In a series of investigations, BuzzFeed News used satellite images to reveal 268 newly-built internment camps for Muslims in the Xinjiang region. Longtime Slashdot reader wiredog shares the reports with us.

Part 1: China Secretly Built A Vast New Infrastructure To Imprison Muslims
Part 2: What They Saw: Ex-Prisoners Detail The Horrors Of China's Detention Camps
Part 3: Blanked Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps

Here's an excerpt from Part 1 of their investigation: China has secretly built scores of massive new prison and internment camps in the past three years, dramatically escalating its campaign against Muslim minorities even as it publicly claimed the detainees had all been set free. The construction of these purpose-built, high-security camps -- some capable of housing tens of thousands of people -- signals a radical shift away from the country's previous makeshift use of public buildings, like schools and retirement homes, to a vast and permanent infrastructure for mass detention. In the most extensive investigation of China's internment camp system ever done using publicly available satellite images, coupled with dozens of interviews with former detainees, BuzzFeed News identified more than 260 structures built since 2017 and bearing the hallmarks of fortified detention compounds. There is at least one in nearly every county in the far-west region of Xinjiang. During that time, the investigation shows, China has established a sprawling system to detain and incarcerate hundreds of thousands of Uighurs, Kazakhs, and other Muslim minorities, in what is already the largest-scale detention of ethnic and religious minorities since World War II.

These forbidding facilities -- including several built or significantly expanded within the last year -- are part of the government's unprecedented campaign of mass detention of more than a million people, which began in late 2016. That year Chen Quanguo, the region's top official and Communist Party boss, whom the US recently sanctioned over human rights abuses, also put Muslim minorities -- more than half the region's population of about 25 million -- under perpetual surveillance via facial recognition cameras, cellphone tracking, checkpoints, and heavy-handed human policing. They are also subject to many other abuses, ranging from sterilization to forced labor. To detain thousands of people in short order, the government repurposed old schools and other buildings. Then, as the number of detainees swelled, in 2018 the government began building new facilities with far greater security measures and more permanent architectural features, such as heavy concrete walls and guard towers, the BuzzFeed News analysis shows. Prisons often take years to build, but some of these new compounds took less than six months, according to historical satellite data. The government has also added more factories within camp and prison compounds during that time, suggesting the expansion of forced labor within the region. Construction was still ongoing as of this month.

BuzzFeed News identified 268 newly built compounds by cross-referencing blanked-out areas on Baidu Maps -- a Google Maps-like tool that's widely used in China -- with images from external satellite data providers. These compounds often contained multiple detention facilities.

Facebook has filed lawsuits today in both the US and the UK against MobiBurn, a UK software company that provided advertising tools for mobile app developers. From a report: In particular, MobiBurn provided an advertising software development kit (SDK) that allowed app developers to embed ads inside their applications and monetize user behavior. But in a lawsuit filed today, Facebook claims the SDK contained malicious code that illegally collected the personal data of Facebook users. Facebook said the data was collected when users installed any mobile app that contained the MobiBurn advertising SDK. When this happened, the code would activate and collect a person's name, time zone, email address, and gender. "Security researchers first flagged MobiBurn's behavior to us as part of our data abuse bounty program," said Jessica Romero, Facebook's Director of Platform Enforcement and Litigation.

An anonymous reader shares an opinion piece from Wired, written by Kevin Xu and Jordan Schneider. Xu is the author of Interconnected, investor and advisor of open source startups at OSS Capital, and served in the Obama White House. Schneider is the author of the ChinaTalk newsletter and host of the ChinaTalk podcast, posted on Lawfare. From the report: Open source is a technology development and distribution methodology, where the codebase and all development -- from setting a roadmap to building new features, fixing bugs, and writing documentation -- is done in public. A governing body (a group of hobbyists, a company, or a foundation) publicly manages this work, which is most often done in a public repository on either GitHub or GitLab. Open source has two important, and somewhat counterintuitive, advantages: speed and security. These practices lead to faster technological developments, because a built-in global community of developers help them mature, especially if the technology is solving a real problem. Top engineers also prefer to work with and on open source projects. Wrongly cast as secretive automatons, they are more often like artists, who prefer to learn, work, collaborate, and showcase what they've built in public, even when they are barely compensated for that work.

But doesn't keeping a technology's codebase open make it more vulnerable to attack? In fact, exposing the codebase publicly for security experts and hackers to easily access and test is the best way to keep the technology secure and build trust with end users for the long haul. Sunlight is the best disinfectant, and open source is that sunlight in technology. Linux, the operating system, and Kubernetes, the cloud container orchestration system, are two of the most prominent examples. [...] Using open source technology is now the fastest way new products get built and legacy technologies get replaced. Yet as US policymakers develop their industrial policy to compete with China, open source is conspicuously absent.

By leaning on the advantages of open source, policymakers can pursue an industrial policy to help the US compete in the 21st century in line with our broader values. The alternative is to continue a top-down process that picks winners and losers based on not just technology but also political influence, which only helps individual firms secure market share, not sparking innovation more broadly. A few billion more dollars won't save Intel from its technical woes, but a healthier ecosystem leveraging open source technology and community would put the US in a better position for the future. Open source technology allows for vendor-neutrality. Whether you're a country or a company, if you use open source, you're not locked in to another company's technical stack, roadmap, or licensing agreements. After Linux was first created in 1991, it was widely adopted by large companies like Dell and IBM as a vendor neutral alternative to Microsoft's Windows operating system. In the future, chip designers won't be locked into Intel or ARM with RISC-V. With OpenRAN, 5G network builders won't be forced to buy from Huawei, Nokia, or Ericsson. [...] By doubling down on open source, America not only can address some of our most pressing technological challenges faster and more securely, but also revive relationships with our allies and deepen productive collaborations with the tech sector.

Amazon is getting into the health gadget market with a new fitness band and subscription service called Halo. From a report: Unlike the Apple Watch or even most basic Fitbits, the Amazon Halo band doesn't have a screen. The app that goes along with it comes with the usual set of fitness tracking features along with two innovative -- and potentially troubling -- ideas: using your camera to create 3D scans for body fat and listening for the emotion in your voice. The Halo band will cost $99.99 and the service (which is required for Halo's more advanced features) costs $3.99 per month. Amazon is launching it as an invite-only early access program today with an introductory price of $64.99 that includes six months of the service for free. The Halo service is a separate product that isn't part of Amazon Prime. The lack of a screen on the Halo band is the first indicator that Amazon is trying to carve out a niche for itself that's focused a little less on sports and exercise and a little more on lifestyle changes. Alongside cardio, sleep, body fat, and voice tone tracking, a Halo subscription will offer a suite of "labs" developed by partners. They're short challenges designed to improve your health habits -- like meditation, improving your sleep habits, or starting up basic exercise routines.

onyxruby writes: The DOJ has finally launched the precursor to an investigation into the mass deaths of senior citizens in nursing homes and long term care facilities. Roughly half of all COVID-19 deaths in the United Stated have occurred in nursing homes. The governors of New York, New Jersey, Pennsylvania and Michigan are being requested to provide information to the DOJ. This will be used to determine if a formal investigation into the deaths of tens of thousands of elderly patients will be launched.

From the release: "According to the Centers for Disease Control, New York has the highest number of COVID-19 deaths in the United States, with 32,592 victims, many of them elderly. New York's death rate by population is the second highest in the country with 1,680 deaths per million people. New Jersey's death rate by population is 1,733 deaths per million people -- the highest in the nation. In contrast, Texas's death rate by population is 380 deaths per million people; and Texas has just over 11,000 deaths, though its population is 50 percent larger than New York and has many more recorded cases of COVID-19 -- 577,537 cases in Texas versus 430,885 cases in New York. Florida's COVID-19 death rate is 480 deaths per million; with total deaths of 10,325 and a population slightly larger than New York.

The Department of Justice's Civil Rights Division is evaluating whether to initiate investigations under the federal 'Civil Rights of Institutionalized Persons Act' (CRIPA), which protects the civil rights of persons in state-run nursing homes, among others. The Civil Rights Division seeks to determine if the state orders requiring admission of COVID-19 patients to nursing homes is responsible for the deaths of nursing home residents." In other COVID-19 related news, Slashdot reader schwit1 shares a report from The Wall Street Journal, reporting that Abbott has been given emergency use authorization for a rapid antigen test. "They say: [it takes 5 minutes and costs only $5]," writes schwit1. "Greater than 95% sensitivity and no machine or lab required, adding they have the ability to make 50 million tests per month by October.

An anonymous reader quotes a report from CNBC: Microsoft's acquisition talks with TikTok and its Chinese parent company ByteDance "ballooned" this summer after President Donald Trump intervened, according to a report from The New York Times, citing people familiar with the situation. ByteDance is being forced to sell TikTok's U.S. business by the Trump administration, which says the app's current ties to China make it a national security threat. An executive order signed by Trump on Aug. 6 means a sale must go through before Sept. 15. However, TikTok sued the U.S. government on Monday, alleging it was deprived of due process. The lawsuit could delay the ban, giving TikTok more time to get a better deal for the sale.

When the deal talks began, Microsoft is said to have been reluctant to do any kind of large TikTok acquisition, due in part to the rising tensions between the U.S. and China, according to the Times report. However, a minority stake in the wildly popular video sharing app was viewed positively as it may lead to TikTok ditching Google Cloud, which it currently uses, and signing up to Microsoft Azure, instantly making it one of Microsoft's largest cloud customers. TikTok could also be integrated with Microsoft's $7 billion advertising business. Microsoft issued a statement on Aug. 2 about its pursuit to buy TikTok's U.S. business. However, on Aug, 3, Trump said he'd rather Microsoft, valued at $1.6 trillion, purchase the app that is used by 100 million Americans in its entirety. "I think buying 30% is complicated," Trump told reporters in the Cabinet Room at the White House. There are now several other bidders competing with Microsoft, with the main one being enterprise software firm Oracle. Netflix and Twitter have also been contacted by bankers and investors, but it's not clear if they're interested, according to the Times. In any case, deal talks between the parties have "morphed into a big, messy, political soap opera," according to the report.

More than 2,400 police agencies have entered contracts with Clearview AI, a controversial facial recognition firm, according to comments made by Clearview AI CEO Hoan Ton-That in an interview with Jason Calacanis on YouTube. The Verge reports: The hour-long interview references an investigation by The New York Times published in January, which detailed how Clearview AI scraped data from sites including Facebook, YouTube, and Venmo to build its database. The scale of that database and the methods used to construct it were already controversial before the summer of protests against police violence. "It's an honor to be at the center of the debate now and talk about privacy," Ton-That says in the interview, going on to call the Times investigation "actually extremely fair." "Since then, there's been a lot of controversy, but fundamentally, this is such a great tool for society," Ton-That says.

Ton-That also gave a few more details on how the business runs. Clearview is paid depending on how many licenses a client adds, among other factors, but Ton-That describes the licenses as "pretty inexpensive, compared to what's come previously" in his interview. Ton-That ballparks Clearview's fees as $2,000 a year for each officer with access. According to Ton-That, Clearview AI is primarily used by detectives. You can watch the full interview here.

An anonymous reader shares a report: Yesterday morning, TorrentFreak began receiving reports from multiple sources that something big was happening in the shadowy world of top-tier piracy known as 'The Scene.' From the volumes of information received, the majority of sources indicated that many so-called 'topsites' and their members had disappeared or gone into hiding. The word was that several major movie release groups -- SPARKS, GECKOS and DRONES -- had been targeted in a series of raids and as a result, people were running for cover. Precisely where these raids or actions took place still isn't entirely clear. Multiple sources point to the Nordic region, particularly Norway and Sweden, but reports of disruption and/or action in the Netherlands and even Switzerland persisted across our confidential sources, all of whom demand anonymity.

Facebook is warning advertisers that they can expect weaker ad performance from iPhone users once iOS 14 comes out next month and is telling them to create second advertiser accounts to contain the disruption. From a report: Many of Facebook's advertising partners rely on Apple's "Identifier for Advertisers" (IDFA) user tracking feature to, for instance, target would-be users by interest and see if they actually clicked on a mobile ad directing them to install a particular app. Changes to IDFA coming with iOS 14 will have a big impact on the marketing strategies for many businesses, and on Facebook's bottom line. In a blog post Wednesday, Facebook says it expects Apple's IDFA changes "will disproportionately affect [Facebook's] Audience Network of advertisers given its heavy dependence on app advertising." Reporter Sam Biddle comments: "What do you think you're saying about your company when things that protect an individual harm your business so drastically that you need to issue a warning?"

schwit1 writes: Newly unsealed and partially unredacted documents from a consumer fraud suit the state of Arizona filed against Google show that company employees knew and discussed among themselves that the company's location privacy settings were confusing and potentially misleading. Arizona Attorney General Mark Brnovich's office launched its own investigation following the AP report, and in May 2020 the state sued Google, alleging that the company violated the Arizona Consumer Fraud Act.

The new version of the suit includes a number of employee emails and chat logs where Google employees agreed with the AP story, and these employees highlighted their own frustrations with the settings. Among the highlights: "The current UI feels like it is designed to make things possible, yet difficult enough that people won't figure it out."
"Some people (including even Googlers) don't know that there is a global switch and a per-device switch."
"Indeed we aren't very good at explaining this to users. Add me to the list of Googlers who didn't understand how this worked and was surprised when I read the article ... we shipped a UI that confuses users."
"I agree with the article. Location off should mean location off, not except for this case or that case."
"Speaking as a user, WTF?" another employee said, in additional documentation obtained by the Arizona Mirror. "More specifically I **thought** I had location tracking turned off on my phone. So our messaging around this is enough to confuse a privacy focused (Google software engineer). That's not good."

The White House today detailed the establishment of 12 new research institutes focused on AI and quantum information science. Agencies including the National Science Foundation (NSF), U.S. Department of Homeland Security, and U.S. Department of Energy (DOE) have committed to investing tens of millions of dollars in centers intended to serve as nodes for AI and quantum computing study. From a report: Laments over the AI talent shortage in the U.S. have become a familiar refrain. While higher education enrollment in AI-relevant fields like computer science has risen rapidly in recent years, few colleges have been able to meet student demand, due to a lack of staffing. In June, the Trump administration imposed a ban on U.S. entry for workers on certain visas -- including for high-skilled H-1B visa holders, an estimated 35% of whom have an AI-related degree -- through the end of the year. And Trump has toyed with the idea of suspending the Optional Practical Training program, which allows international students to work for up to three years in the U.S. after they graduate.

This week's announcement might be perceived as an effort to shift attention from immigration toward domestic progress. However, it should be noted that $1 billion falls on the conservative side of the AI investment spectrum. When U.S. Chief Technology Officer Michael Kratsios revealed last September that U.S. government agencies requested nearly $1 billion in nondefense AI research spending for the fiscal year ending in September 2020, representatives from Intel, Nvidia, and IEEE said the U.S. would need to set aside more for AI R&D.

An anonymous reader quotes a report from Motherboard: A computer scientist who created an artificial intelligence system capable of generating original inventions is suing the U.S. Patent and Trademark Office (USPTO) over its decision earlier this year to reject two patent applications which list the algorithmic system, known as DABUS, as the inventor. The lawsuit is the latest step in an effort by Stephen Thaler and an international group of lawyers and academics to win inventorship rights for non-human AI systems, a prospect that raises fundamental questions about what it means to be creative and also carries potentially paradigm-shifting implications for certain industries.

In July 2019, Thaler filed two patent applications in the U.S. -- one for an adjustable food container, the other for an emergency beacon -- and listed the inventor as DABUS. He describes DABUS as a "creativity engine" composed of neural networks trained on a broad swath of data, and not designed to solve any particular problem. The USPTO rejected the applications, citing court decisions ruling that corporations, as opposed to individuals within corporations, cannot be legal inventors, and asserting that "conception -- the touchstone of inventorship -- must be performed by a natural person." British, German, and European Union patent regulators have also rejected Thaler's applications, decisions he has appealed. Petitions for DABUS-invented patents are still pending in China, Japan, India, and several other countries.

In his suit, filed August 6 in the Eastern District of Virginia's federal court, Thaler argues (PDF) that the USPTO should instead adopt the principle laid out in a 1943 report from the National Patent Planning Commission, which helped reform the country's patent system into its modern form. The commission wrote, "patentability shall be determined objectively by the nature of the contribution to the advancement of the art, and not subjectively by the nature of the process by which the invention may have been accomplished." [...] "What we want is to have innovation. AI has been used to help generate innovation for decades and AI is getting better and better at doing these things, and people aren't." Ryan Abbott, a professor at the University of Surrey School of Law, who is representing Thaler in the suit, told Motherboard. "The law is not clear on whether you can have a patent if the AI does that sort of work, but if you can't protect inventions coming out of AI, you're going to under-produce them."

It took five decades, but the Democratic Party has finally changed its stance on nuclear energy. In its recently released party platform, the Democrats say they favor a "technology-neutral" approach that includes "all zero-carbon technologies, including hydroelectric power, geothermal, existing and advanced nuclear, and carbon capture and storage." Robert Bryce writes via Forbes: That statement marks the first time since 1972 that the Democratic Party has said anything positive in its platform about nuclear energy. The change in policy is good -- and long overdue -- news for the American nuclear-energy sector and for everyone concerned about climate change. The Democrats' new position means that for the first time since Richard Nixon was in the White House, both the Republican and Democratic parties are officially on record in support of nuclear energy. That's the good news.

About a decade ago, a high-ranking official at the Department of Energy told me that a big problem with nuclear energy is that it needs bipartisan support in Congress. That wasn't happening, he said, because "Democrats are pro-government and anti-nuclear. Republicans are pro-nuclear and anti-government." That partisan divide is apparent in the polling data. A 2019 Gallup poll found that 65 percent of Republicans strongly favored nuclear energy but only 42 percent of Democrats did so. The last time the Democratic Party's platform contained a positive statement about nuclear energy was in 1972, when the party said it supported "greater research and development" into "unconventional energy sources" including solar, geothermal, and "a variety of nuclear power possibilities to design clean breeder fission and fusion techniques."

Since then, the Democratic Party has either ignored or professed outright opposition to nuclear energy. In 2016, the party's platform said climate change "poses a real and urgent threat to our economy, our national security, and our children's health and futures." The platform contained 31 uses of the word "nuclear" including "nuclear proliferation," "nuclear weapon," and "nuclear annihilation." It did not contain a single mention of "nuclear energy." That stance reflected the orthodoxy of the climate activists and environmental groups who have dominated the Democratic Party's discussion on energy for decades. What changed the Democrats' stance on nuclear? I cannot claim any special knowledge about the drafting of the platform, but it appears that science and basic math finally won out. While vying for their party's nomination, two prominent Democratic presidential hopefuls -- Cory Booker and Andrew Yang -- both endorsed nuclear energy. In addition, Joe Biden's energy plan included a shout-out to nuclear.

Many facial recognition companies have claimed they can identify people with pinpoint accuracy even while they're wearing face masks, but the latest results from a study show that the coverings are dramatically increasing error rates. CNET reports: In an update Tuesday, the US National Institute of Standards and Technology looked at 41 facial recognition algorithms submitted after the COVID-19 pandemic was declared in mid-March. Many of these algorithms were designed with face masks in mind, and claimed that they were still able to accurately identify people, even when half of their face was covered. In July, NIST released a report noting that face masks were thwarting regular facial recognition algorithms, with error rates ranging from 5% to 50%. NIST is widely considered the leading authority on facial recognition accuracy testing, and expected algorithms to improve on identifying people in face masks. That day has yet to come, as every algorithm experienced at least marginal increases in error rates once masks came into the picture. While some algorithms still had accuracy overall, like Chinese facial recognition company Dahua's algorithm error rate going from 0.3% without masks to 6% with masks, others had error rates that increased up to 99%.

Rank One, a facial recognition provider used in cities like Detroit, had an error rate of 0.6% without masks, and a 34.5% error rate once masks were digitally applied. In May, the company started offering "periocular recognition," which claimed to be able to identify people just off their eyes and nose. TrueFace, which is used in schools and on Air Force bases, saw its algorithm error rate go from 0.9% to 34.8% once masks were added. The company's CEO, Shaun Moore, told CNN on Aug. 12 that its researchers were working on a better algorithm for detecting beyond masks.

An anonymous reader quotes a report from Wired: FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe. Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including: In-memory payloads that never touch the disks of infected servers; At least 20 versions of the software binary since January; A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines; The ability to backdoor infected servers; and A list of login credential combinations used to suss out weak login passwords that's more "extensive" than those in previously seen botnets. Taken together, the attributes indicate an above-average operator who has invested considerable resources to build a botnet that's effective, difficult to detect, and resilient to takedowns. The new code base -- combined with rapidly evolving versions and payloads that run only in memory -- make it hard for antivirus and other end-point protection to detect the malware.

The botnet has so far succeeded in infecting 500 servers belonging to "well-known universities in the US and Europe, and a railway company."Once installed, the malicious payload can execute 30 commands, including those that run scripts and download databases, logs, or files. To evade firewalls and endpoint protection, attackers pipe commands over SSH to a netcat client on the infected machine. Netcat then connects to a "malware server." (Mention of this server suggests that the FritzFrog peer-to-peer structure may not be absolute. Or it's possible that the "malware server" is hosted on one of the infected machines, and not on a dedicated server. Guardicore Labs researchers weren't immediately available to clarify.)

An anonymous reader quotes a report from MIT Technology Review: Human rights advocates filed a new court petition against the Israeli phone hacking company Cellebrite, urging Israel's Ministry of Defense to halt the firm's exports to Hong Kong where security forces have been using the technology in crackdowns against dissidents as China takes greater control of Hong Kong. In July, police court filings revealed that Cellebrite's phone hacking technology has been used to break into 4,000 phones of Hong Kong citizens, including prominent pro-democracy politician and activist Joshua Wong. He subsequently launched an online petition to end Cellebrite's sales to Hong Kong which gained 35,000 signatures.

"Defense Ministry officials must immediately stop the export of the Cellebrite system which is used for infringement on privacy, deprivation of liberty and freedom of expression, and political incrimination of Hong Kong citizens under the new National Security Law," Wong wrote in a Facebook post urging Israel to stop the Cellebrite's exports to Hong Kong. Hong Kong activists say that Cellebrite's tech is "used to inflict terrorism on the city's residents and to attack demonstrators and pro-democracy activists." Israeli human rights advocates say exports to Hong Kong police should legally have stopped in 2019 when anti-democratic crackdowns grew dramatically. Now the Israeli petition in court aims to put legal and political pressure on the Tel Aviv-based technology firm. "I'm asking the Minister of Defense to stop the Cellebrite exports to Hong Kong," says Eitay Mack, the human rights lawyer who filed the petition in the district court in Tel Aviv. "I'm also saying that, as far as I know, they never got an export license. The Ministry of Defense needs to enforce the law from companies with licenses but also they need to do oversight on companies working without a license."

A district court denied Epic Games' motion to temporarily restore Fortnite game to the iOS App Store, but also ordered Apple to not block the gaming giant's ability to provide and distribute Unreal Engine on the iPhone-maker's ecosystem in a mixed-ruling delivered Monday evening. From a report: U.S. District Court Judge Yvonne Gonzalez Rogers said Apple can't retaliate against Epic Games by blocking the gaming firm's developer accounts or restrict developers on Apple platforms from accessing the widely-used Unreal Engine tools. "The record shows potential significant damage to both the Unreal Engine platform itself, and to the gaming industry generally, including on both third-party developers and gamers," she said, adding that even as Epic Games violated App Store's guidelines, it did not breach any contracts related to Unreal Engine and developer tools.

"Apple has chosen to act severely, and by doing so, has impacted non-parties, and a third-party developer ecosystem," said Rogers. But the ruling was not a complete win for Epic Games, which had also requested the sleeper hit title Fortnite to be restored on the iOS App Store. Rogers said the game will remain off the App Store unless Epic Games attempted to bring it back in accordance with App Store guidelines.

Bridgefy, a popular messaging app for conversing with one another when internet connections are heavily congested or completely shut down, is a privacy disaster that can allow moderately-skilled hackers to take a host of nefarious actions against users, according to a paper published on Monday. The findings come after the company has for months touted the app as a safe and reliable way for activists to communicate in large gatherings. Ars Technica reports: By using Bluetooth and mesh network routing, Bridgefy lets users within a few hundred meters -- and much further as long as there are intermediary nodes -- to send and receive both direct and group texts with no reliance on the Internet at all. Bridgefy cofounder and CEO Jorge Rios has said he originally envisioned the app as a way for people to communicate in rural areas or other places where Internet connections were scarce. And with the past year's upswell of large protests around the world -- often in places with hostile or authoritarian governments -- company representatives began telling journalists that the app's use of end-to-end encryption (reiterated here, here, and here) protected activists against governments and counter protesters trying to intercept texts or shut down communications.

[R]esearchers said that the app's design for use at concerts, sports events, or during natural disasters makes it woefully unsuitable for more threatening settings such as mass protests. They wrote: "Though it is advertised as 'safe' and 'private' and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application's security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon."

The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. After reverse engineering the app, they devised a series of devastating attacks that allow hackers -- in many cases with only modest resources and moderate skill levels -- to take a host of nefarious actions against users. The attacks allow for: deanonymizing users; building social graphs of users' interactions, both in real time and after the fact; decrypting and reading direct messages; impersonating users to anyone else on the network; completely shutting down the network; and performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well. "The key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she's who she claims to be," the report adds. "Instead, the app relies on a user ID that's transmitted in plaintext to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to spoof another user."

The app also uses PKCS #1, an outdated way of encoding and formatting messages so that they can be encrypted with the RSA cryptographic algorithm. "This encoding method, which was deprecated in 1998, allows attackers to perform what's known as a padding oracle attack to derive contents of an encrypted message," reports Ars.

Nintendo has targeted the developer of an open-source Switch payload injector with a cease and desist notice (PDF). Faced with copyright infringement threats, the DragonInjector developer decided to shut the project down. While he doesn't agree with the allegations, an expensive legal battle is not an option. TorrentFreak reports: DragonInjector is a small piece of hardware that fits in the Switch game card slot. It allows users to install and load custom firmware on their console. While it's not advertised as a pirate tool, with third-party code it can be used to play pirated games on older Switch models. A few days ago, DragonInjector's developer formally announced the end of the project. In a message on Discord, a Nintendo cease-and-desist order is cited as the main reason. MatinatorX doesn't agree with the gaming company's copyright infringement claims but he doesn't want to fight them either.

"While I don't believe the project was or is unlawful in any way, I do not have the resources to go to court to prove that for a hobby, especially considering the project netted a loss of a few thousand dollars overall," he writes. The cease-and-desist notice was sent by Nintendo's Canadian lawyers a few weeks ago. It accuses the developer of copyright infringement by advertising and selling the DragonInjector. According to the notice, this breaks the Switch's technical protection measures. "Your unlawful manufacture, advertisement, distribution, offering for sale and sale of the DragonInjector via the Dragon Injector Website infringes our client's rights," the lawyers write.

The developer was urged to immediately stop any infringing activities. If not, Nintendo reserves the right to take further action, the notice warns, adding that the company previously won $12 million CAD in damages in a 'similar' case. The threat comes with a list of additional requests. Among other things, MatinatorX must hand over all related accounting, including the number of devices sold as well as any profits that were made. The report notes that while Dragoninjector.com is gone, the developer registered Draconicmods.com to sell a custom Switch kickstand and other legitimate accessories.

Microsoft has stepped into the brewing legal battle between Apple and Epic Games over the former's policies with regard to its ubiquitous App Store. From a report: In a declaration filed on Sunday, a senior Microsoft engineer said that allowing Apple to block Epic Games' developer account would deal a significant blow to game makers including Microsoft by making them unable to use Epic's Unreal Engine. The Unreal Engine, a type of gaming engine, is a widely used set of technologies that provides a framework for the creation of three dimensional graphics. Epic licenses the engine to companies that use the technology for a fee. "If Unreal Engine cannot support games for iOS or macOS, Microsoft would be required to choose between abandoning its customers and potential customers on the iOS and macOS platforms or choosing a different game engine when preparing to develop new games," Kevin Gammill, Microsoft's general manager for Gaming Developer Experiences, said in the declaration.

He added that "Apple's discontinuation of Epic's ability to develop and support Unreal Engine for iOS or macOS will harm game creators and gamers." While there are alternative gaming engines, Gammill said that "very few" are available with as many features and the same functionality. The declaration came as part of a lawsuit brought by Epic against Apple over the iPhone maker's rules guaranteeing itself a 30% cut of in-app purchases. The suit is filed in U.S. District Court for the Northern District of California. Epic Games tested Apple's policy by sidestepping the rule in an update to its hit game Fortnite, and then sued after Apple removed the game from the App Store. The company has brought a similar suit against Google over its Play Store.