Google plans to discontinue a pilot program that allows political campaigns to evade its email spam filters, the latest round in the technology giant's tussle with the GOP over online fundraising. The Washington Post reports: The company will let the program sunset at the end of January instead of prolonging it, Google's lawyers said in a filing on Monday. The filing, in U.S. District Court for the Eastern District of California, asked the court to dismiss a complaint lodged by the Republican National Committee accusing Google of "throttling its email messages because of the RNC's political affiliation and views." "The RNC is wrong," Google argued in its motion. "Gmail's spam filtering policies apply equally to emails from all senders, whether they are politically affiliated or not." [...]

While rejecting the GOP's attacks, Google nonetheless bowed to them. The company asked the Federal Election Commission to greenlight the pilot program, available to all campaigns and political committees registered with the federal regulator. The company anticipated at the time that a trial run would last through January 2023. Thousands of public comments implored the FEC to advise against the program, which consumer advocates and other individuals said would overwhelm Gmail users with spam. Anne P. Mitchell, a lawyer and founder of an email certification service called Get to the Inbox, wrote that Google was "opening up the floodgates to their users' inboxes ... to assuage partisan disgruntlement."

The FEC gave its approval in August, with one Democrat joining the commission's three Republicans to clear the way for the initiative. Ultimately, more than 100 committees of both parties signed up for the program, said Google spokesman Jose Castaneda. The RNC was not one of them, as Google emphasized in its motion to dismiss in the federal case in California. "Ironically, the RNC could have participated in a pilot program leading up to the 2022 midterm elections that would have allowed its emails to avoid otherwise-applicable forms of spam detection," the filing stated. "Many other politically-affiliated entities chose to participate in that program, which was approved by the FEC. The RNC chose not to do so. Instead, it now seeks to blame Google based on a theory of political bias that is both illogical and contrary to the facts alleged in its own Complaint." [...] "Indeed, effective spam filtering is a key feature of Gmail, and one of the main reasons why Gmail is so popular," the filing stated.

The Federal Election Commission has dismissed a complaint from Republicans that Google's Gmail app aided Democratic candidates by sending GOP fundraising emails to spam at a far higher rate than Democratic solicitations. From a report: The Republican National Committee and others contended that the alleged benefit amounted to unreported campaign contributions to Democrats. But in a letter to Google last week, the FEC said it "found no reason to believe" that Google made prohibited in-kind corporate contributions, and that any skewed results from its spam filter algorithms were inadvertent. "Google has credibly supported its claim that its spam filter is in place for commercial reasons and thus did not constitute a contribution" within the meaning of federal campaign laws, according to an FEC analysis reviewed by The Wall Street Journal.

The Republican National Committee, the National Republican Senatorial Committee and the National Republican Congressional Committee complained to the FEC last year, citing an academic study that showed that nearly 70% of emails from Republican candidates were sent to spam compared with fewer than 1 in 10 from Democrat candidates from 2019 to 2020. The RNC and other campaign committees argued that Google's "overwhelmingly disproportionate suppression of Republican emails" constituted an illegal corporate contribution to Democratic candidates. But the FEC disagreed, finding that Google established that it maintains its spam filter settings to aid its business in keeping out malware, phishing attacks and scams, and not for the purpose of benefiting any political candidates.

The US Federal Communications Commission is continuing its battle against illegal robocalls. In its latest move, the agency on Wednesday issued cease-and-desist warnings to two more companies. From a report: The warning letters indicate that voice service providers SIPphony and Vultik must "end their apparent support of illegal robocall traffic or face serious consequences," according to an FCC announcement. The FCC says its investigations show that Vultik and SIPphony have allowed illegal robocalls to originate from their networks. Each provider must take immediate action and inform the FCC of the active steps it's taking to mitigate illegal robocalls. If either fails to comply with steps and rules outlined in the letters, its call traffic may be permanently blocked.

Google has announced that it's adding a red "suspected spam caller" warning to Google Voice calls if it doesn't think they're legitimate. From a report: In a post on Thursday, the company says it's identifying spam "using the same advanced artificial intelligence" system as it does with its traditional phone app for Android. If the spam label appears, you'll also have the option of confirming that a call was spam -- in which case any future calls will be sent straight to your voicemail -- or clarifying that it wasn't, which will get rid of the label for future calls.

Google Voice has had the ability to automatically filter calls identified as spam to voicemail for years, and has also allowed you to screen calls before actually picking them up, but those options may not have been great if you're the type of person who gets a lot of important calls from unknown numbers. Google does say that you'll have to turn off the Filter Spam feature by going to Settings > Security > Filter spam if you want the automatic spam labeling.

A proposal to force cellphone companies to block certain spam texts is gaining momentum. From a report: California Attorney General Rob Bonta has expressed his support for a proposal by the Federal Communications Commission (FCC) to put an end to illegal and malicious texts. By doing so, he joined attorneys general from the other 49 states and Washington D.C., who had all previously expressed their support of the proposal. In a letter signed by all 51 attorneys general to the FCC, supporting them in their hopes to require cellular providers to block illegal text messages from invalid or unused numbers, as well as blocking any phone numbers found on a "do not originate" list, numbers which have previously been proved to have been used for fraudulent activity.

Trade groups that represent Meta and Alphabet's Google said they asked the US Supreme Court to overturn a Texas law that would sharply restrict the editorial discretion of social media companies. From a report: The appeal by NetChoice and the Computer & Communications Industry Association contends the Texas law violates the First Amendment by forcing social media companies to disseminate what they see as harmful speech and putting platforms at risk of being overrun by spam and bullying. The law "would wreak havoc by requiring transformational change to websites' operations," the groups argued. The New Orleans-based 5th US Circuit Court of Appeals upheld the law in September but left the measure on hold to allow time for an appeal to the Supreme Court.

The Texas law bars social media platforms with more than 50 million users from discriminating on the basis of viewpoint. Texas Governor Greg Abbott and other Republicans say the law is needed to protect conservative voices from being silenced. The appeal adds a new layer to a Supreme Court term that could reshape the legal rules for online content. The justices are already considering opening social media companies to lawsuits over the targeted recommendations they make to users.

An anonymous reader quotes a report from Ars Technica: YouTube has announced a plan to crack down on spam and abusive content in comments and livestream chats. Of course, YouTube will be doing this with bots, which will now have the power to issue timeouts to users and instantly remove comments that are deemed abusive. YouTube's post says, "We've been working on improving our automated detection systems and machine learning models to identify and remove spam. In fact, we've removed over 1.1 billion spammy comments in the first six months of 2022." It later adds, "We've improved our spambot detection to keep bots out of live chats."

When YouTube removes a message, the company says it will warn the poster that the message has been removed. The company adds, "If a user continues to leave multiple abusive comments, they may receive a timeout and be temporarily unable to comment for up to 24 hours." [...] It does not appear that YouTube is involving channel owners in any of these moderation decisions. Note that the post says YouTube will warn the poster (not the channel owner) of automated content removal and that if users disagree with the automated comment removal, they can "submit feedback" to YouTube. The "submit feedback" link on many Google products is a black hole suggestion box and not any kind of comment moderation queue, so it sounds like there will be no one that responds to a moderation dispute. YouTube says this automatic content moderation will only delete comments that violate the community guidelines—a list of pretty basic content bans—so hopefully it will stick to that.

U.S. telecom providers, under a new FCC order, will have to take "all necessary steps" to block calls from a shady communication company engaged in a mass robocall scam preying on people seeking student loan forgiveness. From a report: The scammer company, called Urth Access, LLC, would reportedly spam users with calls urging them to forfeit their personal information or pay a fee in order to receive up to around $10,000 in student loan debt relief. Many of the scams reportedly referred to the Biden Administration's student loan forgiveness plan to give the messages a semblance of credibility. Though numerous fraudsters took part in the scam, an investigation conducted by the FCC and its private partner YouMail said Urth Access stood apart as the largest, accounting for around 40% of the robocalls in October.

"Scam robocalls try to pull from the headlines to confuse consumers," FCC Commissioner Jessica Rosenworcel said in a statement. "Trying to take advantage of people who want help paying off their student loans. Today we're cutting these scammers off so they can't use efforts to provide student loan debt relief as cover for fraud." The new order asks telecommunications companies to cease accepting phone calls coming from Urath Access, or report efforts they are making to limit Urath's reach in an effort to shut down the scams.

A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board. From a report: The Department of Homeland Security review board -- a group of 15 federal government and private-sector cyber experts -- announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group. The Cyber Safety Review Board first investigated and released a report with security recommendations in July about the Log4j open-source software vulnerability that affected millions of devices last year.

Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.

Microsoft has released its first Digital Transparency Report for the Xbox gaming platform, revealing that the company took proactive action against throwaway accounts that violated its community guidelines 4.78 million times within a six-month period, usually in the form of temporary suspension. The Verge reports: The report, which provides information regarding content moderation and player safety, covers the period between January 1st and June 30th this year. It includes a range of information, including the number of reports submitted by players and breakdowns of various "proactive enforcements" (i.e., temporary account suspensions) taken by the Xbox team. Microsoft says the report forms part of its commitment to online safety. The data reveals that "proactive enforcements" by Microsoft increased almost tenfold since the last reporting period and that 4.33 million of the 4.78 million total enforcements concerned accounts that had been tampered with or used suspiciously outside of the Xbox platform guidelines. These unauthorized accounts can impact players in a variety of ways, from enabling cheating to spreading spam and artificially inflating friend / follower numbers.

A further breakdown of the data reveals 199,000 proactive enforcements taken by Xbox involving adult sexual content, 87,000 for fraud, and 54,000 for harassment or bullying. The report also claims that 100 percent of all actions in the last six-month period relating to account tampering, piracy, and phishing were taken proactively by Xbox rather than via reports made by its player base, which suggests that either fewer issues are being reported by players or the issues themselves are being addressed before players are aware of them. As proactive action has increased, the report also reveals that reports made by players have decreased significantly despite a growing player base, noting a 36 percent decline in player reports compared to the same period in 2021. A total of 33.07 million reports were made by players during the last period, with the vast majority relating to either in-game conduct (such as cheating, teamkilling, or intentionally throwing a match) or communications.

Big changes are underway at Twitter. Elon Musk, in a Twitter thread: Twitter's current lords and peasants system for who has or doesn't have a blue checkmark is bullshit. Power to the people! Blue for $8/month. Price adjusted by country proportionate to purchasing power parity.

You will also get:
- Priority in replies, mentions & search, which is essential to defeat spam/scam
- Ability to post long video & audio
- Half as many ads

And paywall bypass for publishers willing to work with us.

The social media platform Discord recently published its quarterly safety report which notes that some 55,573,411 accounts and 68,379 servers were "disabled" between January and June, 2022. From a report: According to the company, the vast majority of these were taken offline for "spam or spam-related offenses." The number of accounts that were disabled for reasons other than spam definitely pales in comparison, amounting to a mere 1,821,721. The bans in this category were mostly handed out for issues relating to "child safety" or "exploitative and unsolicited content." Discord seems to be justified in disabling these accounts and closing the affected servers, at least broadly speaking. Successful appeals came to only two percent in the first quarter and less than one percent in the second quarter of this year, meaning that of the 235,945 users who called for a second opinion about their ban, only 3,098 of them were reinstated on the platform.

An anonymous reader quotes a report from Reuters: The Republican National Committee (RNC) filed a lawsuit against Alphabet's Google on Friday for allegedly sending its emails to users' spam folders. The U.S. political committee accuses the tech giant of "discriminating" against it by "throttling its email messages because of the RNC's political affiliation and views," according to a lawsuit filed in U.S. District Court in California. "Google has relegated millions of RNC emails en masse to potential donors' and supporters' spam folders during pivotal points in election fundraising and community building," the RNC said in the lawsuit. Google rejected the claims.

Spam filters on email services typically weed out unsolicited "spam" messages and divert them to a separate folder. The RNC said that for most of the month, nearly all of its emails end up in users' inboxes but at the end of the month, which is an important time for fund-raising, nearly all of their emails end up in spam folders. "Critically, and suspiciously, this end of the month period is historically when the RNC's fundraising is most successful," the lawsuit said, adding that it does not matter whether the email is about donating, voting or community outreach. The committee said the "discrimination" had been going on for about 10 months despite its best efforts to work with Google. It said the alleged routing of its emails to spam folders had eaten up revenue and that more money would be lost in coming weeks as midterm elections loom. "As we have repeatedly said, we simply don't filter emails based on political affiliation. Gmail's spam filters reflect users' actions," Google spokesperson Jose Castaneda said in a statement. "We provide training and guidelines to campaigns, we recently launched an FEC-approved pilot for political senders, and we continue to work to maximize email deliverability while minimizing unwanted spam," he said, referring to the Federal Election Commission.

Further reading: US Approves Google Plan To Let Political Emails Bypass Gmail Spam Filter

Firefox Relay, a Mozilla service designed to hide your "real" email address by giving you virtual ones to hand out, is expanding to offer virtual phone numbers. From a report: In a blog post Mozilla product manager Tony Amaral-Cinotto explains that the relay service generates a phone number for you to give out to companies if you suspect they might use it to send you spam messages in the future, or if you think they might share it with others who will. The idea is that handing out this alternative phone number makes it easier to block spam phone calls or texts in the future. You can either block all calls or texts sent to your relay number, or just block specific contacts. Importantly it lets you keep your "real" phone number private, which is something you might want to consider if it's a number you use to receive sensitive information like two-step verification codes via SMS. Once you've signed up, the Firefox phone number masking service offers 50 minutes of incoming calls and 75 text messages a month. The phone number masking service is also more expensive at $4.99 a month (or $3.99 a month when paid annually), while the email service offers a choice between a free tier and a premium tier costing $1.99 a month ($0.99 a month when paid annually).

As Meta makes deeper inroads with businesses on WhatsApp, its biggest bet to monetize the instant messaging app with over 2 billion users, we are getting an early glimpse at how user experience might change on the free app. It's not great. From a report: Scores of people in India, WhatsApp's largest market by users with over 500 million accounts, have complained about getting too many spam texts from businesses in recent months. WhatsApp, which quickly displaced the SMS app in the country by offering free texts, is increasingly looking like that SMS app, users say. Thousands of brands in India have signed up for WhatsApp, consistently succeeding in reaching eyeballs of more than 80% users, a person familiar with the matter said, a figure miles ahead of campaigns run on emails and traditional texts. What's more annoying is that even after users have blocked some businesses, many return to the inbox from different phone numbers, according to author's account.

The Federal Communications Commission is threatening to block calls from voice service providers that have yet to take meaningful action against illegal robocalls. The Verge reports: On Monday, the FCC announced that it was beginning the process to remove providers from the agency's Robocall Mitigation Database for failing to fully implement STIR/SHAKEN anti-robocall protocols into their networks. If the companies fail to meet these requirements over the next two weeks, compliant providers will be forced to block their calls. "This is a new era. If a provider doesn't meet its obligations under the law, it now faces expulsion from America's phone networks. Fines alone aren't enough," FCC Chairwoman Jessica Rosenworcel said in a statement on Monday. "Providers that don't follow our rules and make it easy to scam consumers will now face swift consequences."

The FCC's orders target seven carriers, including Akabis, Cloud4, Global UC, Horizon Technology Group, Morse Communications, Sharon Telephone Company, and SW Arkansas Telecommunications and Technology. "These providers have fallen woefully short and have now put at risk their continued participation in the U.S. communications system," Loyaan A. Egal, FCC acting chief of the enforcement standards, said in a Monday statement. "While we'll review their responses, we will not accept superficial gestures given the gravity of what is at stake."

Security researcher Brian Krebs writes: Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world's largest corporations. It's not clear who's behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources. [...] Rich Mason, the former CISO at Fortune 500 firm Honeywell, began warning his colleagues on LinkedIn about the phony profiles earlier this week. "It's interesting the downstream sources that repeat LinkedIn bogus content as truth," Mason said. "This is dangerous, Apollo.io, Signalhire, and Cybersecurity Ventures." [...]

Again, we don't know much about who or what is behind these profiles, but in August the security firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms. None of the profiles listed here responded to requests for comment (or to become a connection).

LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a "created on" date for every profile. Twitter does this, and it's enormously helpful for filtering out a great deal of noise and unwanted communications. The former CISO Mason said LinkedIn also could experiment with offering something akin to Twitter's verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer. Mason said LinkedIn also needs a more streamlined process for allowing employers to remove phony employee accounts. He recently tried to get a phony profile removed from LinkedIn for someone who falsely claimed to have worked for his company. In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down. "We do have strong human and automated systems in place, and we're continually improving, as fake account activity becomes more sophisticated," the statement reads. "In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community -- around 96% of fake accounts and around 99.1% of spam and scam."

The Federal Communications Commission approved a long-delayed proposal to crack down on spam texts Friday night after Axios asked agency members why it hadn't moved on the issue. From a report: The number of spam text messages -- which can include links or other tricks designed to steal money or personal information -- has exploded, with the volume now exceeding that of robocalls.The proposal, which passed on a 4-0 vote, seeks comment on requiring cellphone companies to block texts from numbers known to be illegal or fraudulent. It had been awaiting a vote at the FCC for nearly a year.

The FCC will review feedback on the proposal before writing final rules, a process that can take months. The measure also seeks comment on whether carriers should use third-party analytics providers to inform blocking efforts, and whether the agency should push the wireless industry to authenticate text messages like it does for phone calls to deter robocalls, a senior FCC official told Axios. "The American people are fed up with scam texts, and we need to use every tool we have to do something about it," chairwoman Jessica Rosenworcel, a Democrat, told Axios ahead of the agency's vote.

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it." From the report: On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master's identity on the cybercrime forums to Kloster's personal blog, which featured musings on the challenges of running a company that sells "security and anonymity services to customers around the world." Kloster's blog even included a group photo of RSOCKS employees.

The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities. "I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges," Kloster reportedly told the Bulgarian court this week. "I am not a criminal and I will prove it in an American court." 24Chasa said the defendant's surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother's maiden name. As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. [...] Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.

AmiMoJo shares a report from the Mozilla Foundation: YouTube's user controls -- buttons like "Dislike " and "Not interested" -- largely fail to help users avoid unwanted recommendations like misinformation and violent content, according to new research by Mozilla. An accompanying survey also found that YouTube's controls routinely frustrate and confuse users. Indeed, Mozilla's research found that people who are experiencing unwanted recommendations and turn to the platform's user controls for assistance prevent less than half of unwanted recommendations.

This is especially troubling because Mozilla's past research shows that YouTube recommends videos that violate its very own community guidelines, like misinformation, violent content, hate speech, and spam. For example, one user in this most recent research asked YouTube to stop recommending war footage from Ukraine -- but shortly after was recommended even more grisly content from the region. The study, titled "Does This Button Work? Investigating YouTube's ineffective user controls" is the culmination of months of rigorous qualitative and quantitative research. The study was made possible by the data of more than 20,000 participants who used Mozilla's RegretsReporter browser extension, and by data about more than 500 million YouTube videos. These are the top findings, as highlighted in the report: People don't trust YouTube's user controls. More than a third (39.3%) of people surveyed felt YouTube's user controls did not impact their recommendations at all, and 23% felt the controls had a mixed response. Said one interviewee: "Nothing changed. Sometimes I would report things as misleading and spam and the next day it was back in [...] Even when you block certain sources they eventually return."

People take matters into their own hands. Our study found that people did not always understand how YouTube's controls affect their recommendations, and so took a jury rigged approach instead. People will log out, create new accounts, or use privacy tools just to manage their YouTube recommendations. Said one user: "When the Superbowl came around ... if someone recommended a particular commercial, I used to log out of YouTube, watch the commercial, and then log back in."

The data confirms people are right. The most "effective" user control was "Don't recommend channel," but compared to users who do not make use of YouTube's user controls, only 43% of unwanted recommendations are prevented -- and recommendations from the unwanted channel sometimes persist. Other controls were even less effective: The "Not Interested" tool prevented only 11% of unwanted recommendations.

YouTube can fix this problem. YouTube has the power to confront this issue and do a better job at enabling people to control their recommendations. Our research outlines several concrete suggestions to put people back into the driver's seat, like making YouTube's controls more proactive, allowing users to shape their own experience; and giving researchers increased access to YouTube's API and other tools. Further reading: YouTube Targets TikTok With Revenue Sharing For Shorts, Partner Program Expansion