Slashdot Mirror

Tuesday's hearing was meant to examine the rise of white nationalism and white supremacy and the role social media plays in its spread. Then the comments got hijacked. From a report: YouTube moderators disabled comments on livestreams of the House Judiciary Committee's hearing about hate crimes the rise of white nationalism on Tuesday, deeming them too hateful for the platform. The comment sections quickly flooded with hate speech and white nationalist memes before the hearing had even started. The comments included derogatory remarks about women on camera, anti-Semitic slurs, far-right memes with references to "white genocide," and pro-Trump slogans. The channels' comments sections were deactivated within an hour. [...] YouTube's disabling of comments is ironic: House Judiciary Committee Chair Jerrold Nadler, a Democrat from New York, made special reference in his opening statement of the role social media platforms play in spreading hate speech and extremism in his opening statement.

An anonymous reader shares a report: In March 2017, President Trump issued an executive order expediting the deployment of biometric verification of the identities of all travelers crossing its borders. That mandate stipulates facial recognition identification for "100 percent of all international passengers," including American citizens, in the top 20 US airports by 2021. Now, the United States Department of Homeland Security is rushing to get those systems up and running at airports across the country. But it's doing so in the absence of proper vetting, regulatory safeguards, and what some privacy advocates argue is in defiance of the law.

According to 346 pages of as-yet-unpublished documents obtained by the nonprofit research organization Electronic Privacy Information Center, US Customs and Border Protection is scrambling to implement this "biometric entry-exit system," with the goal of using facial recognition technology on travelers aboard 16,300 flights per week -- or more than 100 million passengers traveling on international flights out of the United States -- in as little as two years, to meet Trump's accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.

These same documents state -- explicitly -- that there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it. It was only during a data privacy meeting last December that CBP made a sharp turn and limited participating companies from using this data. But it is unclear to what extent it has enforced this new rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies and third-party firms are, but it did say that the agency "retains photos ... for up to 14 days" of non-US citizens departing the country, for "evaluation of the technology" and "assurance of the accuracy of the algorithms" -- which implies such photos might be used for further training of its facial matching AI.

Last May, Facebook promised to launch a "Clear History" feature that it said would give users more control over their data. 9 months later it's nowhere to be found and now a report claims that it's a key example of the company's "reactionary" way of dealing with privacy concerns. From a report: Thus far, Facebook's public discussions of Clear History appear to have been more about communications strategy than charting a new course. In a Facebook post looking back on 2018, Zuckerberg pointed to the tool as one that would "give people more transparency" while Sandberg highlighted it to show Facebook's willingness to change during a speech at the World Economic Forum in Davos, Switzerland, last month.

Still, nine months after its initial announcement, Clear History is nowhere to be found. "We want to make sure this works the way it should for everyone on Facebook, which is taking longer than expected," the company said in a statement to BuzzFeed News. It's unclear if new high-profile hires, like Nate Cardozo (formerly of EFF) and Robyn Greene (formerly of New America's Open Technology Institute), will work with Facebook's new privacy unit or if they will be involved with Clear History. It has reached out to groups like Access Now, the Electronic Frontier Foundation (EFF), and the Center for Democracy and Technology (CDT), as well as academics. Sources confirmed that CDT and EFF were advising Facebook on its Clear History tool, but could not disclose specifics of their meetings due to nondisclosure agreements. Access Now's Masse confirmed Facebook had reached out on a number of issues, including Clear History, in the last few months, but called the conversations "punctual and limited." "Despite repeated statements and apologies from the company, we are not seeing a shift in Facebook data practices or an attitude that would suggest that they take data protection seriously," she said.

Last May, Facebook promised to launch a "Clear History" feature that it said would give users more control over their data. 9 months later it's nowhere to be found and now a report claims that it's a key example of the company's "reactionary" way of dealing with privacy concerns. From a report: Thus far, Facebook's public discussions of Clear History appear to have been more about communications strategy than charting a new course. In a Facebook post looking back on 2018, Zuckerberg pointed to the tool as one that would "give people more transparency" while Sandberg highlighted it to show Facebook's willingness to change during a speech at the World Economic Forum in Davos, Switzerland, last month.

Still, nine months after its initial announcement, Clear History is nowhere to be found. "We want to make sure this works the way it should for everyone on Facebook, which is taking longer than expected," the company said in a statement to BuzzFeed News. It's unclear if new high-profile hires, like Nate Cardozo (formerly of EFF) and Robyn Greene (formerly of New America's Open Technology Institute), will work with Facebook's new privacy unit or if they will be involved with Clear History. It has reached out to groups like Access Now, the Electronic Frontier Foundation (EFF), and the Center for Democracy and Technology (CDT), as well as academics. Sources confirmed that CDT and EFF were advising Facebook on its Clear History tool, but could not disclose specifics of their meetings due to nondisclosure agreements. Access Now's Masse confirmed Facebook had reached out on a number of issues, including Clear History, in the last few months, but called the conversations "punctual and limited." "Despite repeated statements and apologies from the company, we are not seeing a shift in Facebook data practices or an attitude that would suggest that they take data protection seriously," she said.

An anonymous reader quotes a report from BuzzFeed News: A viral photo showing a camera in a Singapore Airlines in-flight TV display recently caused an uproar online. The image was retweeted hundreds of times, with many people expressing concern about the privacy implications. As it turns out, some seat-back screens in American Airlines' premium economy class have them, too. Sri Ray was aboard an American Airlines Boeing 777-200 flight to Tokyo in September 2018 when he noticed something strange: a camera embedded in the seat back of his entertainment system. The cameras are also visible in this June 2017 review of the airline's premium economy offering by the Points Guy, as well as this YouTube video by Business Traveller magazine.

American Airlines spokesperson Ross Feinstein confirmed to BuzzFeed News that cameras are present on some of the airlines' in-flight entertainment systems, but said "they have never been activated, and American is not considering using them." Feinstein added, "Cameras are a standard feature on many in-flight entertainment systems used by multiple airlines. Manufacturers of those systems have included cameras for possible future uses, such as hand gestures to control in-flight entertainment." After Twitter user Vitaly Kamluk saw a similar lens on Singapore Airlines and tweeted photos of the system last week, the airline responded from its official Twitter account, saying the cameras were "disabled." Still, the airlines could quell passengers' concerns by covering the lenses with a plastic cover, if indeed there is no use for the camera.

An anonymous reader quotes a report from BuzzFeed News: Family Tree DNA, one of the largest private genetic testing companies whose home-testing kits enable people to trace their ancestry and locate relatives, is working with the FBI and allowing agents to search its vast genealogy database in an effort to solve violent crime cases, BuzzFeed News has learned. Federal and local law enforcement have used public genealogy databases for more than two years to solve cold cases, including the landmark capture of the suspected Golden State Killer, but the cooperation with Family Tree DNA and the FBI marks the first time a private firm has agreed to voluntarily allow law enforcement access to its database. While the FBI does not have the ability to freely browse genetic profiles in the library, the move is sure to raise privacy concerns about law enforcement gaining the ability to look for DNA matches, or more likely, relatives linked by uploaded user data.

The Houston-based company, which touts itself as a pioneer in the genetic testing industry and the first to offer a direct-to-consumer test kit, disclosed its relationship with the FBI to BuzzFeed News on Thursday, saying in a statement that allowing access "would help law enforcement agencies solve violent crimes faster than ever." While Family Tree does not have a contract with the FBI, the firm has agreed to test DNA samples and upload the profiles to its database on a case-by-case basis since last fall, a company spokesperson told BuzzFeed News. Its work with the FBI is "a very new development, which started with one case last year and morphed," she said. To date, the company has cooperated with the FBI on fewer than 10 cases. The Family Tree database is free to access and can be used by anyone with a DNA profile to upload, not just paying customers.

Apple said Friday morning that it had a fix for a bug discovered in Apple's video and audio chat service FaceTime this week, which had allowed callers to access the microphone and front-facing video camera of the person they were calling, even if that person hadn't picked up. The security issue is fixed on its servers, the company said, but the iPhone software update to re-enable the feature for users won't be rolled out until next week. From a report: "We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," Apple said in an emailed statement to BuzzFeed News. "We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process."

India's government wants to make it mandatory for platforms like Facebook, WhatsApp, Twitter, and Google, to remove content it deems "unlawful" within 24 hours of notice, and create "automated tools" to "proactively identify and remove" such material. From a report: It also wants tech companies to build in a way to trace the source of the content, which would require platforms like WhatsApp to break end-to-end encryption. India's Ministry of Electronics and Information Technology (MeitY) published [PDF] the proposed rules on its website following a report on Monday by The Indian Express revealing the government's proposal to modify the country's primary IT law to work them in. The report comes days after India's government seemingly authorized 10 federal agencies to snoop into every computer in the country last week. The proposed measures have provoked concerns from privacy activists who claim they would threaten free speech and enable mass surveillance.

[...] If India does work these rules into its IT law, it would have precedent: Earlier this month, Australia passed a controversial encryption bill that would require technology companies to give law enforcement agencies access to encrypted communications, saying that it was essential to stop terrorists and criminals who rely on secure messaging apps to communicate.

India's government wants to make it mandatory for platforms like Facebook, WhatsApp, Twitter, and Google, to remove content it deems "unlawful" within 24 hours of notice, and create "automated tools" to "proactively identify and remove" such material. From a report: It also wants tech companies to build in a way to trace the source of the content, which would require platforms like WhatsApp to break end-to-end encryption. India's Ministry of Electronics and Information Technology (MeitY) published [PDF] the proposed rules on its website following a report on Monday by The Indian Express revealing the government's proposal to modify the country's primary IT law to work them in. The report comes days after India's government seemingly authorized 10 federal agencies to snoop into every computer in the country last week. The proposed measures have provoked concerns from privacy activists who claim they would threaten free speech and enable mass surveillance.

[...] If India does work these rules into its IT law, it would have precedent: Earlier this month, Australia passed a controversial encryption bill that would require technology companies to give law enforcement agencies access to encrypted communications, saying that it was essential to stop terrorists and criminals who rely on secure messaging apps to communicate.

The New York Times obtained hundreds of pages of Facebook documents which were generated in 2017 that show that the social network considered these companies business partners and effectively exempted them from its privacy rules. From a report: Facebook allowed Microsoft's search engine Bing to see the names of nearly all users' friends without their consent, let Spotify, Netflix, and the Royal Bank of Canada read, write, and delete users' private messages, and see participants on a thread, allowed Amazon to get users' names and contact information through their friends, and let Yahoo view streams of friends' posts "as recently as this summer" despite publicly claiming it had stopped sharing such information a year ago, the report said. Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month.

The records also show that Russian search giant Yandex, which was accused last year by Ukraine's security service for giving user data to Kremlin, also had access to Facebook's unique user IDs in 2017. A Yandex spokeswoman told the Times that the company was unaware of the access to user data provided by Facebook. Yandex did not immediately respond to BuzzFeed News' request for comment. In response to the report, Steve Satterfield, Facebook's Director of Privacy and Public Policy defended the actions of the social network.

An anonymous reader quotes a report from The New York Times: You might guess that a surefire way to make a hit video on YouTube would be to gather a bunch of YouTube megastars, film them riffing on some of the year's most popular YouTube themes and release it as a year-in-review spectacular. You would be wrong. YouTube tested that theory this week, releasing its annual "YouTube Rewind" year-end retrospective. The eight-minute video was a jam-packed montage of YouTube meta-humor, featuring a who's-who of YouTube stars along with conventional celebrities. The video was slickly produced and wholesome, with lots of references to the popular video game Fortnite, shout-outs to popular video formats, and earnest paeans to YouTube's diversity and inclusiveness. It was meant to be a feel-good celebration of a year's worth of YouTube creativity, but the video started a firestorm, and led to a mass-downvoting campaign that became a meme of its own. Within 48 hours, the video had been "disliked" more than four million times. On Thursday, it became the most-disliked video in the history of the website, gathering more than 10 million dislikes and beating out the previous record-holder, the music video for Justin Bieber's "Baby."

The issue that upset so many YouTube fans, it turns out, was what the Rewind video did not show. Many of the most notable YouTube moments of the year -- such as the August boxing match between KSI and Logan Paul, two YouTube stars who fought in a highly publicized spectacle watched by millions -- went unmentioned. And some prominent YouTubers were absent, including Felix Kjellberg, a.k.a. "PewDiePie," one of the most popular creators in YouTube's history, who had appeared in the Rewind videos as recently as 2016. Some YouTubers enjoyed the video. But to many, it felt like evidence that YouTube the company was snubbing YouTube the community by featuring mainstream celebrities in addition to the platform's homegrown creators, and by glossing over major moments in favor of advertiser-friendly scenes. The Times says the Rewind controversy "is indicative of a larger issue at YouTube, which is trying to promote itself as a bastion of cool, inclusive creativity while being accused of radicalizing a generation of young people by pushing them toward increasingly extreme content, and allowing reactionary cranks and conspiracy theorists to dominate its platform."

"But people like Mr. Kjellberg and Mr. Paul -- stars who rose to prominence through YouTube, and still garner tens of millions of views every month -- remain in a kind of dysfunctional relationship with the platform. YouTube doesn't want to endorse their behavior in its official promotions, but it doesn't want to alienate their large, passionate audiences, either," reports the NYT. "And since no other platform can rival the large audiences and earning potential YouTube gives these creators, they are stuck in a kind of unhappy purgatory -- making aggrieved videos about how badly YouTube has wronged them, while also tiptoeing to avoid crossing any lines that might get them barred, or prevent them from making money from their videos." This tension is at the heart of the controversy over YouTube Rewind.

"A YouTube recap that includes only displays of tolerance and pluralism is a little like a Weather Channel highlight reel featuring only footage of sunny days -- it might be more pleasant to look at, but it doesn't reflect the actual weather..."

A day after hosting a pop-up store in New York City's Bryant Park to explain how privacy is the "foundation of the company," Facebook disclosed that a security flaw potentially exposed the public and private photos of as many as 6.8 million users to developers. From a report: On Friday, the Menlo Park, California-based company said in a blog post that it discovered a bug in late September that gave third-party developers the ability to access users' photos, including those that had been uploaded to Facebook's servers but not publicly shared on any of its services. The security flaw, which exposed photos for 12 days between Sept. 13 and Sept. 25, affected up to 1,500 apps from 876 developers, according to Facebook.

"We're sorry this happened," Facebook said in the post. "Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users." Facebook has not yet responded to questions about whether company representatives staffing its privacy pop-ups yesterday were aware of this security flaw as they were meeting with reporters and customers to discuss privacy. Further reading: Facebook's lead EU regulator opens probe into data breach.

Facebook has filed several patent applications with the U.S. Patent and Trademark Office for technology that uses your location data to predict where you're going and when you're going to be offline. BuzzFeed News reports: A May 30, 2017, Facebook application titled "Offline Trajectories" describes a method to predict where you'll go next based on your location data. The technology described in the patent would calculate a "transition probability based at least in part on previously logged location data associated with a plurality of users who were at the current location." In other words, the technology could also use the data of other people you know, as well as that of strangers, to make predictions. If the company could predict when you are about to be in an offline area, Facebook content "may be prefetched so that the user may have access to content during the period where there is a lack of connectivity."

Another Facebook patent application titled "Location Prediction Using Wireless Signals on Online Social Networks" describes how tracking the strength of Wi-Fi, Bluetooth, cellular, and near-field communication (NFC) signals could be used to estimate your current location, in order to anticipate where you will go next. This "background signal" information is used as an alternative to GPS because, as the patent describes, it may provide "the advantage of more accurately or precisely determining a geographic location of a user." The technology could learn the category of your current location (e.g., bar or gym), the time of your visit to the location, the hours that entity is open, and the popular hours of the entity.

Yet another Facebook patent application, "Predicting Locations and Movements of Users Based on Historical Locations for Users of an Online System," further details how location data from multiple people would be used to glean location and movement trends and to model location chains. According to the patent application, these could be used for a "variety of applications," including "advertising to users based on locations and for providing insights into the movements of users." The technology could even differentiate movement trends among people who live in a city and who are just visiting a city. A Facebook spokesperson said in a statement: "We often seek patents for technology we never implement, and patent applications -- such as this one -- should not be taken as an indication of future plans."

Gmail users are reporting that promotional emails (meant to showcase deals, offers, and other marketing emails) from companies are ending up in their main "Primary" inbox (meant for person-to-person conversations and messages that don't appear in other tabs.). The company says it is working on a fix. From a report: Google told BuzzFeed News it's working on a fix, but it did not specify when users should expect inboxes to go back to normal. In a statement, a spokesperson said, "We are aware of an issue in Gmail causing certain promotional email to be incorrectly categorized. We are rolling out a fix shortly."

Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community.

Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community.

Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community.

Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

An anonymous reader quotes a report from BuzzFeed News: Facebook has submitted a patent application for technology that would predict who your family and other household members are, based on images and captions posted to Facebook, as well as your device information, like shared IP addresses. The application, titled "Predicting household demographics based on image data," was originally filed May 10, 2017, and made public today. The system Facebook proposes in its patent application would use facial recognition and learning models trained to understand text to help Facebook better understand whom you live with and interact with most. The technology described in the patent looks for clues in your profile pictures on Facebook and Instagram, as well as photos of you that you or your friends post.

It would note the people identified in a photo, and how frequently the people are included in your pictures. Then, it would assess information from comments on the photos, captions, or tags (#family, #mom, #kids) -- anything that indicates whether someone is a husband, daughter, cousin, etc. -- to predict what your family/household actually looks like. According to the patent application, Facebook's prediction models would also analyze "messaging history, past tagging history, [and] web browsing history" to see if multiple people share IP addresses (a unique identifier for every internet network). A Facebook spokesperson said in response to the story, "We often seek patents for technology we never implement, and patents should not be taken as an indication of future plans."

In response to a story about Google paying and protecting former executive Andy Rubin following an investigation into sexual misconduct, a group of 200 Google employees are organizing a "women's walk." From a report: A group of more than two hundred engineers at Google are organizing a company-wide "women's walk" walkout for later this week to protest recent revelations about the search giant's protection of employees that had allegedly engaged in sexual misconduct, according to four people familiar with the situation inside Google. The protest, which is expected to happen on Thursday, comes in light of a story by the New York Times last week into the misbehavior of Android creator Andy Rubin and other executives at the company, some of whom still have positions of prominence at Google. Google gave Rubin a reported $90 million exit package in 2014, following an investigation into an allegation that he had coerced another employee to perform oral sex on him. That investigation reportedly found that allegation to be credible.

Both Amazon and Apple are taking retributive measures against Bloomberg, which in a report earlier this month alleged that some motherboards used by these companies were hacked by China. From a report: Amazon pulled its fourth quarter advertisements on Bloomberg's website, a move some within the media giant think is retribution for its controversial story alleging that Chinese spies hacked into the online retailer's servers. According to a source in position to know, Amazon's digital media buyer, Initiative, informed Bloomberg's sales staff on October 16 that it would cancel its ad buys for the fourth quarter due to budget cuts. Internally, the source said, the staff received that decision, made only eight days after a previous communication with Initiative confirming that the ads would run, as a direct response to Amazon's displeasure over the October 4 story. (Amazon announced Thursday that its marketing expenses for Q3 2018 were 3.3 billion dollars, up more than 800 million dollars from the year before.) [...] According to multiple sources, Bloomberg was not invited to Apple's fall product event next week in Brooklyn. Further reading: In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story.

A new investigation uncovers a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids. From a report: Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off. "I did a little bit of digging because I was a little sketched out because I couldn't really find even that the company existed," Schoen told BuzzFeed News. The We Purchase Apps website listed a location in New York, but the address appeared to be a residence. "And their phone number was British. It was just all over the place," Schoen said. It was all a bit weird, but nothing indicated he was about to see his app end up in the hands of an organization responsible for potentially hundreds of millions of dollars in ad fraud, and which has funneled money to a cabal of shell companies and people scattered across Israel, Serbia, Germany, Bulgaria, Malta, and elsewhere.

Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin. "I would say it was more than I had expected," Schoen said of the price. That helped convince him to sell. A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.) The Google Play store pages for these apps were soon changed to list four different companies as their developers, with addresses in Bulgaria, Cyprus, and Russia, giving the appearance that the apps now had different owners.

But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.)

One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app's human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News' request. This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. Response from Google.

A group of twentysomethings leveraged their huge YouTube audiences and actually won seats in Brazil's federal and state elections. What happens next is anyone's guess. Ryan Broderick, writing for BuzzFeed News: Kim Kataguiri is known in Brazil for a lot of things. He's been called a fascist. He's been called a fake news kingpin. Is he a YouTuber? He definitely uses YouTube. He's definitely a troll. A troll with a consistent message, though, he points out. Maybe he's Brazil's equivalent of Milo Yiannopoulos. His organization, Movimento Brasil Livre (MBL) -- the Free Brazil Movement -- is like the Brazilian Breitbart. Or maybe it's like the American tea party. Maybe it's both. Is it a news network? Kataguiri says it isn't. But it's not a political party, either. He says MBL is just a bunch of young people who love free market economics and memes. One thing is very clear: His YouTube channel, the memes, the fake news, and MBL's army of supporters have helped Kataguiri, 22, become the youngest person ever elected to Congress in Brazil. He's also trying to become Brazil's equivalent of speaker of the House.

[...] Kataguiri's political awakening is a textbook example of the way algorithms beget more algorithms. During his last year of high school, his teacher started a debate about welfare programs in Brazil. So Kataguiri started googling. He discovered Ron Paul and the Brazilian libertarian YouTuber Daniel Fraga. "Then I did a video to my teacher and my friends at school to talk about what I had found out," Kataguiri says. "There was one problem: I posted this video on YouTube. So it was public and it went viral." He says people kept asking for more videos, but he didn't know anything. So he went back to googling, and then made more videos about what he learned.

John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that the company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create "a stealth doorway" into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. [...] "We turned the company upside down," Cook said. "Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this." A Bloomberg spokesperson said, "We stand by our story and are confident in our reporting and sources."

Apple will hold its next big product announcement in New York later this month, the company said today. BuzzFeed News: It's the first time Apple, which usually holds these events in the Bay Area, will roll out new devices in New York City. It'll happen at the Brooklyn Academy of Music, on October 30. The company is widely expected to refresh its iPad and possibly the MacBook Air lineups at the event.

An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network [alternative source], the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert. The company said the FBI is actively investigating the hack, and asked Facebook not to disclose any potential culprits. From a report: Through a series of interrelated bugs in Facebook's programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses. An additional 14 million users were affected more deeply, by having additional details taken related to their profiles such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow. Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in. The bugs that allowed the attack to occur gave hackers the ability to effectively take over Facebook accounts on a widespread basis, Facebook said when it disclosed the breach. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform's "View As" feature to gain access to other users' profiles.

Google on Tuesday unveiled the Pixel 3 and Pixel 3 XL, its latest flagship Android smartphones. "For life on the go, we designed the world's best camera and put it in the world's most helpful phone," said Google's hardware chief Rick Osterloh. From a report: The Pixel 3 starts at $799 for 64GB, with the 3 XL costing $899. Add $100 to either for the 128GB storage option. Core specs for both include a Snapdragon 845, 4GB RAM (there's no option for more), Bluetooth 5.0, and front-facing stereo speakers. Also inside is a new Titan M security chip, which Google says provides "on-device protection for login credentials, disk encryption, app data, and the integrity of the operating system." Preorders for both phones begin today, and buyers will get six months of free YouTube Music service.

The Pixel 3 and 3 XL both feature larger screens than last year's models thanks to slimmed down bezels -- and the controversial notch in the case of the bigger phone. The 3 XL has a 6.3-inch display (up from six inches on the 2 XL), while the regular 3 has a 5.5-inch screen (up from five inches). Overall, though, the actual phones are very similar in size and handling to their direct predecessors. Google has stuck with a single rear 12.2-megapixel camera on both phones, continuing to resist the dual-camera industry trend. But it's a different story up front. Both the Pixel 3 and 3 XL have two front-facing cameras; one of them offers a wider field of view for getting more people or a greater sense of your surroundings into a selfie. [...] A new Top Shot option will select the best image from a burst series of shots. Like Samsung's Galaxy Note 9, it will weed out pictures that are blurry or snaps where someone blinked. Super Res Zoom uses multiple frames and AI to deliver a sharper final photo even without optical zoom. There's another interesting feature on the new Pixel handsets: To help you avoid calls from scammers, Google is adding Call Screen to the Pixel, a new option that appears when you receive a phone call. Whenever someone calls you, you can tap a "Screen call" button, and a robot voice will pick up. "The person you're calling is using a screening service, and will get a copy of this conversation. Go ahead and say your name, and why you're calling," the Google bot will say. As the caller responds, the digital assistant will transcribe the caller's message for you. If you need more information, you can use one of the feature's canned responses, which include, "Tell me more," and "Who is this?" There is an accept and reject call button that's on-screen, so you can hang up or take the call at any time.

An anonymous reader quotes a report from BuzzFeed News: Multiple senior Apple executives, speaking with BuzzFeed News on the condition of anonymity so that they could speak freely all denied and expressed confusion with a report earlier this week that the company's servers had been compromised by a Chinese intelligence operation. On Thursday morning, Bloomberg Businessweek published a bombshell investigation. The report -- the result of more than a year of reporting and over 100 interviews with intelligence and company sources -- alleged that Chinese spies compromised and infiltrated almost 30 U.S. companies including Apple and Amazon by embedding a tiny microchip inside company servers. Both Amazon and Apple issued uncharacteristically strong and detailed denials of Bloomberg's claims.

Reached by BuzzFeed News multiple Apple sources -- three of them very senior executives who work on the security and legal teams -- said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them. A senior security engineer directly involved in Apple's internal investigation described it as "endoscopic," noting they had never seen a chip like the one described in the story, let alone found one. "I don't know if something like this even exists," this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. "We were given nothing. No hardware. No chips. No emails." Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation -- Bloomberg wrote that Apple "reported the incident to the FBI." A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person's purview and responsibilities are of such a high level that it's unlikely they would not have been aware of government outreach.

An anonymous reader quotes a report from BuzzFeed News: Apple's Safari, one of the internet's most popular web browsers, has been surfacing debunked conspiracies, shock videos, and false information via its "Siri Suggested Websites" feature. Such results raise questions about the company's ability to monitor for low-quality information, and provide another example of the problems platforms run into when relying on algorithms to police the internet. As of yesterday, if you typed "Pizzagate" into Apple's Safari, the browser's "Siri Suggested Website" prominently offered users a link to a YouTube video with the title "PIZZAGATE, BIGGEST SCANDAL EVER!!!" by conspiracy theorist David Seaman (the video doesn't play, since Seaman's channel was taken down for violating YouTube's terms of service). The search results appeared on multiple versions of Safari. Apple removed all examples of the questionable Siri Suggested sites provided to it by BuzzFeed News.

[W]hen BuzzFeed News entered incomplete search terms that might suggest contentious or conspiratorial topics (as shown below), the search algorithms directed us toward low-quality websites, message boards, or YouTube conspiracy videos rather than reliable information or debunks about those topics. Meanwhile, Google does not feature such unreliable pages in its top search results. Those suggested results matter since Safari is one of the internet's most popular web browsers -- some estimates suggest it has captured over 10% of the browser market share. The poor suggestions may be a result of a "data void," which is "what happens when a term doesn't have 'natural informative results' and manipulators seize upon it," reports BuzzFeed. "Many of the sites surfaced by the Siri Suggested feature came from conspiracy or junk sites hastily assembled to fill that void."

In a statement, Apple said: "Siri Suggested Websites come from content on the web and we provide curation to help avoid inappropriate sites. We also remove any inappropriate suggestions whenever we become aware of them, as we have with these. We will continue to work to provide high-quality results and users can email results they feel are inappropriate to applebot@apple.com."

An anonymous reader shares a report: The Billboard charts have long been the gold standard by which musicians measure their success, but as recent tantrums by the likes of Nicki Minaj have highlighted, the rising influence of streaming services is upending that model -- and giving die-hard fans a way to manipulate the data. A recent release by the Korean pop group BTS prompted its superfandom, millions strong across the globe, to do just that by launching a sophisticated campaign to make sure the boy band reached No. 1.

The strategy employed by the so-called BTS Army went largely like this: Fans in the US created accounts on music streaming services to play BTS's music and distributed the account logins to fans in other countries via Twitter, email, or the instant messaging platform Slack. The recipients then streamed BTS's music continuously, often on multiple devices and sometimes with a virtual private network (VPN), which can fake, or "spoof," locations by rerouting a user's traffic through several different servers across the world. Some fans will even organize donation drives so other fans can pay for premium streaming accounts.

"Superfans of pop acts have long been doing this sort of thing," said Mark Mulligan, managing director of the digital media analysis company MIDIA Research. "But if a superfan has decided to listen nonstop to a track, is that fake? If so, how many times do they have to listen to a track continuously before it is deemed 'fake'?" One BTS fan group claimed it distributed more than 1,000 Spotify logins, all to make it appear as though more people in the US were streaming BTS's music and nudge their album Love Yourself: Tear up the Spotify chart, which in turn factors into Billboard's metrics.

The proliferation of affordable smartphones, dwindling data prices, and apps and services that are designed to work swiftly on such patchy infrastructure have changed how people in developing markets marred with poor literacy level such as India communicate, do business, and get their education. But it has also come at a cost. In the recent months we have learned about Facebook's struggle to contain violence in Myanmar, BuzzFeed News has a chilling story on how rumors circulated through WhatsApp, which is also owned by Facebook, are causing real violence in India, the world's second largest internet market. From the report: WhatsApp, a Facebook-owned messaging service, is used by more than 200 million people in India, its largest market. It's become an inextricable part of the country's culture and social fabric, widely used by younger and older generations alike. It's one of Facebook CEO Mark Zuckerberg's crown jewels, an app he acquired for $19 billion in 2014 that began as a messaging platform but is now evolving into something more, with a new payments feature already being tested in India.

Lately, however, WhatsApp has been getting Indians killed. In June, rumors about child kidnappers shared on the service inspired a mob of hundreds to lynch a 29-year-old man and his friend who were passing through a village in Karbi Anglong, a district in the eastern part of the country. In July, two weeks after the Rainpada incident, hundreds of people hurled stones at an IT worker who was visiting the South Indian village of Murki, killing him. Since May, there have been at least 16 lynchings leading to 29 deaths in India where public officials say mobs were incited by misinformation on WhatsApp. As Facebook wrangles an ongoing crisis of public confidence over its role in spreading misinformation throughout the 2016 US presidential election, the company is grappling with a different kind of problem in places like Rainpada, where its products have abetted flesh-and-blood harm. In attempting to fulfill Facebook's current mission -- to "give people the power to build community and bring the world closer together" -- Zuckerberg and his team of Silicon Valley-based executives failed to foresee its malignant applications: misinformation, propaganda, rumor, hate.

More than a dozen tech NGOs and human rights groups have issued an open letter calling on Google to stop work on a censored search engine project in China. From a report: Organizations including Amnesty International, Human Rights Watch, the Electronic Frontier Foundation, Access Now and others released the letter to Google CEO Sundar Pichai on Tuesday, saying the tech giant's plans to release a censored version of its search engine app to users in China represent an "alarming capitulation by Google on human rights." The project, dubbed Dragonfly, was first reported by The Intercept earlier this month. According to audio of a staff meeting, obtained by the New York Times, Pichai said that "if we were to do our mission well, we are to think seriously about how to do more in China. However, he went on to say that Google was "not close to launching a search product in China."

Another spate of high-profile and provocative psychology studies have failed to replicate, dealing blows to the theories that fiction makes readers empathetic, for example, or that the internet makes us dumber. From a report: At a time when psychology researchers are increasingly concerned about the rigor of their field, five laboratories set out to repeat 21 influential studies. Experiments in just 13 of those papers -- or 62% -- held up, according to an analysis published Monday. The eight papers that did not fully replicate -- seven in Science, one in Nature -- have been cited hundreds of times in scientific literature and many were widely covered by the media.

Failing to replicate isn't definitive proof that a finding is false, particularly in cases where other studies support the same general idea. And some scientists told BuzzFeed News they do not agree with how the replications were done. Still, the new findings are part of an overwhelming, and troubling, trend. The so-called reproducibility crisis has hit research in many fields of science, from artificial intelligence to cancer. Shoddy psychology research has received the most attention, with a 2015 report replicating just 36% of 97 studies. It makes sense that scientists want to publish data that is surprising or counterintuitive. "That's not a bad thing in science, because that's how science breaks boundaries," said Brian Nosek, a University of Virginia psychologist and executive director of the Center for Open Science, which led the replication project. But too few scientists, he said, recognize the inherent uncertainty of their splashy results. "It's okay if some of those turn out to be wrong," he said.

Yesterday, Facebook said it's banning websites that host and share blueprints of 3D-printed guns. "Sharing instructions on how to print firearms using 3D printers is not allowed under our Community Standards," said a spokesperson in an email statement. "In line with our policies, we are removing this content from Facebook." BuzzFeed was first to report the news: The move comes amid a rush by states to block these instructions from being posted. A July settlement between the State Department and Defense Distributed, an open-source organization that created the first completely 3D-printed gun, cleared the way for the group to publish the gun code. However, that was stalled when a federal judge on July 31 granted a temporary nationwide injunction that prevented Defense Distributed from uploading the plans. The injunction prevents Defense Distributed from publishing the plans. But the instructions are widely available online, on sites such as CodeIsFreeSpeech.com -- which hosts plans for parts of an AR-15, a Beretta, and Defense Distributed's Liberator. Attempts to post the site on a user's News Feed, through Facebook's Messenger app, or on Instagram (which Facebook owns) produce a variety of error messages. Other sites that host the files can still be posted through Facebook. Specifically, Facebook says that 3D-printed guns violate the regulated goods section of the social giant's community standards, which limits gun sales and exchanges to licensed dealers.

Facebook bought TBH last October and eventually shut it down, but an internal note, obtained by BuzzFeed News, shows that the company learned a way to target high schoolers through the viral polling app. From a report: When Facebook purchased TBH last October it got more than just a viral polling app that amassed 2.5 million daily users, mostly teens, a few months after launch. The social network also acquired a carefully honed growth strategy targeted toward high school kids. An internal document from Facebook, obtained by BuzzFeed News, shows TBH's leadership explaining a well-tested method the startup used to attract teens at individual high schools to download its app. The note provides a window into Facebook's growth-at-any-costs mentality and the company's efforts to keep a key demographic engaged as its popularity among teens declines and it simultaneously runs out of people in the connected world to bring to its platform. In the confidential memo, TBH's founders told their new colleagues of "a psychological trick" that they employed to acquire teenage users en masse -- a combination of scraping Instagram for high schoolers' accounts, playing to youthful curiosity, and taking advantage of class dismissal hours.

olsmeister writes: A security flaw in the Comcast Xfinity online portal exposed social security numbers and partial home addresses of more than 26.5 million subscribers, according to security researcher Ryan Stevenson. Comcast says the flaws have already been patched and that it currently has no reason to believe that the flaws were ever exploited. BuzzFeed reports of the two vulnerabilities: One of the flaws could be exploited by going to an "in-home authentication" page where customers can pay their bills without signing in. The portal asked customers to verify their account by choosing from one of four partial home addresses it suggested, if the device was (or seemed like it was) connected to the customer's home network. If a hacker obtained a customer's IP address and spoofed Comcast using an "X-forwarded-for" technique, they could repeatedly refresh this login page to reveal the customer's location. That's because each time the page refreshed, three addresses would change, while one address, the correct address, remained the same. Eventually, the page would show the first digit of the street number and first three letters of the correct street name, while asterisks hid the remaining characters. A hacker could then use IP lookup websites to determine the city, state, and postal code of the partial address.

In the second vulnerability that Stevenson discovered, a sign-up page through the website for Comcast's Authorized Dealers (sales agents stationed at non-Comcast retail locations) revealed the last four digits of customers' Social Security numbers. Armed with just a customer's billing address, a hacker could brute-force (in other words, repeatedly try random four-digit combinations until the correct combination is guessed) the last four digits of a customer's Social Security number. Because the login page did not limit the number of attempts, hackers could use a program that runs until the correct Social Security number is inputted into the form. After learning of these vulnerabilities, Comcast disabled in-home authentication and put a strict rate limit on the portal. Here's what a Comcast spokesperson had to say about the matter: "We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers. We take our customers' security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report."

Caroline O'Donovan, reporting for BuzzFeed News: To convince workers to join the unstable and unreliable world of freelance work, startups and platforms often promise freedom and flexibility. But on the digital freelance platform Upwork, company software tracks hundreds of freelancers while they work by saving screenshots, measuring the frequency of their clicks and keystrokes, and even sometimes taking webcam photos of the workers. Upwork, which hosts "millions" of coding and design gigs, guarantees payment for freelancers, even if the clients who hired them refuse to pay. But in order to get the money, freelancers have to agree in advance to use Upwork's digital Work Diary, which counts keystrokes to measure how "productive" they are and takes screenshots of their computer screens to determine whether they're actually doing the work they say they're doing.

Upwork's tracker isn't automatically turned on for all gigs on the platform. Some freelancers like it because it guarantees payment, but others find it unnerving. [...] Upwork maintains that freelancers don't have to use the time tracker if it makes them uncomfortable. [...] But while Work Diary may be opt-in on its surface, Microsoft Research's Mary Gray said freelancers may not feel like they really have a choice.

"BuzzFeed has this story about proposals to make social media bots identify themselves as fake people," writes an anonymous Slashdot reader. "[It's] based on a paper by a law professor and a fellow researcher." From the report: General concerns about the ethical implications of misleading people with convincingly humanlike bots, as well as specific concerns about the extensive use of bots in the 2016 election, have led many to call for rules regulating the manner in which bots interact with the world. "An AI system must clearly disclose that it is not human," the president of the Allen Institute on Artificial Intelligence, hardly a Luddite, argued in the New York Times. Legislators in California and elsewhere have taken up such calls. SB-1001, a bill that comfortably passed the California Senate, would effectively require bots to disclose that they are not people in many settings. Sen. Dianne Feinstein has introduced a similar bill for consideration in the United States Senate.

In our essay, we outline several principles for regulating bot speech. Free from the formal limits of the First Amendment, online platforms such as Twitter and Facebook have more leeway to regulate automated misbehavior. These platforms may be better positioned to address bots' unique and systematic impacts. Browser extensions, platform settings, and other tools could be used to filter or minimize undesirable bot speech more effectively and without requiring government intervention that could potentially run afoul of the First Amendment. A better role for government might be to hold platforms accountable for doing too little to address legitimate societal concerns over automated speech. [A]ny regulatory effort to domesticate the problem of bots must be sensitive to free speech concerns and justified in reference to the harms bots present. Blanket calls for bot disclosure to date lack the subtlety needed to address bot speech effectively without raising the specter of censorship.

Amazon's Prime Day shopping spree offers free, fast shipping -- but experts say there's a hidden environmental cost that doesn't show up on the checkout page. From a report: Expedited shipping means your packages may not be as consolidated as they could be, leading to more cars and trucks required to deliver them, and an increase in packaging waste, which researchers have found is adding more congestion to our cities, pollutants to our air, and cardboard to our landfills. Free and fast shipping has always been a Prime membership's marquee perk -- one that's drawn in over 100 million subscribers who pay $119 annually. A 2017 study by UPS found that nearly all (96%) US customers had made a purchase on a marketplace like Amazon or Walmart, and over half (55%) said free or discounted shipping was the primary reason.

[...] That convenience is encouraging people in the US to buy more, and to make more individual purchases rather than placing a single order for several items. "There are more sales in lower-price products online than there have been in stores," Marshal Cohen, chief industry advisor at the NPD Group, told BuzzFeed News. And all of those transactions are negatively impacting our planet, according to Miguel Jaller, assistant professor of civil and environmental engineering at the University of California, Davis: "People are consuming more. There's more demand created by the availability of these cheap products and cheap delivery options."