive, it's still possible for the tech company to scan for illegal content. And as it has no plans to introduce those features, law enforcement can still rely on Google to warn NCMEC when abuse happens on its servers. Whether the majority of users will want Google to scan people's accounts so it can help find child abusers, or have improved privacy with end-to-end encryption instead, the Mountain View, California-based business will have to struggle with that balance in perpetuity. The same goes for any one of its rivals.

More than 20 different times in the last 12 months, at least $10 million was stolen from a cryptocurrency exchange or project, reports NBC News.

"In at least six cases, hackers stole more than $100 million..." By comparison, bank robberies netted perpetrators an average of less than $5,000 per heist last year, according to the FBI's annual crime statistics... "If you hack a Fortune 500 company today, you might steal some usernames and passwords," said Esteban Castaño, the CEO and co-founder of TRM Labs, a company that builds tools for companies to track digital assets. "If you hack a cryptocurrency exchange, you may have millions of dollars in cryptocurrency...."

[W]hile a handful of countries have strict regulations in place, it's relatively easy for tech entrepreneurs to set up an exchange nearly anywhere in the world and run it however they like. Cryptocurrencies generally offer a certain amount of security — taking their name, in part, from "encryption." But the exchanges that manage them, especially new ones building their businesses from scratch, often start with a tiny staff, which means few if any full-time cybersecurity professionals. Their developers may work frantically to make the code work, sometimes accidentally leaving flaws that give hackers a foothold. Combined with the fact that a volatile market often leaves them suddenly holding a fortune, exchanges are a particularly ripe target for criminal hackers....

The problem is exacerbated because many cryptocurrency projects, intent on avoiding government regulations, set up in countries whose law enforcement agencies don't have much power to go after transnational hackers. Or if they are hacked, they tend to be less likely to call for government help on ideological grounds, said Beth Bisbee, head of U.S. investigations at Chainalysis, a company that tracks cryptocurrency transactions for both private companies and government agencies. Some developers "want to be anti-bank and anti-oversight," Bisbee said. "So when something like that happens, they're not necessarily wanting to work with law enforcement, even though they'd be considered to be a victim and it'd be valuable for them to."
Ultimately the article points out that "Most exchange hackers are not caught." (Although in at least one case part of the stolen money was voluntarily returned.)

But what happens after the breach, NBC News asked Dave Jevans, the founder of CipherTrace, a company that tracks theft and fraud in cryptocurrencies. If an exchange is wealthy enough and plans ahead to have an emergency fund, it can compensate its customers if its operation is hacked, Jevans said. If not, they often goes out of business. "Not every exchange is so wealthy or has so much foresight. It just goes, pop, 'We're out of business. Sorry, you're all screwed,'" he said.

David Heinemeier Hansson is the creator of Ruby on Rails (as well as the co-founder and CTO of Basecamp, makers of the email software HEY). But he says Wednesday's release of version 7.0 is the version he's been longing for, "The one where all the cards are on the table. No more tricks up our sleeves. The culmination of years of progress on five different fronts at once." The backend gets some really nice upgrades, especially with the encryption work that we did for HEY, so your data can be encrypted while its live in the database.... But it's on the front end things have made a quantum leap. We've integrated the Hotwire frameworks of Stimulus and Turbo directly as the new defaults, together with that hot newness of import maps, which means you no longer need to run the whole JavaScript ecosystem enchilada in your Ruby app...

The part that really excites me about this version, though, is how much closer it brings us to the ideal of The One Person Framework. A toolkit so powerful that it allows a single individual to create modern applications upon which they might build a competitive business. The way it used to be... Rails 7 seeks to be the wormhole that folds the time-learning-shipping-continuum, and allows you to travel grand distances without knowing all the physics of interstellar travel. Giving the individual rebel a fighting chance against The Empire....

The key engine powering this assault is conceptual compression. Like a video codec that throws away irrelevant details such that you might download the film in real-time rather than buffer for an hour. I dedicated an entire RailsConf keynote to the idea...

[I]f there ever was an opening, ever was a chance that we might at least tilt the direction of the industry, now is it.

What a glorious time to be working in web development.

IBM and Samsung have announced their latest advance in semiconductor design: a new way to stack transistors vertically on a chip (instead of lying flat on the surface of the semiconductor). The Verge reports: The new Vertical Transport Field Effect Transistors (VTFET) design is meant to succeed the current FinFET technology that's used for some of today's most advanced chips and could allow for chips that are even more densely packed with transistors than today. In essence, the new design would stack transistors vertically, allowing for current to flow up and down the stack of transistors instead of the side-to-side horizontal layout that's currently used on most chips. Vertical designs for semiconductors have been a trend for a while (FinFET already offers some of those benefits); Intel's future roadmap also looks to move in that direction, too, although its initial work focused on stacking chip components rather than individual transistors. It makes sense, after all: when you've run out of ways to add more chips in one plane, the only real direction (other than physically shrinking transistor technology) is to go up.

While we're still a ways away from VTFET designs being used in actual consumer chips, the two companies are making some big claims, noting that VTFET chips could offer a "two times improvement in performance or an 85 percent reduction in energy use" compared to FinFET designs. And by packing more transistors into chips, IBM and Samsung claim that VTFET technology could help keep Moore's law's goal of steadily increasing transistor count moving forward. IBM and Samsung are also citing some ambitious possible use cases for the new technology, raising the idea of "cell phone batteries that could go over a week without being charged, instead of days," less energy-intensive cryptocurrency mining or data encryption, and even more powerful IoT devices or even spacecraft.

The three political parties set to form the new German government have agreed to stop buying zero-day vulnerabilities and limit the government's future use of monitoring software (spyware). From a report: The Green Party, the Social Democratic Party (SPD), and the Free Democratic Party (FDP) entered into a government coalition last month, and their new joint government cabinet is expected to be formally elected to power later today following a vote in the German Parliament.

Their political collaboration was announced last month, on November 24, and the announcement was also accompanied by a 178-page document outlining the coalition's joint core governing principles on a number of social, political, and economic topics. Among them were different IT, privacy, and cybersecurity-related issues, including two paragraphs that addressed the German's state penchant for acquiring zero-day vulnerabilities and using them in surveillance operations. "The exploitation of weak points in IT systems is in a highly problematic relationship to IT security and civil rights," the three parties said in the section dedicated to national and internal security.

"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...."

While not all flaws carried the same risk, the team found some common problems that affected most of the tested models:

- Outdated Linux kernel in the firmware
- Outdated multimedia and VPN functions
- Over-reliance on older versions of BusyBox
- Use of weak default passwords like "admin"
- Presence of hardcoded credentials in plain text form....

All of the affected manufacturers responded to the researchers' findings and released firmware patches.
The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router.

jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

An anonymous reader quotes a report from the Record: A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. The document, obtained earlier this month following a FOIA request filed by Property of the People, a US nonprofit dedicated to government transparency, appears to contain training advice for what kind of data agents can obtain from the operators of encrypted messaging services and the legal processes they have to go through.

Dated to January 7, 2021, the document doesn't include any new information but does a good job at providing an up-to-date summary of what type of information the FBI can currently obtain from each of the listed services. [...] While the document confirms that the FBI can't gain access to encrypted messages sent through some services, the other type of information they can glean from providers might still help authorities in other aspects of their investigations. The content of the document, which may be hard to read due to some font rendering issues, is also available in the table [embedded in the article]. Of note, the table above does not include details about Keybase, a recent end-to-end encrypted (E2EE) service that has been gaining in popularity. The service was acquired by video conferencing software maker Zoom in May 2020.

The US has placed a dozen Chinese groups involved in quantum computing and other advanced technologies on an export blacklist, saying they pose a risk of gaining access to critical American technologies for the People's Liberation Army. From a report: The move, which makes it almost impossible for US companies to sell technologies to the listed companies, targeted a total of 27 entities, including 12 in China and two affiliated firms in Japan and Singapore. In addition to quantum computing, the list included companies in the semiconductor and aerospace industries. Eight of the Chinese groups were specifically targeted to prevent them from accessing sensitive quantum-related technology, the US commerce department said, arguing they could help the PLA improve counter-stealth and counter-submarine applications and facilitate efforts to break US encryption.

The actions mark the latest effort by the Biden administration to make it more difficult for China to secure cutting-edge technologies with military applications. Last month, US intelligence officials warned American companies about Chinese efforts to access technology in areas including quantum computing and artificial intelligence. "This is a sensible move and an important reminder of the scope and scale of China's efforts to achieve technological breakthroughs that erode US national security," said Martijn Rasser, a former CIA official who heads the technology and national security programme at the Center for a New American Security think-tank. In addition to the Chinese groups targeted, Washington put 13 Pakistani firms on the "entity list" for activities related to nuclear and ballistic missile programmes. It added the Moscow Institute of Physics and Technology to a "military end-user" list that makes it more difficult to sell technology with military applications.

The owner of Facebook and Instagram is delaying plans to encrypt users' messages until 2023 amid warnings from child safety campaigners that its proposals would shield abusers from detection. From a report: Mark Zuckerberg's social media empire has been under pressure to abandon its encryption plans, which the UK home secretary, Priti Patel, has described as "simply not acceptable." The National Society for the Prevention of Cruelty to Children (NSPCC) has said private messaging is the "frontline of child sexual abuse online" because it prevents law enforcement, and tech platforms, from seeing messages by ensuring that only the sender and recipient can view their content -- a process known as end-to-end encryption. The head of safety at Facebook and Instagram's parent company, Meta, announced that the encryption process would take place in 2023. The company had previously said the change would happen in 2022 at the earliest.

"We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Antigone Davis wrote in the Sunday Telegraph. "As a company that connects billions of people around the world and has built industry-leading technology, we're determined to protect people's private communications and keep people safe online." Meta already uses end-to-end encryption on its WhatsApp messaging service and had been planning to extend that to its Messenger and Instagram apps in 2022. It has already encrypted voice and video calls on Messenger. Announcing the privacy drive in 2019, Zuckerberg, said: "People expect their private communications to be secure and to only be seen by the people they've sent them to -- not hackers, criminals, over-reaching governments or even the people operating the services they're using."

"If current progress continues, quantum computers will be able to crack public key cryptography," writes CNET, "potentially creating a serious threat to the crypto world, where some currencies are valued at hundreds of billions of dollars." If encryption is broken, attackers can impersonate the legitimate owners of cryptocurrency, NFTs or other such digital assets. "Once quantum computing becomes powerful enough, then essentially all the security guarantees will go out of the window," Dawn Song, a computer security entrepreneur and professor at the University of California, Berkeley, told the Collective[i] Forecast forum in October. "When public key cryptography is broken, users could be losing their funds and the whole system will break...."

"We expect that within a few years, sufficiently powerful computers will be available" for cracking blockchains open, said Nir Minerbi, CEO of quantum software maker Classiq Technologies.

The good news for cryptocurrency fans is the quantum computing problem can be fixed by adopting the same post-quantum cryptography technology that the computing industry already has begun developing. The U.S. government's National Institute of Standards and Technology, trying to get ahead of the problem, is several years into a careful process to find quantum-proof cryptography algorithms with involvement from researchers around the globe. Indeed, several cryptocurrency and blockchain efforts are actively working on quantum resistant software...

A problem with the post-quantum cryptography algorithms under consideration so far, though, is that they generally need longer numeric encryption keys and longer processing times, says Peter Chapman, CEO of quantum computer maker IonQ. That could substantially increase the amount of computing horsepower needed to house blockchains...

The real quantum test for cryptocurrencies will be governance structures, not technologies, says Hunter Jensen, chief technology officer of Permission.io, a company using cryptocurrency for a targeted advertising system... "It will be the truly decentralized currencies which will get hit if their communities are too slow and disorganized to act," said Andersen Cheng, chief executive at Post Quantum, a London based company that sells post-quantum encryption technology.

iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents.

Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

Slashdot reader FlatEric521 tipped us off to an interesting story (from the News Service of Florida): When police responded in 2018 to a call about a shattered window at a home in Orange County, they found a black Samsung smartphone near the broken window. A woman in the home identified the phone as belonging to an ex-boyfriend, Johnathan David Garcia, who was later charged with crimes including aggravated stalking.

But more than three years after the shattered window, the Florida Supreme Court is poised to hear arguments in the case and consider a decidedly 21st Century question: Should authorities be able to force Garcia to give them his passcode to the phone?

Attorney General Ashley Moody's office appealed to the Supreme Court last year after the 5th District Court of Appeal ruled that requiring Garcia to turn over the passcode would violate his constitutional right against being forced to provide self-incriminating information... The case has drawn briefs from civil-liberties and defense-attorney groups, who contend that Garcia's rights under the U.S. Constitution's 5th Amendment would be threatened if he is required to provide the passcode.

But Moody's office in a March brief warned of trouble for law enforcement if the Supreme Court sides with Garcia in an era when seemingly everybody has a cell phone. Police obtained a warrant to search Garcia's phone but could not do so without a passcode. "Modern encryption has shifted the balance between criminals and law enforcement in favor of crime by allowing criminals to hide evidence in areas the state physically cannot access," the brief said.