A prominent critic of China based in the U.K. said Microsoft's LinkedIn froze his account and removed content criticizing the country's government, the latest in a series of allegations that the networking website had censored users -- even outside of the Asian nation -- to appease authorities in Beijing. From a report: Peter Humphrey, a British corporate investigator and former journalist who accesses LinkedIn from his home in Surrey, England, said he received notification from LinkedIn last month that comments he had published on the platform had been removed. The comments, seen by Bloomberg News, called the Chinese government a "repressive dictatorship" and criticized the country's state media organizations as "propaganda mouthpieces."

In late April, Humphrey said LinkedIn sent him several notifications that critical comments he posted about China's government and state-controlled broadcaster China Global Television Network, or CGTN, had been removed, on the grounds that the comments constituted "bullying and harassment" or "spam and scams." On April 26, Humphrey said he couldn't access his LinkedIn profile. When Humphrey tried to log in, he said he was met with a message stating his profile had been "restricted" due to "behavior that appears to violate our Terms of Service." After Bloomberg News contacted LinkedIn for comment last week, the company reinstated Humphrey's account and restored some of his comments. Others were not. "Our team has reviewed the action, based on our appeals process, and found it was an error," said Leonna Spilman, a spokeswoman for LinkedIn. Spilman declined to comment further regarding Humphrey's account.

Sci-Hub founder Alexandra Elbakyan reports that she has received a worrying email, ostensibly from Apple, revealing that law enforcement has demanded and gained access to her account data. The email indicates an FBI investigation although the precise nature of any inquiry remains unclear. From a report: In a message posted to her personal Twitter account, which is not currently subject to a suspension, Elbakyan draws attention to an email she received to one of her accounts operated by Google. "At first I thought it was spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple," she writes. As the email reveals, the apparent request to access the data from Elbakyan's account dates back more than two years but due to its nature, Apple has only just been able to reveal its existence to the Sci-Hub founder. What this is about, however, remains unclear but perhaps the more pressing question is whether it is a genuine email from Apple.

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."
NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

tiltowait writes: My organization has an acceptable use policy which forbids sending out spam. Every few months, however, the central IT office exempts itself from this rule by delivering deceptive e-mails to all employees as a test of their ability to ignore phishing scams. For those who simply delete the messages, they are a small annoyance, comparable to the overhead of having to regularly change passwords -- also done largely unnecessarily, perhaps even to the point of being another bad practice. As someone working in a departmental systems office, I can also attest that these campaigns generate a fair amount of workload from inquiries about their legitimacy. Aside from the "gotcha" angle, which perpetuates some ill will amongst staff, I can't help but think that these exercises are of questionable net value, especially with other countermeasures, such as MFA and Safelinks, already in place. Is it worth spreading misinformation to experiment on your colleagues in such a fashion?

Private equity firm Thoma Bravo has announced plans to acquire cybersecurity company Proofpoint in a deal worth $12.3 billion. VentureBeat reports: Founded in 2002 by former Netscape CTO Eric Hahn, Proofpoint was originally known for an email security product that helped businesses identify spam, viruses, and other electric correspondence that might contravene company policies. In the subsequent years, the Sunnyvale, California-based company has expanded its scope to include an array of cloud-based security products designed to protect enterprises from targeted threats. Proofpoint went public back in 2012, with its shares initially trading at around $13 -- these have grown steadily over the past decade, hitting an all-time high of $140 earlier this year and giving it a market capitalization of more than $7 billion.

Thoma Bravo has a track record of taking publicly traded cybersecurity companies private, having done just that with network security company Barracuda in a 2017 deal worth $1.6 billion and with Sophos last year for $3.9 billion. The Proofpoint deal, which is expected to close in Q3 2021, sees Thoma Bravo paying a 34% premium on Proofpoint's closing price at the last full trading day (April 23), with shareholders set to receive $176 for each share they own. It's worth noting that the $12.3 billion price tag positions this as the biggest cybersecurity acquisition of all time, putting it ahead of the $7.68 billion Intel shelled out for McAfee 11 years ago. And by VentureBeat's calculations, the Proofpoint acquisition represents one of the biggest overall technology acquisitions ever, putting it in the top 20, alongside megadeals that include Dell's $67 billion EMC purchase, IBM's $34 billion Red Hat deal, and Salesforce's impending $27.7 billion Slack acquisition.

AmiMoJo writes: The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request. Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam. Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms. Defenders of the trackers say they are a commonplace marketing tactic. And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies. Emails pixels can be used to log: if and when an email is opened, how many times it is opened, what device or devices are involved, the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on.

This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles. Hey's co-founder David Heinemeier Hansson says they amount to a "grotesque invasion of privacy". And other experts have also questioned whether companies are being as transparent as required under law about their use.

An anonymous reader quotes a report from ZDNet: Google is rolling out its virtual private network (VPN) service for subscribers of its Fi network that should help people when they're using online services on public Wi-Fi. "We plan to roll out the VPN to iPhone starting this spring," Google notes. Google is also bringing its privacy and security hub to Android devices, offering users a shortcut to features available to Android users, such as its VPN.

Finally, Fi users can expect free spam call warnings and blocking to stop identified robocalls and scams and the company is stepping up its game to protect users from SIM swapping scams. "Your Fi number is tied to your Google Account and comes with security features that protect your phone number from threats like SIM swaps -- that's when bad actors try to take someone's phone number and assign it to another SIM card without their consent," Google said. "On Fi, you receive extra layers of protection by default, including a robust account recovery process and notifications for suspicious activity. You can also enable 2-step verification for more protection."

The maker of a defunct cloud photo storage app that pivoted to selling facial recognition services has been ordered to delete user data and any algorithms trained on it, under the terms of an FTC settlement. TechCrunch reports: The regulator investigated complaints the Ever app -- which gained earlier notoriety for using dark patterns to spam users' contacts -- had applied facial recognition to users' photographs without properly informing them what it was doing with their selfies. Under the proposed settlement, Ever must delete photos and videos of users who deactivated their accounts and also delete all face embeddings (i.e. data related to facial features which can be used for facial recognition purposes) that it derived from photos of users who did not give express consent to such a use. Moreover, it must delete any facial recognition models or algorithms developed with users' photos or videos.

This full suite of deletion requirements -- not just data but anything derived from it and trained off of it -- is causing great excitement in legal and tech policy circles, with experts suggesting it could have implications for other facial recognition software trained on data that wasn't lawfully processed. Or, to put it another way, tech giants that surreptitiously harvest data to train AIs could find their algorithms in hot water with the US regulator.

Despite several efforts from carriers, telecom regulators, mobile operating system developers, smartphone makers, and a global pandemic, spam calls continued to pester and scam people around the globe this year -- and they only got worse. From a report: Users worldwide received 31.3 billion spam calls between January and October this year, up from 26 billion during the same period last year, and 17.7 billion the year prior, according to Stockholm-headquartered firm Truecaller. The firm, best known for its caller ID app, estimated that an average American received 28.4 spam calls a month this year, up from 18.2 last year. As a result, And with 49.9 spam calls per user a month, up from an already alarming 45.6 figure last year, Brazil remained the worst impacted nation to spam calls, the firm said in its yearly report on the subject. The coronavirus pandemic, however, lowered the volume of spam calls users had to field in several markets, including India, which topped Truecaller's chart for the worst nation affected three years ago. The nation, the biggest market of Truecaller, dropped to the 9th position on the chart this year with 16.8 monthly spam calls per user, down from 25.6 last year.

Three Nigerians suspected of being part of a cybercrime group that targeted tens of thousands of victims around the world have been arrested today in Lagos, Nigeria's capital, Interpol reported. From a report: In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT. Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware. To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages. The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients.

"[I]n the coming weeks," Google will show a new blanket setting to "turn off smart features" which will disable features like Smart Compose, Smart Reply, in apps like Gmail; the second half of the same prompt will disable whether additional Google products -- like Maps or Assistant, for example -- are allowed to be personalized based on data from Gmail, Meet, and Chat. Gizmodo reports: Google writes in its blog post about the new-ish settings that humans are not looking at your emails to enable smart features, and Google ads are "not based on your personal data in Gmail," something CEO Sundar Pichai has likewise said time and again. Google claims to have stopped that practice in 2017, although the following year the Wall Street Journal reported that third-party app developers had freely perused inboxes with little oversight. (When asked whether this is still a problem, the spokesperson pointed us to Google's 2018 effort to tighten security.)

A Google spokesperson emphasized that the company only uses email contents for security purposes like filtering spam and phishing attempts. These personalization changes aren't so much about tightening security as they are another informed consent defense which Google can use to repel the current regulatory siege being waged against it by lawmakers. [...] Inquiries in the U.S. and EU have found that Google's privacy settings have historically presented the appearance of privacy, rather than privacy itself. [...] So this is nice, and also Google's announcement reads as a letter to regulators. "This new setting is designed to reduce the work of understanding and managing [a choice over how data is processed], in view of what we've learned from user experience research and regulators' emphasis on comprehensible, actionable user choices over data."

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about one of those cases, and how a big company like Google might be able to lead the way in fixing it. This post is about the situation with Domain Keys Identified Mail (DKIM), a harmless little spam protocol that has somehow become a monster. My request is simple and can be summarized as follows: Dear Google: would you mind rotating and publishing your DKIM secret keys on a periodic basis? This would make the entire Internet quite a bit more secure, by removing a strong incentive for criminals to steal and leak emails. The fix would cost you basically nothing, and would remove a powerful tool from hands of thieves.

An anonymous reader quotes a report from Krebs On Security: The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named Jesse James.

But according to a report from CTV News, at a press conference late last month authorities said new DNA evidence linked to a missing persons investigation has confirmed the man's true identity as Davis Wolfgang Hawke. A key subject of the book Spam Kings by Brian McWilliams, Hawke was a Jewish-born American who'd legally changed his name from Andrew Britt Greenbaum. For many years, Hawke was a big time purveyor of spam emails hawking pornography and male enhancement supplements, such as herbal Viagra.

In 2005, AOL won a $12.8 million lawsuit against him for relentlessly spamming its users. More recently, Hawke's Jesse James identity penned a book called Psychology of Seduction, which claimed to merge the "shady world of the pickup artist with modern science, unraveling the mystery of attraction using evolutionary biology and examining seduction through the lens of social and evolutionary psychology." The book's "about the author" page said James was a "disruptive technology pioneer" who was into rock climbing and was a resident of Squamish. It also claimed James held a PhD in theoretical physics from Stanford, and that he was an officer in the Israeli Defense Force.

One of the most active and notorious data-stealing ransomware groups, Maze, says it is "officially closed." From a report: The announcement came as a waffling statement, riddled with spelling mistakes, and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant, cybersecurity insurance firm Chubb, pharmaceutical giant ExecuPharm, Tesla and SpaceX parts supplier Visser, and defense contractor Kimchuk. Where typical ransomware groups would infect a victim with file-encrypting malware and hold the files for a ransom, Maze gained its notoriety for first exfiltrating a victim's data and threatening to publish the stolen files unless the ransom was paid. It quickly became the preferred tactic of ransomware groups, which set up websites -- often on the dark web -- to leak the files it stole if the victim refused to pay up. Maze initially used exploit kits and spam campaigns to infect its victims, but later began using known security vulnerabilities to specifically target big name companies. Maze was known to use vulnerable virtual private network (VPN) and remote desktop (RDP) servers to launch targeted attacks against its victim's network. Some of the demanded ransoms reached into the millions of dollars.

Just days after US Representative Alexandria Ocasio-Cortez played Among Us to an audience of more than 435,000 viewers, InnerSloth, the developer of the popular multiplayer title, is struggling to contain a spam attack that is affecting most of the game's community. Engadget reports: The hack started to spread through the game's userbase on Thursday evening. It causes players to spam their match's text chat with messages that direct people to the YouTube and Discord channels of a person who goes by the pseudonym "Eris Loris," threatening them if they don't subscribe. For good measure, some of the messages also promote President Donald Trump's 2020 campaign.

InnerSloth said it's "super duper aware of the current hacking issue" and that it had planned to roll out an emergency server-side update to address the spam. Forest Willard, one of three developers who make up the InnerSloth team, said they had begun rolling out the update at some point in the middle of the night, but it doesn't seem to have addressed the issue; new reports of spam-filled matches continue to flood Twitter. The studio is advising people to play private games with friends while it works to solve the problem.

As for the hacker, it appears their primary motive in all of this was to troll people. "I was curious to see what would happen, and personally I found it funny," they told Kotaku. "The anger and hatred is the part that makes it funny. If you care about a game and are willing to go and spam dislike some random dude on the internet because you cant [sic] play it for three minutes, it's stupid."

Google has removed this summer more than 240 Android apps from the official Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising. From a report: Out-of-context ads (also known as out-of-app ads) are mobile ads that are shown outside an app's normal container. They can appear as popups or as fullscreen ads. Out-of-context ads are banned on the Play Store since February this year, when Google banned more than 600 apps that were abusing this practice to spam their users with annoying ads. But despite the public crackdown and ban, other apps showing out-of-context ads have continued to be discovered -- such as in June this year. The latest of these discoveries come from ad fraud detection firm White Ops. In a blog post today, the company said it discovered a new cluster of more than 240+ Android apps bombarding their users with out-of-context ads -- but made to look like they originated from other, more legitimate applications.

Two days after the International Week of the Deaf, which is the last full week in September, YouTube is killing its "Community Contributions" feature for videos, which let content creators crowdsource captions and subtitles for their videos. Ars Technica reports: Once enabled by a channel owner, the Community Contributions feature would let viewers caption or translate a video and submit it to the channel for approval. YouTube currently offers machine-transcribed subtitles that are often full of errors, and if you also need YouTube to take a second pass at the subtitles for machine translation, they've probably lost all meaning by the time they hit your screen. The Community Caption feature would load up those machine-written subtitles as a starting point and allow the user to make corrections and add text that the machine transcription doesn't handle well, like transcribed sound cues for the deaf and hard of hearing.

YouTube says it's killing crowd-source subtitles due to spam and low usage. "While we hoped Community Contributions would be a wide-scale, community-driven source of quality translations for Creators," the company wrote, "it's rarely used and people continue to report spam and abuse." The community does not seem to agree with this assessment, since a petition immediately popped up asking YouTube to reconsider, and so far a half-million people have signed. "Removing community captions locks so many viewers out of the experience," the petition reads. "Community captions ensured that many videos were accessible that otherwise would not be."

Instead of the free, in-house solution YouTube already built and doesn't want to keep running, the company's shutdown post pushes users to paid, third-party alternatives like Amara.org. YouTube says that because "many of you rely on community captions," (what happened to the low usage?) "YouTube will be covering the cost of a 6 month subscription of Amara.org for all creators who have used the Community Contribution feature for at least 3 videos in the last 60 days."

The Washington Post covered "a sprawling yet secretive campaign that experts say evades the guardrails put in place by social media companies to limit online disinformation of the sort used by Russia" during America's last presidential campaign in 2016.

According to four people with knowledge of the effort, "Teenagers, some of them minors, are being paid to pump out the messages..." The campaign draws on the spam-like behavior of bots and trolls, with the same or similar language posted repeatedly across social media. But it is carried out, at least in part, by humans paid to use their own accounts, though nowhere disclosing their relationship with Turning Point Action or the digital firm brought in to oversee the day-to-day activity. One user included a link to Turning Point USA's website in his Twitter profile until The Washington Post began asking questions about the activity. In response to questions from The Post, Twitter on Tuesday suspended at least 20 accounts involved in the activity for "platform manipulation and spam." Facebook also removed a number of accounts as part of what the company said is an ongoing investigation...

The months-long effort by the tax-exempt nonprofit is among the most ambitious domestic influence campaigns uncovered this election cycle, said experts tracking the evolution of deceptive online tactics. "In 2016, there were Macedonian teenagers interfering in the election by running a troll farm and writing salacious articles for money," said Graham Brookie, director of the Atlantic Council's Digital Forensic Research Lab. "In this election, the troll farm is in Phoenix...."

The messages — some of them false and some simply partisan — were parceled out in precise increments as directed by the effort's leaders, according to the people with knowledge of the highly coordinated activity, most of whom spoke on the condition of anonymity to protect the privacy of minors carrying out the work... The messages have appeared mainly as replies to news articles about politics and public health posted on social media. They seek to cast doubt on the integrity of the electoral process, asserting that Democrats are using mail balloting to steal the election — "thwarting the will of the American people," they alleged. The posts also play down the threat from covid-19, which claimed the life of Turning Point's co-founder Bill Montgomery in July...

By seeking to rebut mainstream news articles, the operation illustrates the extent to which some online political activism is designed to discredit the media. While Facebook and Twitter have pledged to crack down on what they have labeled coordinated inauthentic behavior, in Facebook's case, and platform manipulation and spam, as Twitter defines its rules, their efforts falter in the face of organizations willing to pay users to post on their own accounts, maintaining the appearance of independence and authenticity.
One parent even said their two teenagers had been posting the messages since June as "independent contractors" — while being paid less than minimum wage.

Google today is introducing a new feature for Android phones that will help legitimate businesses reach their customers by phone by having their brand name and reason for calling properly identified. From a report: The feature, known as "Verified Calls," will display the caller's name, their logo, a reason why they're calling, and a verification symbol that will indicate the call has been verified by Google. The feature arrives at a time when spam calls are on the rise. U.S. consumers received 61.4 billion spam calls in 2019, according to a recent report from RoboKiller, representing a 28% increase from the prior year. The U.S. Federal Communications Commission also says that unwanted calls, are its top consumer complaint. Google's new system gives legitimate businesses a way to share their information with consumers along with their reason for calling on the incoming call screen. This, however, only works with those participating businesses who have chosen to sign up with one of Google's partners in order to have their calls verified. According to Google's website for the service, businesses can get started with Verified Calls by working with a partner such as Neustar, JustCall, Telecall, Zenvia, Prestus, Aspect, Five9, Vonage, Bandwidth, IMImobile, Kaleyra, Quiubas Mobile, or Datora.

Krebs on Security reports: Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid's parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime...

[A] large number of organizations allow email from Sendgrid's systems to sail through their spam-filtering systems. To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click...

Rob McEwen is CEO of Invaluement.com, an anti-spam firm whose data on junk email trends are used to improve the spam-blocking technologies deployed by several Fortune 100 companies. McEwen said no other email service provider has come close to generating the volume of spam that's been emanating from Sendgrid accounts lately. "As far as the nasty criminal phishes and viruses, I think there's not even a close second in terms of how bad it's been with Sendgrid over the past few months," he said...

Neil Schwartzman, executive director of the anti-spam group CAUCE, said Sendgrid's two-factor authentication plans are long overdue, noting that the company bought Authy back in 2015. "Single-factor authentication for a company like this in 2020 is just ludicrous given the potential damage and malicious content we're seeing," Schwartzman said... Schwartzman said if Twilio doesn't act quickly enough to fix the problem on its end, the major email providers of the world (think Google, Microsoft and Apple) — and their various machine-learning anti-spam algorithms — may do it for them.
Krebs found an online cybercriminal selling access to more than 400 compromised Sendgrid accounts. "Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400."