TikTok, the video-sharing application owned by Chinese parent company ByteDance, filed a lawsuit against the U.S. government Monday, challenging the Trump administration's efforts to ban the company's American operations. From a report: TikTok explained its rationale for the lawsuit in a blog post on Monday, arguing the ban prevents the company from due process, as guaranteed by the Fifth Amendment. TikTok argued Trump's executive order, made earlier this month under the International Emergency Economic Powers Act, ignored the company's efforts to prove it doesn't share data with the Chinese government and isn't a national security threat. "We do not take suing the government lightly, however we feel we have no choice but to take action to protect our rights, and the rights of our community and employees," TikTok said in the blog post. "With the Executive Order threatening to bring a ban on our US operations -- eliminating the creation of 10,000 American jobs and irreparably harming the millions of Americans who turn to this app for entertainment, connection and legitimate livelihoods that are vital especially during the pandemic -- we simply have no choice."

An anonymous reader shares a report: When Mxolosi saw a Tecno W2 smartphone in a store in Johannesburg, South Africa, he was attracted to its looks and functionality. But what really drew him in was the price, roughly $30 -- far less than comparable models from Samsung, Nokia, or Huawei, Africa's other top brands. [...] But its success can come at a price. Mxolosi, an unemployed 41-year-old, became frustrated with his Tecno W2. Pop-up ads interrupted his calls and chats. He'd wake up to find his prepaid data mysteriously used up and messages about paid subscriptions to apps he'd never asked for. He thought it might be his fault, but according to an investigation by Secure-D, a mobile security service, and BuzzFeed News, software embedded in his phone right out of the box was draining his data while trying to steal his money.

Mxolosi's Tecno W2 was infected with xHelper and Triada, malware that secretly downloaded apps and attempted to subscribe him to paid services without his knowledge. Secure-D's system, which mobile carriers use to protect their networks and customers against fraudulent transactions, blocked 844,000 transactions connected to preinstalled malware on Transsion phones between March and December 2019. Secure-D Managing Director Geoffrey Cleaves told BuzzFeed News that Mxolosi's data was used up by the malware as it attempted to subscribe him to paid services. "Imagine how quickly his data would disappear if the subscriptions were successful," he said. Along with South Africa, Tecno W2 phones in Ethiopia, Cameroon, Egypt, Ghana, Indonesia, and Myanmar were infected.

Facebook spent more money on lobbying than any single company in the first half of 2020, That's according to figures cited by the Wall Street Journal from the Center for Responsive Politics.

But that's not all they did. Facebook CEO Mark Zuckerberg also began personally delivering a message last fall that TikTok "doesn't share Facebook's commitment to freedom of expression, and represents a risk to American values and technological supremacy." That was a message Zuckerberg hammered behind the scenes in meetings with officials and lawmakers during the October trip and a separate visit to Washington weeks earlier, according to people familiar with the matter. In a private dinner at the White House in late October, Zuckerberg made the case to President Donald Trump that the rise of Chinese internet companies threatens American business, and should be a bigger concern than reining in Facebook, some of the people said.

Zuckerberg discussed TikTok specifically in meetings with several senators, according to people familiar with the meetings. In late October, Sen. Tom Cotton, R- Ark. — who met with Zuckerberg in September — and Sen. Charles Schumer, D-N.Y., wrote a letter to intelligence officials demanding an inquiry into TikTok. The government began a national-security review of the company soon after, and by the spring, Trump began threatening to ban the app entirely. This month he signed an executive order demanding that TikTok's Chinese owner, ByteDance Ltd., divest itself of its U.S. operations.

Few tech companies have as much to gain as Facebook from TikTok's travails, and the social-media giant has taken an active role in raising concerns about the popular app and its Chinese owners.

A new cluster of Covid-19 cases in New Zealand prompted a widespread investigation to identify where they're coming from. The New Zealand Herald reports: Nearly 90 new cases of Covid-19 have now been linked back to the new cluster, which itself stemmed from an "index case" — a 50-year-old man working at Mt Wellington's Americold coolstore, with no history or link to overseas travel. Contact tracers have been trying to work backwards from that index case, who tested positive on August 11, in hopes of finding the "primary case" — or the person who brought the virus into the country in the first place.

Friday — more than a week and 175,000 tests since the start of the outbreak — Prime Minister Jacinda Ardern shared some details on how exhaustive that process had been. Virtually all of the country's border and managed isolation staff have been tested in the past 10 days, and so far there had been no additional cases, outside the mystery infection of a maintenance worker at Auckland's Rydges hotel...

University of Auckland microbiologist Associate Professor Siouxsie Wiles says it's quite possible we'll never get any further. "Is that a big deal? From the testing we've done so far, it looks like this is a pretty tight cluster — so I would say, no," she said. "What we have lost is the opportunity to know how it happened, or what gaps need plugging. But at the same time, we have to remember that nothing is 100 per cent guaranteed to work all of the time."

To address the possibility of drone-flying near airports, America's Federal Aviation Administration "will be testing at least 10 technologies and systems," reports Engadget, "developed not just to detect unmanned aerial systems, but also to mitigate the potential safety risks they pose." The first tests will be conducted at FAA's William J. Hughes Technical Center, which is right next to the Atlantic City International Airport in New Jersey. After that, the agency expects to expand its tests to four additional airports in the U.S. It has yet to choose those airports, and it may also still be finalizing the list of technologies it's testing: The FAA is asking interested companies working on drone detection systems to respond to its announcement within 45 days.

41-year-old Rudy Ferretti "was known in the male-dominated retro gaming community as a champion gamer — and as a raging misogynist who ferociously harassed women," writes blogger David Futrelle. "He once made a homebrew game in which the goal was to kill women.

"Last week, he allegedly gunned down his former girlfriend Amy Molter before turning his gun on himself."

Wired reports: Longtime members of the retro and arcade gaming scene say they warned community leaders and even police about Ferretti's threatening behavior for years. For close to a decade, they say, Ferretti had harassed, stalked, and threatened gamers, particularly women, pushing some out of the niche gaming scene entirely... Arcade game collector and researcher Catherine DeSpira and video game historian and storage auction buyer Patrick Scott Patterson — two of Ferretti's most public targets — say they collectively contacted police in different states a half-dozen times to report Ferretti's threats against themselves and others. They say those attempts ultimately had no effect.

All the while, clusters of retro gamers across the country egged Ferretti on in private messages and on forums, leveraging his apparent instability and misogynist inclinations against women they didn't want in the scene... "They were emboldening it, pushing him, giving him a support system," says Patterson.... The rise of the GamerGate campaign in 2014 gave Ferretti new fodder to fuel his idea that women — specifically "radical feminists," as he wrote in multiple blog posts and said in YouTube videos — were out to destroy the purity of the arcade gaming scene... Ferretti believed that his gaming acumen justified his stewardship of the community. "I can be an asshole. You know why? Because I'm a world champion. I'm a gamer," he once said in a video. As recently as April 2020, Ferretti described himself in a YouTube video as "the savior of the community..."

[I]t was a network of institutional failures — from forums to expos to law enforcement — that allowed Ferretti to continue his campaigns for over a decade. "I was trying to tell people this guy Rudy was dangerous and capable of doing exactly what he ended up doing," says Patrick Scott Patterson.

An anonymous reader quotes Ars Technica: Law enforcement in several cities, including New York and Miami, have reportedly been using controversial facial recognition software to track down and arrest individuals who allegedly participated in criminal activity during Black Lives Matter protests months after the fact. Miami police used Clearview AI to identify and arrest a woman for allegedly throwing a rock at a police officer during a May protest, local NBC affiliate WTVJ reported this week...

Similar reports have surfaced from around the country in recent weeks. Police in Columbia, South Carolina, and the surrounding county likewise used facial recognition, though from a different vendor, to arrest several protesters after the fact, according to local paper The State. Investigators in Philadelphia also used facial recognition software, from a third vendor, to identify protestors from photos posted to Instagram, The Philadelphia Inquirer reported.

Movie companies and their anti-piracy partners are pressing ahead with their legal action to track down The Pirate Bay. The site reportedly used VPN provider OVPN, which carries no logs, but a security expert -- one that regularly penetration tests several major VPN providers -- believes that information about the notorious site could still be obtained. TorrentFreak reports: After a period of what seemed like calm, this year it became clear that the site's old enemies, Swedish anti-piracy group Rights Alliance, were again working to get closer to the site and its operators. We've covered the back story in detail but in summary, the site is alleged to have used Swedish VPN provider OVPN to hide its true location and Rights Alliance is now engaged in legal action to get its hands on whatever information the VPN provider may hold. The most recent move, playing out this week, is that Rights Alliance has provided testimony from an expert witness, one that has masses of experience in the VPN field.

The name 'Cure53' may not sound familiar to regular Internet users but the cyber-security company is well known for its first-class abilities in penetration testing. So much so, in fact, that the company has audited some of the most popular VPN providers in the world, including Mullvad, Surfshark, and TunnelBear. Given its experience in the field, it's no surprise that Rights Alliance has also sought the expert opinion of someone involved in Cure 53 to assess this VPN-related matter. Importantly, there doesn't appear to be any conflict of interest here, since the conclusions drawn are purely technical in nature and rely on experience and general facts, something we will touch on later. The expert opinion, which appeared in court documents reviewed by TorrentFreak this week, is from Jesper Larsson, who works at security company Ox4a but is involved with Cure 53 where he "regularly" performs penetration tests against the "ten largest VPN Providers in the world." His testimony reveals that he has been commissioned by Sara Lindback of Rights Alliance to comment on how a VPN service works and specifically, what information might potentially be stored at OVPN in relation to The Pirate Bay.

"It is clear on OVPN's website that it strives to protect its users; privacy by storing as little user data as possible in their databases," the testimony filed with the court and obtained by TorrentFreak reads. "Although [OVPN] strive to store as little data as possible, there must be data connecting users and identities to make the VPN service work. In this case, a user has paid for a VPN account with the ability to connect a public static address to OVPN which the user has then chosen to link to the file sharing site 'the piratebay,' i.e the user has configured his VPN account to point to the given domain." [...] "For this type of configuration to be possible, data about the configuration must be stored at OVPN at least during the time when the account is active," Larsson continues. "It should be considered extremely likely that the user or identity associated with the above configuration is stored in a user database where a given user can be connected to the VPN configuration, configuration regarding where the static IP address should be pointed to, and payment information that should describe how long a given account is active and which payment method the user has used. OVPN should thus be able to search its VPN servers for the given IP address, or alternatively search in their user databases or in backups of these to locate a given user or identity," the security expert adds.

An anonymous reader quotes a report from The New York Times: Palantir, a Silicon Valley company with strong links to the defense and intelligence communities, is poised to be the latest in a string of tech companies to offer shares on Wall Street well before turning a profit. The company sent financial documents to its investors on Thursday night, ahead of its planned debut on the public markets this year. The documents, obtained by The New York Times, offer the first full look into the company's financials and operations and show growing operating expenses as well as deep losses.

Palantir's revenue in 2019 was $742.5 million, nearly 25 percent more than the year before. Its net loss of $580 million was about the same as 2018. And expenses were up 2 percent in 2019 to a little more than $1 billion. The company, which has raised more than $3 billion in funding and is valued by private market investors at $20 billion, has not turned a profit since it was founded in 2003. As early as 2014, Palantir hadfanned expectations that it would soon hit $1 billion in revenue. Six years later, it appears to be closing in on that goal. In the first six months of this year, Palantir's revenue was $481 million. According to the documents, first reported by TechCrunch, Palantir plans to go public via a direct listing, "in which no new shares are issued and no new funds are raised," the report says. "In most direct listings, shareholders are not bound by a traditional lockup period before they can sell their stock. But Palantir has imposed a 180-day lockup period. It will allow shareholders to sell 20 percent of their common stock immediately, but they must wait for the lockup to expire to sell more."

"Palantir has arranged a structure to ensure that its founders retain power. They have a special class of shares, Class F, that will have a variable number of votes to ensure the founders control 49.999999 percent of the company's voting power, even if they sell some of their shares. The company argued to its investors that this structure would allow it to stay 'Founder-led' after it went public."

Microsoft is signing deals with foreign governments to offer cloud-infrastructure packages similar to the bundle it assembled for the U.S. Defense Department, according to CNBC, citing people familiar with the matter. From the report: The Joint Enterprise Defense Infrastructure, or JEDI, cloud offering for the Defense Department provides cloud-based computing and storage resources at all government security classification levels, as well as devices that can work offline until they sync back with cloud infrastructure. The Pentagon awarded the JEDI contract to Microsoft in October. The contract is worth up to $10 billion over 10 years. Outside the U.S., Microsoft has seen interest in the type of relationship that it has formed with the Pentagon, said one of the people. Specifically, Microsoft has committed to staffing the Pentagon initiative with people who hold sufficient government security clearances, and to delivering a group of existing products and services, as opposed to specially built technologies, at a customized price.

Microsoft employees began work on cloud contracts for foreign governments after it became clear that the JEDI work would be put on hold because of a legal challenge from Amazon, Microsoft's main rival in cloud computing, this person said. The company plans to announce the effort later this year, one person said, adding that intelligence agencies and militaries outside the U.S. might use it. Another person briefed on the work said Microsoft already has foreign cloud government contracts, despite that it has not announced the new strategy yet. It's not clear which countries Microsoft is most focused on. "We've worked with governments around the world on a longstanding and reliable basis for four decades," a spokesperson told CNBC in an email. "We have government customers using our products to enhance their services with the latest in commercial innovations, deeply engage and connect with citizens in powerful ways, and empower government employees with the modern tools they need to be more efficient and effective, and to give them time back to focus on their agency mission."

An anonymous reader quotes a report from The Associated Press: Every day, like clockwork, to-do lists for those protesting against Belarus' authoritarian leader appear in the popular Telegram messaging app. They lay out goals, give times and locations of rallies with business-like precision, and offer spirited encouragement. The app has become an indispensable tool in coordinating the unprecedented mass protests that have rocked Belarus since Aug. 9, when election officials announced that President Alexander Lukashenko -- whom some call "Europe's last dictator" -- had won a landslide victory to extend his 26-year rule in a vote widely seen as rigged.

Peaceful protesters who poured onto the streets of the capital, Minsk, and other cities were met with stun grenades, rubber bullets and beatings from police. The opposition candidate, schoolteacher Sviatlana Tsikhanouskaya, left for Lithuania -- under duress, her campaign said -- and authorities shut off the internet, leaving Belarusians with almost no access to independent online news outlets or social media and protesters seemingly without a leader. That's where Telegram -- which often remains available despite internet outages, touts the security of messages shared in the app and has been used in other protest movements -- came in. Some of its channels helped unconnected, scattered rallies mature into well-coordinated action.

The people who run the channels, which used to offer political news, now post updates, videos and photos of the turmoil sent in from users, locations of heavy police presence, contacts of human rights activists and calls for new demonstrations -- something Belarusian opposition leaders have refrained from doing publicly themselves. Tens of thousands of people all across the country have responded to those calls. In a matter of days, the channels -- NEXTA, NEXTA Live and Belarus of the Brain are the most popular -- have become the main method for facilitating the protests, said Franak Viacorka, a Belarusian analyst and nonresident fellow at the Atlantic Council. "The fate of the country has never depended so much on one [piece] of technology," Viacorka said.

Apple responded to Epic Games' lawsuit accusing it of anticompetitive behavior in how it controls the App Store, telling the court that the Fortnite maker violated Apple's rules and shouldn't be placed back into the store temporarily while the legal battle rages. From a report: In its filing, Apple alleges that Epic Games asked for an individual arrangement with Apple, producing three emails from Epic CEO Tim Sweeney that bolster its claim. This is Apple's first significant legal response to Epic Games after the dispute between the two companies spilled into the courts. It comes the week after Epic Games released a direct payment mechanism inside Fortnite designed to bypass the App Store's payment system, from which Apple takes a 30% cut. Apple subsequently removed Fortnite from its store for violating its policies. People who already have Fortnite installed on their iPhones can continue to play, but cannot update or download the app for the first time.

An anonymous reader writes: The FBI and local police have made tens of arrests across the tri-state area this week as part of a crackdown against multiple criminal gangs who exploited a glitch in the software of Santander ATMs to cash-out more money than was stored on cards. According to reports in local media, the bulk of the arrests took place in Hamilton (20 suspects), across towns in Morris County (19), and Sayreville (11). Smaller groups of suspects were also detained in Bloomfield, Robbinsville, and Holmdel, while reports of suspicious cash-outs were also recorded in Woodbridge, towns across the Middlesex County, Booton, Randolph, Montville, South Windsor, Hoboken, Newark, and even in New York City itself, in Brooklyn. Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs.

The Open Technology Fund (OTF) is suing the U.S. Agency for Global Media (USAGM) over roughly $20 million in congressionally appropriated funds it says the government is refusing to provide, Axios has learned. From the report: There's bipartisan uproar from Congress over the funding that OTF says is being withheld. The USAGM, whose new CEO is seeking to replace OTF leaders with Trump loyalists, is required by law to provide the funding via federal grants, but it has given shifting rationales for why the money has been held up. The OTF is a government-supported nonprofit focused on advancing internet freedom. Without funds, it can't support work by activist journalists in places like Hong Kong and Belarus, where authorities are increasingly cracking down on internet freedom. The lawsuit, set to be filed Thursday in federal claims court, alleges the USAGM breached its contracts with the OTF in three ways:
It withheld about $9.4 million in funding that it owes under OTF's 2020 grant agreement.
It withheld an additional $9.8 million in prior OTF program grants held by Radio Free Asia, OTF's former parent organization.
A USAGM senior adviser "engaged in transparently pretextual efforts to force OTF into breaching its grant agreement."

An anonymous reader quotes a report from Ars Technica: A California judge has granted Uber and Lyft an emergency reprieve from an order requiring them to treat their drivers as employees. The companies were facing a Thursday deadline to comply with the order. Earlier today, Lyft announced that it would be forced to shut down in the state at midnight tonight. Lyft said it was being forced to shut down its California operations by a 2019 California law, AB 5, that forces ride-hailing companies to treat their drivers as employees rather than independent contractors. Uber had warned that it was likely to do the same if the courts didn't delay enforcement of the law.

"This is not something we wanted to do, as we know millions of Californians depend on Lyft for daily, essential trips," Lyft wrote. However, the company said, the new law would "necessitate an overhaul of the entire business model -- it's not a switch that can be flipped overnight." The judge's emergency stay means that Lyft and Uber will be able to keep operating under their current model while they continue litigating whether the new law applies to them. Yesterday, in a podcast interview Uber CEO Dara Khosrowshahi rejected the notion his company is capable of employing all of its drivers in California.

"We can't go out and hire 50,000 people overnight," Khosrowshahi said on the Pivot School podcast hosted by Kara Swisher and Scott Galloway. "Everything that we have built is based on this platform that... brings people who want transportation or delivery together. You can't flip that overnight."

Schools and universities across the United States are split on whether to open for the fall semester, thanks to the ongoing pandemic. From a report: Albion College, a small liberal arts school in Michigan, said in June it would allow its nearly 1,500 students to return to campus for the new academic year starting in August. Lectures would be limited in size and the semester would finish by Thanksgiving rather than December. The school said it would test both staff and students upon their arrival to campus and throughout the academic year. But less than two weeks before students began arriving on campus, the school announced it would require them to download and install a contact-tracing app called Aura, which it says will help it tackle any coronavirus outbreak on campus.

There's a catch. The app is designed to track students' real-time locations around the clock, and there is no way to opt out. The Aura app lets the school know when a student tests positive for COVID-19. It also comes with a contact-tracing feature that alerts students when they have come into close proximity with a person who tested positive for the virus. But the feature requires constant access to the student's real-time location, which the college says is necessary to track the spread of any exposure. The school's mandatory use of the app sparked privacy concerns and prompted parents to launch a petition to make using the app optional.

The operator of The Weather Channel mobile app has agreed to change how it informs users about its location-tracking practices and sale of personal data as part of a settlement with the Los Angeles city attorney's office, officials said Wednesday. From a report: City Attorney Mike Feuer alleged in a 2019 lawsuit that app users were misled when they agreed to share their location information in exchange for personalized forecasts and alerts. Instead, the lawsuit claimed users were unaware they had surrendered personal privacy when the company sold their data to third parties. Feuer announced the settlement Wednesday with the app's operator, TWC Product and Technology LLC, and owner IBM. The app's disclosure screens were initially revised after the lawsuit was filed and future changes that will be monitored by the city attorney's office are planned.

"Users will now clearly know that they have the choice to provide access to their locations," Feuer said at a news conference, adding he hopes other companies will follow the app's model for transparency. "It shows that we don't have to sacrifice our privacy for things of value." IBM bought the app along with the digital assets of The Weather Company in 2015 for $2 billion but did not acquire The Weather Channel seen on TV, which is owned by another company.

Starting this week, 120 Germans will receive a form of universal basic income every month for three years. Business Insider reports: Germany is about to become the latest country to trial a universal basic income, starting a three-year study of how it affects the economy and recipients' well-being. As part of the study, 120 people will receive 1,200 euros, or about $1,430, each month for three years -- an amount just above Germany's poverty line -- and researchers will compare their experiences with another group of 1,380 people who will not receive the payments.

The study, conducted by the German Institute for Economic Research, has been funded by 140,000 private donations. All participants will be asked to complete questionnaires about their lives, work, and emotional state to see whether a basic income has had a significant impact. A pro-basic-income lobbying group called Mein Grundeinkommen is funding the experiment. The group has used donations from its supporters to fund monthly 1,000-euro payments for 668 people since 2014.

An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information: Profile name; Full real name; Profile photo; and Account description. Statistics about follower engagement, including: Number of followers; Engagement rate; Follower growth rate; Audience gender; Audience age; Audience location; Likes; Last post timestamp; Age; and Gender. "The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, says. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers. The data appeared to have originated from a company called Deep Social, which was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

The researchers reached out to Deep Social, which then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. Social Data shut down the database about three hours after the researchers' initial email. "Social Data has denied any connection between itself and Deep Social," reports Forbes, citing Comparitech.

An anonymous reader quotes a report from CNET: The UK's Department for Transportation said Tuesday it plans new regulations in preparation for "automated lane-keeping-assist systems." These kinds of systems could potentially let a car control all necessary functions at lower speeds, even in the city. It's probably a matter of when this kind of technology is available, and when it does hit the road, the UK hopes to have comprehensive regulations in place and seeks input from relevant industries. The current proposal would allow this kind of automated system to operate at speeds up to 70 mph on roads in the country. This follows regulations passed by the United Nations Economic Commission for Europe this past June, which allows this kind of technology to operate at speeds up to 37 mph.

Perhaps more crucially, the future legislation in the UK will look to either define cars featuring automated lane-keeping assist as autonomous or not. If the country does, automakers and technology companies would be legally responsible for the car's safety since under an "autonomous" definition, driver's wouldn't be the ones operating the vehicle when the system is engaged. This legal dance has led numerous automakers to skip Level 3 automated systems and focus on Level 4 and 5, which would give a car total autonomy and not require the vehicle to hand back controls to the driver in the event of an error. Essentially, UK drivers would be legally permitted to rely on future automated systems with no penalties, unlike today.