T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. From a report: Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying "Caller Verified" if they have a supported phone. Unfortunately, there's only one supported phone -- Samsung Galaxy Note 9 -- for the time being. Call verification won't put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you're getting an incoming call from someone you may know. Call verification is meant to combat that.

Google Drive has a pretty bad spam problem, and it seems Google doesn't care. Spammers can share files that automatically appear in your Drive, and there's no way to stop it. From a report: Google Drive's sharing system is the problem. Since it doesn't offer any sharing acceptance, all files and folders shared with your account are automatically available to you in Drive -- they just show up. To make matters worse, if you only have "View" permission, you can't remove yourself from the share. It's a mess. And to make matters even worse, this is far from a new problem, but Google still hasn't done anything to fix it.

Google got back to us with a statement saying that changes are coming to Drive's sharing features and they're"making it a priority." Here's the statement in full: "For the vast majority of users, the default sharing permissions in Drive work as intended. Unfortunately, this was not the case for this user and we sincerely apologize for her experience. In light of this issue, we are evaluating changes to our spam, abuse, and blocking features that will prevent this kind of activity from taking place on Drive. In the interim, users who are experiencing similar issues can remove themselves from the folder, and the folder should not reappear in either 'My Drive' or 'Shared with Me' unless they revisit it."

hmckee writes: OSNews was offline for a few days for upgrades. It is now back up with a message that indicates they encountered a data breach and considered going offline for good due to maintenance and financial difficulties. "Our best guess is that someone was able to exploit a vulnerability in old, unmaintained code in the site's content management system, and made off with at least some user data, which may be as little as a few user records or, at worst, our entire database," writes Publisher David Adams. "Your email addresses were in there, and the encryption on the passwords wasn't up to modern standards (unsalted SHA1). [...] Other than potential spam, though, we're not aware of any other nefarious use of your data, we don't store much beyond email addresses and passwords..."

David goes on to cite poor advertising revenues and a lack of time for reasons to throw in the towel and go offline permanently.

The developer of the popular image editing tool Paint.NET, Rick Brewster, has shared his vision of what the coming year holds for his software. The 2019 roadmap for Paint.NET is an exciting one, promising migration to .NET Core, support for brushes and pressure sensitivity, and an expanded plugin system. BetaNews: Changes are on the cards for app icons and improved high-DPI support -- something that may be seen as mere aesthetic by some, but important changes by others. Switching to .NET Core could have big implications for the software, as Brewter explains: "It's clear that, in the long-term, Paint.NET needs to migrate over to .NET Core. That's where all of the improvements and bug fixes are being made, and it's obvious that the .NET Framework is now in maintenance mode. On the engineering side this is mostly a packaging and deployment puzzle of balancing download size amongst several other variables. My initial estimations shows that the download size for Paint.NET could balloon from ~7.5MB (today) to north of 40MB if .NET Core is packaged 'locally'. That's a big sticker shock... but it may just be necessary."

And, for those who're interested: the move to .NET Core will finally enable a truly portable version of Paint.NET since. Proposals for better DDS support and brushes and pressure sensitivity will be welcomed by digital artists, and there can be few users who are not excited at the prospect of an expanded plugin system.

An anonymous reader shares a report: According to the yearly report published by Stockholm-based phone number-identification service Truecaller, spam calls grew by 300 percent year-over-year in 2018. The report also found that telecom operators themselves are much to blame. Between January and October of this year, Truecaller said, users worldwide received about 17.7 billion spam calls. That's up from some 5.5 billion spam calls they received last year.

One of the most interesting takeaways from the report is a sharp surge in spam calls users received in Brazil this year, making it the most spammed country in the world. According to Truecaller, an average user in Brazil received over 37 spam calls in a month, up from some 20 spam calls during the same period last year. According to the report, telecom operators (at 32 percent) remained the biggest spammers in Brazil. The report also acknowledged the general election as an event that drove up spam calls in the country. As in Brazil, Indians were bombarded by telecom operators (a whopping 91 percent of all spam calls came from them) and service providers trying to sell them expensive plans and other offerings.

Spam calls received by users in the U.S. were down from 20.7 calls in a month to 16.9, while users in the U.K. saw a drop in their monthly dose of spam calls from 9.2 to 8.9. [...] Truecaller also reported that scam calls subjecting victims to fraud attempts and money swindling are still a prevalent issue. One in every 10 American adults lost money from a phone scam, according to a yearly report the firm published in April this year.

An anonymous reader quotes a report from CNET: The Federal Communications Commission said it's getting tough on text message spam by clarifying that phone companies can block unwanted texts. At its monthly meeting Wednesday, the Republican-led agency voted 3-1 to classify SMS text messages as a so-called Title I information service under the Telecom Act. The three Republicans on the FCC, which voted to adopt the classification, said this would allow phone companies to block spam text messages.

FCC Chairman Ajit Pai said the new classification would empower wireless providers to stop unwanted text messages. "The FCC shouldn't make it easier for spammers and scammers to bombard consumers with unwanted texts," he said during the meeting. "And we shouldn't allow unwanted messages to plague wireless messaging services in the same way that unwanted robocalls flood voice services." But he said that's what would happen if the FCC were to classify text messages as a Title II telecommunications service under the law. Jessica Rosenworcel, the lone Democrat on the FCC, disagrees with the classification. "Today's decision offers consumers no new ability to prevent robotexts," she said."It simply provides that carriers can block our text messages and censor the very content of those messages themselves."

She says the FCC did the same thing to the internet last year when it repealed Obama-era net neutrality rules. "That means on the one-year anniversary of the FCC's misguided net neutrality decision -- which gave your broadband provider the power to block websites and censor online content -- this agency is celebrating by expanding those powers to also include your text messages," she added.

After months of back and forth, Apple has permitted Indian telecom regulator TRAI to release its anti-spam app on the App Store. The app, called TRAI DND - Do Not Disturb, went live on the iPhone app store on Friday. The free app, a version of which has existed on Android platform since 2016, allows customers to block unsolicited texts and calls from marketers, a rampant issue that continues to plague customers in India.

The app has been the subject of months-long, heated argument between Apple and TRAI. Apple had argued that the app, which by design accesses message and call logs of a user, violates its privacy policy. The company, however, had agreed to provide some help to the regulator to tap into new iOS features to build the "Do Not Disturb" app. In response, R.S. Sharma, who heads the Telecom Regulatory Authority of India, had threatened to take legal action against Apple. "This is unjust, it shows the approach and attitude of this company," he told Reuters in March.

Further reading: Apple approves Indian government's Do Not Disturb app, avoiding iPhone ban.

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

The FCC has unveiled a new proposal as part of its plan to help reduce unwanted phone and text spam. From a report: In a move that's sure to make wireless operators happy, the FCC at its December meeting will consider a draft Declaratory Ruling on text messaging that would formally rule text messaging services are information services, not telecommunications services. That means carriers will be able to continue using robotext-blocking and anti-spoofing measures to protect consumers from unwanted text messages. Chairman Ajit Pai revealed the plan in a blog post highlighting items on the Dec. 12 meeting agenda.

"Today's wireless messaging providers apply filtering to prevent large volumes of unwanted messages from ever reaching your phone," Pai wrote. "However, there's been an effort underway to put these successful consumer protections at risk. In 2015, a mass-texting company named Twilio petitioned the FCC, arguing that wireless messaging should be classified as a 'telecommunications service.' This may not seem like a big deal, but such a classification would dramatically curb the ability of wireless providers to use robotext-blocking, anti-spoofing, and other anti-spam features."

That's why he's circulating a Declaratory Ruling that would instead classify wireless messaging as an "information service," denying Twilio's petition [PDF]. "Aside from being a more legally sound approach, this decision would keep the floodgates to a torrent of spam texts closed, remove regulatory uncertainty, and empower providers to continue finding innovative ways to protect consumers from unwanted text messages," Pai said.

An anonymous reader quotes a report from Ars Technica: A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Twitter is updating its reporting process to allow you to report accounts that you suspect are bots. "Now, when you tap the 'it's suspicious or spam' option under the report menu, you'll be able to specify why you think that, including an option to say 'the account tweeting this is fake,'" reports The Verge. From the report: Twitter announced the change through its official safety account today, and it's now live on both the web version and mobile version of the service. You can see an example of the mobile report flow pertaining to this update [via a tweet from @TwitterSafety.] According to a Twitter spokesperson, "The new reporting flow will allow us to collect more detailed information so we can identify and remove spam more effectively. With more details to review, we'll be adding more resources to our review processes."

When a Stanford researcher removed all the duplicate and fake comments filed with the Federal Communications Commission last year, he found that 99.7 percent of public comments -- about 800,000 in all -- were pro-net neutrality. From a report: "With the fog of fraud and spam lifted from the comment corpus, lawmakers and their staff, journalists, interested citizens and policymakers can use these reports to better understand what Americans actually said about the repeal of net neutrality protections and why 800,000 Americans went further than just signing a petition for a redress of grievances by actually putting their concerns in their own words," Ryan Singel, a media and strategy fellow at Stanford University, wrote in a blog post Monday. Singel released a report [PDF] Monday that analyzed the unique comments -- as in, they weren't a copypasta of one or dozens of other letters -- filed last year ahead of the FCC's decision to repeal federal net neutrality protections. That's from the 22 million total comments filed, meaning that more than 21 million comments were fake, bots, or organized campaigns.

Facebook is purging hundreds of accounts and pages in the U.S., many of which spread political misinformation, for breaking the company's terms against "inauthentic" content and spam. The Verge reports: The company said in a blog post that 559 pages and 251 accounts would be removed. While the accounts used "sensational political content," Facebook did not say that was the reason for the purge. Instead, the accounts and pages will be taken down after they had "consistently broken" the company's rules against gaming its platform. Facebook noted that many used strategies like posting on fake or multiple accounts to generate traffic, or to inflate their popularity. Still, Facebook noted the proximity to the U.S. midterm elections, and said that networks like the ones it removed today are "increasingly" promoting political content that is "often indistinguishable from legitimate political debate." The company said this was the reason it has turned to "behavior" instead of "content" when searching for bad actors.

An anonymous reader writes: This October will see the fifth annual Hacktoberfest, "a month-long celebration of open source software run by DigitalOcean in partnership with GitHub and Twilio." Basically you sign up any time in October, then submit five quality pull requests to public GitHub repositories to win a t-shirt and stickers. (Issues and commits don't count, only pull requests created after October 1st -- but pull requests will still count even if they're not accepted or merged, "unless they are spam, irrelevant, or tagged as invalid.") "No contribution is too small -- bug fixes and documentation updates are valid ways of participating."
Here's Microsoft's own announcement about the event from their Open Source blog: We're excited to announce that we're participating in this year's Hacktoberfest! An annual celebration of all things open source, Hacktoberfest launched as a partnership between DigitalOcean and GitHub in 2014 and rallies a global community of contributors, with last year's event drawing more than 30K participants and nearly 240K pull requests.

This October, we'll recognize anyone who submits a pull request to one of our open source projects with a special limited-edition T-shirt (more details below)... Our projects span nearly all areas of computing, from developer tools and frameworks like .NET Core, Microsoft Cognitive Toolkit, Visual Studio Code, and Visual Studio Tools for Xamarin to Kubernetes tooling like Draft and the Service Fabric container orchestrator. Any contributions are welcome, so explore our GitHub repos, find something that interests you, and submit your first (or 100th) pull request.
Microsoft's t-shirt design includes a cameo appearance by.... Clippy, Microsoft's widely beloved default assistant for Office 2000/XP/2003.

An anonymous reader shares commentary on the new devices Microsoft unveiled Tuesday: At a low-key event held in a New York City warehouse, Microsoft unveiled its next iterations in the Surface lineup. Sitting in the audience, I saw the most coherent device strategy in the industry, from a company that's slowly built a hardware business from the ground up. The company took just an hour to unveil sweeping updates to its existing hardware, and what's clear after the dust has settled is that Microsoft's hardware division is a force to be reckoned with. Apple's dominance on the high-end laptop space looks shakier than ever, because Microsoft's story is incredibly compelling. Rather than building out a confusing, incompatible array of devices, Microsoft has taken the time to build a consistent, clear portfolio that has something to fit everyone across the board.

[...] What's interesting about this is the Surface hardware is now incredibly consistent across the board, making it dead simple for consumers to choose a device they like. Each device offers high quality industrial design, with consistent input methods regardless of form factor, and a tight software story to boot. That matters. Every single one of these machines has a touchscreen, supports a high-quality stylus, and current generation chipsets. The only question is which device fits your lifestyle, and whether or not you want the faster model. The peripherals work across every machine, and Microsoft has clearly gone to lengths with Timeline and Your Phone to make the software as seamless as you'd expect in 2018. Microsoft, it seems, has removed all of the barriers to remaining in your 'flow.' Surface is designed to adapt to the mode you want to be in, and just let you do it well. Getting shit done doesn't require switching device or changing mode, you can just pull off the keyboard, or grab your pen and the very same machine adapts to you. It took years to get here, but Microsoft has nailed it. By comparison, the competition is flailing around arguing about whether or not touchscreens have a place on laptops. The answer? Just let people choose.

At 2:18 p.m. Eastern on Wednesday, cellphones across the United States will emit the ominous ring of an emergency presidential alert. From a report: It will be the first nationwide test of a wireless emergency alert system, designed to warn people of a dire threat, like a terror attack, pandemic or natural disaster. There is no opting out, which has already prompted a lawsuit. "THIS IS A TEST of the National Wireless Emergency Alert System," it will read. "No action is needed." Two minutes later, televisions and radios will show test alerts. There is no notification plan for landlines. Officials say they believe that the wireless test will reach about 75 percent of the cellphones in the country, though they hope the number is higher. It could take up to 30 minutes for the alerts to be transmitted to all devices.

Some things that could interfere: ongoing phone calls or data transmission, a device that is turned off or out of range, and smaller cellphone providers that are not participating in the program. The test, originally planned for last month but delayed by Hurricane Florence, is the culmination of many years of work. The federal government developed a system to issue the alerts, which are scripted in coordination with numerous government agencies. They are limited to 90 characters, but will be expanded to 360 in the future. The Communications Act of 1934 gives the president the power to use communications systems in case of an emergency, and a 2006 law called for the Federal Communications Commission to work with the wireless industry to transmit such messages.

Vivaldi announced Wednesday it has released a major update to its namesake desktop web browser, remaining as one of the rare companies that is still attempting to fight Google's monopoly in the space. Major features in Vivaldi 2.0 include: Syncing browsers across computers:Version 2.0 allows users to sync data, including bookmarks, passwords, autofill information, and history. Vivaldi uses its own servers to store the data, which is all encrypted end-to-end.
Panels: These are expandable, multi-tasking dashboards that can be opened in the sidebar.
Tab management: Additional features are included that allow for better searching through tabs, stacking them, and even renaming them.
History: Offers new ways to track your usage, including generating statistics and a visual history feature. Vivaldi was founded by Jon von Tetzchner, who also co-founded Opera and served as its chief executive for a number of years. Jon has been vocal about what many find unfair tactics employed by Google and Microsoft to aggressively expand the user bases of their respective browsers. Slashdot had a chance to speak with Jon recently: Slashdot: One of the biggest complaints that people have about browsers today is just how much memory they consume. Is it a lost-cause? What is Vivaldi doing to address this?
Jon: This is very true. Browsers can use a lot of memory. We have worked hard to reduce that load. The most important thing we have done there is the lazy loading of tabs. When you have a lot of tabs, you use a lot of memory, but with Vivaldi, we will only load the tabs once you need them. We also have the ability to hibernate background tabs, by right clicking the tab bar, which will free up a lot of memory. Besides this we are always looking at how to make the browser use less memory and be faster. There is a lot of details there, but with the feedback from our users, we continue to improve every single part of the browser.

Slashdot: You are offering a browser, and a web email client and service provider. Is Vivaldi attempting to offer a catalog of services? And if so, what more could we expect from the company in the long-term?
Jon: The focus for us is the browser, but we believe the browser should be able to do more than it does today, so we will continue to expand on the features we offer in the browser. We have been open about the fact that we aim to provide an email client in the browser, but that will come in the future, but we are, as you pointed out, providing the free email service. This is in addition to our free blog, forums and sync service. We feel there is a need for these services, free from ads and free from building of super profiles. Our free webmail service is thus without ads and we do not scan mails, except for spam and viruses. We will continue to add services to support the browser or where we feel a service supplements the browser in a good way.

Slashdot: You have been vocal about some of the tactics Google and Microsoft use to promote their own browsers. Following the news cycle, we don't think things have changed much. What's your view on it?
Jon: No, sadly things have not changed much. Microsoft continues to push their browser in their operating system, at times taking over the default browser as well. They also block competing browsers on their Windows 10S. Google sadly blocks some competing browsers from using their services, even browsers such as Vivaldi, that is based on Chromium. We need to change our identity when visiting many Google services. I guess my feeling is that those large companies should not and should not need to behave this way.

Slashdot: Chrome continues to be a market leader. Firefox, despite some of its recent changes, has lost some of the market. How hard is it for a browser company to survive these days? And why is it important that someone continues to fight back?
Jon: We all know that browser choice is a good thing, even more so than for most other products. The browser is your view into the Internet and we all spend a lot of time there. Healthy competition means product innovation and lower prices (this is not only about the price of the product, but also what you have to give up in other ways, such as your private information). Monopolies tend slow down innovation and also there is a tendency for them to use their position in one market to attack another.
It is not trivial to compete with these large corporations, but it is something we enjoy. We fight for our users and for the future of the Internet. That is definitely something worth fighting for.

Slashdot: Are you folks still working on a mobile browser?
Jon: Indeed we are. We aim to get it out there as soon as we can. We are ramping up the team after then 2.0 release to move faster. Further reading: The Next Web, and VentureBeat.

Long-time Slashdot reader kwelch007 writes: I finally gave in, after years of Android loyalty, because the iPhone and Apple Watch just worked, so I was told (and it is true). I changed from my Motorola Maxx for an iPhone 7, because I wanted the Apple Watch. Shortly after, I purchased a second-hand Apple Watch Series 1. I have never looked back...and I'm happy with it.

Last week, I was able to buy an Apple Watch Series 4 with the exact specs I wanted... Wow! The screen is a ton bigger than my Series 1. I noticed right away when it asked me to set my passcode...the buttons were WAY bigger! It truly has the "side-to-side" screen...it's noticable... "Walkie Talkie" is super convenient (used with my associate who told me that it was in stock at Best Buy...)

Cool:

1) It's big, but not much bigger on your wrist than the 42mm versions previous...rather, the screen is bigger, brighter, and more usable.
2) The speakers and mics are far and away better than previous versions of the Apple Watch.
But they don't yet have access to "the highly-touted 'ECG' capability". (Fortune reports it was only approved by America's FDA the day before the launch event -- and isn't yet available for "international" customers.) And the software also isn't ready yet for "Fall Protection," a feature which calls emergency responders if it detects that you've fallen to the ground and you don't respond to prompts for the next 60 seconds. ("The feature is automatic with Watch owners who identify themselves as 65 and up," USA Today reported last week.)

"I spoke to several people in their 40s or 50s who said the same thing: they were already considering buying Series 4 watches for their parents for this feature alone," reported Daring Fireball, and both sites concluded that excitement was actually higher for Apple's new watches than it was for their new iPhones. ("We're talking about a device used by over a billion people -- the iPhone," writes USA Today, "compared with an accessory that analysts say have sold about 15 million units.") Daring Fireball acknowledges that the Apple Watch isn't the "nicest" watch in the world, but it's definitely the nicest if you compare it only to other smart watches and fitness trackers. (Though "that's like saying you're the richest person in the poorhouse.") But what do Slashdot readers think?

Is anyone considering an Apple Watch 4?

"LinkedIn Sucks" writes TechCrunch's John Biggs: I hate LinkedIn. I open it out of habit and accept everyone who adds me because I don't know why I wouldn't. There is no clear benefit to the social network. I've never met a recruiter on there. I've never gotten a job. The only messages I get are spam from offshore dev teams and crypto announcements. It's like Facebook without the benefit of maybe seeing a picture of someone's award-winning chili or dog. I understand that I'm using LinkedIn wrong. I understand I should cultivate a salon-like list of contacts that I can use to source stories and meet interesting people. But I have my own story-sourcing tools and my own contacts. It's not even good as a broadcast medium....

LinkedIn is a spam garden full of misspelled, grunty requests from international software houses that are looking, primarily, to sell you services. Because it's LinkedIn it's super easy to slip past any and all defenses against this spam.... I know people have used LinkedIn to find jobs. I never have. I know people use LinkedIn to sell products. It's never worked for me.
The article ends with advice for people trying to contact him on LinkedIn for promotional purposes. "LinkedIn isn't a game. It isn't an alternative to MailChimp. It's a conversational tool. Use it that way." But what do Slashdot's readers think? Is LinkedIn a valuable resource for finding recruiters and job offers, interesting perspectives, and updates on your friends' careers?

Or does LinkedIn suck?

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems. From a report: Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected. The report also finds an 80 percent increase impersonation attacks in comparison to last quarters' figures. Additionally, 19,086,877 pieces of spam, 13,176 emails containing dangerous file types, and 15,656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.