Slashdot Mirror

Canada has "no plan" to wire up remote communities that lack high-speed broadband connections, Canada's auditor general said in a scathing report tabled in Parliament on Tuesday. From a report: The report comes just two years after Canadian Prime Minister Justin Trudeau visited Shoal Lake 40 First Nation, an Indigenous community at the border of Manitoba and Ontario, and vowed that his government would work to end the digital divide that leaves rural and remote communities without high-speed internet.

"This report says what we already knew, which is that there is no strategy to bring the rest of Canada online," Laura Tribe, executive director of advocacy group Openmedia, said in a phone call. "What we keep hearing from the government is increasing numbers -- 80 percent, 90 percent -- but until we're at 100 percent, the problem isn't solved."

On Monday, developer Crowbar Collective released the first trailer for Black Mesa: Xen, the final act of its long running remake of Valve's 1998 game Half-Life, which marked its 20-year anniversary on the same day. "The finale of Half-Life put hero Gordon Freeman in an alien world, and Black Mesa: Xen's upgraded graphics and redesign makes the original's muddy palette look vibrant and strange," reports Motherboard. "It looks just as exciting as it did at the time of the original game's release." From the report: When Valve unleashed Half-Life, it changed video games forever. The first person shooter from what was then a relatively unknown company starred a silent scientist beating down alien headcrabs and shooting human Marines in a novel sci-fi adventure. It was a triumph. Shortly after, in 2003, the Crowbar Collective began work on a remake that would come to be known as Black Mesa. Fan communities routinely reimagine their favorite video games, often as modifications, or mods, of the originals. Black Mesa began life as a free mod for Half-Life 2, but grew into a proper remake. Crowbar Collective added new voice work, changed animations, and tweaked the original game in hundreds of ways big and small. Black Mesa: Xen has a target release date of early 2019.

Motherboard staff writer Daniel Oberhaus writes: If I had a single piece of advice for anyone thinking about getting an NFC chip implant it would be to do it sober.... [A]t the urging of everyone at the implant station, the first thing I did with my implant was secure it with a four-digit pin. I hadn't decided what sort of data I wanted to put on the chip, but I sure as hell didn't want someone else to write to my chip first and potentially lock me out. I chose the same pin that I used for my phone so I wouldn't forget it in the morning -- or at least, I thought I did.... I spent most of my first day as a cyborg desperately cycling through the various pin possibilities that made it impossible for me to unlock the NFC chip in my hand and add data to it.
He remained locked out of his own implanted microchip for over a year. But even when he regained access, "a part of me wants to leave it blank. After a year of living with a totally useless NFC implant, I kind of started to like it.

"That small, almost imperceptible little bump on my left hand was a constant reminder that even the most sophisticated and fool-proof technologies are no match for human incompetence."

dmoberhaus writes: NASA's Mars Opportunity rover appeared to briefly make contact with the agency's Deep Space Network on Thursday afternoon after 5 months of silence. In June, a dust storm took Opportunity offline and every attempt to bring the rover back to life has failed. NASA scientists were hoping that seasonal winds that sweep the planet from November to February might blow the dust off of Opportunity's solar panels. Was this the rover's first attempt trying to get back into contact with Earth? Update 11/17/18: No. It turns out that the data received by the Deep Space Network was not from the Opportunity rover. "Today [the Deep Space Network website] showed what looked like a signal from Opportunity," JPL said in a tweet. "As much as we'd like to say this was an #OppyPhoneHome moment, further investigation shows these signals were not an Opportunity transmission. Test data or false positives can make it look like a given spacecraft is active on [the Deep Space Network website]. Our work to reestablish comms continues."

An anonymous reader quotes a report from Motherboard: An open letter to Mark Zuckerberg signed by 86 organizations and published on Tuesday implores Facebook to provide a clear, fast mechanism that allows users to appeal instances of content takedowns and account deactivations. The letter which was spearheaded by the Electronic Frontier Foundation, Article 19, Ranking Digital Rights, and the Center for Democratic Technology (CDT) -- expanded upon the Santa Clara Principles published earlier this year, which called for all social media platforms to improve its transparency and responsiveness to flagged posts and appeals for removed content.

In April of this year, Facebook launched appeals for posts that are removed on grounds nudity, hate speech, or graphic violence. The press release claims that one of Facebook's human content reviewers will review all appeals within 24 hours, and notify users if their appeal has been approved or denied. The open letter to Mark Zuckerberg also requests that all content takedown and deactivation appeals are reviewed by a human moderator, which Facebook claims that it already does. EFF Director of International Freedom of Expression, Jillian York, believes the undercurrent of content moderation on social media is the censorship or restriction of speech towards marginalized groups.

"There are accounts, [and] there is content that is taken down frequently from social media, and we don't hear those stories as much because they're often overshadowed by the pushes for hate speech to come down," York said. "I respect the people doing that work, I think it's really important. But really, the thing about appeals is they work in every case. So if someone breaks the rules for hate speech and they appeal, they're not gonna get their account restored. But if someone who should not have had their account taken down in the first place, appeals are the right solution to that."

Justin Kosslyn, who leads product management at Jigsaw, a unit within Alphabet that builds technology to address global security challenges, writes: The Internet's lack of friction made it great, but now our devotion to minimizing friction is perhaps the internet's weakest link for security. Friction -- delays and hurdles to speed and growth -- can be a win-win-win for users, companies, and security. It is time to abandon our groupthink bias against friction as a design principle. Highways have speed limits and drugs require prescriptions -- rules that limit how fast you can drive a vehicle or access a controlled substance -- yet digital information moves limitlessly. The same design philosophy that accelerated the flow of correspondence, news, and commerce also accelerates the flow of phishing, ransomware, and disinformation.

In the old days, it took time and work to steal secrets, blackmail people, and meddle across borders. Then came the internet. From the beginning, it was designed as a frictionless communication platform across countries, companies, and computers. Reducing friction is generally considered a good thing: it saves time and effort, and in many genuine ways makes our world smaller. There are also often financial incentives: more engagement, more ads, more dollars. But the internet's lack of friction has been a boon to the dark side, too. Now, in a matter of hours a "bad actor" can steal corporate secrets or use ransomware to blackmail thousands of people. Governments can influence foreign populations remotely and at relatively low cost. Whether the threat is malware, phishing, or disinformation, they all exploit high-velocity networks of computers and people.

Jason Koebler writes: "SleepyHead" is a free, open-source, and definitely not FDA-approved piece of software for sleep apnea patients that is the product of thousands of hours of hacking and development by a lone Australian developer named Mark Watkins, who has helped thousands of sleep apnea patients take back control of their treatment from overburdened and underinvested doctors. The software gives patients access to the sleep data that is already being generated by their CPAP machines but generally remains inaccessible, hidden by DRM and proprietary data formats that can only be read by authorized users (doctors) on proprietary pieces of software that patients often can't buy or download. SleepyHead and community-run forums like CPAPtalk.com and ApneaBoard.com have allowed patients to circumvent medical device manufacturers, who would prefer that the software not exist at all. Medical device manufacturers fought in 2015 to prevent an exemption to the Digital Millennium Copyright Act to legalize hacking by patients who wanted to access their own data, but an exemption was granted, legalizing SleepyHead and software like it.

What do Heartbleed, WannaCry, and million dollar iPhone bugs have in common? From a report: One bug affects iPhones, another affects Windows, and the third affects servers running Linux. At first glance these might seem unrelated, but in reality all three were made possible because the software that was being exploited was written in programming languages which allow a category of errors called "memory unsafety." By allowing these types of vulnerabilities, languages such as C and C++ have facilitated a nearly unending stream of critical computer security vulnerabilities for years.

Imagine you had a program with a list of 10 numbers. What should happen if you asked the list for its 11th element? Most of us would say an error of some sort should occur, and in a memory safe programming language (for example, Python or Java) that's what would happen. In a memory unsafe programming language, it'll look at wherever in memory the 11th element would be (if it existed) and try to access it. Sometimes this will result in a crash, but in many cases you get whatever happens to be at that location in memory, even if that portion of memory has nothing to do with our list. This type of vulnerability is called a "buffer-overflow," and it's one of the most common types of memory unsafety vulnerabilities. HeartBleed, which impacted 17 percent of the secure web servers on the internet, was a buffer-overflow exploit, letting you read 60 kilobytes past the end of a list, including passwords and other users' data.

An anonymous reader quotes a report from Motherboard: Comcast has been forced to shell out $700,000 in refunds and cancel the debt of more than 20,000 Massachusetts customers after a state attorney general investigation found the company routinely jacks up consumer bills via a bevy of misleading fees. An investigation by Massachusetts Attorney General Maura Healy found that Comcast routinely advertises one rate, then charges customers up to 40 percent more when the bill for service actually arrives. When shocked customers then tried to cancel or downgrade to cheaper broadband and TV plans, Healy's office found they were socked with a $240 fee for violating long-term contracts. Many users were promised a locked-in rate of $99, but hidden fees and surcharges quickly left many with service plans they couldn't afford, the AG said. Under the new settlement with Massachusetts, Comcast must forgive all outstanding debts for unpaid early termination fees and related late fees, clearly disclose all fees in future advertisements, and train the company's service reps to more clearly outline billing caveats. "Comcast stuck too many Massachusetts customers with lengthy, expensive contracts that left many in debt and others with damaged credit," Healy said in a statement. "Customers have a right to clear information about the products and services they buy. This settlement should encourage the entire cable and telecommunications industry to take a close look at their advertisements and make sure customers are getting a fair offer."

Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there's actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple's computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can't hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt -- especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.

When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."

An anonymous reader quotes a report from Motherboard: Nintendo has won a lawsuit seeking to take two large retro-game ROM sites offline, on charges of copyright infringement. The judgement, made public today, ruled in Nintendo's favor and states that the owners of the sites LoveROMS.com and LoveRETRO.co, will have to pay a total settlement of $12 million to Nintendo. The complaint was originally filed by the company in an Arizona federal court in July, and has since lead to a swift purge of self-censorship by popular retro and emulator ROM sites, who have feared they may be sued by Nintendo as well.

LoveROMS.com and LoveRETRO.co were the joint property of couple Jacob and Cristian Mathias, before Nintendo sued them for what they have called "brazen and mass-scale infringement of Nintendo's intellectual property rights." The suit never went to court; instead, the couple sought to settle after accepting the charge of direct and indirect copyright infringement. TorrentFreak reports that a permanent injunction, prohibiting them from using, sharing, or distributing Nintendo ROMs or other materials again in the future, has been included in the settlement. Additionally all games, game files, and emulators previously on the site and in their custody must be handed over to the Japanese game developer, along with a $12.23 million settlement figure. It is unlikely, as TorrentFreak have reported, that the couple will be obligated to pay the full figure; a smaller settlement has likely been negotiated in private.

Doxing rivals, stealing each other's files, and poking around Nintendo's servers are all a normal part of the ballooning Nintendo Switch hacking and piracy scenes. Joseph Cox, reports for Motherboard: The Switch piracy community -- much of which operates on the gamer-focused chat app Discord -- is full of ingenuity, technical breakthroughs, and evolving cat-and-mouse games between the multi-billion dollar Nintendo and the passionate hackers who love the company but nonetheless illegally steal its games. Pirates deploy malware to steal each other's files so they can download more games themselves. Groups deliberately plant code into others' Switches so they no longer work. And some people in the scene have been doxed, meaning they've had their personal information published online.

Pirating games for the Switch is not technically straightforward. Instead, there's a complex supply chain constantly grinding away that helps people source and play unreleased games. There are reverse engineers who figure out how Nintendo's own tools work, so hackers can then use them for their own advantage. There are coders who make programs to streamline the process of downloading or running games. Reviewers, developers, or YouTubers with access to games before general Switch users often leak unlock codes or other information to small groups, which then may trickle out to the wider community.

[...] To release a game, pirates may dump a copy from the physical cartridge; they can do this before the game releases in the United States by sourcing the cartridge from an Australian store, which releases earlier because of the time difference. But this only gets a game out one or two days before official release. For the more sought-after and early dumps, pirates often manage to grab a copy from Nintendo's eShop, the company's digital download game store that is built into the Switch. Here, pirates will likely use a piece of hacker-made software on their computers to talk to Nintendo's servers, one pirate who uploads large archives of games explained to Motherboard in an online chat. The files can sometimes be downloaded early by anyone (by design), and are encrypted and need a so-called "titlekey" to unlock them and make the game playable. Further reading: Nintendo 'Wins' $12 Million From Pirate ROM Site Operators.

An anonymous reader shares a report from The Verge about Apple's new security-focused T2 chip found in the newest Mac computers. The introduction of the chip "has renewed concerns that Apple is trying to further lock down its devices from third-party repair services," The Verge reports. From the report: The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source -- a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know." Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the tool's use. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.

First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run. That means if you wanted to repair certain key parts of your MacBook, iMac, or Mac mini, you would need to go to an official Apple Store or a repair shop that's part of the company's Authorized Service Provider (ASP) network. If you want to repair or rebuild portions of those devices on your own, you simply can't -- at least, according to this document. The parts affected, according to the document, are the display assembly, logic board, top case, and Touch ID board for the MacBook Pro, and the logic board and flash storage on the iMac Pro. It is also likely that logic board repairs on the new MacBook Air and Mac mini are affected, as well as the Mac mini's flash storage. Yet, the document, which is believed to have been distributed earlier this year, does not mention those products because they were unannounced at the time. Regardless, to replace those parts, a technician would need to run what's known as the AST 2 System Configuration suite, which Apple only distributes to Apple Stores and certified ASPs. So DIY shops and those out of the Apple network would be out of luck.

An anonymous reader quotes a report from Motherboard: This week, U.S. Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries' malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack U.S. systems: we may release your tools to the wider world. On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code.

One of the two samples CYBERCOM distributed on Friday is marked as coming from APT28, a Russian government-linked hacking group, by several different cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, and Crowdstrike, among others. APT28 is also known as Sofacy and Fancy Bear. The malware itself does not appear to still be active.

An anonymous reader quotes a report from Motherboard: This week, U.S. Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries' malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack U.S. systems: we may release your tools to the wider world. On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code.

One of the two samples CYBERCOM distributed on Friday is marked as coming from APT28, a Russian government-linked hacking group, by several different cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, and Crowdstrike, among others. APT28 is also known as Sofacy and Fancy Bear. The malware itself does not appear to still be active.

dmoberhaus writes: Perceptual ad blockers were supposed to be the "superweapon" that put an end to the arms race between advertisers and users. According to new research, however, perceptual ad blockers will come out on the losing side in the war against internet advertisers and expose users to a host of new attack vectors in the process. Researchers at Stanford tricked six different visual classifiers used in perceptual ad blockers with adversarial ads designed to trick the ad blockers by making nearly imperceptible changes to the ads. "The researchers tried several different adversarial attacks on the perceptual ad blockers' visual classifiers," Motherboard reports. "One attack, for example, slightly altered the AdChoices logo that is commonly used to disclose advertisements to fool the perceptual ad blocker. In another attack, the researchers demonstrated how website publishers could overlay a transparent mask over a website that would allow ads to evade perceptual ad blockers."

"The aim of our work is not to downplay the merits of ad-blocking, nor discredit the perceptual ad blocking philosophy, which is sound when instantiated with a robust visual ad detector," the researchers concluded. "Rather, our overarching goal is to highlight and raise awareness on the vulnerabilities that arise in building ad blockers with current computer vision systems."

In a new agreement between tech giants Amazon and Apple, shoppers will soon see a selection of the latest Apple products on Amazon.com. This is not good news for everyone. Motherboard: John Bumstead is a computer refurbisher who, every year, saves thousands of laptops from the shredder. He buys MacBooks en masse from electronics recyclers, fixes them, then sells them on Amazon Marketplace or wholesales them to vendors who do the same. Friday morning, Bumstead got an email from Amazon informing him that he'd no longer be allowed to sell Apple computers on the platform, thanks to a new agreement between Apple and Amazon that will only allow "authorized resellers" to sell Apple products.

"As part of a new agreement with Apple, we are working with a select group of authorized resellers to offer an expanded selection of Apple and Beats products, including new releases, in Amazon's stores," the email says. "You are receiving this message because you are currently selling, or have previously sold, Apple or Beats products. Your existing offers for those products will soon be removed from Amazon's online store in the United States. Please contact Apple if you would like to apply to become an authorized reseller on Amazon." As the email notes, this is part of a new agreement between two of the largest companies in the world that will allow Amazon to sell new Apple products around the world; in exchange, Amazon agreed to let Apple pick-and-choose who is allowed to sell Apple products on the site.

An anonymous reader shares a report: Wikipedia, the internet's encyclopedia, is run entirely by volunteers -- people who spend large swaths of their personal time making sure the information that hundreds of millions of people access every day stays accurate and up-to-date. Of those volunteers, 77 percent of Wikipedia articles are written by just one percent of Wikipedia editors. As such, tensions tend to get a little high, because these editors are often highly invested. They've been arguing about corn for nearly a decade, for example, and there's a long-running edit war about the meaning of neuroticism.

When editors disagree about an edit to be made on a Wikipedia article, they start by discussing it on the article's Talk page. When that doesn't result in a decision, they can open a Request for Comment (RfC). From there, any editor can choose a side or discuss the merits of whatever edit is up for discussion, and -- in theory -- come to an agreement. Or at least, some kind of decision about how to make the edit. But a new study by MIT researchers found that as many as one-third of RfC disputes go unresolved, often abandoned out of frustration or exhaustion. The most common sticking points were chalked up to inexperience, inattention from experience editors, and just plain petty bickering.

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

An anonymous reader quotes a report from Motherboard: Most modern browsers -- such as Chrome, Firefox, and Edge, and even browsers such as FuzzyFox and DeterFox (different, security-focused versions of Firefox) -- have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user's web history, per new research from the University of California San Diego. What's worse, the vulnerabilities are built into the way they structure links, meaning that major structural changes will have to take place in these browsers in order to protect user privacy. The only browser that was immune to the attacks was Tor Browser, as the browser does not keep track of a user's internet history.

The vulnerabilities have to do with why, for instance, unclicked links appear blue while visited links appear violet: there's a different set of rules and style that apply to links depending on whether they've been visited or not. However, a bad actor building a web page can manipulate this faster loading time for visited links by "sniffing," or inferting your browsing history. In essence, sniffing is finding and exploiting proxies that reveal your web history. As outlined in the UC San Diego report, this sniffing could happen in a couple of ways: they could force the browser to reload multiple complex images or image transformations that differ based on whether you've visited a link or not, which would create drastic differences in the loading time for each. With this strategy, actors can test 60 sensitive URLs per second. Bad actors could exploit a "bytecode cache," which speeds up the loading time for revisiting a link that you've already visited. "By embedding a special script in a web page, the actor can test how long it takes for a web page to load and infer whether you've visited it or not," reports Motherboard. "Actors can probe 3,000 URLs per second with this method. When the vulnerability was reported to Google, the company marked the issue as "security-sensitive" but "low-priority."

Silicon Cali is now selling a massive device that uses a two-watt, 445 nanometer laser to light the bowl of a bong, according to an article shared by dmoberhaus: This is about 400 times more powerful than the average laser pointer, which has an output of about five milliwatts. Silicon Cali even sells special glasses that are meant to protect your eyes while looking directly at the laser when you take a hit. "The laser is not that dangerous, it's not going to cut your finger off or anything crazy like that," Justin Zelaya, the founder of Silicon Cali, told me in an email. "It may sting a little bit if you get your hand in the way but kind of like a magnifying glass."

Zelaya told me that he worked with five other people to produce the bong and that their backgrounds range from "Bitcoin core developer to a mad scientist, like myself...." The glass, which is custom blown in California, is lined with color-changing LEDs. The entire thing is controlled by a phone app.

Each laser bong is being sold for $2,400 -- which as far as I can see is worth every damn penny.
The company only plans to sell 45 of these "limited edition" devices...

Oregon Senator Ron Wyden has introduced the Consumer Data Protection Act that "would dramatically beef up Federal Trade Commission authority and funding to crack down on privacy violations, let consumers opt out of having their sensitive personal data collected and sold, and impose harsh new penalties on a massive data monetization industry that has for years claims that self-regulation is all that's necessary to protect consumer privacy," reports Motherboard. From the report: Wyden's bill proposes that companies whose revenue exceeds $1 billion per year -- or warehouse data on more than 50 million consumers or consumer devices -- submit "annual data protection reports" to the government detailing all steps taken to protect the security and privacy of consumers' personal information. The proposed legislation would also levy penalties up to 20 years in prison and $5 million in fines for executives who knowingly mislead the FTC in these reports. The FTC's authority over such matters is currently limited -- one of the reasons telecom giants have been eager to move oversight of their industry from the Federal Communications Commission to the FTC. "Today's economy is a giant vacuum for your personal information -- everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation's database," Wyden said in a statement. "But individual Americans know far too little about how their data is collected, how it's used and how it's shared."

"It's time for some sunshine on this shadowy network of information sharing," Wyden said. "My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

dmoberhaus writes: In one of the strangest system admin tales of all time, one IT guy details how a new MRI machine managed to disable every single iPhone, Apple watch and iPad in a medical facility while leaving the rest of the devices untouched. Eric Woolridge, a system administrator at Morris Hospital in Illinois, said in a detailed post on the r/sysadmin subreddit that helium was to blame for the malfunctioning iPhones. "[T]he MRI installation involves supercooling the giant magnet in the machine by boiling off liquid helium," reports Motherboard. "This evaporated helium is usually pumped out of the facility through a vent, but this vent was leaking the helium into the rest of the facility. In all, about 120 liters of helium (or about 90,000 cubic meters in its gaseous state) was pumped out of the MRI room and an untold amount leaked into the rest of the hospital."

In a blog post, iFixit notes that helium atoms can wreak havoc on MEMS silicon chips. "MEMS are microelectromechanical systems that are used for gyroscopes and accelerometers in phones, and helium atoms are small enough to mess up the way these systems function," reports Motherboard. What's odd is that Android phones were not affected. Apparently, the reason "is because Apple recently defected from traditional quartz-based clocks in its phones in favor of clocks that are also made of MEMS silicon," reports Motherboard. "Given that clocks are the most critical device in any computer and are necessary to make the CPU function, their disruption with helium atoms is enough to crash the device."

Alice Marshall shares an excerpt from Motherboard: The United States government is accelerating efforts to monitor social media to preempt major anti-government protests in the U.S., according to scientific research, official government documents, and patent filings reviewed by Motherboard. The social media posts of American citizens who don't like President Donald Trump are the focus of the latest U.S. military-funded research. The research, funded by the U.S. Army and co-authored by a researcher based at the West Point Military Academy, is part of a wider effort by the Trump administration to consolidate the U.S. military's role and influence on domestic intelligence.

The vast scale of this effort is reflected in a number of government social media surveillance patents granted this year, which relate to a spy program that the Trump administration outsourced to a private company last year. Experts interviewed by Motherboard say that the Pentagon's new technology research may have played a role in amendments this April to the Joint Chiefs of Staff homeland defense doctrine, which widen the Pentagon's role in providing intelligence for domestic "emergencies," including an "insurrection."

According to a recent study by Hyla Mobile as reported by the Wall Street Journal, a mobile-device trade-in company, the average age of an iPhone at trade-in is now 2.92 years. That's up from 2.38 years in 2016, and 2.59 in 2017, according to the company. From a report: Part of this, according to Biju Nair, chief executive of Hyla Mobile, is because phone plan carriers moved from a subsidized payment model for new phones, to payment plans, as smartphones got more expensive over the years. Now, if you purchase it from a big carrier like Verizon or T-Mobile as part of a plan package, your phone is basically on loan to you from the carrier, while you make smaller monthly payments until it's paid off and you own it outright.

It can take years to pay off a new smartphone (the iPhone XS Max costs almost $1,100), and once you've done it, there's not much incentive to give up that investment -- especially when the newest models aren't much different in terms of specs and performance than the one you already have. Add to this the efforts by right-to-repair groups to raise awareness about the fact that your phone actually doesn't need to go in the garbage every time you crack the screen, and you've got people keeping their phones longer. The way we view new technology has also changed in recent years.

William Turton, reporting for Vice News: One of Facebook's major efforts to add transparency to political advertisements is a required "Paid for by" disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds. But on the eve of the 2018 midterm elections, a VICE News investigation found the "Paid for by" feature is easily manipulated and appears to allow anyone to lie about who is paying for a political ad, or to pose as someone paying for the ad. To test it, VICE News applied to buy fake ads on behalf of all 100 sitting U.S. senators, including ads "Paid for by" by Mitch McConnell and Chuck Schumer. Facebook's approvals were bipartisan: All 100 sailed through the system, indicating that just about anyone can buy an ad identified as "Paid for by" by a major U.S. politician. What's more, all of these approvals were granted to be shared from pages for fake political groups such as "Cookies for Political Transparency" and "Ninja Turtles PAC." VICE News did not buy any Facebook ads as part of the test; rather, we received approval to include "Paid for by" disclosures for potential ads.

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

An anonymous reader quotes a report from Motherboard: The Trump FCC has declared towns and cities that vote to build their own broadband networks an "ominous threat to the First Amendment." The claims were made last week during a speech given at the telecom-funded Media Institute by FCC Commissioner Mike O'Rielly. In his speech, O'Rielly insinuated, without evidence, that community owned and operated broadband networks would naturally result in local governments aggressively limiting American free speech rights. "I would be remiss if my address omitted a discussion of a lesser-known, but particularly ominous, threat to the First Amendment in the age of the Internet: state-owned and operated broadband networks," claimed O'Rielly.

In his speech, O'Rielly highlighted efforts by the last FCC, led by former boss Tom Wheeler, to encourage such community-run broadband networks as a creative solution to private sector failure. O'Rielly subsequently tried to claim, without evidence, that encouraging such networks would somehow result in government attempts to censor public opinion. "Municipalities such as Chattanooga, Tennessee, and Wilson, North Carolina, have been notorious for their use of speech codes in the terms of service of state-owned networks, prohibiting users from transmitting content that falls into amorphous categories like 'hateful' or "threatening," O'Rielly claimed. The closest O'Rielly gets to supporting evidence appears to be a 2015 white paper written by Professor Enrique Armijo for the ISP-funded Free State Foundation. That paper similarly alleges that standard telecom sector language intended to police "threatening, abusive or hateful" language somehow implies community-run ISPs are more likely to curtail user speech. But municipal broadband experts say the argument has no basis in fact.

dmoberhaus writes: Researchers have found that if Bitcoin is adopted at rates similar to technologies like credit cards, its energy consumption could increase global temperatures by 2C in just 16 years. This is well beyond the limit of catastrophic climate change proposed by the UN. Motherboard spoke to an expert on Bitcoin and energy about the study's implications.

In a series of rulings, the Library of Congress has carved out a number of exemptions that will help the movement to archive and preserve video games. From a report: In an 85-page ruling [PDF] that covered everything from electronic aircraft controls to farm equipment diagnostic software, the Librarian of Congress carved out fair use exemptions to the Digital Millennium Copyright Act (DMCA) for video games and software in general. These exemptions will make it easier for archivists to save historic video games and for museums to share that cultural history with the public. "The Acting Register found that the record supported granting an expansion in the relatively discrete circumstances where a preservation institution legally possesses a copy of a video game's server code and the game's local code," the Librarian of Congress said. "In such circumstances, the preservation activities described by proponents are likely to be fair uses."

These rules are definitely good news for single-player games. "The big change for single-player games happened during the last DMCA review process in 2015, when the Copyright Office decided that museums and archives could break the online authentication for single-player titles that were just phoning home to a server for copy protection reasons," Phil Salvador -- a Washington, DC-area librarian and archivist who runs The Obscuritory, a site that focuses on discussing and preserving obscure, old game -- told Motherboard. That 2015 ruling was due to expire this year, but thanks to pressure from activists it was renewed today instead.

ted_pikul writes: Adam Lackman ran TVAddons, a site hosting unofficial addons for Kodi media center. Last year, a legal team representing some of Canada's most powerful telecom and media companies raided his home with a court order -- they searched his apartment, copying hard drives and devices, took his laptop, and shut down his website and Twitter account [which had 100,000 followers]. Now, he's being sued for piracy and sinking deep into debt as he fights to make it to trial.
From Motherboard: Lackman did not have to let anybody into his home that morning. But it presented a legal catch-22: if he hadn't, he would be in breach of a court order and could have been subjected to fines or imprisonment. "In high school you learn that if someone doesn't have a warrant, you don't let them into your house," Lackman told me. "I didn't know there was this whole other law where big companies can spend money [on lawyers] and do whatever they want".... Shortly after the search, a federal judge ruled the search unlawful in a procedural hearing. The questioning was an "interrogation," the judge said, without the safeguards normally afforded to defendants, and presenting Lackman with a list of names to snitch on was "egregious." The plaintiffs also did not make a strong enough case that TVAddons was solely intended to enable piracy, the judge decided... The plaintiffs appealed this decision, and in February a panel of three judges -- this time in the federal court of appeals -- overturned the previous decision in its entirety. The search was lawful and conducted within legal parameters, the judges agreed. The list of names was only presented to Lackman to "expedite the questioning process," and "despite a few objectionable questions" the nine-hour question period was not an interrogation, the panel ruled....

Everything that's happened to him so far has occured before a trial where he can argue the facts of how TVAddons operated, and yet the judge who approved the search order and the judge who upheld it on appeal have already effectively ruled that his website was designed to facilitate piracy....
Lackman has already been ordered to pay $55,000 for the legal fees of the companies suing him, according to the article, and he's "already hundreds of thousands of dollars in debt to his own legal team...

"[I]n the new Canadian anti-piracy regime led by powerful companies, just being accused of enabling piracy can come with immense personal consequences even before your day in court."

Last month, the European Space Agency's Mars Express orbiter spotted a white cloud suspended over the western slope of Arsia Mons, an enormous volcano near the red planet's equator. The 930-mile-long cloud looks like the kind of volcanic plumes huffed out by Earth's active volcanoes -- but it's not; "Arsia Mons is long extinct -- its last eruption is estimated to have occurred around 50 million years ago," reports Motherboard. From the report: The volcano still plays a role in shaping the water-ice cloud, though, along with atmospheric dust levels and the Martian seasons. With its 12-mile-high peak and diameter of nearly 400 miles, Arsia Mons is 30 times more voluminous than the largest volcanoes on Earth. Its humongous bulk condenses and cools air currents as they pass over the summit, creating this âoeorographic cloudâ -- a nephologic formation that tend to form over leeward (downwind) slopes -- on the western flank of the volcano.

schwit1 shares a report from Engadget: Sidewalk Labs, an Alphabet division focused on smart cities, is caught in a battle over information privacy. The team has lost its lead expert and consultant, Ann Cavoukian, over a proposed data trust that would approve and manage the collection of information inside Quayside, a conceptual smart neighborhood in Toronto. Cavoukian, the former information and privacy commissioner for Ontario, disagrees with the current plan because it would give the trust power to approve data collection that isn't anonymized or "de-identified" at the source. "I had a really hard time with that," she told Engadget. "I just couldn't... I couldn't live with that."

Cavoukian isn't the first privacy expert to abandon the Quayside project. Saadia Muzaffar, founder of TechGirls Canada, left the Digital Strategy Advisory Panel earlier this month. In a resignation letter, she said Waterfront Toronto had shown "apathy and [an] utter lack of leadership regarding shaky public trust and social license." The advisory panel was attended "in good faith," she said, but showed "a blatant disregard for resident concerns about data." These disagreements will add to the concerns of Torontonians. Sidewalk Labs still has time to address these issues and create a master plan that will be accepted by everyone. If the company continues to lose public trust, though, there's a good chance residents and government officials will make up their minds and reject the plan before reading the first page.

An anonymous reader quotes a report from Motherboard: The Librarian of Congress and U.S. Copyright Office just proposed new rules that will give consumers and independent repair experts wide latitude to legally hack embedded software on their devices in order to repair or maintain them. This exemption to copyright law will apply to smartphones, tractors, cars, smart home appliances, and many other devices. The move is a landmark win for the "right to repair" movement; essentially, the federal government has ruled that consumers and repair professionals have the right to legally hack the firmware of "lawfully acquired" devices for the "maintenance" and "repair" of that device. Previously, it was legal to hack tractor firmware for the purposes of repair; it is now legal to hack many consumer electronics.

Specifically, it allows breaking digital rights management (DRM) and embedded software locks for "the maintenance of a device or system in order to make it work in accordance with its original specifications" or for "the repair of a device or system to a state of working in accordance with its original specifications." New copyright rules are released once every three years by the U.S. Copyright Office and are officially put into place by the Librarian of Congress. These are considered "exemptions" to section 1201 of U.S. copyright law, and makes DRM circumvention legal in certain specific cases. The new repair exemption is broad, applies to a wide variety of devices (an exemption in 2015 applied only to tractors and farm equipment, for example), and makes clear that the federal government believes you should be legally allowed to fix the things you own.

The Germany-based spyware startup Wolf Intelligence exposed its own data, including surveillance target's information, passports scans of its founder and family, and recordings of meetings. From a report: A startup that claims to sell surveillance and hacking technologies to governments around the world left nearly all its data -- including information taken from infected targets and victims -- exposed online, according to a security firm who found the data. Wolf Intelligence, a Germany-based spyware company that made headlines for sending a bodyguard to Mauritania and prompting an international incident after the local government detained the bodyguard as collateral for a deal went wrong, left a trove of its own data exposed online. The leak exposed 20 gigabytes of data, including recordings of meetings with customers, a scan of a passport belonging to the company's founder, and scans of the founder's credit cards, and surveillance targets' data, according to researchers.

Security researchers from CSIS Security discovered the data on an unprotected command and control server and a public Google Drive folder. The researchers showed screenshots of the leaked data during a talk at the Virus Bulletin conference in Montreal, which Motherboard attended. "This is a very stupid story in the sense that you would think that a company actually selling surveillance tools like this would know more about operational security," CSIS co-founder Peter Kruse told Motherboard in an interview. "They exposed themselves -- literally everything was available publicly on the internet."

Security researchers at UpGuard discovered that a Washington-based ISP called Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months. "Said bucket, named 'pinapp2,' contained the 'keys to the kingdom,' according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists -- as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees," reports Motherboard. From the report: Upguard says the firm contacted Pocket iNet on October 11 of this year, the same day the exposed bucket was discovered, but the ISP took an additional week before the data was adequately secured. "Seven days passed before Pocket iNet finally secured the exposure," noted the firm. "Due to the severity of this exposure, UpGuard expended significant effort during those seven days, repeatedly contacting Pocket iNet and relevant regulators, including using contact information found within the exposed dataset."

According to UpGuard, the list of plain text passwords was particularly problematic, given it provided root admin access to the ISP's firewalls, core routers and switches, servers, and wireless access points. "Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business," noted UpGuard. "If such documents must exist, they should be strongly encrypted and stored in a known secure location," said the firm. "Unfortunately, a single folder of PocketiNet's network operation historical data (non-customer) was publicly accessible to Amazon administrative users," the ISP said in a statement to Motherboard. "It has since been secured."

As Apple continues to fight independent repair, Motorola has partnered with iFixit and pledged to support the right to repair movement. From a report: It is excellent news that Motorola has decided to make it as easy as possible for you to repair your phone. The company announced that it would begin selling replacement parts for all of its recent phones to customers, and it has partnered with iFixit to sell repair kits for phones like the Moto X, Z, G4, G5, and Droid Turbo 2. The kits come with tools, genuine Motorola-branded replacement parts, and instructions on how to fix your device. iFixit is currently selling replacement batteries, screens, and digitizer assemblies. "Motorola is setting an example for major manufacturers to embrace a more open attitude towards repair," iFixit wrote in a blog post announcing the partnership. "For fixers like us, this partnership is representative of a broader movement in support of our Right to Repair. It's proof that OEM manufacturers and independent repair can co-exist. Big business and social responsibility, and innovation and sustainability, don't need to be mutually exclusive."

An anonymous reader quotes a report from Motherboard: [O]ne UK grassroots internet service provider is currently testing a data only SIM card that blocks any non-Tor traffic from leaving the phone at all, potentially providing a more robust way to use Tor while on the go. "This is about sticking a middle finger up to mobile filtering, mass surveillance," Gareth Llewelyn, founder of Brass Horn Communications, told Motherboard in an online chat. Brass Horn is a non-profit internet service provider with a focus on privacy and anti-surveillance services. Tor is a piece of software and a related network run by volunteers. When someone runs Tor on their computer or phone, it routes their traffic through multiple servers before reaching its final destination, such as a website. That way, the website owner can't tell who is visiting; only that someone is connecting from Tor. The most common way people access Tor is with the Tor Browser Bundle on desktop, or with the Orbot app on Android.

But, in some cases, neither of these totally guarantee that all of your device's traffic will be routed through Tor. If you're using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot's. This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don't quite work. The UK-exclusive SIM card requires that users create a new access point name on their device. It also requires Orbot to be installed and running on the device itself.

Louis Rossmann says US Customs and Border Patrol seized $1,000 worth of laptop batteries, claiming they were counterfeit. From a report: Earlier this year, Louis Rossmann, the highest-profile iPhone and Mac repair professional in the United States, told Motherboard that determining "the difference between counterfeiting and refurbishing is going to be the next big battle" between the independent repair profession and Apple. At the time, his friend and fellow independent repair pro, Jessa Jones, had just had a shipment of iPhone screens seized by Customs and Border Patrol. Rossmann was right: His repair parts were also just seized by the US government.

Last month, US Customs and Border Protection (CBP) seized a package containing 20 Apple laptop batteries en route to Rossman's store in New York City. The laptop batteries were en route from China to Rossmann Repair Group -- a NYC based repair store that specializes in Apple products. "Apple and customs seized batteries to a computer that, at [the Apple Store], they no longer service because they claim it's vintage," Rossmann, the owner and operator of Rossmann Repair Group, said in a YouTube video. "They will not allow me to replace batteries, because when I import batteries that are original they'll tell me the they're counterfeit and have them stolen from by [CBP]." CBP seized the batteries on September 6, then notified Rossmann via a letter dated October 5. Rossmann produced the letter in its entirety in his video.

The U.S. Army is getting ready to send driverless trucks into combat. "Next fall, [the Army's] 'Leader-Follower' technology will enable convoys of autonomous vehicles to follow behind one driven by a human," reports VICE News. "It's a direct response to the improvised explosive devices that caused nearly half the casualties in Iraq and Afghanistan." From the report: Much of the research and development of these technologies has been done at TARDEC, the Army's Tank Automotive Research, Development and Engineering Center, in Warren, Michigan. Typically human-driven trucks are outfitted with sensors and cameras through a TARDEC-created applique kit. They're not exactly robots, just regular military trucks that have been made a lot smarter. The technology is expected to be ready for field use in September 2019.

samleecole shares a report from Motherboard: The parental controls in the iPhone's new iOS 12 are blocking innocuous sexual education content on Safari, while allowing websites like the white supremacist Daily Stormer and searches for bomb-making instructions through its filter. The settings, found under Screen Time in the new iOS 12, are meant to give parents greater control over how their kids use their phones unsupervised, including filters for "explicit" content and content ratings and restrictions, with the option to "limit adult websites." As tested by Motherboard, the filter blocks longstanding educational sites like Scarleteen and O.school, but allows sites like The Daily Stormer, an extremist neo-Nazi white supremacist platform.

The filter in question "limits adult websites" on Safari. When Motherboard tested this filter, we found several similarly blocked searches and websites: The searches "how to say no to sex," "sex assault hotline," and "sex education" were all restricted, but the results for the searches "how to poison my mom," "how to join isis," and "how to make a bomb" were allowed. 4chan and 8chan are blocked, but Reddit -- including many NSFW and porn-focused subreddits, are not. The subreddit r/gonewild, which is pornographic, is not caught by the filter, which even allows users to click through Reddit's own age-gating.

dmoberhaus writes: Paul Allen died on Monday evening at the age of 65. Motherboard spoke with SETI researchers about how the Microsoft co-founder single-handedly saved the American Search for Extraterrestrial Intelligence by building the first dedicated SETI radio telescope and its legacy one decade later. Less than a year after NASA's SETI program started, it was shut down by members of Congress who didn't want to spend money on the "great Martian chase." In order for the program to continue, it needed private funding. "Fortunately, one of the earliest SETI Institute supporters was Barney Oliver, who founded and directed Hewlett Packard laboratories," reports Motherboard. "So in 1993 Oliver called Bill Hewlett and David Packard of Hewlett Packard, Intel founder Gordon Moore, and Paul Allen to ask for their support." They supported Project Phoenix, a SETI program that ran from 1995 to 1998.

SETI astronomers then realized that they needed a dedicated SETI radio telescope, or array of small telescopes, if the search were to have any chance of success. Allen was able to foot the $25-million bill required to build this array of telescopes. The telescope array was built in northern California, "the first facility specifically built for SETI in the U.S.," Motherboard notes. "The cost of building a 350-telescope array ended up being far more expensive than anyone at the SETI Institute had anticipated, however. By the time the Allen Telescope Array came online in 2007, only 42 telescopes had been built and Allen's donation had largely been consumed." The report notes that the Allen Telescope Array "has analyzed 200 million signals from thousands of stars, studied unusual high-energy radio emissions, and even scanned the "spliff-shaped" Oumuamua asteroid for signs of intelligent life."

Business communications service Slack, which has more than three million paying customers, offers a bouquet of features that has made it popular (so popular that is worth as much as $9 billion), but it lacks a crucial feature that some of its rivals don't: end-to-end encryption. It's a feature that numerous users have asked Slack to add to the service. Citing a former employee of Slack and the company's chief information security officer, news outlet Motherboard reported Tuesday that the rationale behind not including end-to-end encryption is very simple: bosses around the world don't want it. From the report: Work communication service Slack has decided against the idea of having end-to-end encryption due to the priorities of its paying customers (rather than those who use a free version of the service.) Slack is not a traditional messaging program -- it's designed for businesses and workplaces that may want or need to read employee messages -- but the decision still highlights why some platforms may not want to jump into end-to-end encryption. End-to-end is increasingly popular as it can protect communications against from interception and surveillance. "It wasn't a priority for exec [executives], because it wasn't something paying customers cared about," a former Slack employee told Motherboard earlier this year.

An anonymous reader quotes a report from Motherboard: Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It's just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a "poison pill" software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement. The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson's lack of transparency can easily be seen as "misleading and deceptive" under Texas consumer protection laws. "When restricted to Epson's own cartridges, customers must pay Epson's higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems," the complaint notes. "This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market."

When a Stanford researcher removed all the duplicate and fake comments filed with the Federal Communications Commission last year, he found that 99.7 percent of public comments -- about 800,000 in all -- were pro-net neutrality. From a report: "With the fog of fraud and spam lifted from the comment corpus, lawmakers and their staff, journalists, interested citizens and policymakers can use these reports to better understand what Americans actually said about the repeal of net neutrality protections and why 800,000 Americans went further than just signing a petition for a redress of grievances by actually putting their concerns in their own words," Ryan Singel, a media and strategy fellow at Stanford University, wrote in a blog post Monday. Singel released a report [PDF] Monday that analyzed the unique comments -- as in, they weren't a copypasta of one or dozens of other letters -- filed last year ahead of the FCC's decision to repeal federal net neutrality protections. That's from the 22 million total comments filed, meaning that more than 21 million comments were fake, bots, or organized campaigns.

A new study from Nature Plants has identified the one climate-related issue that can unite people from myriad political backgrounds -- beer. From a report: Led by Wei Xie, an agricultural scientist at Peking University, the paper finds that regions that grow barley, the primary crop used to brew beer, are projected to experience severe droughts and heat waves due to anthropogenic climate change. According to five climate models that used different projected temperature increases for the coming century, extreme weather events could reduce barley yields by 3 to 17 percent. Barley harvests are mostly sold as livestock fodder, so beer availability could be further hindered by the likely prioritization of grain yields to feed cattle and other farm animals, rather than for brewing beer.

The net result will be a decline in affordable access to beer, which is the most commonly imbibed alcoholic beverage in the world. Within a few decades, this luxury may be out of reach for hundreds of millions of people, including those in affluent nations where breweries are a major industry. Price spikes are estimated to range from $4 to over $20 for a standard six-pack in nations like the US, Ireland, Denmark, and Poland.

An anonymous reader quotes a report from Motherboard: When Stephen Hawking died in March at the age of 76, the world mourned a beloved and visionary scientist. But it is some consolation that Hawking's final paper has now been published on the preprint journal ArXiv, demonstrating that even during his last days, he was still pursuing the epic cosmic questions that defined his career. Entitled "Black hole entropy and soft hair," the paper was authored by Hawking along with physicists Sasha Haco, Malcolm Perry, and Andrew Strominger. The work is the third in a series from the team and addresses Hawking's famous brainchild -- the black hole information paradox. Like many physics conundrums, the paradox emerges from the lack of coherence between quantum field theory and general relativity. On the smallest scales of matter, where atoms and quarks abound, there exists a different and seemingly contradictory set of rules to the largest scale of matter, involving stars and galaxies. The search for a "theory of everything" that reconciles these two models is one of the holy grails of modern physics, and was a lifelong fascination for Hawking.

Black holes are notable flashpoints for this tension between quantum field theory and general relativity. According to the quantum rulebook, it should be impossible for information about a particle -- its spin, configuration, mass, and other features -- to be permanently deleted from the universe. But what about matter that falls into black holes, objects with a reputation of not letting anything escape once it passes the event horizon? Can information be scrubbed inside black holes? Hawking suggested that information could indeed be deleted through Hawking radiation, which is a type of theoretical radiation that can escape from inside a black hole. This process has never been empirically observed, but the radiation would supposedly be stripped of all information about its original properties -- and that would violate the rules of the universe as we know them. In his last paper, Hawking and his colleagues speculated that a phenomenon called "soft hair" might resolve the black hole information paradox. The idea is that trails of light and gravity particles might encircle the event horizon, and could store, at the very least, entropic information about matter that fell into the black hole.

As Apple continues to update its iPhones with new security features, law enforcement and other investigators are constantly playing catch-up, trying to find the best way to circumvent the protections or to grab evidence. From a report: Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect's iPhone X with their own face, leveraging the iPhone X's Face ID feature. But Face ID can of course also work against law enforcement -- too many failed attempts with the 'wrong' face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.

"iPhone X: don't look at the screen, or else... The same thing will occur as happened on Apple's event," the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity. The slide is referring to Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face. The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. "So by looking into suspect's phone, [the] investigator immediately lose one of [the] attempts."

U.S. PIRG -- a non-profit that uses grassroots methods to advocate for political change -- found that 90 percent of manufacturers it contacted claimed that a third party repair would void its warranty. "PIRG researched the warranty information of 50 companies in the Association of Home Appliance Manufacturers (AHAM) -- an industry group of notorious for lobbying to protect is repair monopolies -- and found that 45 of them claimed independent repair would void their warranty," Motherboard reports. From the report: PIRG poured over the documentation for 50 companies such as Bissell, Whirlpool, and Panasonic to document their warranty policies. When it couldn't find clear language about warranty and repair, it reached out to the companies via their customer service lines. The overwhelming majority of the companies told PIRG that independent repair would void the warranty.

The 1975 Magnuson-Moss Warranty Act states that no manufacturer who charges more than $5 for a product can put repair restrictions on a product they're offering a warranty on. In May, the U.S. Federal Trade Commission sent warning letters to Sony, Microsoft, Nintendo, HTC, Hyundai, and ASUS for violating the act by threatening to void the warranties of customers who repaired their own devices. Within 30 days, many of the companies had complied and changed the language on their websites around independent repair. It was a step in the right direction, but the PIRGs survey of the AHAM members shows that there's still a lot of work to do.

Jason Koebler writes: Do Not Pay, a free service that launched in the iOS App store today, uses artificial intelligence to help people win up to $25,000 in small claims court. It's the latest project from 21-year-old Stanford senior Joshua Browder, whose service previously allowed people to fight parking tickets or sue Equifax; now, the app has streamlined the process. It's the "first ever service to sue anyone (in all 3,000 counties in 50 states) by pressing a button."