Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

Facebook's controversial Messenger Kids app is heading outside the U.S. to Canada and Peru. From a report: As part of the expansion, the social networking giant said Friday that it would also debut Spanish and French language versions of the children's messaging app that are now available in all three countries where the service is available. Facebook introduced Messenger Kids in December, pitching it as a safer way for children under 13 to chat with friends while sending them silly GIFs, emoji, and other goofy digital imagery. Unlike the core Facebook social networking service or other messaging apps, Facebook said that Messenger Kids does not display any online ads or allow kids to buy things within the app.

This week, an alarmed developer contacted TechCrunch, informing us that their Facebook App Analytics weekly summary email had been delivered to someone outside their company. TechCrunch: It contains sensitive business information, including weekly average users, page views and new users. Forty-three hours after we contacted Facebook about the issue, the social network now confirms to TechCrunch that 3 percent of apps using Facebook Analytics had their weekly summary reports sent to their app's testers, instead of only the app's developers, admins and analysts. Testers are often people outside of a developer's company. If the leaked info got to an app's competitors, it could provide them an advantage. At least they weren't allowed to click through to view more extensive historical analytics data on Facebook's site. Facebook tells us it has fixed the problem and no personally identifiable information or contact info was improperly disclosed.

daveschroeder writes: The Supreme Court on Friday said the government generally needs a warrant if it wants to track an individual's location through cell phone records over an extended period of time. The ruling [PDF] is a major victory for advocates of increased privacy rights who argued more protections were needed when it comes to the government obtaining information from a third party such as a cell phone company. The 5-4 opinion was written by Chief Justice John Roberts siding with the four most liberal justices. It is a loss for the Justice Department, which had argued that an individual has diminished privacy rights when it comes to information that has been voluntarily shared with someone else.

As security webcams, security cameras, and pet and baby monitors become part of our lives, their underlying technology is increasingly receiving scrutiny from researchers. Many of these devices are woefully insecure, and an attacker could -- and in some cases, has -- take over these devices to perform internet scans, among other things. BleepingComputer's Catalin Cimpanu dives into the subject: In the last nine months, two security firms have published research on the matter. Both pieces of research detail how the camera vendor lets customers use a mobile app to control their device from remote locations and view its video stream. The mobile app requires the user to enter a device ID, and a password found on the device's box or the device itself. Under the hood, the mobile app connects to the vendor's backend cloud server, and this server establishes connections to each of the user's device in turn, based on the device ID and the last IP address the device has reported from.

Facial recognition technology is making its way into schools, raising privacy concerns among parents and officials. The New York Civil Liberties Union issued a report on the matter that focuses on one public school district in particular: Western New York's Lockport School District. "News reports indicate the district plans to have the invasive and error-prone technology installed by next school year," reports NYCLU. The Union sent a letter (PDF) to the New York State Education Department urging it to consider students' and teachers' privacy in reviewing the use of surveillance technology by school districts. They also "sent a freedom of information request to the district seeking details of how and where the technology will be used as well as who will have access to the sensitive data that gets collected."

The report highlights some of the concerns/negatives of such a system. For starters, it costs millions of dollars (Lockport spent almost $4 million), which could be used for things like Wi-Fi, new computers, or 3D printers. It has the "potential to turn every step a student takes into evidence of a crime." The databases could include those used for immigration enforcement, making parents of immigrant students afraid to send their children to school for fear that they or their children could end up on ICE's radar. Last but not least, since facial recognition is notoriously inaccurate, "innocent students are likely to be misidentified and punished for things they didn't do."

Of course, it isn't all bad. Proponents of the system say it can be used to alert officials to whenever sex offenders, suspended students, fired employees, suspected gang members, or anyone else placed on a school's "blacklist" enters the premises. Do you think facial recognition cameras belong in schools?

Some U.S. lawmakers on both sides of the aisle have asked Google on Wednesday to reconsider its work with Chinese telecommunications firm Huawei, citing security concerns. Reuters reports: In a letter to Google Chief Executive Sundar Pichai, the lawmakers said Google recently decided not to renew "Project Maven," an artificial intelligence research partnership with the U.S. Department of Defense. "While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies, we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military," they wrote. The letter was signed by Republican Senators Tom Cotton and Marco Rubio, Republican Representatives Michael Conaway and Liz Cheney, and Democratic Representative Dutch Ruppersberger.

"Like many U.S. companies, we have agreements with dozens of OEMs (manufacturers) around the world, including Huawei. We do not provide special access to Google user data as part of these agreement, and our agreements include privacy and security protections for use data," she said in an emailed statement.

The Federal Trade Commission will examine the questions surrounding powerful tech platforms like Google and Facebook as part of a review of consumer and competition policy issues beginning later this year. From a report: Hearings into these issues, announced by FTC Chairman Joe Simons on Wednesday, could help frame the agency's actions with regards to tech going forward. Simons indicated his examination of tech platforms would be broad and a major part of the review. "It's the network effects," he told reporters on Wednesday. "It's the fact that they're two-sided platforms. It's the interaction between privacy and competition. And it's all new, so it makes it very appropriate to have this be the subject of hearings and for us to get input on that."

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." Bleeping Computer reports: Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. The feature has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion.

But today, Mark Kettenis of the OpenBSD project, said the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks. Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms. The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup."

Amazon is finally bringing Alexa to the hotel room. The e-commerce giant announced Tuesday the launch of Alexa for Hospitality, a specialized version of the voice assistant that integrates into popular hotel software systems for guest services. From a report: Housed inside of an Echo device, Alexa for Hospitality is functionally identical to the Alexa used in homes, except tailored to a hotel's service options. Guests can tell Alexa to order room service, book a spa appointment, call for housekeeping, provide directions, or play music in their room, for example. On the privacy side, Amazon said hotels will not have access to voice recordings of Alexa interactions or responses, and recordings of Alexa commands are remotely wiped when the guest checks out of the hotel. However, hotels can use Alexa for Hospitality to "measure engagement through analytics and adapt services based on guest feedback," Amazon said. Alexa for Hospitality is available to hotels, vacation rentals, and other hospitality providers starting today, with Marriott International signed up to deploy the service across its hotel portfolio this summer.

Verizon is pledging to stop sales through intermediaries of data that pinpoints the location of mobile phones to outside companies, the Associated Press reported Tuesday. From the report: It is the first major U.S. wireless carrier to step back from a business practice that has drawn criticism for endangering privacy. The data has allowed outsiders to track wireless devices without their owners' knowledge or consent. Verizon, the nation's largest mobile carrier measured by subscribers, said that about 75 companies have obtained its customer data from two little-known California-based brokers that it supplies directly -- LocationSmart and Zumigo. The company made its disclosure in a letter to Sen. Ron Wyden, an Oregon Democrat who has been probing the phone location-tracking market. Last month, Wyden revealed abuses in the lucrative but loosely regulated field involving Securus Technologies and its affiliate 3C Interactive. Verizon says their contract was approved only for the location tracking of outside mobile phones called by prison inmates. After a thorough review of its program, Verizon notified LocationSmart and Zumigo, both privately held, that it intends to "terminate their ability to access and use our customers' location data as soon as possible," wrote Verizon's chief privacy officer, Karen Zacharia.

Apple has revealed a new feature that's coming to the next version of iOS. With iOS 12, iPhone owners will be able to automatically share their location data when they dial 911. PhoneDog reports: Apple explains that it'll use RapidSOS's IP-based data pipeline to securely share an iPhone owner's HELO (Hybridized Emergency Location) info when they call 911 call centers. This system will integrate with many 911 call centers' existing software. HELO data estimates a 911 caller's location data using cell towers as well as features like GPS and Wi-Fi access points. Apple began using HELO in 2015, but by utilizing RapidSOS's tech, too, it should make it much easier and faster for a 911 call center to locate a caller.

Last week, cybersecurity company PenTest Partners managed to unlock TappLock's smart padlock within two seconds. They "found that the actual code and digital authentication methods for the lock were basically nonexistent," reports The Verge. "All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts." The company also managed to snap the lock with a pair of 12-inch bolt cutters.

Today, Naked Security reports that it gets much worse: "Tapplock's cloud-based administration tools were as vulnerable as the lock, as Greek security researcher Vangelis Stykas found out very rapidly." From the report: Stykas found that once you'd logged into one Tapplock account, you were effectively authenticated to access anyone else's Tapplock account, as long as you knew their account ID. You could easily sniff out account IDs because Tapplock was too lazy to use HTTPS (secure web connections) for connections back to home base -- but you didn't really need to bother, because account IDs were apparently just incremental IDs anyway, like house numbers on most streets. As a result, Stykas could not only add himself as an authorized user to anyone else's lock, but also read out personal information from that person's account, including the last location (if known) where the Tapplock was opened.

Incredibly, Tapplock's back-end system would not only let him open other people's locks using the official app, but also tell him where to find the locks he could now open! Of course, this gave him an unlocking speed advantage over Pen Test Partners -- by using the official app Stykas needed just 0.8 seconds to open a lock, instead of the sluggish two seconds needed by the lock-cracking app.

A group of Amazon shareholders are calling on the company to stop pitching its facial recognition tool to local law enforcement agencies, writing in a letter to CEO Jeff Bezos that the technology could pose a privacy threat and a financial risk. From a report: The letter comes amid mounting criticism of the tool, called Rekognition, from privacy activists and civil rights organizations, including the American Civil Liberties Union. The groups have raised concerns that the tool could be used to build a system to automate the widespread identification and tracking of anyone. Rekognition is already being used by at least one law enforcement agency, the Washington County Sheriff's Office in Oregon, according to a customer testimonial page. "While Rekognition may be intended to enhance some law enforcement activities, we are deeply concerned it may ultimately violate civil and human rights," the shareholders said in the letter to Bezos, a copy of which was provided to NBC News by the ACLU.

The Australian Criminal Intelligence Commission's (ACIC) biometrics project, which adds facial recognition to a national crime database, is being discontinued following reports of delays and budget blowouts. From a report: This announcement comes after the project was suspended earlier this month and NEC Australia staff were escorted out of the building by security on Monday June 4. [...] ACIC contracted the NEC for the $52 million Biometric Identification Services project with the view of replacing the fingerprint identification system that is currently in place. The aim of the project, which was supposed to run until 2021, was to include palm print, foot prints and facial recognition to aid in police investigations. The Australian government stated that it wanted to provide Australians with a single digital identity by 2025.

An anonymous reader quotes Ars Technica: Pocket, which lets you save articles and videos you find around the web to consume later, now has a home inside Firefox as the engine powering recommendations to 50 million people a month. By analyzing the articles and videos people save into Pocket, [Pocket founder and CEO Nate] Weiner believes the company can show people the best of the web -- in a personalized way -- without building an all-knowing, Facebook-style profile of the user.

"We're testing this really cool personalization system within Firefox where it uses your browser history to target personalized [recommendations], but none of that data actually comes back to Pocket or Mozilla," Weiner said. "It all happens on the client, inside the browser itself. There is this notion today... I feel like you saw it in the Zuckerberg hearings. It was like, 'Oh, users. They will give us their data in return for a better experience.' That's the premise, right? And yes, you could do that. But we don't feel like that is the required premise. There are ways to build these things where you don't have to trade your life profile in order to actually get a good experience."

Pocket can analyze which articles and videos from around the web are being shared as well as which ones are being read and watched. Over time, that gives the company a good understanding of which links lead to high-quality content that users of either Pocket or Firefox might enjoy.
I use Firefox, but I don't use Pocket. Are there any Slashdot readers who want to share their experiences with read-it-later services, or thoughts about what Firefox is attempting?

An anonymous reader quotes a report from The Verge: As data-sharing scandals continue to mount, a new proposal in California offers a potential solution: the California Consumer Privacy Act would require companies to disclose the types of information they collect, like data used to target ads, and allow the public to opt out of having their information sold. Now, some of tech's most prominent companies are pouring millions of dollars into an effort to to kill the proposal.

In recent weeks, Amazon, Microsoft, and Uber have all made substantial contributions to a group campaigning against the initiative, according to state disclosure records. The $195,000 contributions from Amazon and Microsoft, as well as $50,000 from Uber, are only the latest: Facebook, Google, AT&T, and Verizon have each contributed $200,000 to block the measure, while other telecom and advertising groups have also poured money into the opposition group. After Mark Zuckerberg was grilled on privacy during congressional hearings, Facebook said it would no longer support the group. Google did not back down, and the more recent contributions suggest other companies will continue fighting the measure.

An anonymous reader shares a report: Former FBI Director James Comey, who led the investigation into Hillary Clinton's use of personal email while secretary of state, also used his personal email to conduct official business, according to a report from the Justice Department on Thursday. The report also found that while Comey was "insubordinate" in his handling of the email investigation, political bias did not play a role in the FBI's decision to clear Clinton of any criminal wrongdoing.

The report from the office of the inspector general "identified numerous instances in which Comey used a personal email account (a Gmail account) to conduct FBI business." In three of the five examples, investigators said Comey sent drafts he had written from his FBI email to his personal account. In one instance, he sent a "proposed post-election message for all FBI employees that was entitled 'Midyear thoughts,'" the report states. In another instance, Comey again "sent multiple drafts of a proposed year-end message to FBI employees" from his FBI account to his personal email account.

China is establishing an electronic identification system to track cars nationwide, according to a report on WSJ, which cites records and people briefed on the matter. From a report: Under the plan being rolled out July 1, a radio-frequency identification chip for vehicle tracking will be installed on cars when they are registered. Compliance will be voluntary this year but will be made mandatory for new vehicles at the start of 2019, the people said. Authorities have described the plan as a means to improve public security and to help ease worsening traffic congestion, documents show, a major concern in many Chinese cities partly because clogged roads contribute to air pollution. But such a system, implemented in the world's biggest automotive market, with sales of nearly 30 million vehicles a year, will also vastly expand China's surveillance network, experts say. That network already includes widespread use of security cameras, facial recognition technology and internet monitoring.

The official app for the Spanish soccer league La Liga, which has more than 10 million downloads from Google Play, was recently updated to seek access to users' microphone and GPS settings. "When granted, the app processes audio snippets in an attempt to identify public venues that broadcast soccer games without a license," reports Ars Technica. From the report: According to a statement issued by La Liga officials, the functionality was added last Friday and is enabled only after users click "eyes" to an Android dialog asking if the app can access the mic and geolocation of the device. The statement says the audio is used solely to identify establishments that broadcast games without a license and that the app takes special precautions to prevent it from spying on end users. [La Liga's full statement with the "appropriate technical measures to protect the user's privacy" is embedded in Ars' report.]

[E]ven if the app uses a cryptographic hash or some other means to ensure that stored or transmitted audio fragments can't be abused by company insiders or hackers (a major hypothetical), there are reasons users should reject this permission. For one, allowing an app to collect the IP address, unique app ID, binary representation of audio, and the time that the audio was converted could provide a fair amount of information over time about a user. For another, end users frequenting local bars and restaurants shouldn't be put in the position of policing the copyrights of sports leagues, particularly with an app that uses processed audio from their omnipresent phone.