By BeauHD from
Slashdot's digital-age department:
On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.
In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
Read Replies (0)
By BeauHD from
Slashdot's broken-promises department:
An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.
<
article continued at Slashdot's broken-promises department >
Read Replies (0)
By BeauHD from
Slashdot's feasibility-study department:
dmoberhaus writes: Someone claimed to use their Tesla to power a cryptocurrency mine to take advantage of the free energy given to Tesla owners. But even with free energy, does this scheme make sense? Motherboard ran the numbers.
From the report: "...If we assume that each of the GPUs in this rig draws around 150 watts, then the 16 GPUs have a total power draw of 2.4 kilowatts per hour or 57.6 kilowatt hours per day if they ran for a full 24 hours. According to Green Car Reports, a Tesla Model S gets about 3 miles per kilowatt hour, meaning that running this mining rig for a full day is the equivalent of driving nearly 173 miles in the Tesla. According to the Federal Highway Administration, the average American drives around 260 miles a week. In other words, running this cryptocurrency mine out of the trunk of a Tesla for a day and a half would use as much energy as driving that Tesla for a full week, on average. Moreover, drivers who are not a part of Tesla's unlimited free energy program are limited to 400 kilowatt hours of free electricity per year, meaning they could only run their rig for a little over 7 days on free energy.
<
article continued at Slashdot's feasibility-study department >
Read Replies (0)
By BeauHD from
Slashdot's trivial-to-exploit department:
An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
Read Replies (0)
By msmash from
Slashdot's man's-search-for-meaning department:
Alexis C. Madrigal, writing for The Atlantic: There's a question going around on Twitter, courtesy of the writer Matt Whitlock: "Without revealing your actual age, what's something you remember that if you told a younger person they wouldn't understand?" This simple query has received, at this date, 18,000 responses. Here is just a tiny selection: A/S/L, pagers, manual car windows, "be kind, please rewind", "Waiting by the radio for my song to come on so I could record it on a cassette tape", floppy disks, the smell of purple mimeograph ink, WordPerfect, busy signals, paper maps, Winamp, smoking in the hospital, the card catalogue. Our favorite response, "The remote to change the channel on the TV was attached to a box that was attached to the TV", which elicited a response, "What about the remote that was really a clicker... In that it clicked like a frog toy",
Read Replies (0)
By msmash from
Slashdot's tussle-continues department:
Tony Romm, writing for Recode: FCC Chairman Ajit Pai thinks everyone from Cher to Twitter has it wrong when they say that his efforts to roll back the U.S. government's existing net neutrality rules will spell the death of the web. Instead, Pai said during an event in Washington, D.C., on Tuesday that tech giants could pose the greatest threat by discriminating against viewpoints on the internet. "They might cloak their advocacy in the public interest," he said, "but the real interest of these internet giants is in using the regulatory process to cement their dominance in the internet economy." The surprising rebuke came as Pai forged ahead with his plan to end the net neutrality protections adopted by the Federal Communications Commission under former President Barack Obama. Those rules subject broadband providers like AT&T, Charter, Comcast and Verizon to utility-style regulation, all in a bid to stop them from blocking access to web pages, slowing down connections or prioritizing some content over others. [...] He didn't spare tech companies from that criticism, either. Companies like Facebook, Google and Twitter -- speaking through their main Washington, D.C.-based trade group, the Internet Association -- have urged Pai to stand down. In response, Pai sought to make an example of Twitter. He specifically raised the fact that the company at one point prevented a Republican congresswoman from promoting a tweet about abortion, only to change its mind amid a public backlash. "Now look: I love Twitter," Pai began. "But let's not kid ourselves; when it comes to a free and open Internet, Twitter is a part of the problem. The company has a viewpoint and uses that viewpoint to discriminate."
Read Replies (0)
By msmash from
Slashdot's what-in-the-world department:
An anonymous reader shares a report: On Tuesday, the trading price of the most prominent cryptocurrency hit $10,000 for the first time. And that nice round number will almost certainly have the kind of psychological effect that brings in new traders. Based on analysts' recent predictions, the $10,000 milestone could be the beginning of the end or just the beginning. Some thought that $2,000 would be the point at which we'd see a reversal of Bitcoin's ascent. Others predicted it would top out at $4,000. Then, $4,000 became the floor. These days, analysts with decent reputations have predicted the cryptocurrency's trading price could go as high as $50,000, $100,000, and even $1 million.
Read Replies (0)
By msmash from
Slashdot's so-nothing-new? department:
Zack Whittaker, reporting for ZDNet: The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures. In the past year alone, Accenture, Verizon, and Viacom, and several government departments, were all dinged by unsecured data.
Read Replies (0)
By msmash from
Slashdot's up-next department:
Microsoft said Tuesday that it plans to overhaul Windows 10, with a browser-like, tabbed application view dubbed "Sets" that groups apps and files by project. From a report: Think of Sets as a mashup of existing and emerging Windows 10 technologies. Take Windows Explorer and the little-used Task View within Windows 10, mix in the newer "Pick up where you left off" and "Timeline" features, and wrap it all into a single-window experience. The idea is that every task requires a set of apps -- Mail, a browser, PowerPoint, even Win32 apps like Photoshop -- and those apps will be optionally organized as tabs along a single window. But that's not all. Microsoft knows that one of the most difficult things to remember isn't what you were working on a week or so ago -- browser histories help with that. It's remembering all of the associated apps and documents that went with it: a particular PowerPoint document, that budget spreadsheet, the context an Edge tab provided. The idea is that the delayed Timeline feature will eventually group and associate all of these into a Set, so that when you open one, Windows will suggest the others, too.
Read Replies (0)
By msmash from
Slashdot's up-next department:
Dave Gershgorn, writing for Quartz: At the Neural Information Processing Systems conference in Long Beach, California, next week, Google researchers Hee Jung Ryu and Florian Schroff will present a project they're calling an electronic screen protector, where a Google Pixel phone uses its front-facing camera and eye-detecting artificial intelligence to detect whether more than one person is looking at the screen. An unlisted, but public video by Ryu shows the software interrupting a Google messaging app to display a camera view, with the peeking perpetrator identified and given a Snapchat-esque vomit rainbow. Ryu and Schroff claim the system works with different lighting conditions and poses, and can recognize a person's gaze in 2 milliseconds. Ostensibly, this AI software is able to work so quickly because it's being run on the phone, rather than sent for processing on the company's powerful cloud servers.
Read Replies (0)
By msmash from
Slashdot's something-fishy department:
It hasn't been long since Lenovo settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and it appears HP is on to the same route already. According to numerous reports gathered by news outlet Computer World, the brand is deploying a telemetry client on customer computers without asking permission. The software, called "HP Touchpoint Analytics Service", appears to replace the self-managed HP Touchpoint Manager solution. To make matter worse, the suite seems to be slowing down PCs, users say. From the report: Dubbed "HP Touchpoint Analytics Service," HP says it "harvests telemetry information that is used by HP Touchpoint's analytical services." Apparently, it's HP Touchpoint Analytics Client version 4.0.2.1435. There are dozens of reports of this new, ahem, service scattered all over the internet. According to Gunter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test." According to Gartner, HP was the largest PC vendor in the quarter that ended in September this year.
Read Replies (0)
By msmash from
Slashdot's privacy-woes department:
Catalin Cimpanu, reporting for BleepingComputer: A collaborative effort between the Yale Privacy Lab and Exodus Privacy has shed light on dozens of invasive trackers that are embedded within Android apps and record user activity, sometimes without user consent. The results of this study come to show that the practice of collecting user data via third-party tracking code has become rampant among Android app developers and is now on par with what's happening on most of today's popular websites. The two investigative teams found tracking scripts not only in lesser known Android applications, where one might expect app developers to use such practices to monetize their small userbases, but also inside highly popular apps -- such as Uber, Twitter, Tinder, Soundcloud, or Spotify. The Yale and Exodus investigation resulted in the creation of a dedicated website that now lists all apps using tracking code and a list of trackers, used by these apps. In total, researchers said they identified 44 trackers embedded in over 300 Android apps.
Read Replies (0)
By BeauHD from
Slashdot's hidden-figures department:
An anonymous reader quotes a report from Ars Technica: Destiny 2, like its predecessor, depends largely on an open-ended "end game" system. Once you beat the game's primary "quest" content, you can return to previously covered ground to find remixed and upgraded battles, meant to be played ad nauseam alone or with friends. To encourage such replay, Bungie dangles a carrot of XP gain, which works more slowly than during the campaign stages. Players are awarded a "bright engram" every time they "level up" past the level cap; the engrams are essentially loot boxes that contain a random assortment of cosmetics and weapon mods. Everything you do in the game, from killing a weak bad guy to completing a major raid-related milestone, is supposed to reward you a fixed XP amount. As series fans gear up for the game's first expansion, slated to launch December 5 on PC, PlayStation 4, and Xbox One, its eagle-eyed fans at r/DestinyTheGame began questioning whether those rewards were really as fixed as claimed. Some players began to suspect that they were actually getting less XP than advertised each time they repeated certain in-game missions and tasks, such as the game's "Public Events."
<
article continued at Slashdot's hidden-figures department >
Read Replies (0)