"Every hour, YouTube deletes nearly 2,000 channels," reports the New York Times. "The deletions are meant to keep out spam, misinformation, financial scams, nudity, hate speech and other material that it says violates its policies.

"But the rules are opaque and sometimes arbitrarily enforced," they write — and sometimes, YouTube does end up making mistakes. (Alternate URL here...) The gatekeeper role leads to criticism from multiple directions. Many on the right of the political spectrum in the United States and Europe claim that YouTube unfairly blocks them. Some civil society groups say YouTube should do more to stop the spread of illicit content and misinformation... Roughly 500 hours of video are uploaded to YouTube every minute globally in different languages. "It's impossible to get our minds around what it means to try and govern that kind of volume of content," said Evelyn Douek, senior research fellow at the Knight First Amendment Institute at Columbia University. "YouTube is a juggernaut, by some metrics as big or bigger than Facebook."

In its email on Tuesday morning, YouTube said Novara Media [a left-leaning London news group] was guilty of "repeated violations" of YouTube's community guidelines, without elaborating. Novara's staff was left guessing what had caused the problem. YouTube typically has a three-strikes policy before deleting a channel. It had penalized Novara only once before... Novara's last show released before the deletion was about sewage policy, which hardly seemed worthy of YouTube's attention. One of the organization's few previous interactions with YouTube was when the video service sent Novara a silver plaque for reaching 100,000 subscribers...

Staff members worried it had been a coordinated campaign by critics of their coverage to file complaints with YouTube, triggering its software to block their channel, a tactic sometimes used by right-wing groups to go after opponents.... An editor, Gary McQuiggin, filled out YouTube's online appeal form. He then tried using YouTube's online chat bot, speaking with a woman named "Rose," who said, "I know this is important," before the conversation crashed. Angry and frustrated, Novara posted a statement on Twitter and other social media services about the deletion. "We call on YouTube to immediately reinstate our account," it said. The post drew attention in the British press and from members of Parliament.

Within a few hours, Novara's channel had been restored. Later, YouTube said Novara had been mistakenly flagged as spam, without providing further detail.
"We work quickly to review all flagged content," YouTube said in a statement, "but with millions of hours of video uploaded on YouTube every day, on occasion we make the wrong call "

But Ed Procter, chief executive of the Independent Monitor for the Press, told the Times that it was at least the fifth time that a news outlet had material deleted by YouTube, Facebook or Twitter without warning.

An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. BleepingComputer reports: Shane Huntley, who is at the helm of Google's Threat Analysis Group (TAG) that responds to government-backed hacking, notes that the higher-than-usual number of alerts this month comes from "from a small number of widely targeted campaigns which were blocked." The campaign from APT28, also known as Fancy Bear, lead to a larger number of warnings for Gmail users across various industries. In a statement sent by a Google spokesperson, Huntley says that Fancy Bear's phishing campaign accounts for 86% of all the batch warnings delivered this month. He explains that these notifications indicate targeting of the recipient, not a compromise of their Gmail account: "So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions."

Huntley says that these warnings are normal for individuals such as activists, journalists, government officials, or people that work national security structures because that's who government-backed entities are targeting. All the phishing emails from the Fancy Bear campaign were blocked by Gmail and did not land in the users' inboxes as they were automatically classified as spam. "As we've previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies," Huntley said.

Ukrainian police have reportedly arrested two members of a ransomware gang -- and while some have fingered REvil, no firm details have been published by cops from multiple countries. The Register reports: A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "two prolific ransomware operators known for their extortionate demands," claimed to be up to [$81.3 million]. One of the two suspects arrested on September 28, according to the National Police of Ukraine, was a "hacker." The other allegedly "helped to withdraw money obtained by criminal means." $1.3m in cryptocurrency was said to have been frozen. A multinational police operation with input from France's National Gendarmerie and the US Federal Bureau of Investigation helped lead the Ukraine cops to their targets, with support from Europol and Interpol.

The 25-year-old suspect allegedly deployed "virus software," compromising remote-working software, with one attack vector being "through spam-mailings on corporate e-mail boxes of malicious content." "In total, the hacker attacked more than 100 foreign companies in North America and Europe," said the Ukrainian police, adding that they blamed the 25-year-old arrestee for causing $150m of damage to Western organizations. [...] Numerous people speculated on Twitter that the latest Ukrainian arrests were members of the REvil ransomware gang. This was based solely on Europol's claim that the two main accused had once issued an "extortionate" [$81.3 million] ransom demand, which has not been repeated by cops in Ukraine. REvil once issued a ransom demand for $70 millionagainst managed service provider Kaseya) but that is not the same sum...

Cloudflare, the internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. From a report: On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they're made for use on top of any email hosting a customer already has, whether it's provided by Google's Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary.

"I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren't sure there was anything for us to do in the space," Prince says. "But what's become clear over the course of the last two years is that email security is still not a solved issue." Prince says that Cloudflare employees have been "astonished by how many targeted threats were getting through Google Workspace," the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use.

Gizmodo highlights the findings of a new ProPublica report on WhatsApp's content moderation system. What they found was that there are at least 1,000 WhatsApp content moderators employed by Facebook's moderator contract firm Accenture to review user-reported content that's been flagged by its machine learning system. "They monitor for, among other things, spam, disinformation, hate speech, potential terrorist threats, child sexual abuse material (CSAM), blackmail, and "sexually oriented businesses,'" reports Gizmodo. "Based on the content, moderators can ban the account, put the user 'on watch,' or leave it alone." From the report: Most can agree that violent imagery and CSAM should be monitored and reported; Facebook and Pornhub regularly generate media scandals for not moderating enough. But WhatsApp moderators told ProPublica that the app's artificial intelligence program sends moderators an inordinate number of harmless posts, like children in bathtubs. Once the flagged content reaches them, ProPublica reports that moderators can see the last five messages in a thread.

WhatsApp discloses, in its terms of service, that when an account is reported, it "receives the most recent messages" from the reported group or user as well as "information on your recent interactions with the reported user." This does not specify that such information, viewable by moderators, could include phone numbers, profile photos, linked Facebook and Instagram accounts, their IP address, and mobile phone ID. And, the report notes, WhatsApp does not disclose the fact that it amasses all users' metadata no matter their privacy settings.

WhatsApp didn't offer much clarity on what mechanism it uses to receive decrypted messages, only that the person tapping the "report" button is automatically generating a new message between themselves and WhatsApp. That seems to indicate that WhatsApp is deploying a sort of copy-paste function, but the details are still unclear. Facebook told Gizmodo that WhatsApp can read messages because they're considered a version of direct messaging between the company and the reporter. They added that users who report content make the conscious choice to share information with Facebook; by their logic, Facebook's collection of that material doesn't conflict with end-to-end encryption. So, yes, WhatsApp can see your messages without your consent.

Cybercrime and computer security reporter Brian Krebs tells the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. From the report: The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source -- we'll call him "Bill" to preserve his requested anonymity -- has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world's major email providers each day. Bill said he's not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.

In about half the cases the credentials are being checked via "IMAP," which is an email standard used by email software clients like Mozilla's Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds "OK" = successful access). You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim's contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold. And they seem particularly focused on stealing gift card data.

"Sometimes they'll log in as much as two to three times a week for months at a time," Bill said. "These guys are looking for low-hanging fruit -- basically cash in your inbox. Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value." According to Bill, the fraudsters aren't downloading all of their victims' emails: That would quickly add up to a monstrous amount of data. Rather, they're using automated systems to log in to each inbox and search for a variety of domains and other terms related to companies that maintain loyalty and points programs, and/or issue gift cards and handle their fulfillment. Why go after hotel or airline rewards? Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.

A new version of the classic Atari game "Centipede" will be released for consoles and PC in late September under the name "Centipede: Recharged" and sporting a more futuristic look. From a report: The game's lead developer, Adam Nickerson, first partnered with Atari for last year's "Missile Command: Recharged," which revamped another classic in a similar style. Nickerson tells Axios he first connected with Atari after discovering an email in his spam folder from an Atari official who liked his work. Atari showed him a list of franchises they had the rights to. He went with "Missile Command" first because he used to be obsessed with it.

In Facebook's "widely viewed content report" released last week, The Verge's Casey Newton noticed something arguably just as damning as the spread of COVID-19 misinformation or rise of vaccine hesitancy: almost all of the most-viewed posts on Facebook over the past quarter were effectively plagiarized from elsewhere. From the report: Facebook's report details the top 20 most widely viewed posts on the network over the past three months. One of the posts was deleted before Facebook published it. Of the remaining 19, though, only four appear to have been original. The remaining 15 had been published in at least one other place first, and were then re-uploaded to Facebook, sometimes with small changes. [...] Facebook has long been home to reappropriated content, from the freebooting scandal during 2017's pivot to video to the more recent phenomenon of Instagram's Reels being flooded with videos bearing TikTok watermarks. But this kind of dumb, cheap growth hacking should sound familiar to anyone who paid even passing attention to the 2016 election. Russia's infamous Internet Research Agency commissioned a troll army to build up big followings on innocuous-seeming Facebook pages using a wide variety of engagement bait, then gradually shifted those pages to begin sharing more divisive political memes.

That's all much harder to do now, thanks to a variety of measures Facebook has taken to make it more difficult for people to disguise their identities or countries of origin. The company now routinely removes networks of pages where the creators' identities are suspect. And it's worth saying that in the most recent election, inauthentic behavior of the 2016 variety did not play a significant role. Most importantly, Facebook now has a policy against "abusive audience building" -- switching topics and repeatedly changing a page's name for the purpose of growing a following. But it seems notable that for domestic actors, the tactics not only work, but remain the most effective way to reach a large audience five years later. Steal some questions that went viral somewhere else, spam them on your page, and presto: you're one of the most-viewed links for the entire quarter on the world's biggest social network. "The plagiarists who dominate Facebook's top 20 links are likely doing it primarily for clout and ill-gotten audience growth," Casey goes on to say. "But some of the other characters here appear to have more direct monetary incentives..."

Your inbox is now a shopping mall. From a column: Email is one of the few ways companies can reach their customers directly. In fact, people overwhelmingly say that the way they want to hear from brands is by email, Chad S. White, the head of research for Oracle Marketing Consulting, told me. That's why the mailbox software started suppressing messages -- to protect people from companies' temptation to send too many emails. In response, email marketers obsess over "deliverability," or how the content and frequency of their emails might help those messages actually hit your inbox in the first place. But that process has created new and weird feedback loops, in which some companies and certain messages might be able to reach your inbox more readily than before, while others get junked -- condemned to spam, deleted, or the like -- before you see them.

As a result, your personal inbox gradually has become less like a mailbox and more like a wormhole into every business relationship you maintain: your bank; your utility provider; your supermarket; your favorite boutiques, restaurants, housewares providers, and all the rest. It's your own digital commercial district: Opening up email is akin to visiting a little mall in your browser or on your phone, where every shop is right next to every other. A few years ago, Gmail made that metaphor concrete by introducing the promotions folder, recasting spam as marketing. When you're in the mood to shop, just drop into promotions and see what's on offer (or search for a favorite brand to see the latest wares).

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now.

Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

Florida's fired Department of Health data manager Rebekah Jones lost access to her 400,000 followers on Twitter last month — which she'd been using to criticize Florida governor Ron DeSantis for downplaying the severity of the state's Covid-19 crisis. Then Jones announced she'd be running for Congress. "This also means, under Desantis' recently signed social media law, I get to fine Twitter $250K per day until my account is restored starting July 1."

Orlando Weekly reports: After a media frenzy, Jones deleted the post. She said she was attempting to point out Gov. Ron DeSantis's "hypocrisy" in writing a law that allowed political candidates to sue media companies that ban them, while still celebrating her Twitter suspension...

The bit became real when she filed to run as an Independent in Florida's 1st congressional district on June 25...

On her campaign website, she lists eight issues on her platform: protecting Florida's environmental systems, promoting government transparency, fighting for media accountability in disinformation, giving access to representatives, ensuring the district's veterans are taken care of, scrutinizing restrictive voting laws, funding science and research, and boosting support for all levels of education. Jones says there's still room for other issues on her platform, after she talks to more residents.
Jones' GoFundMe account ("DefendScience") now directs visitors to her official campaign site if they want to make campaign contributions. (And the GoFundMe page also notes that her campaign has been endorsed by 90-year-old Daniel Ellsberg, the famous whistleblower who in 1971 leaked the Pentagon Papers, a top-secret government study on the Vietnam War.)

But the last six weeks have been a wild ride for the data scientist:

• Last month Florida's Inspector General granted official whistleblower status to Jones.
• Six days later Twitter told Slashdot they'd "permanently suspended" Jones' account "for violations of the Twitter Rules on spam and platform manipulation."
• When Jones then created a new Twitter account for her campaign, "it was suspended within a day of its creation," Orlando Weekly reports.
• Jones created a new account on Instagram named "insubordinatescientist". Yet since June 16th Instagram has also marked it as "unavailable," saying the link "may be broken, or the page may have been removed." (Since June 16th Instagram has not responded to Slashdot's request for an explanation.)
• Jones' GoFundMe page now refers visitors to an entirely different Instagram page.

Yesterday the official coronavirus coordinator for the White House reported that one in five of America's Covid-19 cases this week have come from Florida.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.

An anonymous reader quotes a report from 9to5Google: SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail. Action Launcher developer Chris Lacy today tweeted how his Google verification code -- which starts with "G-" -- featured an "SMS AD." The advertisement -- for a VPN -- includes a quick message and short URL. For those that immediately suspect this is just a phishing attempt, the verification code is legitimate and was requested by Lacy to successfully verify a login attempt. Google Messages even flagged the link/message as spam. As such, Googlers responding to the thread suspect this is an occurrence of a carrier appending an ad -- note the extra spaces -- into a real text message. It's very unlikely that Google's security teams would allow advertising into a very crucial part of the login process where end user trust is paramount.

Google issued the following statement to us today: "These are not our ads and we are currently working with the wireless carrier to understand why this happened." Google confirms that the "SMS AD" did not originate from its own advertising network. Meanwhile, it's working with the wireless carrier in question to find out what occurred. Lacy has decided "not to state the carrier for privacy reasons," and Google did not share that information either.

Florida's fired Department of Health data manager Rebekah Jones has been "permanently suspended" from Twitter, "for violations of the Twitter Rules on spam and platform manipulation," a Twitter spokesperson tells Slashdot.

Florida's Sun-Sentinel reports: Jones, a former Department of Health data manager fired for alleged insubordination, emerged as a political lightning rod as COVID-19 cases spiked in Florida last year. Supporters see her as a whistleblower speaking truth to power and exposing an effort by the state to paint a rosier picture of the pandemic. Her detractors say she has peddled disinformation for her own financial benefit, unfairly casting doubt on the reliability of Florida's COVID-19 statistics... Jones helped to build the state's online coronavirus dashboard in the early days of the pandemic. In May 2020, she was fired from her post at the Florida Department of Health, where she was manager of Geographic Information Systems. Jones said her bosses pressured her to manipulate statistics to justify reopening the state amid lockdown.
In an article Monday Forbes investigated "the curious case of Rebekah Jones' suspension," citing a researcher who specializes in Twitter fraud: There was clearly a concentrated surge in new follower activity... What is not known is whether Rebekah Jones purchased the followers herself, or whether it was a false-flag campaign meant to discredit her (someone else purchased the followers and directed them at her account to make it appear she broke Twitter's rules).

Nearly 21,000 followers were added in a short amount of time...
Following up with Twitter's spokesperson, Slashdot asked them about Forbes' theory, and whether they had evidence that Jones herself (and not one of her detractors) had perpetrated the surge in follower activity.

Twitter's response? "We have nothing further to add beyond what I shared."

Jones had already attained more than 400,000 followers, reports the Washington Post. But they also note that her suspension is now being celebrated on Twitter by Florida governor DeSantis's press secretary, "who was hired after she wrote an article calling Jones's claims 'a big lie.'" DeSantis's office also pointed to an April Twitter thread from a prominent disinformation researcher alleging that an app has surreptitiously directed thousands of users to follow a number of accounts, including Jones's. Jones responded to the researcher, according to a screenshot, with a tweet saying: "This is insane."

"I've never heard of this app," she wrote.
Jones has since opened a new account on Instagram named "insubordinatescientist".

In the latest SolarWinds mass-phishing attack, "The highest percentage of emails went to the United States, but [incident response firm] Volexity also saw a significant number of victims in Europe..." according to Security Week.

In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."

So what happens next?

The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.

Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."
There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"

"He looked back at me, and he smiled, and he said, 'We understand one another.'"

"Just days after violent conflict erupted in Israel and the Palestinian territories, both Facebook and Twitter copped to major faux pas: The companies had wrongly blocked or restricted millions of mostly pro-Palestinian posts and accounts related to the crisis," reports the Washington Post: Activists around the world charged the companies with failing a critical test: whether their services would enable the world to watch an important global event unfold unfettered through the eyes of those affected. The companies blamed the errors on glitches in artificial intelligence software.

In Twitter's case, the company said its service mistakenly identified the rapid-firing tweeting during the confrontations as spam, resulting in hundreds of accounts being temporarily locked and the tweets not showing up when searched for. Facebook-owned Instagram gave several explanations for its problems, including a software bug that temporarily blocked video-sharing and saying its hate speech detection software misidentified a key hashtag as associated with a terrorist group.

The companies said the problems were quickly resolved and the accounts restored. But some activists say many posts are still being censored. Experts in free speech and technology said that's because the issues are connected to a broader problem: overzealous software algorithms that are designed to protect but end up wrongly penalizing marginalized groups that rely on social media to build support... Despite years of investment, many of the automated systems built by social media companies to stop spam, disinformation and terrorism are still not sophisticated enough to detect the difference between desirable forms of expression and harmful ones. They often overcorrect, as in the most recent errors during the Israeli-Palestinian conflict, or they under-enforce, allowing harmful misinformation and violent and hateful language to proliferate...

Jillian York, a director at the Electronic Frontier Foundation, an advocacy group that opposes government surveillance, has researched tech company practices in the Middle East. She said she doesn't believe that content moderation — human or algorithmic — can work at scale... Palestinian activists and experts who study social movements say it was another watershed historical moment in which social media helped alter the course of events...

Payment app Venmo also mistakenly suspended transactions of humanitarian aid to Palestinians during the war. The company said it was trying to comply with U.S. sanctions and had resolved the issues.

Slashdot reader AleRunner writes: Ubuntu has announced that, with immediate effect Ubuntu's IRC channels are moving to libera.chat. The move follows a "hostile takeover" of Ubuntu's namespace by Freenode's new management that appears to be happening to many other distributions including Gentoo as well as other projects that have used Freenode [including channels associated with the programming languages Raku, Elixir, and Haskell].

For Ubuntu, and many other FOSS projects, Freenode has long been one of the major official forms of communication... With IRC channels often used for important system advice, and project communication, this becomes not just an inconvenience but even a security problem. For this reason Ubuntu's replacement network, libera.chat has a more clearly open organisational structure than Freenode had before being taken over.
"All told, it appears something like 700 irc.freenode.net channels have been seized and re-permissioned," reports The Register, "supposedly because the channels mentioned Libera Chat in violation of Freenode's advertising policy."

Wednesday Freenode owner Andrew Lee posted a blog post explaining that "in retrospect, we should have handled the action of closing down channels slightly differently..."

"The intent of doing this was not an attempt of a hostile takeover nor hijack like many people are saying. Since certain projects were disrupting their users' ability to chat on freenode via mass kicks, force closures, spam, we decided to enact this policy in those places which were deemed in violation and could cause an issue later...

"We believe we should have done this in a much more communicative way to circulate the right message and keep things transparent which of course did not happen. As we move forward I'd like to fully assure you that we will be working in complete commitment to restore projects, namespaces and channels that were closed on accident as a part of this event and we welcome them to use freenode as before as their very own homebase.

"Lastly, there are no excuses for this, and I'm willing to admit that I was wrong with Tuesday's move and apologize for the inconvenience that may have caused."

"The official Python software package repository, PyPI, is getting flooded with spam packages..." Bleeping Computer reported Thursday.

"Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once..." PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-... Although some of these packages are a few weeks old, BleepingComputer observed that spammers are continuing to add newer packages to PyPI... The web page for these bogus packages contain spam keywords and links to movie streaming sites, albeit of questionable legitimacy and legality...

February of this year, PyPI had been flooded with bogus "Discord", "Google", and "Roblox" keygens in a massive spam attack, as reported by ZDNet. At the time, Ewa Jodlowska, Executive Director of the Python Software Foundation had told ZDNet that the PyPI admins were working on addressing the spam attack, however, by the nature of pypi.org, anyone could publish to the repository, and such occurrences were common.

Other than containing spam keywords and links to quasi-video streaming sites, these packages contain files with functional code and author information lifted from legitimate PyPI packages... As previously reported by BleepingComputer, malicious actors have combined code from legitimate packages with otherwise bogus or malicious packages to mask their footsteps, and make the detection of these packages a tad more challenging...

In recent months, the attacks on open-source ecosystems like npm, RubyGems, and PyPI have escalated. Threat actors have been caught flooding software repositories with malware, malicious dependency confusion copycats, or simply vigilante packages to spread their message. As such, securing these repositories has turned into a whack-a-mole race between threat actors and repository maintainers.

The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack. From a report: According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. "Attackers used compromised email accounts to launch the email campaign," Microsoft said in a series of tweets last night. "The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware." First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.