Federal Communications Commission Chairman Ajit Pai has proposed another set of robocall rules, this time to ban malicious calls that spoof caller IDs in text messages and international calls. From a report: The anti-spoofing rules will be voted on by the FCC Aug. 1, and they already have the support of more than 40 state attorneys general, Pai said Monday. These new rules would close the loopholes in targeting international callers, including one-way interconnected VoIP calls, and scammers using text messaging. They are part of the FCC's "multi-pronged approach to battle the noxious intrusion of illegal robocalls, as well as malicious caller ID spoofing," Pai said. Last month, the FCC voted unanimously on a proposal to give mobile phone companies greater power to "aggressively block" unwanted robocalls.

Trailrunner7 quotes Duo.com's Decipher blog: There's an interesting and troubling attack happening to some people involved in the OpenPGP community that makes their certificates unusable and can essentially break the OpenPGP implementation of anyone who tries to import one of the certificates.

The attack is quite simple and doesn't exploit any technical vulnerabilities in the OpenPGP software, but instead takes advantage of one of the inherent properties of the keyserver network that's used to distribute certificates. Keyservers are designed to allow people to discover the public certificates of other people with whom they want to communicate over a secure channel. One of the properties of the network is that anyone who has looked at a certificate and verified that it belongs to another specific person can add a signature, or attestation, to the certificate. That signature basically serves as the public stamp of approval from one user to another...

Last week, two people involved in the OpenPGP community discovered that their public certificates had been spammed with tens of thousands of signatures -- one has nearly 150,000 -- in an apparent effort to render them useless. The attack targeted [OpenPGP project developers] Robert J. Hansen and Daniel Kahn Gillmor, but the root problem may end up affecting many other people, too...

Matthew Green, a cryptographer and associate professor at Johns Hopkins University, said that the attack points out some of the weaknesses in the entire OpenPGP infrastructure.

"PGP is old and kind of falling apart. There's not enough people maintaining it and it's full of legacy code. There are some people doing the lord's work in keeping it up, but it's not enough," Green said. "Think about like an old hospital that's crumbling and all of the doctors have left but there's still some people keeping the emergency room open and helping patients. At some point you have to ask whether it's better just to let it close and let something better come along.

"I think PGP is preventing the development of better stuff and the person who did this is clearly demonstrating this problem."

On Thursday ZDNet quoted a disturbing blog post from OpenPGP project developer Robert "rjh Hansen, who warned that "given the ease of the attack and the highly publicized success of the attack, it is prudent to believe other certificates will soon be poisoned."

A bipartisan pair of House lawmakers on Thursday unveiled a compromise bill aimed at thwarting the scourge of robocalls dialing up U.S. consumers, about one month after the Senate adopted its own anti-robocall bill. From a report: House Energy and Commerce Committee Chairman Frank Pallone Jr. (D-N.J.) and ranking member Greg Walden (R-Ore.) on Thursday announced the legislation, which differs from the Senate's version on some points but seems to have significant overlap. Pallone and Walden's Stopping Bad Robocalls Act would require phone carriers to implement technology to authenticate whether calls are real or spam, and allow carriers to offer call-blocking services. The legislation specifies the carriers should make sure that legal calls, such as those from doctors offices or creditors, are not blocked, while opening the door for the government to broaden its definition of what constitutes a "robocall."

An anonymous reader shares a report: Truecaller, an app best known for helping users screen calls from strangers and spammers, is adding yet another feature to its service as it bolsters its super app status. The Stockholm-based firm said today that its app can now be used to place free VoIP-powered voice calls. The company told TechCrunch on Tuesday that it has started to roll out the free voice calling feature to its Android users. It expects the rollout to reach all Android users in the coming days. The feature, which currently only supports calls between two users, will arrive on its iOS app soon. In emerging markets such as India, where 100 million of Truecaller's 140 million users live, free voice calls has been a long-sought after feature. Until late 2016, voice calls were fairly expensive in India, with telecom operators counting revenue from traditional calls as their biggest profit generator.

An anonymous reader shares a report: In the heart of Boston, Tufts Medical Center treats scores of health conditions, from administering measles vaccines for children to pioneering next-generation tools that can eradicate the rarest of cancers. But doctors, administrators and other hospital staff struggled to contain a much different kind of epidemic one April morning last year: a wave of thousands of robocalls that spread, like a virus, from one phone line to the next, disrupting communications for hours to come.

For most Americans, such robocalls represent an unavoidable digital-age nuisance, resulting in constant interruptions targeting their phones each month. For hospitals, though, the spam calls amount to a literal life-or-death challenge, one that increasingly is threatening doctors and patients in a setting where every second can count. At Tufts Medical Center, administrators registered more than 4,500 calls between about 9:30 and 11:30 a.m. on April 30, 2018, said Taylor Lehmann, the center's chief information security officer. Many of the messages seemed to be the same: Speaking in Mandarin, an unknown voice threatened deportation unless the person who picked up the phone provided their personal information.

Such calls are common, widely documented scams that seek to swindle vulnerable foreigners, who may surrender their private data out of fear their families and homes are at risk. But it proved especially troubling at Tufts, which is situated amid Boston's Chinatown neighborhood, Lehmann said. Officials there couldn't block the calls through their telecom carrier, Windstream, which provides phone and web services to consumers and businesses. "There's nothing we could do," Lehmann said Windstream told them.

Tired of taking the flak for helping spread fake news, WhatsApp will start suing parties it finds flouting its rules. Till now, it was only using machine learning to flag accounts that were abusing its anti-spam policies. From a report: The messaging platform, used by more than 1.5 billion users, confirmed on Tuesday that starting December 7 it will start considering signals off its platform to pursue legal actions against those who are abusing its system. The company will also go after individuals who -- or firms that -- falsely claim to have found ways to cause havoc on the service.

Microsoft cloud chief Scott Guthrie says the company wasn't ready to acquire GitHub in 2014. "We would have screwed it up," he tells Bloomberg. But as he sees it, there was also another problem.

"The open-source world would've rightly looked at us at the time as the antichrist. We didn't have the credibility that we have now around open source..."

An anonymous reader quotes Bloomberg's report: Since then, Microsoft has turned itself into one of the biggest developers of open-source software and has persuaded customers to trust applications built using rival tools and programs to Microsoft's Azure cloud-computing service, boosting Azure revenue and usage. More than 60 percent of the company's team that works with cloud-app developers were hired for their expertise in non-Microsoft programming tools or cloud services. A full version of the open-source Linux operating system is even being added to Windows. The efforts are bringing new software builders to the Microsoft camp.

Last June, Guthrie and Microsoft Chief Executive Officer Satya Nadella finally unveiled an agreement to acquire GitHub. While there was still some initial agita in the developer community and rivals gained some refugee users from GitHub, one year later the deal is noteworthy mainly for how little drama it's caused. Most GitHub users just continued putting their code there. "Some people were upset, but few, because Microsoft had spent years building up goodwill with the open-source community," said Matt Asay, an Adobe Inc. senior director who is a longtime open-source developer and previous Microsoft opponent. "There was a knee-jerk sort of 'remember, they're the Great Satan' reaction, but it was halfhearted."
The article also notes that after Microsoft acquired GitHub, 113,000 code repositories moved to GitLab.

Apple is taking a new step to combat spam calls in iOS 13. Today, you can already install third-party spam call screeners on your iPhone, but if that's not good enough (or something you don't want to do), iOS 13 will add a new solution this fall. From a report: iOS 13 will be able to automatically silence any calls coming in from an unknown number. Even better, it'll automatically send them to voicemail. The new "silence unknown callers" option can be toggled on or off based on your preference, but I'm thinking most people will enable it right after updating and leave it that way. The feature is explained on this page of what's new in iOS 13. So many of the spam calls we're bombarded with on a daily basis are spoofed to look like a local number. But Apple says that iOS 13 will "use Siri intelligence to allow calls to ring your phone from numbers in Contacts, Mail, and Messages." Any number that can't be found in one of those places will be routed to voicemail.

"It has become too easy to take Linux and FOSS for granted," warns a Linux Journal editorial by Doc Searls, complaining, for example, that today "We collaborate inside proprietary environments, such as Slack and Google Hangouts."

Long-time Slashdot reader whh3 wants to live differently -- and to model a different set values: After reading the recent Doc Searls article in Linux Journal, I realized that I need to get back to my roots. The first step will be to build/setup/run my own email server for my vanity domain.

The problem is, I haven't run my own email server since the 90s. It was easy back then -- there was much less SPAM and self-hosted email servers didn't have to jump through hoops to make sure that they weren't blacklisted as senders.

So, I am reaching out to this great community to find out if there are any good tutorials on modern-day best-practices for self hosting an email server. Any tips/tricks/pointers would be great appreciated!
A lot's changed in 20 years -- but for such a basic form of online communication, is it still possible to roll your own? Or are we trapped in a world where private conversations about valuing open source software take place inside Google's proprietary Gmail client.

Leave your own suggestions in the comments. How would you host your own email server?

Google is combining several technologies, including virtual phone numbers, audio transcriptions, automated reporting and analytics, in a new effort to help small business owners better manage their inbound phone calls. From a report: The company's latest project from its in-house incubator is CallJoy, launching today. Aimed at the U.S.'s 30.2 million small business owners, the system offers a low-cost customer service agent that helps block spam calls, provide callers with basic business information and redirect customers to complete their requests -- like appointment booking or placing a to-go order -- over SMS. Any other calls or questions would be directed to the main business phone number. Typically, customer service phone agents like this are out of reach for small business owners, but CallJoy is priced at a flat monthly fee of $39 to make the technology affordable.

GoDaddy removed a cluster of more than 15,000 fraudulent websites discovered by a researcher at Palo Alto Networks' Unit 42 analysis team. From a report: The scam, which sold products like weight loss pills, used breached websites to add legitimacy to its sales and involved using fake celebrity endorsements. Jeff White, the researcher at Unit 42, started researching the network of sites more than 2 years ago when he noticed spam messages that looked visually similar and used similar language. The products were sold on commission as part of an affiliate marketing program and used low initial pricing and tiny print to get people signed up for costly subscriptions. The sales took place on hacked GoDaddy websites, where hackers had set up subdomains on legitimate websites.

A "limited" number of users of Microsoft's webmail services -- which include Hotmail, Outlook.com, and MSN -- "had their accounts compromised, TechCrunch reports. "We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email. According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with -- "but not the content of any e-mails or attachments," nor -- it seems -- login credentials like passwords. Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.

arnieswap quotes TFIR's report on the black hole image: Free and Open Source software was at the heart of this image. The team used three different imaging software libraries to achieve the feat. Out of the three, two were fully open source libraries. The source code of the software is publicly available on GitHub.

Richard M Stallman, the founder of the GNU Project will be glad to see that both libraries (Sparselab and ehtim) are released under GNU GPL v3. Yes, you read it right – GNU GPL v3.

"While lawmakers debate what to do about the roboscourge, engineers have cooked up some clever ways to make bots work for us, not against us," writes the Washington Post, taking a look at apps like the $4-per-month RoboKiller -- which offers malicious "answer bots": They're voicemail messages that try to keep robots and human telemarketers on the line, listening to nonsense. Answer bot options range from Trump impersonators and extended coughing sessions to someone doing vocal exercises. Even better, RoboKiller will send you an often-hilarious recording of the interaction. (It only uses these recordings when it's very sure it's a spam call.)

Another service, called Jolly Roger, doesn't sell itself as a robocall blocker but takes this auto-generated annoyance idea a step further by actively trying to game the spammers' systems, such as when to press 1 to speak to a human. It calls this tech "artificial stupidity." It costs $11.88 per year.

It's possible you're better off not engaging with a robocall in the hopes the dialer with decide the line is dead. And it's also not clear how much these actually cost the people placing robocalls. But any time robocallers spend with your bot might be minutes they're not calling someone else, so you can think of it as community service.
I'm also not sure this does any good -- but the Post's article also includes a run-down of other robocall-blocking services available from both wireless carriers and independent companies. It recommends starting with the free YouMail app, which collates data from 10 million registered users to determine which calls to block -- and in addition, "tries to trick known robocallers into taking you off their lists by playing them the beep-beep-beep sound of a dead line."

If you live in America, you can also add your phone number to the Federal government's official "Do not call" registry. "It won't help much," writes the Post, "but it only takes 30 seconds so why not?"

Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -- usually tech support scam sites -- from flooding users with non-stop "authentication required" login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won't be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup.

Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.

Mozilla said this week that it intends to run two experiments over the course of this month to determine the most adequate way of dealing with push notification spam, a growing problem that is slowly deteriorating the web experience for everyone. From a report: The experiments will run in Firefox Nightly (v68) and Firefox Beta (v67). The Firefox Nightly experiment will run from April 1 to April 29. During this time, Mozilla said Firefox Nightly would only allow websites to show a push notification permission only after the user has clicked or pressed a key while on a website. All attempts to show a push notification permission request before a click or key press will be blocked by default. [...] In the last two weeks of the experiment, Firefox will show an icon in the URL bar, but with no visible popup on the page. Users can click this icon and accept any push notification permission requests if they wish so. Further reading: Mozilla and Scroll Partner To Test Alternative Funding Models for the Web.

Friday CNN reported on "what you can do right now to stop robocalls."

"Short of throwing your phone in the garbage, there's no way to avoid them altogether. But wireless providers and smartphone developers offer tools to filter out at least some unwanted calls." - Verizon's Call Filter app is free to download on iPhones and Android devices. The company announced Thursday the app will offer some free features -- including auto-blocking calls from known fraudsters, showing warning banners for suspicious calls, and a spam reporting tool. For $2.99 a month per line, the Call Filter app can use a phonebook feature to look up the names of unknown callers, and it can show a "risk meter" for spam calls.

- AT&T's Call Protect has similar free features and add-ons with a $3.99 per month subscription. (iOS and Android)

- T-Mobile phones come loaded with Scam ID, which warns customers about suspicious phone numbers. It's also free to activate Scam Block, which automatically rejects calls from those numbers. An additional app called Name ID offers premium caller identification for $4 per line monthly. (iOS and Android)

- Sprint's Premium Caller ID , which comes pre-installed, looks up unknown numbers and filters and blocks robocalls for $2.99 per line.

- Google's Pixel phones also give you the option to have your voice assistant answer suspicious calls for you. The phone can transcribe the conversation and lets you decide whether to answer.

The concept of the hyperlink was first outlined over 70 years ago and eventually became a central part of the web. But 30 years since the invention of the world wide web, Google, Apple, Facebook, and Amazon have skewed the original ambitions for hyperlinks, who they are for and how far they can lead you. From a feature story: The impact that Google's PageRank algorithms have had on how the commercial web chooses to deploy hyperlinks can be seen in just about any SEO (search engine optimisation) blog. Publishers and businesses are encouraged to prioritize internal links over external links that may boost the competition in Google's rankings. "Since the very moment Google came on the scene, links moved from being the defining characteristic of the web, to being a battleground. Google's core insight was that you could treat every link as, essentially, a vote for the site," says Adam Tinworth, a digital publishing strategist. Tinworth explains that Google tries to minimize the effect of these 'unnatural linking patterns', which includes comment spam and 'guest posts', but it remains part of "how the shadier side of the SEO industry operates."

With clear, financial incentives to serve Google's web spiders, which regularly 'crawl' website content to determine its placement in searches, a common strategy involves placing hyperlinks on specific 'anchor text' -- the actual words that you click on -- that benefit that site's PageRank for keywords rather than tailor links to readers. That's not inherently a problem but research from the University of Southampton, published in February, suggests it doesn't go unnoticed. [...] In the cases of Apple and Facebook, the question isn't so much how we link and how we react to them, as where we can link to and where we can follow links to. Apple News, Facebook's Instant Articles and Google AMP all propose variations on limited systems of linking back to sources of information. As for Instagram, it's based on a two-tier system: users can't add external links to posts (#linkinbio) unless they buy adverts whereas accounts with a large number of followers are able to add external links to Stories.

"Machines will need to make ethical decisions, and we will be responsible for those decisions," argues Mike Loukides, O'Reilly Media's vice president of content strategy: We are surrounded by systems that make ethical decisions: systems approving loans, trading stocks, forwarding news articles, recommending jail sentences, and much more. They act for us or against us, but almost always without our consent or even our knowledge. In recent articles, I've suggested the ethics of artificial intelligence itself needs to be automated. But my suggestion ignores the reality that ethics has already been automated... The sheer number of decisions that need to be made means that we can't expect humans to make those decisions. Every time data moves from one site to another, from one context to another, from one intent to another, there is an action that requires some kind of ethical decision...

Ethical problems arise when a company's interest in profit comes before the interests of the users. We see this all the time: in recommendations designed to maximize ad revenue via "engagement"; in recommendations that steer customers to Amazon's own products, rather than other products on their platform. The customer's interest must always come before the company's. That applies to recommendations in a news feed or on a shopping site, but also how the customer's data is used and where it's shipped. Facebook believes deeply that "bringing the world closer together" is a social good but, as Mary Gray said on Twitter, when we say that something is a "social good," we need to ask: "good for whom?" Good for advertisers? Stockholders? Or for the people who are being brought together? The answers aren't all the same, and depend deeply on who's connected and how....

It's time to start building the systems that will truly assist us to manage our data.
The article argues that spam filters provide a surprisingly good set of first design principles. They work in the background without interfering with users, but always allow users to revoke their decisions, and proactively seek out user input in ambiguous or unclear situations.

But in the real world beyond our inboxes, "machines are already making ethical decisions, and often doing so badly. Spam detection is the exception, not the rule."

"My favorite new social network doesn't incessantly spam me with notifications," brags New York Times technology writer Mike Isaac. "When I post, I'm not bombarded with @mentions from bots and trolls. And after I use it, I don't worry about ads following me around the web.

"That's because my new social network is an email newsletter." Every week or so, I blast it out to a few thousand people who have signed up to read my musings. Some of them email back, occasionally leading to a thoughtful conversation. It's still early in the experiment, but I think I love it. The newsletter is not a new phenomenon. But there is a growing interest among those who are disenchanted with social media in what writer Craig Mod has called "the world's oldest networked publishing platform." For us, the inbox is becoming a more attractive medium than the news feed...

For me, the change has happened slowly, but the reasons for it were unmistakable. Every time I was on Twitter, I felt worse. I worried about being too connected to my phone, too wrapped up in the latest Twitter dunks... Now, when I feel the urge to tweet an idea that I think is worth expounding on, I save it for my newsletter... It's much more fun than mediating political fights between relatives on my Facebook page or decoding the latest Twitter dustup...

"You don't have to fight an algorithm to reach your audience," Casey Newton, a journalist who writes The Interface, a daily newsletter for technology news site The Verge, told me. "With newsletters, we can rebuild all of the direct connections to people we lost when the social web came along."
The article suggests a broader movement away from Facebook's worldview to more private ways of sharing, like Slack . "We felt this growing sense of despair in traditional social media," says the CEO of Substack, makers of a newsletter-writing software. "Twitter, Facebook, etc. -- they've all incentivized certain negative patterns."