U.S. Attorney General William Barr took aim at Hollywood companies, including Walt Disney on Thursday as well as large technology firms like Apple, Google and Microsoft over company actions with China. From a report: "Corporations such as Google, Microsoft, Yahoo, and Apple have shown themselves all too willing to collaborate with the (Chinese Communist party)," Barr said. He added that Hollywood has routinely caved into pressure and censored their films "to appease the Chinese Communist Party. I suspect Walt Disney would be disheartened to see how the company he founded deals with the foreign dictatorships of our day," Barr said in a speech at the Gerald R. Ford Presidential Museum in Michigan.

Barr chided U.S. companies for being too willing to take steps to ensure access to the large Chinese market. "The Chinese Communist Party thinks in terms of decades and centuries, while we tend to focus on the next quarterly earnings report," Barr said. "America's big tech companies have also allowed themselves to become pawns of Chinese influence." Barr suggested that Apple iPhones "wouldn't be sold (in China) if they were impervious to penetration by Chinese authorities." He suggested American tech companies were imposing a "double standard."

An anonymous reader quotes a report from Wired: Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including U.S. and Greek military personnel. Other clues in the data suggest that the hackers targeted U.S. State Department staff and an unnamed Iranian-American philanthropist.

The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

The UK retail arm of Apple paid just $7.7m in taxes last year despite raking in almost $1.7bn in sales, according to the company's latest accounts. From a report: Revenue at Apple Retail UK, which operates 38 of the company's stores in the UK, rose by more than 15% in the 12 months to 28 September. But after costs and expenses of around $1.7bn, the firm reported before-tax profits of just $47m, slashing its tax bill significantly. In a statement describing itself as "the largest taxpayer in the world," Apple said that it always paid the taxes that it owed.

This week finally saw the federal sentencing of a former Yahoo software engineer who "admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts" back in 2018, according to America's Department of Justice: Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He made copies of images and videos that he found in the personal accounts without permission, and stored the data at his home. Once he had access to the Yahoo accounts, Ruiz admitted to compromising the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. After his employer observed the suspicious account activity, Ruiz admitted to destroying the computer and hard drive on which he stored the images.
He stopped working at Yahoo in July of 2018. The next month the FBI visited his home. He was indicted in April of 2019 and pleaded guilty in September — facing up to five years in prison and a $250,000 fine.

But it was not until this week that a federal court finally handed down its sentence for the "former Yahoo! engineer who hacked 6,000 accounts on a hunt for private sexual videos and pictures," according to one Bay Area newspaper.

The sentence? Five years of probation, with a home confinement condition: Reyes Daniel Ruiz, 35, of Tracy, is allowed to leave his home for "verified employment, medical needs and religious services," according to the sentencing terms. He has also been ordered to pay nearly $125,000 in fines and restitution, court records show...

He also accessed financial information, but his main goal was to steal pornographic files, prosecutors said. Assistant U.S. Attorney Daniel Kaleba asked for Ruiz to be sentenced to "a period of incarceration," arguing he'd violated not only the trust of his employee but the privacy of thousands of people. "By his estimation, he downloaded approximately two terabytes of data, and possessed between 1,000 and 4,000 private images and videos," Kaleba wrote in a sentencing memo.

The defense argued that Ruiz, who has no criminal history, deserved leniency because he accepted responsibility quickly. He admitted to destroying the hard drive where he stored the ill-gotten files when the FBI visited his home in August 2018. Ruiz told federal investigators that he acquired the pictures and videos for his own personal "self-gratification" and that he didn't share them online, a pre-sentence report says.
In October Gizmodo reported that Ruiz was now working for a Silicon Valley company specializing in SSO (single sign-on) solutions.

"Apple Inc. will force iPhone apps to get permission from users before tracking them," reports Bloomberg, "dealing a potentially major blow to app developers who rely on advertisements to make money." Apple facilitates tracking on its phones by providing app developers with unique numbers for each user, something security advocates have long said contradicts the company's frequent statements in support of privacy. The update to the iPhone's operating system doesn't do away with the tracking system, but makes it much more apparent to users and gives them more opportunities to turn it off. Previously, controls were buried in the phone's settings menu.

"Considering the iPhone's user base, this is a very big change. It certainly improves user privacy," said Lukasz Olejnik, an independent privacy researcher and consultant. "Users at large encountering such pop-ups in just about any application may potentially start asking questions about the use of their data. It will force the industry to reconsider some of the core assumptions."

Even fed-up tech workers are paralyzed by Silicon Valley's culture. From a column: It's easier for tech workers to talk about taking a stand than to do so. For one, big technology companies such as Facebook and Google are viciously competitive about acquiring talent. They hire or poach the best people, sometimes just to prevent a competitor from having access to them instead. Some workers don't want to rock the boat for fear they might get blacklisted, Ian McCarthy, a vice president of product at Yahoo, said. And ironically, the brokenness at companies such as Facebook and Uber can also make their jobs enticing. Disruption is appealing, and the promise to move fast and break things (even priceless and irrecoverable ones, such as democracy) can be a recruiting tool.

Others already in a company's employ may see an opportunity to fix some of its ills. One product manager at a large tech firm, who also advises many early-career professionals, spoke with me on the condition of anonymity because she fears reprisal from within the industry. She told me about her "activist" friends who refuse to leave jobs at Facebook, even if they disagree with the company's practices. "They came to change the world," she said, "and stayed to work within the system on issues they cared about." The same drive that makes these workers care about the consequences of Facebook's impact on democracy also makes them want to stick it out in an effort to improve the service.

Even so, Facebook seems to have crossed the line of tolerable abhorrence for some tech workers. Inside the business, nextplayism may offer the best, and maybe the only, way for them to show their distaste. "The vast majority of people I know at the director-and-up level, when they are leaving a company and looking for a new gig, they're Never Facebookers," McCarthy, who is also an occasional collaborator of mine, said, referring to senior-level roles. "They're offended if you even offer to do introductions to someone at Facebook." But that is a privileged attitude. Much of the magical operation of online services is driven by rote laborers, such as moderators, AI-training wranglers, and gig workers. They aren't counted as members of the industry, except perhaps as its casualties.

The following report appeared on Yahoo! Finance: Privacy-focused browser Brave was found to autocomplete several websites and keywords in its address bar with an affiliate code. Shortly after a user published his findings, Brave CEO and co-founder Brendan Eich addressed the incident and called it "a mistake we're correcting." Eich said that while Brave is a Binance affiliate [a cryptocurrency exchange], the browser's autocompleting feature should not have added any new affiliate codes.

"The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions," Eich wrote in the thread. "Sorry for this mistake — we are clearly not perfect, but we correct course quickly," he added.
Android Police reports the mistake occured more than 10 weeks ago — and that referrer codes were also included for other cryptocurrency-related sites: The browser's GitHub repository reveals the functionality was first added on March 25th, and the current list of sites includes Binance, Coinbase, Ledger, and Trezor. Brave Software receives a kickback for purchases/accounts made with those services — for example, Coinbase says that when you refer a new customer to the service, you can earn 50% of their fees for the first three months.

The nature of these affiliate programs also allows the referrer — in this case, Brave Software — to view some amount of data about the customers who sign up with the code. Coinbase's program provides "direct access to your campaign's performance data," while Trezor offers a "detailed overview of purchases."
Brave CEO and co-founder Brendan Eich (who also created the JavaScript programming language) tweeted, "For what it's worth there's a setting to disable the autocomplete defaults that add affiliate codes, in brave://settings first page. Current plan is to flip default to off as shown here. You can disable ahead of our release schedule if you want to.

"Good to hear from supporters who'll enable it."

Ridley Scott was the fifth choice to direct the 1979 film Alien, remembers the Los Angeles Times, "meaning that no one was expecting the film to become as important and influential as it now is."

This week they chronicled some more remembrances about the film from 82-year-old Ridley Scott: The central role of Ellen Ripley — also portrayed by Sigourney Weaver in three subsequent sequels — was originally written as a man... "I think it was Alan Ladd [then president of 20th Century Fox] who said, 'Why can't Ripley be a woman?' And there was a long pause, that at that moment I never thought about it. I thought, why not, it's a fresh direction, the ways I thought about that. And away we went... I found Sigourney by word of mouth. Somebody had been told that Siourney was on an off-Broadway stage doing something, that I should meet. And I did," Scott said. "And there it was, she was perfect. In terms of scale, size, intelligence, her acting is just fantastic. And so it was made for her, really."

The film's notorious chest-burster scene, in which an alien creature emerges from within actor John Hurt's chest, is now among the classic scenes in modern horror cinema. It was shot with multiple cameras because Scott could only really perform the full effect once, "because once I blew blood all over that set, there was no cleaning it up... I kept it very much from the actors and I kept the actual little creature, whatever that would be, from the actors. I never wanted them to see it," Scott said. "Remember there was no digital effects in those days at all. I'm going to somehow bring that creature out of his chest...."

Scott recalled the influence that Star Wars had on him at the time, noting, "It opened the gate for me feeling comfortable that science fiction was no longer silly fantasy but actually had a reality to it... So I was blown away... My hat still comes off to George," Scott said of Lucas for the first Star Wars. "Without question his was by far the best, still."
Scott directed the 2017 film Alien: Covenant, the Times notes, "And he may not be done yet.

"What I always thought when I was making it, the first one, why would a creature like this be made and why was it traveling in what I always thought was a kind of war-craft, which was carrying a cargo of these eggs. What was the purpose of the vehicle and what was the purpose of the eggs? That's the thing to question — who, why, and for what purpose is the next idea, I think."

Digital Trends reports: Waymo is planning to relaunch its fleet of self-driving minivans into Bay Area streets on June 8, according to an email acquired by The Verge. However, instead of transporting passengers, the vehicles will instead focus on delivering packages for non-profit organizations #DrawTogether, which gives art kits to children, and Lighthouse for the Blind and Visually Impaired...

The pending return to the Bay Area follows Waymo's restart of its testing program in Phoenix, as lockdown restrictions were eased earlier this month... The autonomous vehicles will also soon also make their way back in Detroit and Los Angeles.
The Verge argues that Waymo "is the latest autonomous vehicle operator to discover that doing deliveries allows it to sidestep restrictions that would otherwise require them to keep their autonomous vehicles off the road."

In a blog post today, Coinbase CEO Brian Armstrong announced that the exchange company is moving to a remote-first policy in light of COVID-19, meaning most employees will have the option to work from home. Yahoo Finance reports: "Over the last two months, I have come to believe that not only is remote work here to stay, but that it represents a huge opportunity and strategic advantage for us," he wrote in the announcement. Employees will still be able to work in an office, but they will now have the option to work remotely, or split their time between time working in and out of the office. Armstrong said the transition thus far has been less complicated than expected. Coinbase has been toying with the idea of remote-first work prior to the pandemic, according to the announcement.

In February, Coinbase shared a four-tiered plan to stem the spread of coronavirus among employees. Phase three instituted a required work from home policy. Now, with six-foot distancing measures, Armstrong said Coinbase wouldn't have the space to observe the protocol in its current space if every employee were in office. With the new policy, Armstrong said the plan is to have physical offices in major cities, but spread locations. Once distancing restrictions are lifted, Armstrong estimates anywhere from 20-60% of Coinbase current workforce will work remotely, and the firm is forming a team to oversee the transition.

"If certain businesses — say, the next generation of meat plants — can't reopen safely and profitably with humans, they can and should do so with robots," argued a recent Bloomberg column titled "Let's make a deal with our robot overlords." [Alternate source]

The column posits that right now some jobs "just aren't good enough to protect." Until now, among the biggest obstacles was the transition cost of going from badly paid humans to machines. But if companies disrupt their workflow by actually shutting down production to save lives (as they should), then they will have paid much of the cost... People will probably welcome the brave new world, particularly if it's more hygienic... I confess I'd prefer a self-cleaning, self-driving car so I don't have to share space with a human driver, for both our sakes...

[W]hat will happen to the enormous jobless underclass that such an accelerated shift to automation will create? This is where I think the sheer magnitude of the coronavirus crisis might actually help, for three reasons. First, when so many people are suddenly and violently thrown out of work at the same time, it creates a sense of solidarity that a slow, insidious process such as offshoring does not. Second, the jobless are not perceived, and do not perceive themselves, as at fault for their predicament. This is a natural disaster, beyond their control... Third, and perhaps most important, real change will look newly possible in light of the unprecedented measures the government has already taken to combat the crisis...

[I]f the winners of the AI revolution want to avoid the business disruption of an actual revolution, they should be prepared to negotiate a new and very different deal.

A small group of protesters "rallied outside Tesla's Fremont manufacturing plant Saturday, calling for CEO Elon Musk to be arrested and jailed," reports a local Bay Area news site: Carlos Gabriel is an employee, and has refused to return to work. "I'm worried for my health," said Gabriel. Gabriel is worried about the spread of COVID-19 and the difficulty of social distancing in the workplace. "I'm very disappointed in the leadership. I'm very disappointed in Elon Musk putting profits over the health of his workers," said Gabriel.

Activist groups United Public Workers for Action and Workers Solidarity Action Network organized the rally outside the plant. "What is going on here today is a travesty," said Steve Zeltzer with Public Workers for Action Advocacy. They accuse Musk of putting workers in harms way by sending them back to work during the pandemic. Zeltzer said, "Elon Musk who is a billionaire has said he is above the law...."

"I think there's obviously a lot of tension between employees and the management there," said Michael Coates, editor of Clean Fleet Report.
One local TV news crew has footage of the small protest. They also quote Tesla as saying they're taking steps to keep workers safe, including providing hand sanitizer, cleaning, and enforcing social distancing.

An anonymous reader quotes a report from The Wall Street Journal: Taiwan Semiconductor Manufacturing Co. (TSMC), the world's largest contract manufacturer of silicon chips, is set to announce plans to build an advanced chip factory in Arizona (Warning: source paywalled; alternative source) as U.S. concerns grow about dependence on Asia for the critical technology. The plans come as the Trump administration has sought to jump-start development of new chip factories in the U.S. due to rising fears about the U.S.'s heavy reliance on Taiwan, China and South Korea to produce microelectronics and other key technologies.

TSMC is expected to announce the plans as soon as Friday after making the decision at a board meeting on Tuesday in Taiwan, according to people familiar with the matter. The factory could be producing chips by the end of 2023 at the earliest, they said, adding that both the State and Commerce Departments are involved in the plans. TSMC's new plant would make chips branded as having 5-nanometer transistors, the tiniest, fastest and most power-efficient ones manufactured today, according to a person familiar with the plans. TSMC just started rolling out 5-nanometer chips for customers to test at a factory in Taiwan in recent months. It is unclear how much TSMC has budgeted or if it would get financial incentives from the U.S. to build. A factory capable of making the most advanced chips would almost certainly cost more than $10 billion, according to industry executives.

The Los Angeles Times recently checked in on Bookshop.org, an online bookseller, as it pulled in its first $1 million to help local bookstores across America (thanks partly to a partnership with Simon & Schuster). "(This milestone) means that we're accomplishing our mission of being a real meaningful support for independent bookstores," said Andy Hunter, Bookshop's founder and CEO. "We're exceedingly pleased with how much we've been able to earn for the stores and many stores are also grateful."

Bookshop, a Certified B corporation, was launched in January with a mission to help indie bookstores, which for years fought to compete with chains like Barnes & Noble and then the online retail giant Amazon. "Our goal is to take the conscious consumers away from Amazon and put them in a channel that supports local independent businesses and keeps bookstores in their communities," said Hunter, which "are really essential to our cultural fabric when it comes to books." Customers can choose to purchase from a specific indie bookstore affiliated with Bookshop or buy directly from the site.

But Hunter doesn't expect to beat the e-commerce behemoth -- only to help its competitors survive: "I expect Amazon will continue to sell more books than us for all eternity. We're not trying to sell more books than them, but we are trying to get customers who care about their downtowns, their quality of life and the world that they want to live in to make a switch."
The article notes that as lockdowns forced nonessential businesses to temporarily close, some bookstores "have turned to Bookshop to keep their businesses running." The Harvard Bookstore even created a special page touting its "Weird History" books.

"Indie stores that sell through Bookshop.org get 30% of every sale," reports the Los Angeles Times. "Affiliate stores that send in referrals also get a 10% commission, compared with Amazon's 4.5%. And for every sale made directly on Bookshop or through a referral, 10% is added to an earnings pool that is then distributed to indie bookstores every six months."

DevNull127 writes: You probably remember Zoe Bell strapped to the hood of a speeding 1970 Dodge Challenger in the Death Proof half of Quentin Tarantino's Grindhouse. (She also had parts in The Hateful Eight and Once Upon a Time in Hollywood.) Today Zoe pulled together what may become a historic video — a massive online collaboration with 40 different film celebrities [and also some stuntpeople] that one reporter called "a stunning display of stunt, editing and acting skills — all put together without anyone collaborating in-person."

Deadline explains:
The most badass actresses and stuntwomen of Hollywood had a full-out, virtual battle royale thanks to actress and stuntwoman extraordinaire Zoe Bell and her video appropriately titled Boss Bitch Fight Challenge. "I'm so bored! I just want to play with my friends!" she proclaims as it is clear she wants to liven things up during her quarantine. What happens next is over five minutes of virtual fisticuffs.

It's a real adrenaline-booster, and Deadline's article also has a complete list of each star appearing in the video.
That list is like revisiting the history of Hollywood action films over the last 20 years. It includes:

• Lucy Lawless (Xena the Warrior Princess)
• Halle Berry (Catwoman)
• Drew Barrymore and Cameron Diaz (the 2000 version of Charlie's Angels)
• Daryl Hannah (Kill Bill)
• Scarlett Johansson (Black Widow)
• Margot Robbie (Suicide Squad)

Watch out for the baseball bat!

The Los Angeles Times published an op-ed by the executive director of Access Now, a global organization that works to protect privacy, free expression, digital security and human rights among internet users. Now that the sale of the .org registry has been blocked, he explains why that matters. As the pandemic has shown, it has been left to civil society organizations, and individual volunteers, to step up and fill the gaps left by governments and corporations. Large organizations such as Doctors Without Borders, the International Red Cross and the United Nations provide direct, immediate support to hospitals and healthcare professionals. Neighborhood and grass-roots organizations have distributed meals and provided accommodation and friendship to the sick and vulnerable. These organizations range in size, mission, effectiveness and reach, but have two elements in common: They're working toward the betterment of society, and their websites end in dot-org...

From downloading government health guidelines to online learning to connecting with isolated friends and family, the internet has become a lifeline. It has become the town square, the hospital and the schoolyard all at once. Now was clearly the time to protect it, not sell it off to private equity.... Private companies cannot be trusted to not "increase the rent" on small organizations. Private companies do not spend $1.1 billion on an internet domain unless there is profit to be made...

What happens next isn't clear. If the Internet Society no longer wants to control the dot-org domain, an alternative will need to be found... To find this special home, we'll need an open process, innovative ideas and committed partners — all of which we've built over the last few, wild months.

Reuters reports: Google and Apple have sought to build public trust by emphasizing that the changes they are making to Bluetooth to allow the tracing apps to work will not tap phones' GPS sensors, which privacy activists see as too intrusive. But the states pioneering the apps -- North and South Dakota, and Utah -- say allowing public health authorities to use GPS in tandem with Bluetooth is key to making the system viable...

Apple and Google said on Friday that they still have not decided how to proceed. "I would encourage them to go for the 'and' and not the 'or' solution," North Dakota Governor Doug Burgum said of Apple and Google in an interview late Thursday. "During this new normal, there is a place for having solutions that protect privacy and enable more efficient contact tracing," said Burgum... "What Utah wanted to understand is not just who is spreading [the virus] to whom but also location zones," said Jared Allgood, chief strategy officer for Twenty, the startup which developed Utah's app for an initial $1.75 million. GPS location data allows authorities to decide which businesses may need to be closed because the virus is spreading there, and prioritize which contacts of diagnosed patients to test...

Anonymized GPS location data is already playing a key role in an early version of Care19, an app that about 40,000 people have signed up for in North and South Dakota. Authorities currently ask Care19 users to give them permission for timestamped GPS location data, which allows officials to manually call places where users could have spread the virus and ask for names and numbers of others who may have been there at the same time.
North Dakota's governor suggests that not everyone is concerned about sharing their GPS data. "Some people are completely opposed to an intrusion on privacy," he told Reuters, "but there's a younger generation sharing their location on dozens of apps. There may be a set of people highly social, young and going out to bars who may see this tool as fantastic."

And Yahoo News reports another concern about contact tracing. "Some argue the information should be pushed out to a central server managed by a trustworthy government or health care entity, while others insist that data remain on individual devices."

Yahoo News shares an encouraging report from former Newsweek correspondent Andrew Romano: Until very recently, nationwide data about how many COVID-19 patients are currently receiving treatment in hospitals was hard to come by. It's still incomplete and inconsistent. But on April 7, researchers at the University of Minnesota launched the U.S. COVID-19 Hospitalization Tracking Project, which is just what it sounds like: the first effort to capture, track, visualize and compare daily data on the number of COVID-19 hospitalizations from the 37 state departments of health that are reporting this information (so far).

The reason this information is so valuable is simple. Because hospitalization typically occurs a week or so after infection, it's less of a lagging indicator than the death count (which trails by two to two and a half weeks) and more directly tied to the trajectory of the epidemic than the testing-dependent case count. It's also a measure of the most pressing public health concern of all: how close we are to exceeding the capacity of our hospital system, which can make COVID-19 much deadlier than it would otherwise be.

Which brings us to New York and California. Chart each state's hospitalization data over the last seven days or so, and two different narratives emerge. Both are encouraging...

On Wednesday, New York's daily death count hit an all-time high: 799. But that reflects infections from weeks ago, before the state's lockdown started. The number of people testing positive stayed relatively flat. Meanwhile, there were fewer new hospitalizations — just 200 — than on any day since March 18. It wasn't a blip. The amount of new daily hospitalizations has been declining since last Thursday: from 1,427 on April 2 to 1,095 on April 3 to 656 on April 6 to 200 on April 8. (There are some questions about inconsistencies between the data from New York state and New York City, but the trend line is the same.) Previously, the total current number of coronavirus patients in New York hospitals had been increasing by at least 20 percent a day for weeks. Now the overall number of hospitalizations is barely increasing at all...

The good news in New York is that the state might be peaking now. The good news in California is that the state might not peak for a long time — but its path to that peak will be so incremental, its curve so flat, that coronavirus patients will never come close to overwhelming the hospital system.
The numbers do look encouraging. (Click on the "Currently Hospitalized" rectangle and then select each state's two-letter abbreviation from the dropdown menu.) In fact, the San Francisco Bay Area recorded its fourth day of declining ICU patients on Saturday. "Home-sheltering efforts may well be paying off, at least according to the number of hospitalizations and patients in ICU," reports the Bay Area Newsgroup.

And SFGate noted Friday that the statewide hospitalization figures "have also been relatively flat in recent days, with Governor Gavin Newsom expressing guarded optimism after the number of individuals in intensive care units decreased Thursday."

An anonymous reader quotes a report from Motherboard: Several major apps and websites, such as Paypal and Venmo have a flaw that lets hackers easily take over users' accounts once they have taken control of the victim's phone number. Earlier this year, researchers at Princeton University found 17 major companies, among them Amazon, Paypal, Venmo, Blizzard, Adobe, eBay, Snapchat, and Yahoo, allowed users to reset their passwords via text message sent to a phone number associated with their accounts. This means that if a hacker takes control of a victim's cellphone number via a common and tragically easy to perform hack known as SIM swapping, they can then hack into the victim's online accounts with these apps and websites.

Last week, two months after their initial outreach to the companies to report this flaw in their authentication mechanisms, the Princeton researchers checked again to see if the companies had fixed the problem. Some, including Adobe, Blizzard, Ebay, Microsoft, and Snapchat, have plugged the hole. Others have yet to do it. Paypal and Venmo, given that they are apps that allow users to exchange money and are linked to bank accounts or credit cards, may be the most glaring examples. Motherboard verified this week that it's possible to reset passwords on Paypal and Venmo via text message. Fear not, there is a solution. "The easiest way to make it impossible for SIM swappers to take over your accounts after they hijack your number is to unlink your phone number with those accounts, and use a VoIP number -- such as Google Voice, Skype, or another -- instead," reports Motherboard. "Google Voice numbers, given that they're not actually linked to a real SIM card, are much harder to hijack."

An anonymous reader quotes a report from Ars Technica: Remember Yahoo? It's back... in phone-plan form. The Verizon-owned company is trying to get customers excited with a new "Yahoo Mobile" service that combines Verizon's 4G LTE network with Yahoo mail, for some reason. Why even put the word "Yahoo" on a re-branded Verizon data plan? Because the service comes with Yahoo Mail Pro, the ad-free version of Yahoo Mail that normally costs $3.49 a month. Yahoo Mobile also includes "24/7 Yahoo account customer service." Verizon says Yahoo Mobile has "no hidden fees" or "clingy contracts." "We're the only plan that gives you Yahoo Mail Pro for ad-free email across ALL your devices," the Yahoo Mobile website says. (Fact check: True.)

Yahoo Mobile costs $40 a month and provides "unlimited" data, with a caveat. "In times of traffic, your data may be temporarily slower than other traffic," the announcement said. With the more expensive Verizon-branded unlimited service, customers have the option of buying plans with no data slowdowns until they use 25GB, 50GB, or 75GB in a month. With Yahoo Mobile, the speed limits can be imposed any time the network is congested, regardless of how much data a customer has used. Yahoo Mobile also comes with an "unlimited mobile hotspot for use with one connected device at a time," but those hotspot speeds are capped at 5Mbps. The Yahoo plan doesn't have access to Verizon's 5G network, though that's not really a big deal yet. Aside from the Yahoo-specific aspects, Yahoo Mobile is essentially the same plan offered by Visible, a Verizon subsidiary.