EFF

As Ola Bini Prosecutors Wrap Up Investigation, Amnesty Calls Out Human Rights Violations in His Case

Electronic Frontier Foundation

Today marks the last day that the Ecuadorean prosecution has to investigate its case against Ola Bini, the Swedish free software programmer who was arrested there in April and detained for over two months without trial and without clear charges. On Thursday, the judge accepted a plea by the prosecutors to change the nature of the charges, switching from one part of Ecuador’s broad cybercrime statute to another. It seems likely that the prosecution will rely on evidence uncovered a few weeks ago that depicted Bini accessing an open, publicly available telnet service: an act that is, in itself, entirely legal under any reasonable interpretation of the law.

The sudden swapping out of charges at the last moment is just the latest twist in a politically charged and technically confused prosecution. It should be no surprise, then, that Amnesty International this week released a statement denouncing Ecuador’s treatment of Bini. The organization, which works to protect human rights globally, has determined that the Ecuadorian state failed to comply with its obligations under international law during Bini’s arrest and subsequent detention. In addition to this pronouncement, Amnesty has also expressed serious concern that political interference jeopardizes the chance for a fair trial, concerns that EFF has raised as well.

Full article

ZDNet

WordPress sites under attack as hacker group tries to create rogue admin accounts

ZDNet

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet.

The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.

However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.

Full article

Reuters

Facebook acknowledges flaw in Messenger Kids app

Reuters

Facebook Inc acknowledged a flaw in its Messenger Kids app, weeks after two U.S. senators raised privacy concerns about the application, and said that it spoke to the U.S. Federal Trade Commission about the matter.

“We are in regular contact with the FTC on many issues and products, including Messenger Kids,” Facebook Vice President Kevin Martin wrote in a letter to two Democrats, which is seen by Reuters. He described the flaw as a “technical error”.

The letter dated Aug. 27 was sent to Democratic Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut.

Full article

EFF

EFF and Mozilla Release Public Letter to Venmo

Electronic Frontier Foundation

EFF is teaming up with the Mozilla Foundation to tell Venmo to clean up its privacy act. In a public letter sent to President/CEO Dan Schulman and COO Bill Ready today, we are telling Venmo to make transactions private by default and let users hide their friend lists.

Both EFF and Mozilla have voiced concern with Venmo’s privacy practices in the past. Venmo is marketed as a way for friends to send and receive money, so people can easily split bills like restaurant checks or concert tickets. However, those transactions are public by default, which can reveal private details about who you spend time with and what you do with them. While users do have an option to hide their transactions if they dig into Venmo’s privacy settings, there is no way for users to hide their friend lists. That means that anyone can uncover who you pay regularly, creating a public record of your personal and professional community.

Full article

ZDNet

Moscow’s blockchain voting system cracked a month before election

ZDNet

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.

Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.

Full article

WIRED

Facebook’s New Privacy Feature Comes With a Loophole

WIRED

By default, Facebook tracks what you do even when you’re not on Facebook, like the products you shop for, the political candidates you donate to, and the porn you watch, using tools like Facebook Pixel, a small piece of code deposited on millions of websites across the internet. The social network uses that information to target you with personalized ads—a business model that is now worth billions of dollars.

But that model has also come under increased scrutiny as privacy advocates, lawmakers, and pundits continue to question why anyone should trust Facebook with their data. In the aftermath of the Cambridge Analytica scandal last year, Facebook promised that users would soon have more control over their information using a “Clear History” tool, which would delete people’s off-platform browsing records. More than a year later, the company finally announced Monday it’s rolling out the feature, now called “Off-Facebook Activity.” People in Ireland, South Korea, and Spain will have access to the long-anticipated tool first, and it will be rolled out in the coming months to all Facebook users.

Full article

Bloomberg

Facebook Paid Hundreds of Contractors to Transcribe Users’ Audio

Bloomberg

Facebook Inc. has been paying hundreds of outside contractors to transcribe clips of audio from users of its services, according to people with knowledge of the work.

The work has rattled the contract employees, who are not told where the audio was recorded or how it was obtained — only to transcribe it, said the people, who requested anonymity for fear of losing their jobs. They’re hearing Facebook users’ conversations, sometimes with vulgar content, but do not know why Facebook needs them transcribed, the people said.

Facebook confirmed that it had been transcribing users’ audio and said it will no longer do so. “We paused human review of audio more than a week ago,” the company said Tuesday. The company said the users who were affected chose the option in Facebook’s Messenger app to have their voice chats transcribed. The contractors were checking whether Facebook’s artificial intelligence correctly interpreted the messages, which were anonymized.

Full article

EFF

Victory! Lawsuit May Proceed Against Facebook’s Biometric Surveillance

Electronic Frontier Foundation

Biometric surveillance by companies against consumers is a growing menace to our privacy, freedom of expression, and civil rights. Fortunately, a federal appeals court has ruled that a lawsuit against Facebook for its face surveillance may move forward.

The decision, by the federal Ninth Circuit about an Illinois privacy law, is the first by an American appellate court to directly identify the unique hazards of face surveillance. This is an important victory for biometric privacy, access to the courts for ordinary people, and the role of state governments as guardians of our digital liberty.

Full article