By EditorDavid from Slashdot's web-watchers department
tedlistens writes: One of the most common techniques people think can help hide their activity is the use of an "incognito" mode in a browser," writes Michael Grothaus at Fast Company. But "despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer -- not the web. Just because you are using incognito mode, that doesn't mean your ISP and sites like Google, Facebook, and Amazon can't track your activity." However, there's still a way to brew your own, safer "incognito mode." It's called browser compartmentalization. Grothaus writes: "The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity.
Specifically, the article recommends one browser for sites you need to log into, and another for random web surfing and any web searches. "By splitting up your web activity between two browsers, you'll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to." It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. "As for Chrome: It's made by Google, whose sole aim is to know everything you do online, so it's probably best to stay away from Chrome if you value your privacy."
The article is part of a series titled "The Privacy Divide," which explores "misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society."Read Replies (0)
By BeauHD from Slashdot's thanks-Big-Telecom department
An anonymous reader quotes a report from Motherboard: A new report has found that 26 states now either restrict or outright prohibit towns and cities from building their own broadband networks. Quite often the laws are directly written by the telecom sector, and in some instances ban towns and cities from building their own broadband networks -- even if the local ISP refuses to provide service. The full report by BroadbandNow, a consumer-focused company that tracks US broadband availability, indicates the total number of state restrictions on community broadband has jumped from 20 such restrictions since the group's last report in 2018.
BroadbandNow's report looks at each state's restrictions individually, and found that while some states simply banned community broadband outright (a notable assault on voters' democratic rights), others impose clever but onerous restrictions on precisely how a local network can be funded, who they can partner with, or how quickly (and where) they're allowed to grow. In Tennessee, for example, state laws allow publicly-owned electric utilities to provide broadband, "but limits that service provision to within their electric service areas." Such restrictions have made it hard for EPB -- the highest rated ISP in America last year according to Consumer Reports -- to expand service into new areas.Read Replies (0)
By BeauHD from Slashdot's behind-the-scenes department
schwit1 shares a report from UPI: Normally, bacteria and viruses are enemies, but new research suggests a viral infection can offer bacteria some benefits -- chiefly, the ability to distinguish friend from foe. Scientists discovered the phenomenon after observing a stark demarcation line between two strains of the bacteria Escherichia coli K-12, but no such divide between identical clones. The related rivals steered clear of one another, while the identical strains swam toward one another. To find out why, scientists surveyed 4,296 single-gene knockouts in the genome of Escherichia coli K-12. Researchers determined only one mutation caused the demarcation line to disappear. The mutation involved a gene that is used in viral replication.
According to their analysis, the virus-related proteins produced by the gene allow for bacterial self-recognition. Scientists were also able erase the demarcation line by silencing the bacteriophage genomes that have weaved their way into the bacteria's genome. These leftover viral genes don't produce active phage particles, nor do they rupture host cells. When scientists exposed bacteria to a related virus, the old viral genes were activated and began producing phage particles for the new virus. Experiments showed the virus doesn't attack its host cells. Instead, the virus attacks other bacteria cells that don't carry the virus. The host helps the virus reproduce, and the virus takes out the bacteria's competitors. The new study has been published in the journal Cell Reports.Read Replies (0)
By BeauHD from Slashdot's data-dump department
An anonymous reader quotes a report from TechCrunch: A hacker stole thousands of documents from Mexico's embassy in Guatemala and posted them online. The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download after the cloud host pulled the data offline, but the hacker shared the document dump with TechCrunch to verify its contents. The hacker told TechCrunch in a message: "A vulnerable server in Guatemala related to the Mexican embassy was compromised and I downloaded all the documents and databases." He said he contacted Mexican officials but he was ignored.
More than 4,800 documents were stolen, most of which related to the inner workings of the Mexican embassy in the Guatemalan capital, including its consular activities, such as recognizing births and deaths, dealing with Mexican citizens who have been incarcerated or jailed and the issuing of travel documents. We found more than a thousand highly sensitive identity documents of primarily Mexican citizens and diplomats -- including scans of passports, visas, birth certificates and more -- but also some Guatemalan citizens. Several documents contained scans of the front and back of payment cards. The stolen data also included dozens of letters granting diplomatic rights, privileges and immunities to embassy staff.Read Replies (0)
By BeauHD from Slashdot's call-to-action department
Larry Sanger, American internet project developer and co-founder of Wikipedia, argues in a blog post that vendors must start adding physical on/off switches to webcams, smartphone cameras/mics, and other devices that spy on us. He writes: Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not -- not a physical switch you can press or slide. The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine. But a cover doesn't cover up the microphone, which could be turned on without your knowledge.
< article continued at Slashdot's call-to-action department
>Read Replies (0)
By BeauHD from Slashdot's underestimated-vulnerabilities department
Dan Goodin writes via Ars Technica: A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser. The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It's no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.)
[I]n Page's post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer's system.ini file to a remote server. Page's video shows the file being downloaded with Edge. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page wrote. "Example, a request for 'c:Python27NEWS.txt' can return version information for that program."Read Replies (0)
By msmash from Slashdot's some-relief department
The New York Metropolitan Transportation Authority has denied suggestions that it's putting facial recognition cameras in the subway, saying that a trick designed to scare fare-dodgers was misinterpreted. From a report: "There is no capability to recognize or identify individuals and absolutely no plan" to do so with NYC subway cameras, says MTA spokesperson Maxwell Young. Young was responding to a photo taken in the Times Square subway station by New York Times analyst Alice Fung, which shows a prominently placed monitor with the words "RECORDING IN PROGRESS" and "Please Pay Your Fare" superimposed on a video feed. "Hey @MTA, who are you sharing the recordings with?" Fung asked. The monitor featured the name Wisenet, a security company that prominently advertises facial recognition capabilities, and the video feed traced squares around subjects' faces.
[...] Young says that the recordings aren't being monitored to identify individuals in the footage, though. "There is absolutely no facial recognition component to these cameras, no facial recognition software, or anything else that could be used to automatically identify people in any way, and we have no plans to add facial recognition software to these cameras in the future," he tells The Verge. "These cameras are purely for the purpose of deterring fare evasion -- if you see yourself on a monitor, you're less likely to evade the fare."Read Replies (0)
By msmash from Slashdot's pushing-the-limits department
Classic video games are getting a makeover. But it's not big-name game developers making the improvements: it's independent modders. From a report: The technique being used is known as "AI upscaling." In essence, you feed an algorithm a low-resolution image, and, based on training data it's seen, it spits out a version that looks the same but has more pixels in it. Upscaling, as a general technique, has been around for a long time, but the use of AI has drastically improved the speed and quality of results. "It was like witchcraft," says Daniel Trolie, a teacher and student from Norway who used AI to update the visuals of 2002 RPG classic The Elder Scrolls III: Morrowind. "[It] looked like I just downloaded a hi-res texture pack from [game developers] Bethesda themselves."
Trolie is a moderator at the r/GameUpscale subreddit where, along with specialist forums and chat apps like Discord, fans share tips and tricks on how to best use these AI tools. Browsing these forums, it's apparent that the modding process is a lot like restoring old furniture or works of art. It's a job for skilled craftspeople, requiring patience and knowledge. Not every game is a good fit for upscaling, and not every upscaling algorithm produces similar results. Modders have to pick the right tool for the job before putting in hundreds of hours of work to polish the final results. It's a labor of love, not a quick fix.Read Replies (0)
By BeauHD from Slashdot's heightened-oversight department
An anonymous reader quotes a report from Ars Technica: Federal Trade Commission officials are discussing whether to hold Facebook CEO Mark Zuckerberg personally accountable for Facebook's privacy failures, according to reports by The Washington Post and NBC News. Facebook has been trying to protect Zuckerberg from that possibility in negotiations with the FTC, the Post wrote. Federal regulators investigating Facebook are "exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership," the Post reported, citing anonymous sources who are familiar with the FTC discussions. "The discussions about how to hold Zuckerberg accountable for Facebook's data lapses have come in the context of wide-ranging talks between the Federal Trade Commission and Facebook that could settle the government's more than year-old probe," the Post wrote.
According to NBC, FTC officials are "discussing whether and how to hold Facebook Chief Executive Mark Zuckerberg personally accountable for the company's history of mismanaging users' private data." However, NBC said its sources "wouldn't elaborate on what measures are specifically under consideration." According to the Post, one idea raised during the probe "could require [Zuckerberg] or other executives to certify the company's privacy practices periodically to the board of directors." But it's not clear how likely the FTC is to target Zuckerberg in a final settlement, and "Facebook has fought fiercely to shield Zuckerberg as part of the negotiations, one of the sources familiar with the probe said," the Post wrote.Read Replies (0)
By msmash from Slashdot's how-about-that department
A year ago, the French government unveiled its plan to build its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials. That app, named Tchap, is now official for Android handsets and the iPhone. From a report: A web dashboard is also in the works. Only official French government employees can sign-up for an account; however, the French government also open-sourced Tchap's source code on GitHub so other organizations can roll out their own versions of Tchap for internal use as well. Work on the app started in July 2018, and the app itself is based on Riot, a well-known open-source, self-hostable, and secure instant messaging client-server package. The app was officially developed by DINSIC (Interministerial Directorate of Digital and Information System and Communication of the State), under the supervision of ANSSI, France's National Cybersecurity Agency.Read Replies (0)
By BeauHD from Slashdot's internal-prototype department
Instagram's Android code is hiding a design change that hides the number of likes your posts get. "During this test, only the person who shares a post will see the total number of likes it gets," the company says. TechCrunch reports on the seemingly small design change test and the massive potential impact it'll have on users' well-being: Hiding Like counts could reduce herd mentality, where people just Like what's already got tons of Likes. It could reduce the sense of competition on Instagram, since users won't compare their own counts with those of more popular friends or superstar creators. And it could encourage creators to post what feels most authentic rather than trying to rack up Likes for everyone to see.
You can see [in a leaked screenshot] on the left that the Instagram feed post lacks a Like count, but still shows a few faces and a name of other people who've Liked it. Users are alerted that only they will see their post's Like counts, and anyone else won't. Many users delete posts that don't immediately get "enough" Likes or post to their fake "Finstagram" accounts if they don't think they'll be proud of the hearts they collect. Hiding Like counts might get users posting more because they'll be less self-conscious. It appears there's no plan to hide follower counts on user profiles, which are the true measure of popularity, but also serve a purpose of distinguishing great content creators and assessing their worth to marketers. Hiding Likes could just put more of a spotlight on follower and comment counts. And even if users don't see Like counts, they still massively impact the feed's ranking algorithm, so creators will still have to battle for them to be seen.Read Replies (0)
By BeauHD from Slashdot's digital-privacy department
An anonymous reader quotes a report from Forbes: In a major win for digital privacy, Utah became the first state in the nation to ban warrantless searches of electronic data. Under the Electronic Information or Data Privacy Act (HB 57), state law enforcement can only access someone's transmitted or stored digital data (including writing, images, and audio) if a court issues a search warrant based on probable cause. Simply put, the act ensures that search engines, email providers, social media, cloud storage, and any other third-party "electronic communications service" or "remote computing service" are fully protected under the Fourth Amendment (and its equivalent in the Utah Constitution).
HB 57 also contains provisions that promote government transparency and accountability. In most cases, once agencies execute a warrant, they must then notify owners within 14 days that their data has been searched. Even more critically, HB 57 will prevent the government from using illegally obtained digital data as evidence in court. In a concession to law enforcement, the act will let police obtain location-tracking information or subscriber data without a warrant if there's an "imminent risk" of death, serious physical injury, sexual abuse, livestreamed sexual exploitation, kidnapping, or human trafficking. Backed by the ACLU of Utah and the Libertas Institute, the act went through five different substitute versions before it was finally approved -- without a single vote against it -- last month. HB 57 is slated to take effect in mid-May.Read Replies (0)
By msmash from Slashdot's improving-security department
By msmash from Slashdot's moving-forward department
By msmash from Slashdot's privacy-woes department
Records for potentially tens of thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday. From a report: The 4.91 million documents included patients' names, as well as details of the treatments they received, according to Justin Paine, the researcher. Each patient had multiple records in the database, and Paine estimates that the records may cover about 145,000 patients. Paine notified the main treatment center, as well as the website hosting company, when he discovered the database. The data has since been made unavailable to the public. Paine found the data by typing keywords into the Shodan search engine that indexes servers and other devices that connect to the internet.
"Given the stigma that surrounds addiction this is almost certainly not information the patients want easily accessible," Paine said in a blog post that he shared with CNET ahead of publication. Paine hunts for unsecured databases in his free time. His day job is head of trust and safety at web security company Cloudflare. The find is the latest example of a widespread problem: Any organization can easily store customer data on cloud-based services now, but few have the expertise to set them up securely. As a result, countless unsecured databases sit online and can be found by anyone with a few search skills. Many of those databases are full of sensitive personal data.Read Replies (0)