Apple 'Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users', Claims Forbes (forbes.com) 58

In February, Reddit's CEO called TikTok "fundamentally parasitic," according to a report on TechCrunch, adding "it's always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone...I actively tell people, 'Don't install that spyware on your phone.'"

TikTok called his remarks "baseless accusations made without a shred of evidence."

But now Apple "has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users' devices..." reports Forbes cybersecurity contributor Zak Doffman, noting that one of the biggest offenders it revealed still turns out to be TikTok:Worryingly, one of the apps caught snooping [in March] by security researchers Talal Haj Bakry and Tommy Mysk was China's TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.

Well, maybe not. With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn't stop this invasive practice back in April as promised after all. Worse, the excuse has now changed.According to TikTok, the issue is now "triggered by a feature designed to identify repetitive, spammy behavior," and has told me that it has "already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion." In other words: We've been caught doing something we shouldn't, we've rushed out a fix...

iOS users can relax, knowing that Apple's latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.

Long-time Slashdot reader schwit1 also shares an online rumor from an anonymous Redditor (with a 7-year-old account) who claims to be a software engineer who's reverse engineered TikTok's software and learned more scary things, concluding that TikTok is a "data collection service that is thinly-veiled as a social network."

So far the most reputable news outlets that have repeated his allegations are Bored Panda, Stuff, Hot Hardware, and Illinois radio station WBNQ.
The Internet

Charter Seeks FCC Permission to Impose Data Caps and Charge Fees to Video Services (arstechnica.com) 93

"Charter Communications has asked federal regulators for permission to impose data caps on broadband users and to seek interconnection payments from large online video providers, starting next year," writes Ars Technica.

Long-time Slashdot reader Proudrooster shares their report:Charter, unlike other ISPs, isn't allowed to impose data caps and faces limits on charges for interconnection payments because of conditions applied to its 2016 purchase of Time Warner Cable. The conditions were imposed by the Federal Communications Commission for seven years and are scheduled to elapse in May 2023. Last week, Charter submitted a petition asking the FCC to let the conditions run out on May 18, 2021 instead. The FCC is seeking public comment on the petition...

When it sought FCC permission for the merger, it told the FCC that it provides service "without any data caps, usage-based pricing, or modem fees" and that it "has been involved in no notable disputes over traffic management and has long practiced network neutrality."

When contacted by Ars yesterday, Charter said it doesn't "currently" plan to impose data caps or change its interconnection policy, but it wants the option to do so.

United Kingdom

'We've Bought the Wrong Satellites': UK Investment In OneWeb Baffles Experts (theguardian.com) 227

AmiMoJo writes: "The UK government's plan to invest hundreds of millions of pounds in a satellite broadband company has been described as 'nonsensical' by experts, who say the company doesn't even make the right type of satellite the country needs after Brexit," reports The Guardian. "The investment in OneWeb is intended to mitigate against the UK losing access to the EU's Galileo satellite navigation system. But OneWeb -- in which the UK will own a 20% stake following the investment -- currently operates a completely different type of satellite network from that typically used to run such navigation systems."

OneWeb is building a global satellite internet delivery platform similar to Starlink, and plans to piggyback a British navigation system on the satellites. But the satellites will be in low Earth orbit at 12,000km altitude, compared to other navigation systems at 20,000km. "The fundamental starting point is, yes, we've bought the wrong satellites," said Dr Bleddyn Bowen, a space policy expert at the University of Leicester. "It's bolting an unproven technology on to a mega-constellation that's designed to do something else. It's a tech and business gamble." OneWeb filed for bankruptcy in March.


Mobilewalla Used Cellphone Data To Estimate the Demographics of Protesters (buzzfeednews.com) 23

An anonymous reader quotes a report from BuzzFeed News: On the weekend of May 29, thousands of people marched, sang, grieved, and chanted, demanding an end to police brutality and the defunding of police departments in the aftermath of the police killings of George Floyd and Breonna Taylor. They marched en masse in cities like Minneapolis, New York, Los Angeles, and Atlanta, empowered by their number and the assumed anonymity of the crowd. And they did so completely unaware that a tech company was using location data harvested from their cellphones to predict their race, age, and gender and where they lived. Just over two weeks later, that company, Mobilewalla, released a report titled "George Floyd Protester Demographics: Insights Across 4 Major US Cities." In 60 pie charts, the document details what percentage of protesters the company believes were male or female, young adult (18-34); middle-aged 3554, or older (55+); and "African-American," "Caucasian/Others," "Hispanic," or "Asian-American."

"African American males made up the majority of protesters in the four observed cities vs. females," Mobilewalla claimed. "Men vs. women in Atlanta (61% vs. 39%), in Los Angeles (65% vs. 35%), in Minneapolis (54% vs. 46%) and in New York (59% vs. 41%)." The company analyzed data from 16,902 devices at protests -- including exactly 8,152 devices in New York, 4,527 in Los Angeles, 2,357 in Minneapolis, and 1,866 in Atlanta. It's unclear how accurate Mobilewalla's analysis actually is. But Mobilewalla's report is another revelation from a wild west of obscure companies with untold amounts of sensitive information about individuals -- including where they go and what their political allegiances may be. There are no federal laws in place to prevent this information from being abused.
Mobilewalla's privacy policy says that people have the right to opt out of certain uses of their personal information. But it also says, "Even if you opt out, we, our Clients and third parties may still collect and use information regarding your activities on the Services, Properties, websites and/or applications and/or information from advertisements for other legal purposes as described herein."

Mobilewalla CEO Anindya Datta said the company didn't prepare the report for law enforcement or a public agency, but rather to satisfy its own employees' curiosity about what its vast trove of unregulated data could reveal about the demonstrators. He added that the company doesn't plan to include information about whether a person attended a protest to its clients, or to law enforcement agencies.

California City Bans Predictive Policing In US First (reuters.com) 132

An anonymous reader quotes a report from Reuters: As officials mull steps to tackle police brutality and racism, California's Santa Cruz has become the first U.S. city to ban predictive policing, which digital rights experts said could spark similar moves across the country. "Understanding how predictive policing and facial recognition can be disportionately biased against people of color, we officially banned the use of these technologies in the city of Santa Cruz," Mayor Justin Cummings said on Wednesday. His administration will work with the police to "help eliminate racism in policing", the seaside city's first male African-American mayor said on his Facebook page, following a vote on Tuesday evening.

Used by police across the United States for almost a decade, predictive policing relies on algorithms to interpret police records, analyzing arrest or parole data to send officers to target chronic offenders, or identifying places where crime may occur. But critics says it reinforces racist patterns of policing -- low-income, ethnic minority neighborhoods have historically been overpoliced so the data shows them as crime hotspots, leading to the deployment of more police to those areas.


Apple, Microsoft, Facebook, Google, Twitter, and Other Major Tech Companies Decry Republican Bill Seeking To Break Encryption (medianama.com) 66

In response to the Lawful Access to Encrypted Data (LAED) Act proposed by three Republican senators, Big Tech companies have registered their opposition through their Reform Government Surveillance coalition. From a report: They said that building encryption backdoors would jeopardize the sensitive data of billions of users and "leave all Americans, businesses, and government agencies dangerously exposed to cyber threats from criminals and foreign adversaries." They also pointed out that as the pandemic has forced everyone to rely on the internet "in critical ways," digital security is paramount and strong encryption is the way forward. The coalition's members are Apple, Microsoft, Facebook, Google, Twitter, Snap, Verizon Media, Dropbox, and Microsoft-owned LinkedIn. The coalition was established in December 2013, a few months after documents about the United States' PRISM data collection program were leaked.

Microsoft is Permanently Closing All Physical Retail Stores (venturebeat.com) 98

Microsoft has announced it will permanently close all of its physical retail stores and transfer most of its resources to online channels. From a report: This comes after the computing giant shuttered the outlets in late March due to the COVID-19 crisis. In what Microsoft is touting as a "new approach to retail," the company said its retail store employees will be transitioned to its corporate hubs and will provide customers remote sales, training, and support. The company will focus its efforts on existing digital stores on Microsoft.com and through Windows and Xbox, which have a collective reach of 1.2 billion people globally. Microsoft added that the closures will result in a pre-tax charge of around $450 million, which it said consists mostly of asset write-offs and impairments. The Seattle-based tech titan debuted its first physical retail experience back in 1999 at the Sony-owned Metreon shopping complex in San Francisco, though that closed around a decade later. Microsoft's first real foray into brick-and-mortar retail was in Scottsdale, Arizona in 2009. This grew to around a hundred similar outlets across the U.S., including its New York flagship, which opened in 2015. The company later went international, opening seven retail stores in Canada, one in Australia, and one in the U.K.

Facial Recognition Bill Would Ban Use By Federal Law Enforcement (nbcnews.com) 56

An anonymous reader quotes a report from NBC News: Sens. Ed Markey, D-Mass., and Jeff Merkley, D-Ore., introduced legislation Thursday that seeks to ban the use of facial recognition and other biometric surveillance technology by federal law enforcement agencies. The legislation would also make federal funding for state and local law enforcement contingent on the enactment of similar bans. The Facial Recognition and Biometric Technology Moratorium Act, is supported by Reps. Ayanna Pressley, D-Mass., and Pramila Jayapal, D-Wash. It comes at a time of intense scrutiny of policing and surveillance tools, and widespread protests after the killing of George Floyd in Minneapolis police custody in late May.

The bill would make it unlawful for any federal agency or official to "acquire, possess, access or use" biometric surveillance technology in the United States. It would also prohibit the use of federal funds to purchase such technology. The bill states that this type of surveillance technology could only be used if there was a federal law with a long list of provisions to ensure it was used with extreme caution. Any such federal law would need to stipulate standards for the use, access and retention of the data collected from biometric surveillance systems; standards for accuracy rates by gender, skin color and age; rigorous protections for due process, privacy, free speech, and racial, gender and religious equity; and mechanisms to ensure compliance with the act. It also stipulates that local or state governments would not be eligible to receive federal financial assistance under the Edward Byrne Memorial Justice Assistance Grant program, which funds police training, equipment and supplies, without complying with a similar law or policy.


Comcast Becomes the First ISP To Join Mozilla's TRR Program (neowin.net) 84

Comcast has joined Cloudflare and NextDNS in partnering with Mozilla's Trusted Recursive Resolver program, which aims to make DNS more trusted and secure. Neowin reports: Commenting on the move, Firefox CTO Eric Rescorla, said: "Comcast has moved quickly to adopt DNS encryption technology and we're excited to have them join the TRR program. Bringing ISPs into the TRR program helps us protect user privacy online without disrupting existing user experiences. We hope this sets a precedent for further cooperation between browsers and ISPs."

With its TRR program, Mozilla said that encrypting DNS data with DoH is just the first step in securing DNS. It said that the second step requires companies handling the data to have appropriate rules in place for handling it. Mozilla believes these rules include limiting data collection and retention, ensuring transparency about any retained data, and limiting the use of the resolver to block access or modify content.
Ars Technica notes that joining Mozilla's program means that Comcast agreed that it won't "retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser," along with other requirements.

When the change happens, it'll be automatic for users unless they've chosen a different DoH provider or disabled DoH altogether. Comcast told Ars yesterday that "Firefox users on Xfinity should automatically default to Xfinity resolvers under Mozilla's Trusted Recursive Resolver program, unless they have manually chosen a different resolver, or if DoH is disabled. The precise mechanism is still being tested and the companies plan to document it soon in an IETF [Internet Engineering Task Force] Draft."

Democrats Pitch $100 Billion Broadband Plan, Repeal of State Limits On Muni Networks (arstechnica.com) 211

An anonymous reader quotes a report from Ars Technica: House Democrats yesterday unveiled a $100 billion broadband plan that's gaining quick support from consumer advocates. "The House has a universal fiber broadband plan we should get behind," Electronic Frontier Foundation Senior Legislative Counsel Ernesto Falcon wrote in a blog post. House Majority Whip James Clyburn (D-SC.) announced the Accessible, Affordable Internet for All Act, saying it has more than 30 co-sponsors and "invests $100 billion to build high-speed broadband infrastructure in unserved and underserved communities and ensure that the resulting Internet service is affordable." The bill text is available here.

In addition to federal funding for broadband networks with speeds of at least 100Mbps downstream and upstream, the bill would eliminate state laws that prevent the growth of municipal broadband. There are currently 19 states with such laws. The Clyburn legislation targets those states with this provision: "No State statute, regulation, or other State legal requirement may prohibit or have the effect of prohibiting any public provider, public-private partnership provider, or cooperatively organized provider from providing, to any person or any public or private entity, advanced telecommunications capability or any service that utilizes the advanced telecommunications capability provided by such provider." The bill also has a Dig Once requirement that says fiber or fiber conduit must be installed "as part of any covered highway construction project" in states that receive federal highway funding. Similar Dig Once mandates have been proposed repeatedly over the years and gotten close to becoming US law, but never quite made it past the finish line.


Model S Touchscreen Failures Prompts NHTSA Investigation (theverge.com) 101

mschaffer writes: Some older Teslas (Model S) are experiencing problems due to a worn-out flash eMMC chip. The loss of touchscreen functionality prevents operators from being able to use the backup camera. This may potentially impact 63,000 cars. The agency also acknowledges that the same chip was used in the 2012 to 2018 versions of the Model S and the 2016 and 2018 version of the Model X, accounting for around 159,000 vehicles.

"The agency currently has two other such investigations open into Tesla," adds The Verge. "One, opened last October, is about an over-the-air software update Tesla issued that was meant to limit a possible fire risk in the battery packs of the company's cars. The other, opened in January, is looking into claims of Tesla's vehicles undergoing 'sudden unintended acceleration.'"

Sidewalk Labs Plans To Spin Out More Smart City Companies (venturebeat.com) 5

An anonymous reader quotes a report from VentureBeat: Alphabet's Sidewalk Labs plans to spin out some of its smart city ideas into separate companies, CEO Daniel Doctoroff said today at Collision from Home conference. Doctoroff listed three potential companies: mass timber construction, affordable electrification sans fossil fuels, and planning tools optimized with machine learning and computation design. Last month, Sidewalk Labs killed its Toronto smart city project, which envisioned raincoats designed for buildings, heated pavement, and object-classifying cameras. Privacy advocates celebrated that the Google sister company would not be getting invasive power to surveil residents. But as I argued in my column that week, the story was far from over. Sidewalk Labs was using the COVID-19 pandemic as a scapegoat for the Toronto project, but the company wouldn't stay idle. Here's how Doctoroff describes the plans for the urban innovation company: "There's two different avenues that our work can take, leading out of the work we did in Toronto. The first is the creation of companies based on a lot of those ideas. As an example, we are huge believers in the potential of mass timber. Lower construction costs, lower construction times, both of which could have a big role in helping to address the affordability issue. There are also massive sustainability benefits and aesthetic benefits as well. We are in the process of creating a company to in effect commercialize the construction of mass timber. Out of our efforts in Toronto we've developed a very different approach to dramatically reducing carbon emissions. One of those pieces of that approach is what we call affordable electrification, which is basically to use all electricity, in whether it's a building or in a district, without using fossil fuels. We think that there is a very important company that potentially could be created out of that. The planning tools that we developed, which we think can help to optimize using machine learning and computational design -- we think that'd be a separate company.

Separately, we will also be engaging with developers using some of those innovations that were described in our plan for Toronto, some of which we ourselves will be building into companies that help developers achieve these sorts of quality of life improvements. In some cases, we will be a capital partner as well. So we expect to play a role in the building out of the places, and just do it in a more diversified way then would have been in Toronto. We were always going to employ that strategy, this just accelerates it in some way."

Google Says It Will Keep Less Browser History and Location Data By Default (nbcnews.com) 36

Google said Wednesday it was changing the defaults on its services in an effort to store less browser history and location data on its servers. NBC News reports: Google CEO Sundar Pichai said in a blog post that the first time a person turns on location history, the default option would be for the data to be stored for 18 months. Activity from the web and from apps would also default to 18 months for new accounts, he said. "This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it," Pichai said. There will be no automatic change for existing accounts and people who already have location history turned on in their Google settings, but the company plans to inform existing users of the option to set up auto-delete after three to 18 months, he said. People also have the option to turn the setting off.
The Courts

It's Unconstitutional For Cops To Force Phone Unlocking, Court Rules (arstechnica.com) 115

An anonymous reader quotes a report from Ars Technica: Indiana's Supreme Court has ruled that the Fifth Amendment allows a woman accused of stalking to refuse to unlock her iPhone. The court held that the Fifth Amendment's rule against self-incrimination protected Katelin Seo from giving the police access to potentially incriminating data on her phone. The courts are divided on how to apply the Fifth Amendment in this kind of case. Earlier this year, a Philadelphia man was released from jail after four years of being held in contempt in connection with a child-pornography case. A federal appeals court rejected his argument that the Fifth Amendment gave him the right to refuse to unlock hard drives found in his possession. A Vermont federal court reached the same conclusion in 2009 -- as did a Colorado federal court in 2012, a Virginia state court in 2014, and the Massachusetts Supreme Judicial Court in 2014.

But other courts in Florida, Wisconsin, and Pennsylvania have reached the opposite conclusion, holding that forcing people to provide computer or smartphone passwords would violate the Fifth Amendment. Lower courts are divided about this issue because the relevant Supreme Court precedents all predate the smartphone era. To understand the two competing theories, it's helpful to analogize the situation to a pre-digital technology.


Brazil Suspends WhatsApp's Payments Service (techcrunch.com) 7

Brazil, the second largest market for WhatsApp, has suspended the instant messaging app's mobile payments service in the country a week after its rollout in what is the latest setback for Facebook. From a report: In a statement, Brazil's central bank said it was taking the decision to "preserve an adequate competitive environment" in the mobile payments space and to ensure "functioning of a payment system that's interchangeable, fast, secure, transparent, open and cheap." Banks in the nation have asked Mastercard and Visa, who are among the payments partners for WhatsApp in Brazil, to suspend money transfer on WhatsApp app. Failure to comply with the order would subject the payments companies to fines and administrative sanctions. In its statement, Brazil's central bank suggested it hadn't had the opportunity to analyze WhatsApp's payment service prior to its rollout.