Slashdot Mirror

tekgoblin writes "Google plans to use data from its +1 button to re-order search results and keep spammers at bay. While this would bring Google’s search engine into the social networking era, it would also create a new avenue for blackhats to manipulate search results. From the article: '"Google will study the clicks on +1 buttons as a signal that influences the ranking and appearance of websites in search results," a spokesman wrote. "The purpose of any ranking signal is to improve overall search quality. For +1's and other social ranking signals, as with any new ranking signal, we'll be starting carefully and learning how those signals are related to quality."'"

Joining the posted submitter club, suasfan22 writes with a bit in Wired about the use of a drone by Libyan Rebels. From the article: "The Libyan revolutionaries are more of a band of enthusiastic amateurs than experienced soldiers. But it turns out the rebels have the kind of weaponry usually possessed by advanced militaries: their very own drone. Aeryon Labs, a Canadian defense firm, revealed on Tuesday that it had quietly provided the rebel forces with a teeny, tiny surveillance drone, called the Aeryon Scout. Small enough to fit into a backpack, the three-pound, four-rotor robot gave Libyan forces eyes in the sky independent of the Predators, Fire Scout surveillance copters and manned spy planes that NATO flew overhead. Don't worry, it's not armed."

The Lodsys saga continues; reader WyzrdX writes with this excerpt from Wired: "Google has intervened in an ongoing intellectual property dispute between smartphone application developers and a patent-holding firm, Wired.com has learned, marking the Mountain View company's first public move to defend Android coders from a patent troll lawsuit that's cast a pall on the community. The company says it filed a request with the United States Patent and Trademark office Friday for reexamination of two patents asserted by East Texas-based patent firm Lodsys. Google's request calls for the USPTO to assess whether or not the patents' claims are valid."

OverTheGeicoE writes "Wired has a story about TSA's known crewmember program, which allows airline pilots to bypass traditional airport security on their way to the cockpit. Pilots will be verified using a system known as CrewPASS that relies on uniforms, identity cards, fingerprints, and possibly other biometrics to authenticate flight deck crews. Once they are authenticated, they can enter secure areas in airports without any further screening. Participation at present is voluntary, and applies at Baltimore/Washington (BWI), Pittsburg (PIT), Columbia (CAE) and now Chicago O'Hare (ORD) airports. TSA is hoping to expand the program nationally. Bruce Schneier thinks this program is 'a really bad idea.' Pilots are already avoiding scanners and patdowns at security checkpoints (video). Is the new program just a way for TSA to hide this fact from the flying public?"

wiedzmin writes with an article in Wired about DNA collection from criminals in California. From the article: "A California appeals court is striking down a voter-approved measure requiring every adult arrested on a felony charge to submit a DNA sample. The First District Court of Appeal in San Francisco said Proposition 69 amounted to unconstitutional, warrantless searches of arrestees. More than 1.6 million samples have been taken following the law's 2009 implementation. Only about a half of those arrested in California are convicted." Note that the State can still appeal the ruling; according to the article, the Attorney General's office has made no comment as to whether they will do so.

girlmad writes "On 6 August 1991, Sir Tim Berners-Lee, then a humble scientist at CERN, made the first page on the World Wide Web publicly available in a move that, unbeknown to him at the time, would change the world more quickly and profoundly than anything before or since." Wired also has a retrospective, noting that "[i]t can be hard now, even for many of us who regularly used the Internet before there was a World Wide Web, to remember that there was a time when the two terms weren’t considered nearly synonymous by the general public." For those who remember, what was your first experience with the Web per se? For me, it was in 1993 or early 1994, with an excited demonstration of Mosaic on Sun workstations in the Geology department at the University of Texas.

bLanark writes "NASA have teamed up with Lego and will send three specially crafted, minifigures towards Jupiter in a probe to be launched on an Atlas V rocket on Friday. The figures, representing Roman gods Jupiter and Juno, and astronomer Galileo, are machined from aluminum and are the normal size for Lego minifigures. From the article: 'This (until now) secret installation was initiated by NASA scientists, who love Lego as much as anyone and wanted to do something memorable for this mission. They approached Lego and the company loved the idea. It saw the project as a way to promote children’s education and STEM programs.'"

chicksdaddy writes with a post in Threat Post. From the article: "Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easter egg program buried in the code that runs industrial machinery around the globe. In an interview Tuesday evening, Beresford said he has reported 18 separate issues to Siemens and to officials at ICS CERT, the Computer Emergency Response Team for the Industrial Control Sector. Siemens said it is readying a patch for some of the holes, including one that would allow a remote attacker to gain administrative control over machinery controlled by certain models of its Step 7 industrial control software."

An anonymous reader writes "Exploiting Florida's liberal public-records laws and Google's search algorithms, a handful of entrepreneurs are making real money by publicly shaming people who've run afoul of Florida law. Florida.arrests.org, the biggest player, now hosts more than 4 million mugs. On the other side of the equation are firms like RemoveSlander, RemoveArrest.com and others that sometimes charge hundreds of dollars to get a mugshot removed. On the surface, the mug-shot sites and the reputation firms are mortal enemies. But behind the scenes, they have a symbiotic relationship that wrings cash out of the people exposed."

AlienIntelligence writes "Looks like the loophole that Zediva founded their business model on evaporated. Zediva's biggest problem was getting over a 1991 ruling against a similar method of transmitting copyright works. Zediva has vowed to appeal the ruling."

Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"

Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"

Worf Maugg writes with this excerpt from Wired: "Researchers at U.C. Berkeley have discovered that some of the net's most popular sites are using a tracking service that can't be evaded — even when users block cookies, turn off storage in Flash, or use browsers' 'incognito' functions. The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics."

Daetrin writes "Nintendo has announced a large loss for the first quarter of the year and lowered its annual profit forecast. In the three months prior to June 30th Nintendo lost 25.5 billion yen ($328 million) and the forecast is being reduced about 80%, from 110 billion yen ($1.4 billion) to 20 billion yen ($257 million). Nintendo is blaming poor sales of the 3DS and is responding by announcing a price cut from $250 to $170 on August 12. In order to mollify early adopters of the system Nintendo also announced that anyone who has logged into the Nintendo eShop before the price cut will receive 10 free NES games and 10 free GBA games. The GBA games won't be available until later in the year, but Nintendo claims they will be exclusive to the '3DS Ambassadors' and will not be available for purchase on the store in the future." A related op-ed at Wired suggests the new price is still too high, given the rise of cheap portable games on various app stores.

Hugh Pickens writes "Alexis Madrigal writes that everyone agrees you need science and technology R&D, but when budgets get tight, research into quantum dots or the fundamental forces that cause earthquakes has a hard time holding the line against health care or tax cuts for the richest Americans. Different countries are taking different approaches. Japan is focusing on its most elite researchers, giving up to $50 million to 30 different people. Other countries are just giving up on some areas of research to focus on others; for example, US particle physicists who will spend their careers trying to drive from the backseat as our European counterparts run the Large Hadron Collider. A third approach might be to reduce redundancies in research. 'An idea to provide funding in a larger number of key areas that would avoid duplication is to create dedicated research centers where several investigators can work in parallel on complementary topics,' writes Joerg Heber. "If we do less research we need to do it right. And using this crisis to think about our research infrastructure needn't be a bad thing. It should be seen as an opportunity to reform the academic research system in a more comprehensive and fundamental way than the academic community and the politicians normally dare to think about.'"

A story at Wired charts the course of Chain World, a video game designed by Jason Rohrer to be different from any game that came before it. Quoting: "It would exist on [a USB flash drive] and nowhere else. According to a set of rules defined by Rohrer, only one person on earth could play the game at a time. The player would modify the game’s environment as they moved through it. Then, after the player died in the game, they would pass the memory stick to the next person, who would play in the digital terrain altered by their predecessor—and on and on for years, decades, generations, epochs. In Rohrer’s mind, his game would share many qualities with religion—a holy ark, a set of commandments, a sense of secrecy and mortality and mystical anticipation. This was the idea, anyway, before things started to get weird."

An anonymous reader writes "Wired reports on how freely-available lectures from Khan Academy are affecting both teaching methods and learning methods in classrooms across the country. From the article: 'Initially, Thordarson thought Khan Academy would merely be a helpful supplement to her normal instruction. But it quickly become far more than that. She's now on her way to "flipping" the way her class works. This involves replacing some of her lectures with Khan's videos, which students can watch at home. Then, in class, they focus on working problem sets. The idea is to invert the normal rhythms of school, so that lectures are viewed on the kids' own time and homework is done at school. ... It's when they're doing homework that students are really grappling with a subject and are most likely to need someone to talk to. And now Thordarson can tell just when this grappling occurs: Khan Academy provides teachers with a dashboard application that lets her see the instant a student gets stuck. "I'm able to give specific, pinpointed help when needed, she says. The result is that Thordarson's students move at their own pace. Those who are struggling get surgically targeted guidance, while advanced kids ... rocket far ahead; once they're answering questions without making mistakes, Khan's site automatically recommends new topics to move on to.'"

bill_mcgonigle writes "After more than a year, Wired has finally released the (nearly) full chat logs between Adrian Lamo and Bradley Manning. Glen Greenwald provides analysis of what Wired previously left out. Greenwald writes: 'Lamo lied to and manipulated Manning by promising him the legal protections of a journalist-source and priest-penitent relationship, and independently assured him that their discussions were "never to be published" and were not "for print." Knowing this, Wired hid from the public this part of their exchange, published the chat in violation of Lamo's clear not-for-publication pledges, allowed Lamo to be quoted repeatedly in the media over the next year as some sort of credible and trustworthy source driving reporting on the Manning case.'"

Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."

Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."

Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."

suraj.sun tips a story at Wired that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Stuxnet worm. The article begins: "It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran's enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why?"

morgan_greywolf writes with this snippet from Wired:"You're never too young (or too old) to start learning the joys of electronics. You don't need to know how to solder, or even how to plug circuit components into a breadboard. As long as you're past the 'I'm going to stick this up my nose' phase, this homemade playdough circuit project is a great way to introduce kiddos and adults alike to basic circuits and electricity."

An anonymous reader writes "NASA's Atlantis shuttle is set to launch this Friday, and its crew will be testing an innovative device that can recycle human urine into a sugary sports drink. The bag uses forward osmosis technology and features a semi-permeable membrane capable of isolating water from virtually any liquid. Recycling urine in this way has a significant effect on a ship's payload, and considering that a single pound adds $10,000 of cost, that slight weight difference can translate to serious savings." CT: I'm at Kennedy Space Center now, tweeting as @cmdrtaco. And I think I'll stay away from the sports drink.

Sam the Nemesis submitted an interview in Wired with Bill Gates on the future of energy. Gates sees nuclear as the only feasible option for base load generation. His views on the current direction of energy funding are particularly distressing: "But the economics are so, so far from making sense. And yet that's where subsidies are going now. We're putting 90 percent of the subsidies in deployment — this is true in Europe and the United States — not in R&D. And so unfortunately you get technologies that, no matter how much of them you buy, there's no path to being economical. You need fundamental breakthroughs, which come more out of basic research."

smitty777 writes "All you Jedis can stop building fake landspeeders in your driveway now — the real deal is finally here. Wired is reporting on an Israeli company that has been testing one for use as an ambulance called the AirMule. Watch out, Womp Rats."

J053 writes "Wired Magazine reports that Righthaven attorney Shawn Mangano's excuse for being a day late with his explanation as to why the litigation factory made 'dishonest statements to the court' was that his web browser upgraded and he could no longer attach PDF files to his submissions. Yeah, right ..."

heptapod writes "Wired has an in-depth article about the 10,000 Year Clock and The Long Now Foundation which has begun moving forward with Jeff Bezos's investment of $42 million. Recently he put up a website with more information." My favorite-yet article about the 10,000 Year Clock appeared on Kevin Kelly's site earlier this month. (Kelly always seems to be involved in interesting projects, and is one of the movers behind this one.)

An anonymous reader writes "Most of us know the many problems with electronic voting systems. They are closed source and hackable, some have a default candidate checked, and many are unauditable (doing a recount is equivalent to hitting a browser's refresh button). But these issues only come to our attention around election time. Now is the time to think about open source voting, end-to-end auditable voting systems and open source governance. Not in November of 2012, when it will, once again, be far, far too late to do anything about it." It'll be interesting to see what e-voting oddities start cropping up in the current election cycle; Republican straw polls have already started, and the primaries kick off this winter.

nudnik72 writes "Weird Al's latest album, Alpocalypse, was released today, but might not have if his fans hadn't taken his cause to twitter Al says. Yankovic had a well publicized disagreement with Lady Gaga's management over his parody of her song Born This Way. Within 24 hours of his fans spreading the word on the internet, Gaga's people reversed course and approved the parody, saying the whole thing was just a mix-up. The King of Pop Parodies explains that this wasn't the first time a music label and the parodied artist didn't see eye-to-eye."

ColdWetDog writes "Remember the Agent.BTZ worm that caused significant problems at military installations back in 2008? Now, three years after what the Pentagon called the most significant breach of US military networks ever, new versions of the malware blamed for the attack are still roiling US networks."

Hugh Pickens writes "The LA Times reports that the Los Angeles Police Commission has voted to kill the city's controversial red-light camera program, rejecting claims that the system makes streets safer while costing the city nothing. The police department says the cameras help reduce accidents, largely by deterring drivers looking to run red lights or make illegal turns while critics of the technology question officials' accident data, saying the cameras instead cause rear-end collisions as drivers slam on their brakes and liken the cameras to Big Brother tactics designed to generate revenues. More than 180,000 motorists have received camera-issued tickets since the program started in 2004 but the commission estimates that the program costs between $4 million and $5 million each year while bringing in only about $3.5 million annually. Members of the public who attended the meeting urged the commission to do away with the cameras, which trigger seemingly boundless frustration and anger among drivers in traffic-obsessed LA. 'It's something that angers me every time I get in my car,' says Hollywood resident Christina Heller. 'These cameras remove our fundamental right in this country to confront our accuser. And they do not do anything to improve safety.'"

smitty777 writes "Two new elements have been added to the periodic table of the elements. Elements 114 and 116 are the weightiest known, with atomic weights of 289 and 292 respectively. The discoverers are proposing flerovium and moscovium as names for these two new discoveries. There are also arguments being made to add in three more as well: 113, 115 and 118." We've noted element 114 in the past, but this is more official.

geegel writes "The US Justice Department is now fighting in court demands from three WikiLeaks associates to disclose the names of several electronic service platforms that received requests to hand over user information. This comes after Twitter obtained a court order to unseal the demands in order to notify the three persons. The current legal row has seen both the ACLU and the EFF provide legal assistance to the WikiLeaks associates."

geegel writes "The US Justice Department is now fighting in court demands from three WikiLeaks associates to disclose the names of several electronic service platforms that received requests to hand over user information. This comes after Twitter obtained a court order to unseal the demands in order to notify the three persons. The current legal row has seen both the ACLU and the EFF provide legal assistance to the WikiLeaks associates."

Tyketto writes "Wired Magazine has an article posted about a solar eclipse occurring overnight in the Arctic and Scandinavian regions over the night of June 1st and 2nd. They explain: 'During the Arctic summer, the sun dips low on the horizon but never sets. That means a solar eclipse is theoretically possible at any time. But this week's eclipse was the first visible from Scandinavia since 2000, and the deepest since 1985. The next one won't be for another 73 years.' NASA has the details, while NPR also has a small blurb on it, with Tromsø, Norway resident Rhys Jones adding some pictures to Flickr, and SpaceWeather putting together a gallery."

"Google chairman Eric Schmidt took responsibility for the search titan's failure to counter Facebook's explosive growth, saying he saw the threat coming but failed to counter it." Note: The original link's landing page was changed after we posted it. The one showing now goes to a Wired article. The same story (coverage of a May 31 conference presentation by Schmidt) also quotes him as saying, unsurprisingly, that cloud services will be 'the death of IT as we know it.'"

Attila Dimedici writes "The National Highway Traffic Safety Administration is expected to announce a new regulation requiring all vehicles to contain a 'black box.' Not only that, but the devices would be designed to make it difficult (possibly illegal) to modify what information these devices collect or to disable them even though the courts have ruled that the owner of the vehicle owns the data. The courts have also ruled that authorities may access that data (to what degree and whether a warrant is necessary depends on the state)."

Here's frequent Slashdot contributor Bennett Haselton who writes "Facebook apparently hired a PR firm that tried to seduce some pundits into writing negative editorials about Google. The 'attack angle' would have been that Google was endangering users' privacy by scraping information about users from Facebook and making such information easier to find with a Google search." Hit the link below to read the rest of Bennett's story.

The reliably cynical Seth Finkelstein commented that the attempted editorial-planting was just "often implicit dealing made explicit", (i.e. that pundits are drafted as fronts for corporate publicity campaigns like this all the time, and that the PR firm in this case spoiled the game by rudely blurting out the terms of the deal, like a guy offering to buy a girl dinner if she'll sleep with him). Steven Levy of Wired opined that with regard to the privacy issues, Facebook was the real villain for exposing information in the first place that many users would rather keep private.

Some perspective here: In 2008, I was corresponding with a high school student (using one of the Circumventor sites to get around their local school Internet blocker, naturally) who mentioned that he was able to see all the personal information of other students in his Facebook high school network -- including email address, phone number, and home address, if the user had uploaded that information to Facebook -- even if those users had not confirmed him as a friend. (Facebook allows users to join one or more "networks" indicating their school affiliation, workplace, city of residence, etc. -- such networks are distinct from Facebook groups and fan pages.) Double-checking with a few more users in the same network and in other high school networks, we found that it really was possible for any member of a high school network to view the profiles of any other member of that high school network and see all of their personal information.

Unlike other types of "networks" on Facebook, it is not possible to join a high school network simply by specifying it in your preferences. However, all of the students that I corresponded with said that in order to join their high school networks, they simply had to request to join the network, and then get a friend request confirmed by an existing member of that high school network. Which means that conning your way into the network would be easy: either (1) create a profile with the name and photo of a real student at that school, and send out friend requests to that student's friends, hoping that one of them would confirm you (not remembering that they had already friended that person under their real account), or (2) create a profile with a hot girl's picture and send out random friend requests to a bunch of guys in the network. Once you got confirmed, you'd have access to all the personal information that any student in that high school had posted on their profile. (I hasten to add that we did not actually try either of these things, but it stands to reason that it would work, since it wasn't functionally any different from what all of those students actually had to do in order to join their networks in the first place!)

I sent a message to Facebook's security team about this, and got a non-form-letter response from a real person -- their reply, however, was that this behavior was by design:

We believe this allows for greater sharing and helps make the site more useful for people, though we also recognize the potential for misuse. That's why we've built a peer verification system around the joining of high school networks. We also use automated systems to detect and flag anomalous behavior, like lots of messages sent to non-friends or a high percentage of ignored friend requests.

Smart, but probably not secure enough. For one thing, if someone is creating disposable accounts to send out friend requests in hopes of getting into a high school network, it only has to work once, so even if most of their accounts get flagged for "anomalous behavior," they only need one that doesn't get flagged. And even if that account does get flagged and cancelled later, by that time it might be too late, if they've already grabbed enough users' information. In any case, some time between 2008 and 2011, Facebook did change the behavior of high school networks so that members can no longer see the personal information of other members without a confirmed friend request. But this loophole was not that difficult to find, and it's likely that at least a few other users had discovered the same issue.

Now, imagine what would have happened if Facebook had announced that, for a fee of a few hundred dollars, they were offering CDs for sale containing the names, addresses, mobile phone numbers, and instant messenger names of all the high school students on their site (along with, of course, all the photos those students had posted of themselves). It goes without saying that after the class action lawsuits had finished, there'd be nothing left of the company but a smoldering crater. Now, I'm not suggesting that Facebook's security policy for high school networks was anywhere near as bad as selling CDs with all the personal information of their high school users, but it's worth thinking about why it should not be considered as bad. In either case, anybody willing to spend a few hundred dollars (or, equivalently, a few hundred dollars' worth of effort -- the effort to discover the loophole, and then to crank out the friend requests) could obtain the personal information of as many high school students as they wanted. What's the difference?

Well, obviously, there's the message that it would send if a company like Facebook offered to sell CDs full of users' personal information. It would lower the bar for future behavior by similar companies, it would make users extremely cynical about trusting the motivations of social networking sites, and in the long run it might even cause courts to decide that users had no reasonable expectation of privacy when joining those sites, because it was "common knowledge" and "common practice" that those sites offered up people's personal information for sale! On the other hand, if Facebook makes that information available indirectly through "benign neglect" -- by, for example, forcing you to create a fake high school profile and send out a bunch of friend requests and create a new profile from scratch if your first one gets canned -- that's far less likely to cause the side effects I just listed. MySpace is not going to get the idea that it's OK to start selling CDs of users' personal information because, hey, Facebook let people pry out the same information if they jumped through enough hoops.

But what this means is that fairly mild privacy issues, if they arise as a result of deliberate choice by a company like Facebook, are likely to get more press attention than far more serious privacy issues that arise as a result of benign neglect. Because when Facebook makes a deliberate choice that affects user privacy (like sharing users' preferences with Pandora), the pundits and the public are reacting to the direct privacy implications of that action, plus all the auxiliary issues, like the "message" that it sends, and the precedent that it sets for future actions by that company and other companies. Whereas if an issue arises as a result of neglect (as in the case of PlayStation Networks users' credit cards being stolen), people are reacting only to the direct privacy implications of the incident, so the issue has to be much more serious to get the equivalent amount of press.

For example, the right reason to be concerned about Facebook sharing users' personal information with Pandora, was the principle that it violated -- if users say "no" to sharing their personal information, Facebook shouldn't be allowed to switch that choice unilaterally. But as for the practical implications -- come on. Facebook and Pandora are both big faceless corporate behemoths as far as we're concerned, so why would we trust one with our personal data but not the other? Besides, what if Facebook had simply bought out Pandora? Then they could share all of our personal information with all the employees of the newly merged Facepanbookdora, and the exact same people would have had access to the exact same data, but it wouldn't have violated the agreement against sharing information with "third parties," because they wouldn't be a third party any more.

When I first found that email addresses of Ameritrade customers had been obtained by a pump-and-dump stock spammer, I was sure (as were most readers, probably) that Ameritrade was not deliberately selling its customers' email addresses; I figured that they had simply left their database inadequately secured, and some third party had broken in and stolen it. On the other hand, because the incident happened as a result of benign neglect and not deliberate choice, I figured the incident would not garner much press as a result, and that seems to have been the case -- the wholesale thievery of Ameritrade customers' personal information by financial criminals received far less press attention than, say, Facebook's decision to change their privacy policy so they could share information with Pandora.

What this means is that if you're an ardent cyber-rights hippie like me, then yes, you should care about the privacy issues that set the blogosphere afire, even if they're fairly minor privacy issues that are magnified out of proportion because they speak to the deliberate intentions of the companies involved. It matters that Facebook decided one day to share our music preferences with Pandora, even if it doesn't hurt anyone.

On the other hand, if you simply care about threats to your personal privacy, then you should heavily discount the noise being made about deliberate choices taken by companies like Facebook, and pay far more attention to dangers of benign neglect by the company guarding your privacy, when that benign neglect is exploited by malicious outsiders. If you have a stalker and you're worried about them finding your Facebook profile, it makes no sense to be worried about Google scraping the information from the public version of your Facebook profile, if it's the same information that your stalker would be able to see anyway if they were logged in to Facebook themselves. It's far more likely that your stalker would try to exploit a weakness in Facebook's privacy settings -- for example, ingratiating themselves with one of your Facebook friends and getting them to accept a friend request, so that they can then see any information on your Facebook profile that is viewable to "friends of friends." Maybe you knew about that already, but if you didn't, you wouldn't know it from reading all the punditry about the Facebook-Google kerfuffle.

An anonymous reader points out a Wired story about some of the efforts behind CyanogenMod, a popular piece of Android modification software. Quoting: "CyanogenMod expanded into a team of 35 different 'device maintainers,' who manage the code for the 32 different devices that the project supports. Like Google, the team publishes its code to an online repository and accepts online submissions for changes to the code from other developers. Seven core members decide which of the submitted changes make it into the next release of CyanogenMod, and which don’t. ... Ultimately, CyanogenMod aspires to be more than just a software mod. 'I think one of our biggest dreams is to see a phone ship with Cyanogen on it,' says Soyars. But pairing the software with a phone is no easy task. First, CyanogenMod would have to pass the tests required by Google’s certification program in order to bundle Google’s proprietary apps — Gmail, Calendar, etc. — on the phone."

smitty777 writes "Wired magazine reports on a new nanoviewing lens that is capable of viewing objects less than 100 nm across. Rather than attempting to use a 'perfect' lens, this technology uses a porous surface that actually scatters the light. By measuring how it is scattered and setting up lasers to compensate, they're able to 'steer' the light back to the right spot. The abstract from the Physical Review Letters reads: 'The smallest structures that conventional lenses are able to optically resolve are of the order of 200 nm. We introduce a new type of lens that exploits multiple scattering of light to generate a scanning nanosized optical focus. With an experimental realization of this lens in gallium phosphide we imaged gold nanoparticles at 97 nm optical resolution. Our work is the first lens that provides a resolution better than 100 nm at visible wavelengths.'"

formfeed writes "A lot has been written lately on the crowd effect and the wisdom of crowds. But for those of us who are doubtful, the Proceedings of the National Academy of Science has published a study showing how masses can become dumber: social influence. While previous studies show how groups of people can come up with remarkably accurate results, it seems 'even mild social influence can undermine the wisdom of crowd effect in simple estimation tasks.' Social influence 'diminishes the diversity of the crowd without improvements of its collective error.' In short, crowd intelligence only works in cases where the opinion of others is hidden."

lee1 writes "Dropbox faces a possible FTC investigation because of misleading statements it has made about the privacy and security of its 25 million users' files. The cloud storage company previously claimed that it was impossible for its employees to access file contents, but in fact, as the encryption keys are in their possession, this is false. The complaint (PDF) points out that their false security claims gave Dropbox a competitive advantage over other firms offering similar services who actually did provide secure encryption."

lee1 writes "Dropbox faces a possible FTC investigation because of misleading statements it has made about the privacy and security of its 25 million users' files. The cloud storage company previously claimed that it was impossible for its employees to access file contents, but in fact, as the encryption keys are in their possession, this is false. The complaint (PDF) points out that their false security claims gave Dropbox a competitive advantage over other firms offering similar services who actually did provide secure encryption."

wiedzmin writes "Subpoenas are expected to go out to ISPs this week in what could be the biggest BitTorrent downloading case in US history. At least 23,000 file sharers are being targeted by the US Copyright Group for downloading The Expendables. The Copyright Group appears to have adopted Righthaven's strategy in blanket-suing large numbers of defendants and offering an option to quickly settle online for a moderate payment. The IP addresses of defendants have allegedly been collected by paid snoops capturing lists of all peers who were downloading or seeding Sylvester Stallone's flick last year. I am curious to see how this will tie into the BitTorrent case ruling made earlier this month indicating that an IP address does not uniquely identify the person behind it."

fysdt writes "The FBI's use of GPS vehicle tracking devices is becoming a contentious privacy issue in the courts, with the Obama administration seeking Supreme Court approval for its use of the devices without a warrant, and a federal civil rights lawsuit targeting the Justice Department for tracking the movements of an Arab-American student. In the midst of this legal controversy, Threat Level decided to take a look at the inside of one of the devices, with the help of the teardown artists at iFixit."

Hugh Pickens writes writes "The Atlantic Wire reports that Superman — Kal-El, the Man of Steel, the Last Son of Krypton — renounces his American citizenship in the latest issue of Action Comics. The moment everyone's talking about comes in a story called 'The Incident,' where Superman wants to fly to Tehran and offer moral support to Iranians protesting an oppressive regime but he's told that Iran will take it as an act of war. Superman decides to get out in front of the problem. 'I intend to speak before the United Nations tomorrow and inform them that I am renouncing my U.S. citizenship,' he tells the president's national security adviser. 'I'm tired of having my actions construed as instruments of U.S. policy.' While some conservative commentators opine that Superman just wants to get out of paying criminally high taxes to a certain merciless Democratic president, Scott Thills concludes that 'the genius of Superman is that he belongs to everyone, for the dual purposes of peace and protection. He's above ephemeral geopolitics and nationalist concerns, a universal agent unlike any other found in pop culture.'"

theodp writes "The Age of Broadband Caps begins Monday, with AT&T imposing a 150 GB cap on DSL subscribers and 250 GB for UVerse users, and keeping the meter running after that. The move comes as AT&T's 16+ million customers are increasingly turning to online video such as Hulu and Netflix on-demand streaming service instead of paying for cable. With AT&T's Man in the White House, some fear there's a 'digital dirt road' in America's future. Already, the enforcement of data caps in Canada has prompted Netflix to default to lower-quality streaming video to shield its users from overage fees."

gabbo529 writes "Nintendo's latest financial results reveal that initial sales for their portable 3D gaming system have been underwhelming at best. What's the reason? Nintendo chief executive Satoru Iwata says consumers have yet to fully understand the console's 3D capabilities, even when trying it out. Others think it might have something to do with the console's high price ($250) and the lack of big-name titles available (Mario and Zelda are not yet out)."

darthcamaro writes "Remember the Flip? When Pure Digital Technology first came out with the device it was one of the hottest gadgets, providing users with an ultra-portable camcorder. Then Cisco came along and bought the Flip for $590 million in 2009. Now less than two years later, Cisco is throwing the money, 550 employees and the Flip out the door." Wired has an analysis of why Flip floundered. I hope this means I can find a AA-powered Flip UltraHD for $50 in a clearance bin.