Tired of taking the flak for helping spread fake news, WhatsApp will start suing parties it finds flouting its rules. Till now, it was only using machine learning to flag accounts that were abusing its anti-spam policies. From a report: The messaging platform, used by more than 1.5 billion users, confirmed on Tuesday that starting December 7 it will start considering signals off its platform to pursue legal actions against those who are abusing its system. The company will also go after individuals who -- or firms that -- falsely claim to have found ways to cause havoc on the service.

Microsoft cloud chief Scott Guthrie says the company wasn't ready to acquire GitHub in 2014. "We would have screwed it up," he tells Bloomberg. But as he sees it, there was also another problem.

"The open-source world would've rightly looked at us at the time as the antichrist. We didn't have the credibility that we have now around open source..."

An anonymous reader quotes Bloomberg's report: Since then, Microsoft has turned itself into one of the biggest developers of open-source software and has persuaded customers to trust applications built using rival tools and programs to Microsoft's Azure cloud-computing service, boosting Azure revenue and usage. More than 60 percent of the company's team that works with cloud-app developers were hired for their expertise in non-Microsoft programming tools or cloud services. A full version of the open-source Linux operating system is even being added to Windows. The efforts are bringing new software builders to the Microsoft camp.

Last June, Guthrie and Microsoft Chief Executive Officer Satya Nadella finally unveiled an agreement to acquire GitHub. While there was still some initial agita in the developer community and rivals gained some refugee users from GitHub, one year later the deal is noteworthy mainly for how little drama it's caused. Most GitHub users just continued putting their code there. "Some people were upset, but few, because Microsoft had spent years building up goodwill with the open-source community," said Matt Asay, an Adobe Inc. senior director who is a longtime open-source developer and previous Microsoft opponent. "There was a knee-jerk sort of 'remember, they're the Great Satan' reaction, but it was halfhearted."
The article also notes that after Microsoft acquired GitHub, 113,000 code repositories moved to GitLab.

Apple is taking a new step to combat spam calls in iOS 13. Today, you can already install third-party spam call screeners on your iPhone, but if that's not good enough (or something you don't want to do), iOS 13 will add a new solution this fall. From a report: iOS 13 will be able to automatically silence any calls coming in from an unknown number. Even better, it'll automatically send them to voicemail. The new "silence unknown callers" option can be toggled on or off based on your preference, but I'm thinking most people will enable it right after updating and leave it that way. The feature is explained on this page of what's new in iOS 13. So many of the spam calls we're bombarded with on a daily basis are spoofed to look like a local number. But Apple says that iOS 13 will "use Siri intelligence to allow calls to ring your phone from numbers in Contacts, Mail, and Messages." Any number that can't be found in one of those places will be routed to voicemail.

"It has become too easy to take Linux and FOSS for granted," warns a Linux Journal editorial by Doc Searls, complaining, for example, that today "We collaborate inside proprietary environments, such as Slack and Google Hangouts."

Long-time Slashdot reader whh3 wants to live differently -- and to model a different set values: After reading the recent Doc Searls article in Linux Journal, I realized that I need to get back to my roots. The first step will be to build/setup/run my own email server for my vanity domain.

The problem is, I haven't run my own email server since the 90s. It was easy back then -- there was much less SPAM and self-hosted email servers didn't have to jump through hoops to make sure that they weren't blacklisted as senders.

So, I am reaching out to this great community to find out if there are any good tutorials on modern-day best-practices for self hosting an email server. Any tips/tricks/pointers would be great appreciated!
A lot's changed in 20 years -- but for such a basic form of online communication, is it still possible to roll your own? Or are we trapped in a world where private conversations about valuing open source software take place inside Google's proprietary Gmail client.

Leave your own suggestions in the comments. How would you host your own email server?

Google is combining several technologies, including virtual phone numbers, audio transcriptions, automated reporting and analytics, in a new effort to help small business owners better manage their inbound phone calls. From a report: The company's latest project from its in-house incubator is CallJoy, launching today. Aimed at the U.S.'s 30.2 million small business owners, the system offers a low-cost customer service agent that helps block spam calls, provide callers with basic business information and redirect customers to complete their requests -- like appointment booking or placing a to-go order -- over SMS. Any other calls or questions would be directed to the main business phone number. Typically, customer service phone agents like this are out of reach for small business owners, but CallJoy is priced at a flat monthly fee of $39 to make the technology affordable.

GoDaddy removed a cluster of more than 15,000 fraudulent websites discovered by a researcher at Palo Alto Networks' Unit 42 analysis team. From a report: The scam, which sold products like weight loss pills, used breached websites to add legitimacy to its sales and involved using fake celebrity endorsements. Jeff White, the researcher at Unit 42, started researching the network of sites more than 2 years ago when he noticed spam messages that looked visually similar and used similar language. The products were sold on commission as part of an affiliate marketing program and used low initial pricing and tiny print to get people signed up for costly subscriptions. The sales took place on hacked GoDaddy websites, where hackers had set up subdomains on legitimate websites.

A "limited" number of users of Microsoft's webmail services -- which include Hotmail, Outlook.com, and MSN -- "had their accounts compromised, TechCrunch reports. "We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email. According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with -- "but not the content of any e-mails or attachments," nor -- it seems -- login credentials like passwords. Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.

arnieswap quotes TFIR's report on the black hole image: Free and Open Source software was at the heart of this image. The team used three different imaging software libraries to achieve the feat. Out of the three, two were fully open source libraries. The source code of the software is publicly available on GitHub.

Richard M Stallman, the founder of the GNU Project will be glad to see that both libraries (Sparselab and ehtim) are released under GNU GPL v3. Yes, you read it right – GNU GPL v3.

"While lawmakers debate what to do about the roboscourge, engineers have cooked up some clever ways to make bots work for us, not against us," writes the Washington Post, taking a look at apps like the $4-per-month RoboKiller -- which offers malicious "answer bots": They're voicemail messages that try to keep robots and human telemarketers on the line, listening to nonsense. Answer bot options range from Trump impersonators and extended coughing sessions to someone doing vocal exercises. Even better, RoboKiller will send you an often-hilarious recording of the interaction. (It only uses these recordings when it's very sure it's a spam call.)

Another service, called Jolly Roger, doesn't sell itself as a robocall blocker but takes this auto-generated annoyance idea a step further by actively trying to game the spammers' systems, such as when to press 1 to speak to a human. It calls this tech "artificial stupidity." It costs $11.88 per year.

It's possible you're better off not engaging with a robocall in the hopes the dialer with decide the line is dead. And it's also not clear how much these actually cost the people placing robocalls. But any time robocallers spend with your bot might be minutes they're not calling someone else, so you can think of it as community service.
I'm also not sure this does any good -- but the Post's article also includes a run-down of other robocall-blocking services available from both wireless carriers and independent companies. It recommends starting with the free YouMail app, which collates data from 10 million registered users to determine which calls to block -- and in addition, "tries to trick known robocallers into taking you off their lists by playing them the beep-beep-beep sound of a dead line."

If you live in America, you can also add your phone number to the Federal government's official "Do not call" registry. "It won't help much," writes the Post, "but it only takes 30 seconds so why not?"

Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -- usually tech support scam sites -- from flooding users with non-stop "authentication required" login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won't be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup.

Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.

Mozilla said this week that it intends to run two experiments over the course of this month to determine the most adequate way of dealing with push notification spam, a growing problem that is slowly deteriorating the web experience for everyone. From a report: The experiments will run in Firefox Nightly (v68) and Firefox Beta (v67). The Firefox Nightly experiment will run from April 1 to April 29. During this time, Mozilla said Firefox Nightly would only allow websites to show a push notification permission only after the user has clicked or pressed a key while on a website. All attempts to show a push notification permission request before a click or key press will be blocked by default. [...] In the last two weeks of the experiment, Firefox will show an icon in the URL bar, but with no visible popup on the page. Users can click this icon and accept any push notification permission requests if they wish so. Further reading: Mozilla and Scroll Partner To Test Alternative Funding Models for the Web.

Friday CNN reported on "what you can do right now to stop robocalls."

"Short of throwing your phone in the garbage, there's no way to avoid them altogether. But wireless providers and smartphone developers offer tools to filter out at least some unwanted calls." - Verizon's Call Filter app is free to download on iPhones and Android devices. The company announced Thursday the app will offer some free features -- including auto-blocking calls from known fraudsters, showing warning banners for suspicious calls, and a spam reporting tool. For $2.99 a month per line, the Call Filter app can use a phonebook feature to look up the names of unknown callers, and it can show a "risk meter" for spam calls.

- AT&T's Call Protect has similar free features and add-ons with a $3.99 per month subscription. (iOS and Android)

- T-Mobile phones come loaded with Scam ID, which warns customers about suspicious phone numbers. It's also free to activate Scam Block, which automatically rejects calls from those numbers. An additional app called Name ID offers premium caller identification for $4 per line monthly. (iOS and Android)

- Sprint's Premium Caller ID , which comes pre-installed, looks up unknown numbers and filters and blocks robocalls for $2.99 per line.

- Google's Pixel phones also give you the option to have your voice assistant answer suspicious calls for you. The phone can transcribe the conversation and lets you decide whether to answer.

The concept of the hyperlink was first outlined over 70 years ago and eventually became a central part of the web. But 30 years since the invention of the world wide web, Google, Apple, Facebook, and Amazon have skewed the original ambitions for hyperlinks, who they are for and how far they can lead you. From a feature story: The impact that Google's PageRank algorithms have had on how the commercial web chooses to deploy hyperlinks can be seen in just about any SEO (search engine optimisation) blog. Publishers and businesses are encouraged to prioritize internal links over external links that may boost the competition in Google's rankings. "Since the very moment Google came on the scene, links moved from being the defining characteristic of the web, to being a battleground. Google's core insight was that you could treat every link as, essentially, a vote for the site," says Adam Tinworth, a digital publishing strategist. Tinworth explains that Google tries to minimize the effect of these 'unnatural linking patterns', which includes comment spam and 'guest posts', but it remains part of "how the shadier side of the SEO industry operates."

With clear, financial incentives to serve Google's web spiders, which regularly 'crawl' website content to determine its placement in searches, a common strategy involves placing hyperlinks on specific 'anchor text' -- the actual words that you click on -- that benefit that site's PageRank for keywords rather than tailor links to readers. That's not inherently a problem but research from the University of Southampton, published in February, suggests it doesn't go unnoticed. [...] In the cases of Apple and Facebook, the question isn't so much how we link and how we react to them, as where we can link to and where we can follow links to. Apple News, Facebook's Instant Articles and Google AMP all propose variations on limited systems of linking back to sources of information. As for Instagram, it's based on a two-tier system: users can't add external links to posts (#linkinbio) unless they buy adverts whereas accounts with a large number of followers are able to add external links to Stories.

"Machines will need to make ethical decisions, and we will be responsible for those decisions," argues Mike Loukides, O'Reilly Media's vice president of content strategy: We are surrounded by systems that make ethical decisions: systems approving loans, trading stocks, forwarding news articles, recommending jail sentences, and much more. They act for us or against us, but almost always without our consent or even our knowledge. In recent articles, I've suggested the ethics of artificial intelligence itself needs to be automated. But my suggestion ignores the reality that ethics has already been automated... The sheer number of decisions that need to be made means that we can't expect humans to make those decisions. Every time data moves from one site to another, from one context to another, from one intent to another, there is an action that requires some kind of ethical decision...

Ethical problems arise when a company's interest in profit comes before the interests of the users. We see this all the time: in recommendations designed to maximize ad revenue via "engagement"; in recommendations that steer customers to Amazon's own products, rather than other products on their platform. The customer's interest must always come before the company's. That applies to recommendations in a news feed or on a shopping site, but also how the customer's data is used and where it's shipped. Facebook believes deeply that "bringing the world closer together" is a social good but, as Mary Gray said on Twitter, when we say that something is a "social good," we need to ask: "good for whom?" Good for advertisers? Stockholders? Or for the people who are being brought together? The answers aren't all the same, and depend deeply on who's connected and how....

It's time to start building the systems that will truly assist us to manage our data.
The article argues that spam filters provide a surprisingly good set of first design principles. They work in the background without interfering with users, but always allow users to revoke their decisions, and proactively seek out user input in ambiguous or unclear situations.

But in the real world beyond our inboxes, "machines are already making ethical decisions, and often doing so badly. Spam detection is the exception, not the rule."

"My favorite new social network doesn't incessantly spam me with notifications," brags New York Times technology writer Mike Isaac. "When I post, I'm not bombarded with @mentions from bots and trolls. And after I use it, I don't worry about ads following me around the web.

"That's because my new social network is an email newsletter." Every week or so, I blast it out to a few thousand people who have signed up to read my musings. Some of them email back, occasionally leading to a thoughtful conversation. It's still early in the experiment, but I think I love it. The newsletter is not a new phenomenon. But there is a growing interest among those who are disenchanted with social media in what writer Craig Mod has called "the world's oldest networked publishing platform." For us, the inbox is becoming a more attractive medium than the news feed...

For me, the change has happened slowly, but the reasons for it were unmistakable. Every time I was on Twitter, I felt worse. I worried about being too connected to my phone, too wrapped up in the latest Twitter dunks... Now, when I feel the urge to tweet an idea that I think is worth expounding on, I save it for my newsletter... It's much more fun than mediating political fights between relatives on my Facebook page or decoding the latest Twitter dustup...

"You don't have to fight an algorithm to reach your audience," Casey Newton, a journalist who writes The Interface, a daily newsletter for technology news site The Verge, told me. "With newsletters, we can rebuild all of the direct connections to people we lost when the social web came along."
The article suggests a broader movement away from Facebook's worldview to more private ways of sharing, like Slack . "We felt this growing sense of despair in traditional social media," says the CEO of Substack, makers of a newsletter-writing software. "Twitter, Facebook, etc. -- they've all incentivized certain negative patterns."

"The fight against robocalls can even bring telecom rivals together," reports USA Today: AT&T and Comcast said Wednesday that they can authenticate calls made between the two different phone providers' networks, a potential industry first and the latest in the long-running battle against spam calls... The system, which uses a method developed in recent years, verifies that a legitimate call is being made instead of one that has been spoofed by spammers, scammers or robocallers with a "digital signature." The recipient network then confirms the signature on its side. The companies said consumers will get a notification that a call is verified, but exactly what that will look like is not yet known.

Both AT&T and Comcast will roll out the system to home phone users later this year at no extra charge. AT&T also said it will introduce the feature to its mobile users this year... Other major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, T-Mobile, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.
The day Comcast and AT&T made their announcement, AT&T's CEO was giving a live interview that was interrupted by a robocall.

At an Economic Club event in Washington, DC today, AT&T CEO Randall Stephenson was interrupted on stage by a robocall, pausing an interview in front of dozens of people and driving home that absolutely no one is safe from the spam epidemic. From a report: Over the past few months, regulators at the Federal Communications Commission have been feeling the pressure from lawmakers and consumers who are urging them to put an end to the relentless onslaught of robocalls people receive every day. Last year, consumers received over 26.3 billion of these scammy calls and the problem only appears to be getting worse. "I'm getting a robocall, too," Stephenson said during the Economic Club event, ultimately declining the call on his Apple Watch. "It's literally a robocall."

"When your phone rings, there's about a 50 percent chance it's a spam robo-call," reports the Washington Post. Now a computer science professor who's researched robo-call technologies reveals the economics behind automatically dialing phone numbers "either randomly, or from massive databases compiled from automated Web searches, leaked databases of personal information and marketing data." It doesn't matter whether you've signed up with the federal Do Not Call Registry, although companies that call numbers on the list are supposed to be subject to large fines. The robo-callers ignore the list, and evade penalties because they can mask the true origins of their calls.... Each call costs a fraction of a cent -- and a successful robo-call scam can net millions of dollars. That more than pays for all the calls people ignored or hung up on, and provides cash for the next round. Casting an enormous net at low cost lets these scammers find a few gullible victims who can fund the whole operation...

Partly that's because their costs are low. Most phone calls are made and connected via the Internet, so robo-call companies can make tens of thousands, or even millions, of calls very cheaply. Many of the illegal robo-calls targeting the United States probably come from overseas -- which used to be extremely expensive but now is far cheaper...

Meanwhile, the Federal Communications Commission has been asking U.S. phone companies to filter calls and police their own systems to keep out robo-calls. It hasn't worked, mainly because it's too costly and technically difficult for phone companies to do that. It's hard to detect fake Caller ID information, and wrongly blocking a legitimate call could cause them legal problems.
The professor's article suggests guarding your phone number like you guard your credit card numbers. "Don't give your phone number to strangers, businesses or websites unless it's absolutely necessary."

"Of course, your phone number may already be widely known and available, either from telephone directories or websites, or just because you've had it for many years. In that case, you probably can't stop getting robo-calls."

An anonymous reader quotes a report from Bloomberg: Facebook and its Instagram unit sued four companies and three people based in China for promoting the sale of fake accounts, likes and followers that the social network giant says can be used for nefarious purposes. The Chinese companies advertised and created the fake accounts over the last two years and marketed them for sale on six websites, selling them in bulk quantities, according to a complaint filed Friday in San Francisco federal court. "Fake and inauthentic accounts can be used for spam and phishing campaigns, misinformation campaigns, marketing scams, advertising fraud, and other fraud schemes which are profitable at scale," Facebook and Instagram alleged. They said fake accounts were also created on Amazon, Apple, Google, LinkedIn and Twitter. The companies named as defendants -- 9 Xiu Shenzhen, 9 Xiu Feishu, 9 Xiufei and Home Network -- are based in Longyan and Shenzhen. They are affiliated manufacturers of electronics and hardware, as well as providers of software and online advertising services, according to the complaint.

According to a new 16-month study of 1.5 billion tweets, researchers write that Twitter still isn't keeping up with the flood of automated accounts designed to spread spam, inflate follower counts, and game trending topics. Wired reports: In a 16-month study of 1.5 billion tweets, Zubair Shafiq, a computer science professor at the University of Iowa, and his graduate student Shehroze Farooqi identified more than 167,000 apps using Twitter's API to automate bot accounts that spread tens of millions of tweets pushing spam, links to malware, and astroturfing campaigns. They write that more than 60 percent of the time, Twitter waited for those apps to send more than 100 tweets before identifying them as abusive; the researchers' own detection method had flagged the vast majority of the malicious apps after just a handful of tweets. For about 40 percent of the apps the pair checked, Twitter seemed to take more than a month longer than the study's method to spot an app's abusive tweeting. That lag time, they estimate, allows abusive apps to cumulatively churn out tens of millions of tweets per month before they're banned.

The researchers say they've been sharing their results with Twitter for more than a year but that the company hasn't asked for further details of their method or data. When WIRED reached out to Twitter, the company expressed appreciation for the study's goals but objected to its findings, arguing that the Iowa researchers lacked the full picture of how it's fighting abusive accounts. "Research based solely on publicly available information about accounts and tweets on Twitter often cannot paint an accurate or complete picture of the steps we take to enforce our developer policies," a spokesperson wrote.