Privacy

Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) 155

New submitter Rick Schumann writes: Walmart has a new marketing idea: "Going to the store? No one has time for that anymore," Walmart says. They want to partner with a company called August Home, who makes smart locks, so a delivery service can literally deliver groceries right into your refrigerator -- while you watch remotely on your phone. Great, time-saving idea, or super-creepy invasion of your privacy? You decide. Here's how the company says it would work:
1. Place an order on Walmart.com for groceries or other goods.
2. A driver for Deliv -- a same-day delivery service -- retrieves items when the order is ready, and brings them to the customer's home.
3. If no one answers, the delivery person can use a one-time passcode that's been pre-authorized by the customer to open the home's smart lock.
4. The customer receives a smartphone notification when the delivery is occurring, and can choose to watch it all play out in real-time on home security cameras through a dedicated app.
5. Delivery person leaves packages in the foyer, then brings the groceries to the kitchen, unloads them into the fridge, and leaves.
6. Customer receives notification that the door has locked behind them.
Iphone

'Dear Apple, The iPhone X and Face ID Are Orwellian and Creepy' (hackernoon.com) 432

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

Privacy

DC Court Rules Tracking Phones Without a Warrant Is Unconstitutional (cbsnews.com) 84

An anonymous reader writes: Law enforcement use of one tracking tool, the cell-site simulator, to track a suspect's phone without a warrant violates the Constitution, the D.C. Court of Appeals said Thursday in a landmark ruling for privacy and Fourth Amendment rights as they pertain to policing tactics. The ruling could have broad implications for law enforcement's use of cell-site simulators, which local police and federal agencies can use to mimic a cell phone tower to the phone connect to the device instead of its regular network. In a decision that reversed the decision of the Superior Court of the District of Columbia and overturned the conviction of a robbery and sexual assault suspect, the D.C. Court of Appeals determined the use of the cell-site simulator "to locate a person through his or her cellphone invades the person's actual, legitimate and reasonable expectation of privacy in his or her location information and is a search."
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
Social Networks

Facebook Will Share Copies of Political Ads Purchased by Russian Sources With the US Congress (recode.net) 221

An anonymous reader shares a report: Facebook will turn over copies of political ads purchased by Russian sources to congressional lawmakers, who are investigating the country's potential interference in the 2016 U.S. presidential election. Initially, Facebook had only released those ads -- 3,000 of them, valued at about $100,000 -- to Robert Mueller, the former FBI director who is spearheading the government's probe into Russia's actions. Facebook had withheld those details from House and Senate leaders, citing privacy concerns. But the move drew sharp rebukes from the likes of Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, who has charged in recent days that Facebook may not have done enough to scan its systems for potential Russian influence and to ensure that such foreign purchases -- otherwise illegal under U.S. law -- don't happen again. "After an extensive legal and policy review, today we are announcing that we will also share these ads with congressional investigators," wrote Colin Stretch, the company's general counsel. "We believe it is vitally important that government authorities have the information they need to deliver to the public a full assessment of what happened in the 2016 election."
Businesses

Judge Kills FTC Lawsuit Against D-Link for Flimsy Security (dslreports.com) 97

Earlier this year, the Federal Trade Commission filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." Fast forward nine months, a judge has dismissed the FTC's case, claiming that the FTC failed to provide enough specific examples of harm done to consumers, or specific instances when the routers in question were breached. From a report: "The FTC does not identify a single incident where a consumer's financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the [D-Link] devices," wrote the Judge. "The absence of any concrete facts makes it just as possible that [D-Link]'s devices are not likely to substantially harm consumers, and the FTC cannot rely on wholly conclusory allegations about potential injury to tilt the balance in its favor."
GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 97

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Data Storage

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims (theregister.co.uk) 38

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.
Technology

What Comes After User-Friendly Design? (fastcodesign.com) 187

Kelsey Campbell-Dollaghan, writing for FastCoDesign: "User-friendly" was coined in the late 1970s, when software developers were first designing interfaces that amateurs could use. In those early days, a friendly machine might mean one you could use without having to code. Forty years later, technology is hyper-optimized to increase the amount of time you spend with it, to collect data about how you use it, and to adapt to engage you even more. [...] The discussion around privacy, security, and transparency underscores a broader transformation in the typical role of the designer, as Khoi Vinh, principal designer at Adobe and frequent design writer on his own site, Subtraction, points out. So what does it mean to be friendly to users-er, people-today? Do we need a new way to talk about design that isn't necessarily friendly, but respectful? I talked to a range of designers about how we got here, and what comes next.
Entertainment

Sonos To Launch a Wireless Speaker That Would Support Multiple Voice Assistants (yahoo.com) 33

Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.
Social Networks

New Book Argues Silicon Valley Will Lead Us to Our Doom (sandiegouniontribune.com) 202

Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission.
The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments."

Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."
Facebook

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

KDE

KDE Plasma 5.11 Beta Released (kde.org) 59

JRiddell writes: The original and best linux desktop has a new version, KDE Plasma 5.11 beta is out. UI improvements include a redesigned System Settings and notification history. Privacy improvements include Plasma Vault, which helps you store your files securely. Progress on Wayland support continues with many people now using it as their daily setup. The full changelog can be viewed here.
Security

ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Microsoft

Windows 10 Will Soon Give Users More Control Over App Permissions (engadget.com) 76

An anonymous reader shares a report: The software giant has revealed that you'll get much more control over what apps are allowed to do with your device. Where you previously only had control over location sharing, the Fall Creators Update will ask you to grant permission before accessing all kinds of potentially sensitive hardware and software features. It'll ask to use your camera and microphone if you have a video recording app, for instance, or check before offering access to your calendar and contacts. You'll only get these prompts for apps installed after you move to the Fall Creators Update; you'll have to dive into your privacy settings to review permissions for apps you already have. Even so, it's an important boost to Windows' privacy security levels. Much as on phones, where fine-grained permissions are already fairly commonplace, you might not have to worry as much about malicious apps spamming your contacts or hijacking the camera.
Privacy

Trump Administration Sued Over Phone Searches at US Borders (reuters.com) 138

The Trump administration has engaged in an unconstitutional practice of searching without a warrant the phones and laptops of Americans who are stopped at the border, a lawsuit filed on Wednesday alleged. From a report: Ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security in federal court, saying the searches and prolonged confiscation of their electronic devices violate privacy and free speech protections of the U.S. Constitution. DHS could not be immediately reached for comment. The lawsuit comes as the number of searches of electronic devices has surged in recent years, alarming civil rights advocates.
Security

Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) 193

Equifax's data breach was colossal -- but what should happen next? The Guardian writes: The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports: Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...": We must create new, secure methods for cryptographically securing our data... These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
AI

AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) 350

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person's sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior "gaydar" when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here.
Businesses

Amazon Was Tricked By a Fake Law Firm Into Removing a Popular Product, Costing the Seller $200,000 (cnbc.com) 98

Eugene Kim, reporting for CNBC: Shortly before Amazon Prime Day in July, the owner of the Brushes4Less store on Amazon's marketplace received a suspension notice for his best-selling product, a toothbrush head replacement. The email that landed in his inbox said the product was being delisted from the site because of an intellectual property violation. In order to resolve the matter and get the product reinstated, the owner would have to contact the law firm that filed the complaint. But there was one problem: the firm didn't exist. Brushes4Less was given the contact information for an entity named Wesley & McCain in Pittsburgh. The website wesleymccain.com has profiles for five lawyers. A Google image search shows that all five actually work for the law firm Brydon, Swearengen & England in Jefferson City, Missouri. The phone number for Wesley & McCain doesn't work while the address belongs to a firm in Pittsburgh called Robb Leonard Mulvihill. The person who supposedly filed the complaint is not registered to practice law in Pennsylvania. One section on Wesley & McCain's site stole language from the website of the Colby Law Office. The owner of Brushes4Less agreed to tell his story to CNBC but asked that we not use his name out of concern for his privacy. As far as he can tell, and based on what CNBC could confirm, Amazon was duped into shutting down the seller's key product days before the site's busiest shopping event ever.
Communications

European Court Rules Companies Must Tell Employees of Email Checks (reuters.com) 103

Companies must tell employees in advance if their work email accounts are being monitored and such checks must not unduly infringe workers' privacy, the European Court of Human Rights ruled on Tuesday. From a report: In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on this issue.

Slashdot Top Deals