New submitter cj9er writes: Considering all the privacy issues in today's online climate (all the issues with Meta right now), what is the best high-end smartphone to select?

Apple: No way they don't sell your data... Sure, they have privacy for third-party apps, but what about the data they collect from the phone itself? Consider what the revenue is on a single smartphone (say $150), how do you think they have all that cash on hand?

Google: Yeah right, Pixel is probably collecting [data] 24/7 considering their main business is selling ads on Search. They have developed the Pixel line because they probably realized they were missing out on the direct collection of data from their own hardware (cut out the middle players using Android).

Samsung: Their TVs even collect and sell data on you. I don't really understand the price premium on Galaxy phones anyways.

I have kept my data and Wi-Fi turned off on my phones for years. Initially it was for battery reasons but now add in data collection. Ultimately, if we could turn off the GPS feature at will on our phones, maybe we could prevent all tracking (except for cellular triangulation). If we then think about safety, GPS is great and now with satellite-tracking on Apple phones, even better. But then what is going on behind the scenes 99.99% of the rest of the time when you don't require those options for safety reasons?

What phone manufacturer can be trusted?

An anonymous reader quotes a report from the Washington Post: When researchers discovered a vulnerability in the ubiquitous open-source log4j system last year that could've affected hundreds of millions of devices, the executive branch snapped into action and major tech companies huddled with the White House. Now, leaders of the Senate Homeland Security and Governmental Affairs Committee are introducing legislation to help secure open-source software, first reported by The Cybersecurity 202. Chairman Gary Peters (D-Mich.) and top ranking Republican Rob Portman (Ohio) plan to hold a vote next week on the bill they're co-sponsoring.

The Peters/Portman legislation would direct the Cybersecurity and Infrastructure Security Agency to develop a way to evaluate and reduce risk in systems that rely on open-source software. Later, CISA would study how that framework could apply to critical infrastructure. The log4j "incident presented a serious threat to federal systems and critical infrastructure companies -- including banks, hospitals, and utilities -- that Americans rely on each and every day for essential services," Peters said in a written statement. "This common-sense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation." Here's how the Peters-Portman legislation works, as outlined in the report: - It directs CISA to hire open-source experts "to the greatest extent practicable."
- It gives the agency a year to publish a framework on open-source code risk. A year later and periodically thereafter, CISA would perform an assessment of open-source code components that federal agencies commonly use.
- Also, two years after publishing the initial framework, CISA would have to study whether it could be used in critical infrastructure outside the government and potentially work with one or more critical infrastructure sectors to voluntarily test the idea.
- Other agencies would have roles as well, such as the Office of Management and Budget publishing guidance to federal chief information officers on secure use of open-source software.

Coinbase is being sued by Veritaseum Capital LLC, which alleges that the crypto exchange has infringed on a patent awarded to Veritaseum founder Reggie Middleton. CoinDesk reports: According to Veritaseum, Coinbase has used the patent for some of its blockchain infrastructure, and the company is seeking at least $350 million in damages. Middleton and Veritaseum in 2019 settled a case with the U.S. Securities and Exchange Commission (SEC), paying nearly $9.5 million over charges surrounding the initial coin offering (ICO) for the company's VERI token/ "Veritaseum's website says it 'builds blockchain-based, peer-to-peer capital markets as software on a global scale,'" adds Reuters, which first reported the lawsuit. "Thursday's lawsuit accuses Coinbase features including its website, mobile app and Coinbase Cloud, Pay, and Wallet services of infringing a patent covering a secure method for processing digital-currency transactions."

"Veritaseum Capital's attorney Carl Brundidge of Brundidge Stanger said Friday that Coinbase was 'uncooperative' when they tried to settle out of court."

The Central Intelligence Agency (CIA) is launching a podcast called "The Langley Files." As the agency explains, "The mission of 'The Langley Files: A CIA Podcast' is to educate and connect with the general public, sharing insight into the Agency's core mission, capabilities and agility as an intelligence leader... and to share some interesting stories along the way!" Variety reports: The podcast features suspenseful intro music and a narrator explaining that CIA will be "sharing what we can" with stories that go "beyond those of Hollywood scripts and shadowed whispers." CIA Director Bill Burns is the featured guest on Episode 1 of "The Langley Files." "We do usually operate in the shadows, out of sight and out of mind," Burns said in the premiere. However, he continued, "in our democracy, where trust in institutions is in such short supply... it's important to try to explain ourselves the best we can and to demystify a little bit of what we do."

According to Burns, one of the biggest misconceptions people have about the CIA stems from Hollywood's depictions of intelligence field agents. Many people think CIA is a "glamorous world" of "heroic individuals who drive fast cars and defuse bombs and solve world crises all on their own" -- a la Jason Bourne, James Bond and Jack Ryan. (Bond is a British spy, but you get the drift.) On the podcast, Burns shared that he drives a 2013 Subaru Outback "at posted speed limits." [...] The CIA says each episode of the podcast will be about 15-30 minutes long and will "feature our hosts leading conversations with a range of special guests." The series is distributed on major audio platforms including Apple Podcasts, Spotify, Google Podcasts, Amazon Music and Player.fm. "From all of us here at CIA -- we'll be seeing you," said one of the hosts before signing off the inaugural episode.

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it." From the report: On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master's identity on the cybercrime forums to Kloster's personal blog, which featured musings on the challenges of running a company that sells "security and anonymity services to customers around the world." Kloster's blog even included a group photo of RSOCKS employees.

The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities. "I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges," Kloster reportedly told the Bulgarian court this week. "I am not a criminal and I will prove it in an American court." 24Chasa said the defendant's surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother's maiden name. As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. [...] Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.

An anonymous reader quotes a report from SFGate: In a 7-4 vote on Tuesday, the San Francisco Board of Supervisors agreed to test Mayor London Breed's controversial plan to overhaul the city's surveillance practices, which will allow police to access private security cameras in real time. Supervisors Catherine Stefani, Aaron Peskin, Gordon Mar, Matt Dorsey, Myrna Melgar, Rafael Mandelman and Ahsha Safai voted to approve the trial run, while Connie Chan, Dean Preston, Hillary Ronen and Shamann Walton voted in dissent.

Under the new policy, police can access up to 24 hours of live video of outdoor footage from private surveillance cameras owned by individuals or businesses without a warrant as long as the camera's owner allows it. Police must meet one of three outlined criteria to use their newfound power: they must be responding to a life-threatening emergency, deciding how to deploy officers in response to a large public event or conducting a criminal investigation that was approved in writing by a captain or higher-ranking police official. The trial will last 15 months. If supervisors wish to extend or revise the policy, they must take a second vote. "I know the thought process is, 'Just trust us, just trust the police department.' But the reality is people have been violating civil liberties since my ancestors were brought here from an entirely, completely different continent," Walton, the board president and District 10 representative, said.

San Francisco District Attorney Brooke Jenkins added: "I believe this policy can help address the existence of open-air drug markets fueling the sale of the deadly drug fentanyl. Drug dealers are destroying people's lives and wreaking havoc on neighborhoods like the Tenderloin. Mass organized retail theft, like we saw in Union Square last year, or targeted neighborhood efforts like we've seen in Chinatown is another area where the proposed policy can help."

New York, home of the largest rapid transit system in the country, will install surveillance cameras in every New York City subway car by 2025, Gov. Kathy Hochul announced earlier this week. From a report: The move is aimed at increasing riders' confidence in subway safety, Hochul said, as ridership numbers are still lagging behind pre-pandemic levels. It also follows several highly publicized crimes that have occurred in the transit system, including the rape of a tourist on a subway platform this month; a mass shooting on a subway car in Brooklyn in April that left 10 passengers wounded; and the fatal shooting of a Goldman Sachs employee on a train in May.

But the decision to install cameras on subway cars worries some privacy advocates, who say it will increase the level of surveillance of New Yorkers without necessarily making the subway safer. Subway stations in the city already have surveillance cameras. "It's awful. This just seems like a terrible surveillance PR stunt just to boost ridership," said Albert Fox Cahn, the founder and executive director of the Surveillance Technology Oversight Project (STOP), a nonprofit aimed at reigning in digital surveillance in New York. "We have no idea how they would be sharing the data with federal and out-of-state partners," Fox Cahn said.

Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well. From a report: According to journalist Matthew Keys' sources, the arrest is the result of an investigation involving the City of London Police, the UK's National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had "no further information to share at this stage."

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won't impact work on the game and that it will "properly introduce" fans to the next title in the blockbuster series once it's ready.

An anonymous reader quotes a report from Bloomberg: Meta was sued for allegedly building a secret work-around to safeguards that Apple launched last year to protect iPhone users from having their internet activity tracked. In a proposed class-action complaint filed Wednesday in San Francisco federal court, two Facebook users accused the company of skirting Apple's 2021 privacy rules and violating state and federal laws limiting the unauthorized collection of personal data. A similar complaint was filed in the same court last week. The suits are based on a report by data privacy researcher Felix Krause, who said that Meta's Facebook and Instagram apps for Apple's iOS inject JavaScript code onto websites visited by users. Krause said the code allowed the apps to track "anything you do on any website," including typing passwords.

According to the suits, Meta's collection of user data from the Facebook app helps it circumvent rules instituted by Apple in 2021 requiring all third-party apps to obtain consent from users before tracking their activities, online or off. Meta has said it expected to miss out on $10 billion in ad revenue in 2022 because of Apple's changes. The Facebook app gets around Apple privacy rules by opening web links in an in-app browser, rather than the user's default browser, according to Wednesday's complaint. "This allows Meta to intercept, monitor and record its users' interactions and communications with third parties, providing data to Meta that it aggregates, analyzes, and uses to boost its advertising revenue," according to the suit. A Meta spokesperson said the allegations are "without merit" and the company will defend itself. "We have designed our in-app browser to respect users' privacy choices, including how data may be used for ads," the company said in an emailed statement.

Five luxury cars, including two BMWs, two McLarens, and a Lamborghini, have been seized from 23-year-old Aiden Pleterski, the self-described "crypto king" of Canada, during bankruptcy proceedings according to a new report from the CBC. But those cars are only worth a fraction of the $35 million that Pleterski allegedly took from investors who thought he'd make them rich in the cryptocurrency market, and it's not clear whether they'll ever see their money again. Gizmodo reports: Pleterski and his company AP Private Equity Limited are facing at least two civil lawsuits after 140 people have come forward to say they invested a combined $35 million with Pleterski. Those people believed they were investing in cryptocurrency, and Pleterski's online presence -- including photos of the 23-year-old on private jets and next to luxury cars-- helped create the image that he knew what he was doing.

Pleterski's YouTube channel and Instagram account have been deleted but it appears he purchased articles on websites like Forbes.mc (the top level domain for Monaco) and the far-right news outlet Daily Caller to get his name associated with success in crypto investment. The Daily Caller article from December 2021 includes a photo of Pleterski looking at his phone in what appears to be a private jet. Notably, December 2021 was a time when cryptocurrencies like bitcoin and ethereum were trading near all-time highs. The headline reads, "Aiden Pleterski: Meet the Young Canadian Investor Who Is Taking the World of Crypto By Storm."

The question remains whether Pleterski actually invested any of the money in crypto to begin with, and speaks to just how strange the crypto market has been over the past year. For all anyone knows, Pleterski may have actually invested the money and lost it like so many others since the peak of November 2021. Bitcoin is down 56% since its price a year ago, while ethereum is down 57%. Pleterski insists he invested the money but that he's just bad with record-keeping. But some investors suspect Pleterski didn't even bother investing the money, instead pocketing it for himself, according to people who spoke with the CBC. Investors are trying to get their money back through the bankruptcy court and two civil lawsuits, but criminal charges haven't been pursued, even though some have reported their incidents to Toronto police, according to the CBC.

A U.S. intelligence agency gained access to China's telecommunications network after hacking a university, Chinese state media claimed Thursday. CNBC reports: The U.S. National Security Agency used phishing -- a hacking technique where a malicious link is included in an email -- to gain access to the government funded Northwestern Polytechnical University, the Global Times alleged, citing an unnamed source. American hackers stole "core technology data including key network equipment configuration, network management data, and core operational data," and other files, according to the Global Times. As part of the NSA's hack, the agency infiltrated Chinese telecommunications operators so that the U.S. could "control the country's infrastructure," the Global Times alleged. The Global Times, citing its unnamed source, reported that more details about the attack on Northwestern Polytechnical University will be released soon. China first disclosed the alleged attack on the Northwestern Polytechnical University earlier this month. "The agency also accused the U.S. of engaging in 'tens of thousands' of cyberattacks on Chinese targets," adds CNBC.

Facebook and Instagram's speech policies harmed fundamental human rights of Palestinian users during a conflagration that saw heavy Israeli attacks on the Gaza Strip last May, according to a study commissioned by the social media sites' parent company Meta. From a report: "Meta's actions in May 2021 appear to have had an adverse human rights impact ... on the rights of Palestinian users to freedom of expression, freedom of assembly, political participation, and non-discrimination, and therefore on the ability of Palestinians to share information and insights about their experiences as they occurred," says the long-awaited report, which was obtained by The Intercept in advance of its publication. Commissioned by Meta last year and conducted by the independent consultancy Business for Social Responsibility, or BSR, the report focuses on the company's censorship practices and allegations of bias during bouts of violence against Palestinian people by Israeli forces last spring.

Following protests over the forcible eviction of Palestinian families from the Sheikh Jarrah neighborhood in occupied East Jerusalem, Israeli police cracked down on protesters in Israel and the West Bank, and launched military airstrikes against Gaza that injured thousands of Palestinians, killing 256, including 66 children, according to the United Nations. Many Palestinians attempting to document and protest the violence using Facebook and Instagram found their posts spontaneously disappeared without recourse, a phenomenon the BSR inquiry attempts to explain. Last month, over a dozen civil society and human rights groups wrote an open letter protesting Meta's delay in releasing the report, which the company had originally pledged to release in the "first quarter" of the year. While BSR credits Meta for taking steps to improve its policies, it further blames "a lack of oversight at Meta that allowed content policy errors with significant consequences to occur."

In an interview with Bloomberg, Microsoft President Brad Smith said the company won't label social media posts that appear to be false in order to avoid the appearance that the company is trying to censor speech online. From the report: "I don't think that people want governments to tell them what's true or false," Smith said when asked about Microsoft's role in defining disinformation. "And I don't think they're really interested in having tech companies tell them either." The comments are Smith's strongest indication yet that Microsoft is taking a unique path to tracking and disrupting digital propaganda efforts.

Smith said Microsoft wanted to provide the public with more information about who is speaking, what they are saying and allow them to come to their own judgment about whether content was true. "We have to be very thoughtful and careful because -- and this is also true of every democratic government -- fundamentally, people quite rightly want to make up their own mind and they should," he said. "Our whole approach needs to be to provide people with more information, not less and we cannot trip over and use what others might consider censorship as a tactic."

Florida's attorney general on Wednesday asked the Supreme Court to decide whether states have the right to regulate how social media companies moderate content on their services, a move that sends one of the most controversial debates of the internet age to the country's highest court. From a report: In its petition, the state asks the court to determine whether the First Amendment prohibits a state from requiring that platforms host certain communications and also whether the states can require companies to provide an explanation to users when they remove their posts. The petition sets up the most serious test to date of assertions that Silicon Valley companies are unlawfully censoring conservative viewpoints. The decision could have wide-ranging effects on the future of democracy and elections, as tech companies play an increasingly significant role in disseminating news and information about politics. Critics of the state social media laws and tech industry representatives also warn that if the Florida law were to take effect, it could lead to a torrent of hate speech, misinformation and other violent content that some major social media companies' policies currently prohibit. The petition is a response to a decision by the U.S. Court of Appeals for the 11th Circuit earlier this year that major provisions of a Florida social media law violated the Constitution's First Amendment. The law would bar companies from banning politicians from their services.

An anonymous reader shares a report: Telegram's doxxing problem goes far beyond Myanmar. WIRED spoke to activists and experts in the Middle East, Southeast Asia, and Eastern Europe who said that the platform has ignored their warnings about an epidemic of politically motivated doxxing, allowing dangerous content to proliferate, leading to intimidation, violence, and deaths. Telegram, which now claims more than 700 million active users worldwide, has a publicly stated philosophy that private communications should be beyond the reach of governments. That has made it popular among people living under authoritarian regimes all over the world (and among conspiracy theorists, anti-vaxxers, and "sovereign citizens" in democratic countries). But the service's structure -- part encrypted messaging app, part social media platform -- and its almost complete lack of active moderation has made it "the perfect tool" for the kind of doxxing campaigns occurring in Myanmar, according to digital rights activist Victoire Rio. This structure makes it easy for users to crowdsource attacks, posting a target for doxxing and encouraging their followers to dig up or share private information, which they can then broadcast more widely. Misinformation or doxxing content can move seamlessly from anonymous individual accounts to channels with thousands of users. Cross-posting is straightforward, so that channels can feed off one another, creating a kind of virality without algorithms that actively promote harmful content. "Structurally, it's suited to this use case," Rio says.

The first mass use of this tactic occurred during Hong Kong's massive 2019 democracy protests, when pro-Beijing Telegram channels identified demonstrators and sent their information to the authorities. Hundreds of protesters were sentenced to custodial sentences for their role in the demonstrations. But with the city split along "yellow" (pro-protests) and "blue" (pro-police) lines, channels were also set up to dox police officers and their families. In November 2020, a telecom company employee was jailed for two years after doxing police and government employees over Telegram. Since then, Telegram doxing appears to be spreading to new countries. In Iraq, militia groups and their supporters have become adept at using Telegram to source information about opponents, such as leaders of civil society groups, which they then broadcast on channels with tens of thousands of followers. Sometimes, bounties are offered for information, according to Hayder Hamzoz, founder of the Iraqi Network for Social Media, an organization that tracks social media use in the country. Often, these come with direct or implicit threats of violence. Targets have faced harassment and violence, and some have had to flee their homes, Hamzoz says.