Education

Subscription Journals Are Doomed Because of Sci-Hub's Big Cache of Pirated Papers, Suggests Data Analyst (sciencemag.org) 67

An anonymous reader quotes a report from Science Magazine: There is no doubt that Sci-Hub, the infamous -- and, according to a U.S. court, illegal -- online repository of pirated research papers, is enormously popular. But just how enormous is its repository? That is the question biodata scientist Daniel Himmelstein at the University of Pennsylvania and colleagues recently set out to answer, after an assist from Sci-Hub. Their findings, published in a preprint on the PeerJ journal site on July 20, indicate that Sci-Hub can instantly provide access to more than two-thirds of all scholarly articles, an amount that Himmelstein says is "even higher" than he anticipated. For research papers protected by a paywall, the study found Sci-Hub's reach is greater still, with instant access to 85% of all papers published in subscription journals. For some major publishers, such as Elsevier, more than 97% of their catalog of journal articles is being stored on Sci-Hub's servers -- meaning they can be accessed there for free. In a chat with ScienceInsider, Himmelstein concludes that the results of his study could mark "the beginning of the end" for paywalled research.
Privacy

German Court Rules Bosses Can't Use Keyboard-Tracking Software To Spy On Workers (thelocal.de) 47

An anonymous reader quotes a report from The Local: The Federal Labour Court ruled on Thursday that evidence collected by a company through keystroke-tracking software could not be used to fire an employee, explaining that such surveillance violates workers' personal rights. The complainant had been working as a web developer at a media agency in North Rhine-Westphalia since 2011 when the company sent an email out in April 2015 explaining that employees' complete "internet traffic" and use of the company computer systems would be logged and permanently saved. Company policy forbade private use of the computers. The firm then installed keylogger software on company PCs to monitor keyboard strokes and regularly take screenshots. Less than a month later, the complainant was called in to speak with his boss about what the company had discovered through the spying software. Based on their findings, they accused him of working for another company while at work, and of developing a computer game for them. [...] So the programmer took his case to court, arguing that the evidence used against him had been collected illegally. The Federal Labour Court agreed with this argument, stating in the ruling that the keylogger software was an unlawful way to control employees. The judges added that using such software could be legitimate if there was a concrete suspicion beforehand of a criminal offense or serious breach of work duties.
Communications

FCC Is Not Complying With Freedom of Information Act Requests, Alleges Lawsuit (arstechnica.com) 91

burtosis writes: The FCC is being sued for failure to turn over documents related to "correspondence, e-mails, telephone call logs, calendar entries, meeting agendas," between chairman Ajit or his staff and ISPs. Given the FCCs recent transparency issues, which appear to be directly ignoring the vast majority of feedback from Americans that are pro net neutrality, a nonprofit group called American Oversight is trying to force the real conversations the FCC is holding into public view. They are also asking for any communications with the media, Congress, and congressional staff. Two extensions for missed deadlines have been given, but the third extension was denied on July 24th. The FCC also ignored a FOiA request by Ars for the DDoS attack during the public comment period on net neutrality. With the current administration's attitude toward transparency and catering only to the largest corporate donors, will the American people have any meaningful influence in how the country is run anymore?
Bitcoin

SEC Rules That ICO Tokens Are Securities (vice.com) 95

schwit1 shares a report from Business Insider: On Tuesday, the Securities and Exchange Commission (SEC) said that "ICOs" (Initial Coin Offerings) can sometimes be considered securities -- and as such are subject to strict laws and regulations. For the uninitiated, ICOs are a fancy new way of fundraising enabled by digital currencies like Ethereum -- participants invest money and receive digital "tokens" in return. Thus far, it has been largely unregulated, with some ICO crowdfunding events raising hundreds of millions of dollars -- leading some observers to argue that it is a massive bubble. But the SEC's warning means that this free-for-all may not last forever.

"Going forward, according to the SEC, companies that are issuing tokens as part of an ICO (if they are considered securities) need to register with the commission," reports Motherboard. "This will force companies to comply with regulations that ask them to reveal their financial position and the identities of their management. The SEC also concluded that online exchanges where tokens are bought and traded may have to register as security exchanges."

schwit1 adds a quote from Benito Mussolini: "All within the state, nothing outside the state, nothing against the state."

Crime

Feds Crack Trump Protesters' Phones To Charge Them With Felony Rioting (thedailybeast.com) 437

An anonymous reader quotes a report from The Daily Beast: Officials seized Trump protesters' cell phones, cracked their passwords, and are now attempting to use the contents to convict them of conspiracy to riot at the presidential inauguration. Prosecutors have indicted over 200 people on felony riot charges for protests in Washington, D.C. on January 20 that broke windows and damaged vehicles. Some defendants face up to 75 years in prison, despite little evidence against them. But a new court filing reveals that investigators have been able to crack into at least eight defendants' locked cell phones. Now prosecutors want to use the internet history, communications, and pictures they extracted from the phones as evidence against the defendants in court. [A] July 21 court document shows that investigators were successful in opening the locked phones. The July 21 filing moved to enter evidence from eight seized phones, six of which were "encrypted" and two of which were not encrypted. A Department of Justice representative confirmed that "encrypted" meant additional privacy settings beyond a lock screen. For the six encrypted phones, investigators were able to compile "a short data report which identifies the phone number associated with the cell phone and limited other information about the phone itself," the filing says. But investigators appear to have bypassed the lock on the two remaining phones to access the entirety of their contents.
Google

Google Is Testing Autoplay Videos Directly In Search Results (thenextweb.com) 123

For a select group of individuals, Google has enabled autoplay videos in Search. "We are constantly experimenting with ways to improve the search experience for our users, but have no plans to announce [the feature] at this time," a Google spokesperson told Search Engine Land. Facebook, Instagram and Twitter all have similar features that were introduced fairly recently. If you find automatic videos to be a nuisance, now is the time to let Google know how you feel about this "feature."
AT&T

AT&T Loses Record Number of Traditional TV Subscribers In Q2, Drops 156,000 DirecTV Satellite Customers (variety.com) 77

According to Variety, AT&T's pay-TV business has lost a record 351,000 traditional video customers in the second quarter, with the internet-delivered DirecTV Now service failing to fully offset the losses. From the report: In Q2, historically a seasonally weak period for the pay-TV business, DirecTV's U.S. satellite division lost 156,000 customers sequentially, dropping to 20.86 million, compared with a gain of 342,000 in the year-earlier quarter. AT&T's U-verse lost 195,000 subs in the quarter, which was actually an improvement over the 391,000 it lost in Q2 of 2016. AT&T touted that it gained 152,000 DirecTV Now customers in Q2, after adding just 72,000 in the first quarter of 2017. Overall, it had signed up 491,000 DirecTV Now subs as of the end of June, after the OTT service launched seven months ago.
Businesses

Cloudflare Wants to Eliminate 'Moot' Pirate Site Blocking Threat (torrentfreak.com) 23

Cloudflare is not happy with the RIAA's efforts to hold the company liable for pirate websites on its network. From a report: Representing various major record labels, the RIAA filed a lawsuit against MP3Skull in 2015. Last year a Florida federal court sided with the RIAA, awarding the labels more than $22 million in damages. In addition, it issued a permanent injunction which allowed the RIAA to take over the site's domain names. Despite the multi-million dollar verdict, MP3Skull continued to operate using a variety of new domain names, which were subsequently targeted by the RIAA's legal team. As the site refused to shut down, the RIAA eventually moved up the chain targeting CDN provider Cloudflare with the permanent injunction. The RIAA argued that Cloudflare was operating "in active concert or participation" with the pirates. Cloudflare objected and argued that the DMCA shielded the company from the broad blocking requirements. However, the court ruled that the DMCA doesn't apply in this case, opening the door to widespread anti-piracy filtering. The court stressed that, before issuing an injunction against Cloudflare, it still had to be determined whether the CDN provider is "in active concert or participation" with the pirate site. [...] Cloudflare now wants the dangerous anti-piracy filtering order to be thrown out. The company submitted a motion to vacate the order late last week, arguing that the issue is moot. In fact, it has been for a while for some of the contended domain names. The CDN provider says it researched the domain names listed in the injunction and found that only three of the twenty domains used Cloudflare's services at the time the RIAA asked the court to clarify its order. Some had never used CloudFlare's services at all, they say.
The Internet

House Panel Wants Google, Facebook, AT&T CEOs To Testify On Internet Rules (reuters.com) 35

The chairman of the U.S. House Energy and Commerce Committee on Tuesday asked the chief executives of Alphabet, Facebook, Amazon.com, AT&T, Verizon Communications and other companies to testify at a Sept. 7 hearing on the future of net neutrality rules. From a report: The U.S. Federal Communications Commission is considering tossing out 2015 Obama administration net neutrality rules that reclassified internet service like a public utility. The rules bar providers from blocking, slowing or offering paid prioritization of websites. Many internet providers want Congress to step in and write permanent rules. Other chief executives asked to testify include the heads of Comcast, Netflix and Charter. Some companies including Facebook said they were reviewing the letter but none immediately said if they will testify.
Social Networks

It Looks Like Facebook Is Also Building a Smart Speaker With Touch Screen (techcrunch.com) 46

From a report: Facebook may launch its own smart home gadget to get you messaging more friends and looking at more photos. DigiTimes reports from Taiwan that Facebook is building a 15-inch touch screen smart speaker. Citing sources from the "upstream supply chain", Chinese iPhone manufacturer Pegatron is building the device for a Q1 2018 launch, with a small pilot run having already been produced. It's said to have been designed by Facebook secretive new hardware lab Building 8, using an LG in-cell touch screen with magnesium-aluminum-alloy chassis. While no further details are known about the speaker's functionality, it could potentially extend Facebook's feed of photos and videos plus its dominant messaging platform into the bedroom, living room, or kitchen.
Democrats

Democrats Propose New Competition Laws That Would 'Break Up Big Companies If They're Hurting Consumers' (arstechnica.com) 331

An anonymous reader quotes a report from Ars Technica: Senate and House Democratic leaders today proposed new antitrust laws that could prevent many of the biggest mergers and break up monopolies in broadband and other industries. "Right now our antitrust laws are designed to allow huge corporations to merge, padding the pockets of investors but sending costs skyrocketing for everything from cable bills and airline tickets to food and health care," US Senate Minority Leader Chuck Schumer (D-NY) wrote in a New York Times opinion piece. "We are going to fight to allow regulators to break up big companies if they're hurting consumers and to make it harder for companies to merge if it reduces competition." The "Better Deal" unveiled by Schumer and House Democratic Leader Nancy Pelosi (D-Calif.) was described in several documents that can be found in an Axios story. The plan for "cracking down on corporate monopolies" lists five industries that Democrats say are in particular need of change, specifically airlines, cable and telecom, the beer industry, food, and eyeglasses. The Democrats' plan for lowering the cost of prescription drugs is detailed in a separate document. The Democrats didn't single out any internet providers that they want broken up, but they did say they want to stop AT&T's proposed $85.4 billion purchase of Time Warner: "Consolidation in the telecommunications is not just between cable or phone providers; increasingly, large firms are trying to buy up content providers. Currently, AT&T is trying to buy Time Warner. If AT&T succeeds in this deal, it will have more power to restrict the content access of its 135 million wireless and 25.5 million pay-TV subscribers. This will only enable the resulting behemoths to promote their own programming, unfairly discriminate against other distributors and their ability to offer highly desired content, and further restrict small businesses from successfully competing in the market."
Businesses

Fact-checking and Rumor-dispelling Site Snopes.com Held Hostage By vendor (savesnopes.com) 400

Snopes.com, which began as a small one-person effort in 1994 and has since become one of the Internet's oldest and most popular fact-checking sites, is in danger of closing its doors. From a report: Since our inception, we have always been a self-sustaining site that provides a free service to the online world: we've had no sponsors, no outside investors or funding, and no source of revenue other than that provided by online advertising. Unfortunately, we have been cut off from our historic source of advertising income. We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site's hosting to our control, so we cannot modify the site, develop it, or -- most crucially -- place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us. Our legal team is fighting hard for us, but, having been cut off from all revenue, we are facing the prospect of having no financial means to continue operating the site and paying our staff (not to mention covering our legal fees) in the meanwhile.
The Military

The US Army Wants Distributed Bot Swarms And An 'Internet of Battlefield Things' (defenseone.com) 90

turkeydance shares a new report about the U.S. Army Research Lab: In the coming months, the Lab will fund new programs related to highly (but not fully) autonomous drones and robots that can withstand adversary electronic warfare operations... A second program called the Internet of Battlefield Things seeks to put to military use "the research that's going on in the commercial space" on distributed sensors and Internet-connected devices... One thrust will be equipping drones and other autonomous systems with bigger brains and better networking so that they can function even when an enemy jams their ability to radio back to a human controller for direction... "When you don't have bandwidth, when you're under cyber attack, when you're being jammed. That's the problem we're trying to address."
The lab's director also says they want "as much processing as possible on the node" so it can continue functioning in "contested environments."
Microsoft

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers (thedailybeast.com) 97

Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."
Communications

Ask Slashdot: Someone Else Is Using My Email Address 564

periklisv writes: I daily receive emails from adult dating sites, loan services, government agencies, online retailers etc, all of them either asking me to verify my account, or, even worse, having signed me up to their service (especially dating sites), which makes me really uncomfortable, my being a married man with children... I was one of the early lucky people that registered a gmail address using my lastname@gmail.com. This has proven pretty convenient over the years, as it's simple and short, which makes it easy to communicate over the phone, write down on applications etc. However, over the past six months, some dude in Australia (I live in the EU) who happens to have the same last name as myself is using it to sign up to all sorts of services...

I tried to locate the person on Facebook, Twitter etc and contacted a few that seemed to match, but I never got a response. So the question is, how do you cope with such a case, especially nowadays that sites seem to ignore the email verification for signups?

Leave your best answers in the comments. What would you do if someone else started giving out your email address?
Encryption

Let's Encrypt Criticized Over Speedy HTTPS Certifications (threatpost.com) 203

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."
Businesses

Verizon Accused of Throttling Netflix and YouTube, Admits To 'Video Optimization' (arstechnica.com) 52

New submitter dgatwood writes: According to an Ars Technica article, Verizon recently began experimenting with throttling of video traffic. The remarkable part of this story is not that a wireless ISP would throttle video traffic, but rather that Verizon's own Go90 video platform is also affected by the throttling. From the article, "Verizon Wireless customers this week noticed that Netflix's speed test tool appears to be capped at 10Mbps, raising fears that the carrier is throttling video streaming on its mobile network. When contacted by Ars this morning, Verizon acknowledged using a new video optimization system but said it is part of a temporary test and that it did not affect the actual quality of video. The video optimization appears to apply both to unlimited and limited mobile plans. But some YouTube users are reporting degraded video, saying that using a VPN service can bypass the Verizon throttling."
If even Verizon can get on board with throttling sans paid prioritization, why is Comcast so scared of the new laws that are about to go into effect banning it?

Mozilla

The New Firefox and Ridiculous Numbers of Tabs (metafluff.com) 210

An anonymous reader shares a blog post: I've got a Firefox profile with 1691 tabs. As you would expect, Firefox handled this profile quite poorly for a long time. I got used to multi-minute startup time, waiting 15-30 seconds for tabs from external apps to show up, and all manner of non-responsive behavior. And then, quite recently, everything changed. Right now, more effort is being put into making Firefox fast than I've seen since... well, since I've been working on Firefox. And I've been at Mozilla for more than a decade. Part of this effort is a project called Quantum Flow -- a bunch of engineers making changes that directly impact Firefox responsiveness. A lot of the improvement in this particular scenario is from Kevin Jones' work on bringing the overall cost of unloaded tabs as close to zero as possible. While the major work has landed, the work continues in Bug 906076. Test scenario: I took my 1691 tab browser profile, and did a wall-clock measurement of start-up time and memory use for Firefox versions 20, 30, 40, and 50 through 56. In the result, the person found that Firefox startup time has gotten worse over time... until Firefox 51.
Communications

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile. 146

BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile."

BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."
PlayStation (Games)

Sony Using Copyright Requests To Remove Leaked PS4 SDK From the Web (arstechnica.com) 156

An anonymous reader quotes a report from Ars Technica: Sony appears to be using copyright law in an attempt to remove all traces of a leaked PlayStation 4 Software Development Kit (PS4 SDK) from the Web. That effort also seems to have extended in recent days to the forced removal of the mere discussion of the leak and the posting of a separate open source, homebrew SDK designed to be used on jailbroken systems. The story began a few weeks ago, when word first hit that version 4.5 of the PS4 SDK had been leaked online by a hacker going by the handle Kromemods. These SDKs are usually provided only to authorized PS4 developers inside development kits. The SDKs contain significant documentation that, once made public, can aid hackers in figuring out how to jailbreak consoles, create and install homebrew software, and enable other activities usually prohibited by the hardware maker (as we've seen in the wake of previous leaks of PlayStation 3 SDKs). While you can still find reference to the version 4.5 SDK leak on places like Reddit and MaxConsole, threads discussing and linking to those leaked files on sites like GBATemp and PSXhax, for example, appear to have been removed after the fact. Cached versions of those pages show links (now defunct) to download those leaked files, along with a message from KromeMods to "Please spread this as much as possible since links will be taken down... We will get nowhere if everything keeps private; money isn't everything." KromeMods notes on Twitter that his original tweet posting a link to the leaked files was also hit with a copyright notice from Sony.

Slashdot Top Deals