The TSA, having earned every bit of its ~$8 billion/year, is now looking for just a little bit more. As Kevin Underhill at the ultra-enjoyable Lowering the Bar blog notes, the "security fee" that's been tacked onto tickets is about to increase -- more than doubling in most cases.
[T]he AP says that Congress is currently debating whether to double the TSA fee that is currently $5 per ticket. (It's actually $2.50 per "enplanement," but close enough.) Passengers pay that, not the airlines. The TSA collects about $1.8 billion from us every year just through this fee, and in return, provides virtually nothing in addition to what's already provided by (1) alert passengers and (2) reinforced cockpit doors.And it will definitely be passengers paying the fee. The CEO of Delta Airlines has already gone on the record to inform the public that this increase will be all theirs.
"Airfares are going up for consumers. So that tax increase will not be absorbed by Delta," Richard Anderson said at a Delta Air Lines Inc. presentation for investors in New York on Wednesday.As if there was ever any doubt. Any new fee levied by the government, whether to cable companies, wireless providers or airlines, is immediately dumped into the laps (or rather, extracted from the pockets) of Joe Public.
The fee is meant to offset some of the cost of the Transportation Security Administration. A report last year by the Government Accountability Office found that the fees currently cover about 29 percent of the cost of airline security. The higher fee is meant to get travelers to pay for more of those costs, although some of the new money is slated to be spent on non-security items.Hmm. As far as I know, every government program is already paid for by travelers, including our extra-useless Theatrum Satis Absurdum. The only way to get travelers to pay more of the cost is to double-dip, first through income taxes and second, through this ridiculous "security fee."
Google has a new update for the beta channel of their Chrome browser that does away with a lingering drag on mobile browsers. Up until now, browsers for mobile devices have included an artificial 300ms delay to account for the familiar double-tap-to-zoom gesture. With an increase in the number of sites tailored to mobile, Google sees no reason to keep folks waiting.
If 300ms doesn’t sound like that big of a deal, watch the video demonstration above. That’s a pretty impressive improvement.
Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3. That feature allows users to install apps while preventing the app from collecting sensitive data like the user's location or address book.
After we published the post, several people contacted us to say that the feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.
When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1
The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.
A moment ago, it looked as though Google cared about this massive privacy problem. Now we have our doubts. The only way to dispel them, frankly, is for Google to urgently reenable the App Ops interface, as well as adding some polish and completing the fundamental pieces that it is missing:
In the mean time, we're not sure what to say to Android users. If app privacy is especially important to you — if, for instance, you want to be able to install an app like Shazam or Skype or Brightest Flashlight without giving it permission to know your location — we would have to advise you not to accept the update to 4.4.2. But this is also a catastrophic situation, because the update to Android 4.4.2 contains fixes to security and denial-of-service bugs. So, for the time being, users will need to chose between either privacy or security on the Android devices, but not both.
Google, the right thing to do here is obvious.
The We the People petition to reform the ECPA in order to give email the same Fourth Amendment protection that snail mail enjoys narrowly passed the 100K signature threshold needed to (theoretically) prompt a response from the administration.
The last-minute push to hit the mark was impressive. Reminded by the post here yesterday that I hadn't actually signed the petition yet, I went and remedied that around 5 pm (CST) yesterday evening. At that point, it looked as though the petition would be an also-ran, having only gathered about 78,000 signatures with just a few hours remaining.
Needless to say, I was a bit surprised to read this morning that it had hit 100,000 signatures. The Hill rather hopefully states that the White House "must" now respond to the petition, but as we've seen in other cases, the response is either long-delayed (the Snowden petition is going on its fifth month of being ignored) or treated to an administrative pat on the head and a brief rehash of the Official Talking Points.
One would hope this one does prompt a serious response. The only reason this law hasn't been updated is because treating email 180 days old or older as "abandoned" cuts down on the requirements law enforcement and investigative agencies need to meet to access it. These entities obviously benefit heavily from the clearly outdated law and have no interest in seeing this convenient loophole in Fourth Amendment protection closed. The administration has long defended our nation's intelligence and investigative agencies, so it may have little interest in making their jobs "harder." On the other hand, this support has seen a marked decline over the past few weeks, and there are indications that some in the White House really do want to fix this, so there may be some hope yet.
On the plus side, The Hill reports that the DOJ has already weighed in on this topic.
At a House hearing in March, Elana Tyrangiel, the acting assistant attorney general for the Justice Department's Office of Legal Policy, agreed that updating ECPA has "considerable merit."This step in the right direction was unfortunately tempered by a massive step backward.
"We agree, for example, that there is no principled basis to treat email less than 180 days old differently than email more than 180 days old," she said "Similarly, it makes sense that the statute not accord lesser protection to opened emails than it gives to emails that are unopened."
But she urged lawmakers to exempt civil regulatory investigations from the warrant requirement. She explained that regulators investigate conduct that is unlawful, but not necessarily criminal. She argued that because regulators often do not have access to the warrant power, the requirement would impede critical government investigations.This "exemption" basically defeats the entire purpose of ECPA reform, and in some ways, makes things worse. It takes a little loophole in the law, which came about because of changes in technology, then widens it and puts a giant stamp of approval on it. It goes from a little loophole that violates the 4th Amendment to a big official law that violates the 4th Amendment.
San Francisco - Mobile app startup People+ and free technology-industry database CrunchBase have settled their dispute over data collected under the Creative Commons Attribution License, allowing both companies to continue their work.
The Electronic Frontier Foundation (EFF) represents People+, a company making apps for iOS and Google Glass. In its iOS app, People+ used materials from the free CrunchBase database, which includes information on technology companies, people, and investors. The CrunchBase database was licensed under a Creative Commons Attribution License, allowing anyone to use the data as long as the author receives credit. However, CrunchBase also claimed the right to shut down some uses of their materials – a position at odds with the Creative Commons license – and CrunchBase demanded that People+ stop using the data.
Fortunately, the norms and values of the open content community were a roadmap to resolving the argument. After discussions among CrunchBase, People+, and EFF, People+ will continue to use the material it has gathered under the Creative Commons Attribution License. Going forward, CrunchBase has revised its terms of service and now licenses its content under the Creative Commons Attribution-NonCommercial license, which will require a separate license for commercial uses.
"Offering content under the most permissive CC license while claiming the right to shut down uses they didn't like was a bit misleading," said EFF Staff Attorney Mitch Stoltz. "CrunchBase's new terms of service are clearer and more in line with the best practices of the open content community. The new terms should allow developers to re-use and build on the CrunchBase dataset with greater confidence."
"We are thrilled with the outcome and are looking forward to continue growing the app and the company far beyond this controversy," said Peter Berger, People+ co-founder and CEO.
Creative Commons is a suite of standardized licenses for creative work, providing a simple way for authors and artists to keep "some rights reserved" – like the right to receive credit and the right to prevent commercial uses – while allowing their work to spread freely on the Internet and be re-used by others without the threat of legal trouble.
"We are grateful to the Electronic Frontier Foundation for playing an instrumental role in updating the CrunchBase Terms of Service," said CrunchBase President Matt Kaufman. "At their suggestion, we adopted Creative Commons 4.0 and open content best practices. These updates provide more clarity to our community and provide a stronger foundation from which to build and extend the CrunchBase dataset."
"We are very pleased we could work with People+ and CrunchBase to resolve this issue," said EFF Senior Staff Attorney Kurt Opsahl. "Creative Commons licensing is a mainstay of creativity and collaboration in the digital age, and having the system work smoothly is to everyone's benefit."
Electronic Frontier Foundation
Senior Staff Attorney
Electronic Frontier Foundation
AT&T, Verizon Wireless, Sprint, T-Mobile, and US Cellular have "voluntarily" committed to unlocking customers' cell phones once their contracts have been paid off. The wireless carriers will notify customers when their devices are eligible to be unlocked, "or automatically unlock devices remotely, for free," the Federal Communications Commission (FCC) said today.
While the agreement was described as voluntary, FCC Chairman Tom Wheeler had told the carriers he would pursue regulation if they didn't comply with his terms. A recent ruling by the Librarian of Congress meant that a consumer unlocking his or her own phone would be violating the Digital Millennium Copyright Act's anti-circumvention provisions. Today's agreement should sidestep that by putting the onus to unlock on the carrier, although it doesn't help consumers who are still under contract.
Unlocking allows a phone to be used on any compatible network, regardless of carrier. While carriers are often willing to unlock phones and sometimes ship them unlocked even at the beginning of a contract, policies have varied by carrier. Today's news will make the unlocking process similar across all major US carriers.
TV movie Descendants will revolve around the offspring of the main characters of Beauty and the Beast, Cinderella, Sleeping Beauty, Tangled, and Mulan, heading into prep school with the new kids: four children descended from Cruella De Vil, Maleficent, the Evil Queen (Snow White), and Jafar.
Let me repeat: Disney is making a high school AU based on the children of their most famous characters. And you better believe that if it does well it’ll become a spinoff series.
I have so many questions.
The new regent of the kingdom in which this takes place is the child of “King and Queen from “Beauty and the Beast,” is he the son of Belle and the Beast, or is he the Beast, or is he, like, the Beast’s brother?
If he is the child of Belle and the Beast, how attractive is he going to be? Generic handsome, or “I feel kind of bad about how hot I think this animated teenager is” handsome? Will he and Rapunzel and Flynn Ryder’s kid be having smoulder-offs?
Apparently this takes place in a universe where all Disney villains, henchmen, and evil family members have been banished to an island. On a scale of one to Toon Town, how crazy is that island?
So I understand Carlos De Vil, but are Mal, Evvie, and Jay (children of Maleficent, Evil Queen, and Jafar, respectively) going to have some equally amazing last names?
How are we reconciling the temporal setting of 101 Dalmations with the various classical antiquity or historical era time periods of Mulan, Aladdin, or Sleeping Beauty? Are we making any effort to reconcile it at all?
Has Tumblr already decided I’ll be ‘shipping? No, it does not matter that we don’t know what gender Mal and Jay, nor any of the offspring of the “good” characters are.
Question time over. At the risk of repeating myself:
“We mined Disney’s treasure trove of stories and developed a new, comedic approach to the fabled characters everyone knows and loves,” said Disney Channels Worldwide prexy-chief creative officer. “The result is a modern and unexpected re-interpretation of classic heritage characters utilizing contemporary, relatable settings and themes.”
Disney is making a high school AU about their characters kids, and the core cast has a middle eastern character in it, if not additionally Hispanic/Latino or Chinese characters as well. Here is a dumb idea I can get unironically excited about.
The Metropolitan Washington Airports Authority is opting not to project a new completion date for the first phase of the Silver Line.
There are too many variables to be able to accurately project completion, Dulles Corridor Metrorail Project Executive Director Pat Nowakowski told the authority’s Board of Directors on Wednesday.
“I am reluctant, at this point in time, to put a date on it,” Nowakowski said. “We are working aggressively and as quickly as possible.”
The Silver Line was originally slated to open by the end of this year but, earlier this year, the date of “substantial completion” was pushed back by about two months, pushing the start of service to early 2014. Substantial completion marks the point at which the airports authority accepts the project from its contractor and can transfer the system to Metro.
A second delay occurred during the testing phase. As recounted by MWAA board member Frank “Rusty” Conner, the contractor responsible for the automated train control system, Allcom, discovered a problem during testing and needed more time to address the issue.
Based on the timeline Nowakowski presented on Wednesday, it will be at least another three weeks before the project is ready to hand over to the Washington Metropolitan Area Transit Authority.
Nowakowski said the next step is for Allcom’s engineers to present their proposed solution to MWAA’s engineering team, which was slated to happen on Wednesday. If all the engineers are in agreement on the solution, the software fix can be installed fairly quickly and retested, he said.
Once that is complete, the project still has to pass one big test — running simulated train service. Nowakowski said that, because of conflicts with the Orange Line, Metro can only accommodate this testing overnight between Saturday night and Sunday morning.
Therefore, every missed opportunity to conduct that test causes a one-week delay.
After the simulated train service test is complete, contractor Dulles Transit Partners has to finish compiling the reports and other documentation required to demonstrate that the project has reached substantial completion. Nowakowski said he believes this will take two to three days after the simulated service testing.
MWAA has 15 days to review the documentation and either agree or disagree that the project is at substantial completion. Once the agency accepts the work of its contractor, it can turn the system over to WMATA.
Metro then has 90 days to make its final preparations to begin service on the Silver Line.
“They have indicated to us that they’re going to try and beat that, but that is something that is totally within their control,” Nowakowski said.
Daniel Gray, a New Zealander visiting Canada with his Canadian girlfriend to meet her family found a very unique way to spend some of his time during their cold December visit. With the help of his girlfriend (Kathleen Starrie) and her family, he build the most amazing thing in their Edmonton backyard.
They started out by clearing out some snow to create space.
Then the first layer of ice blocks, built from milk cartons they collected, added coloring to, and froze.
Building the spiral….
Laying blocks on top of the spiral. What is this thing?
class="alignnone size-medium wp-image-529660" />
All bundled up, working diligently on their creation.
All of the colorful milk cartons used in preparation.
Okay, it’s definitely coming along now.
Is that an igloo?
Daniel works from the inside
And here’s the inside. Definitely looking like an igloo.
And at last, the incredible multi-colored igloo built from snow and milk carton blocks.
It looks incredibly cozy. I want one.
Today, just as we have published each of the past three years, we have the 2013 edition of our top 50 jQuery plugins that we feel are the most useful and most innovative from this year.
2013 has been quite possibly the best year ever!
All of the time-saving plugins below will in one way or another deliver a specific solution to many of the design and development issues you may have.
And just to help you find exactly what you are looking for we have split the plugins into the following categories: Layouts, Navigation, Social & Sharing, Sliders & Carousels, Image Management, Forms, Typography & Text, and finally a selection of plugins that don’t quite fit into a particular category but are useful enough to stand alone.
jQuery Nested allows you to create a completely gap-free multi-column, dynamic grid layout.
jResponsive allows you to add a dynamically-resized layout to any page or element and customize the layout the way you want (with or without top, bottom, right or left navigation). It can be applied to a container element and will arrange its children in a layout that makes optimal use of screen space, by "packing" them in tightly.
Salvattore is a library agnostic JS script that will help you organize your HTML elements according to the number of columns you specify, like jQuery Masonry.
Rubberband allows scripts to act on media query changes in real time by making use of the browser’s internal media query matching system,
FlexNav is a mobile-first example of using media queries and jQuery to make a robust drop-down menu. From the developer: It is a ‘device agnostic approach to complex site navigation with support for touch and keyboard sccessibility’.
Sidr is an easy to use plugin that will create a responsive Facebook-a-like side menu.
scrollNav is a lightweight jQuery plugin that grabs your page's existing content, divides it up into logical sections and builds a customizable scrolling sidebar navigation.
Flaunt.js allows you to create a stylish responsive navigation with nested click to reveal.
jVanilla Menu is a simple jQuery menu plugin. It takes an existing CSS drop-down menu, and adds enhancements such as animations, submenu levels and timeout delays to it.
This is a jQuery plugin that provides responsive tab functionality, with the tabs transforming into an accordion when it reaches a CSS breakpoint.
ScrollUp creates a customisable “Scroll to top” feature that will work with any website.
ClassySocial is a plugin that lets your site visitors easily see what networks you belong to and visit them in a click of a button.
ContentShare lets you share the content from a page on a social network. Instead of the default meta tags, it lets you specify and select what content you wish to share. As of now, it supports Facebook and Twitter, though you can easily add additional social networks.
ClassySocial is a plugin that lets your site visitors easily see what networks you belong to and visit them in a click of a button.
slideToucher is a content swiping touch enabled jQuery plugin with support for both vertical and horizontal swipes.
Flexisel is a responsive image carousel plugin with options specifically available for adapting the carousel for mobile and tablet devices.
Swipebox is a responsive jQuery lightbox plugin that features: Swipe gestures for mobile; Keyboard Navigation for desktop; CSS transitions with jQuery fallback; Retina support for UI icons.
Smoothbox is a simple, lightweight, and responsive jQuery lightbox script by Kevin Thornbloom.
Inspired by Tumblr’s photoset feature, Photoset Grid is a simple jQuery plugin for arranging images into a flexible grid.
Owl Carousel is a touch enabled jQuery plugin that lets you create responsive carousel sliders.
CarouFredSel turns any HTML elements into a carousel. It is dual-licensed under MIT and GPL, and also has its own WordPress plugin.
FilmRoll is a lightweight and simple jQuery carousel plugin that centers the selected item on the page.
jQuery CollagePlus is an image gallery plugin that arranges your images to fit exactly within a container. It allows you to give the images CSS borders, and even define a target row height and padding between the images.
Block Slider is a modal window image gallery plugin for jQuery that can be used to create a simple image slider.
Nivo Lightbox is a small and responsive jQuery Lightbox plugin. It comes with automatic content detection and features CSS effects and transitions.
Magnific Popup is a fast, lightweight and feature-rich responsive lightbox plugin with its focused on performance and providing the best experience for users on any device. It is also Zepto.js compatible.
The jQuery Alpha Image Plugin can change selected image colours to transparent and offers the result as either an image or as imagedata.
imagefill.js can be used to center the images and make them fill the container.
Offreg turns your images into RGB “prints”. All you need to do is to apply the plugin to any HTML element, and then provide an image SRC and insert offset value. On the downside, the rendering does not look impressive in Google Chrome.
Selectize.js is a hybrid of text box and select box. It can be used to display contact lists or country selectors.
EasyDropDown turns elements into drop-down menus that can be used for navigation or enhanced UI implementation.
Minimalect is a select replacement for jQuery. It offers keyboard navigation, choice filtering and even supports themes.
Inspired by Twitter’s autocomplete search functionality, typeahead.js is a fast and fully-featured autocomplete library.
jQuery Selectric is a plugin for easy manipulation and customization of HTML selects.
Image Picker is a simple jQuery plugin that transforms a <select> element into a more user friendly graphical interface.
jQuery Fullscreen Editor transforms text fields into customizable editors. You can use it on forms or even standalone. The plugin supports most modern web browsers and comes with two different transitions.
Tabslet is a jQuery plugin for tabs. It supports custom events, rotation and animation and is compatible with most modern web browsers.
bPopup is a lightweight (only 1.49kb gzipped) modal popup plugin. The plugin doesn’t create or style your popup but provides you with all the logic like centering, modal overlay, events and more, giving you plenty of opportunities to customize as per your needs.
Moa Modal is a jQuery modal plugin that comes with custom animations and positioning.
Sieve allows you to quickly add an interactive search filter to any block of content.
FlowType.js lets you configure the font size and line height ratios, thereby improving the overall appeal of typography in your projects. You can also specify maximum and minimum width thresholds to control FlowType.js
Squishy is a jQuery plugin that automatically resizes text to exactly fit the container.
Succint is a minimal jQuery plugin that can truncate multiple lines of text. It shortens your text to a given size, and then adds an ellipsis to its end.
Textillate.js is a simple plugin for applying amazing CSS3 animations to any block of text.
CLNDR.js is a jQuery plugin for creating calendars. But instead of generating the markup, it requires you to provide an Underscore.js HTML template. It takes your template and injects the calendar data into it.
Mapael is a jQuery plugin based on raphael.js that allows you to display dynamic vector maps.
FailSafe, as the name suggests, lets your application work smoothly in situations such as when you lose internet connectivity or run out of laptop battery. It can also disable elements that require an active internet connection or can drain your battery.
Inspired by the recent Gmail composer tour, Chardin.js creates simple overlay instructions for web apps to demonstrate to your readers how to use your web app.
Bigfoot is a jQuery plugin that creates exceptional footnotes.
jQuery.Pin will ‘pin’ any element to the top of a container as you scroll down the page. It can be easily disabled for smaller screen-sizes.
PowerTip is a jQuery tooltip plugin with some advanced features like hover intent testing, tooltip queueing, and support for complex data.
jQuery Builder allows you to easily build a custom version of jQuery that just includes the modules you need.
Read more of this story at Slashdot.
Winter has crashed down upon us and settled in for a long stay, but that does not mean nature’s beauty has faded away. As you can see in this series of winter landscape photographs, nature plays no favorites with beauty. She is just as cunning of an artist with ice and snow as she is with green grass. flowers, and trees. She paints the trees with a dusting of frost. She creates icy mirrors from the still lakes to reflect the beauty of her creations. She creates sculptures with her icicles and snow drifts. She intermixes snow covered trees and ground with open waters filled with wild geese. She floats snow through the nighttime air creating twinkling flakes reflecting lights. Nature’s elegance stretches through the seasons. We are thrilled that some photographer dare the cold to capture some of nature’s most dramatic scenes.
Photo above by EarthPix
Photo by Lake Baikal
Photo by Hideyuki Katagiri
Photo by Marcin Ryczek
Photo by Kent Shiraishi
Photo by Jan Machata
Photo by Dmitry Dubikovskiy
Photo by Norbert Maier
Photo by deep21
Photo by Friðþjófur M
Photo by Lars van der Goor
Photo by Thomas Zakowski
Photo by Edwin van Nuil
Photo by Evgeni Dinev
Photo by Mark Geistweite
Photo by Emmanuel Coupe
Photo by Peter From
Photo by oskarpall
…DAHN DAHN DAHN…. April 4, 2014. There, look, I know was a big old tease in the headline but at least I didn’t make you wait long, did I? 4/4/14 is indeed the release date for Bethesda’s MMO adaptation of The Elder Scrolls RPG series, and that’s for PC and Mac – next Jennifer systems will follow in June.
Here’s a PVP trailer, too.
Read more of this story at Slashdot.
We've made the argument for some time that a product, service, or company's fans and community are an asset not to be trifled with. If a community is embraced and the company is awesome, the results can be so beneficial as to be downright heartwarming (hattip to our own community, for always impressing me). This can manifest in a multitude of ways, from free and massive promotion to the community actually helping to make the end-product better.
It's that second example that is most apropros for this story. Let me introduce Peter Thorman, who also goes by the handle Durante on the interwebz. Who is he? Well, he's the fan who fixes crappy console-to-PC ports, improving the fan experience. And he does it for free, because he's a fan.
When Rising Star Games released Deadly Premonition: The Director's Cut for the PC last month, the port of the Twin Peaks-esque cult favorite horror game had some serious issues. Chief among them was the fact that the game's resolution was, highly atypically for a PC game, locked to 720p. The outcry was immediate and vocal.And he did, in a way that would be impressive in general but is all the more so considering he had to reverse engineer everything without access to the source code.
But in spite of their outrage, many users expressed hope for a savior to come to their aid. "You on it, Durante?" asked one user. Like a Batsignal, the call was out.
The answer came less than an hour later. "I should be able to fix this."
As it turns out, Thornton has done this for many PC ports and has become something of a legend to gamers. As I mentioned before, this isn't something Thorman is paid to do. He does it because he's a fan of the game, interested in coding and computer science, and generally seems like an awesome guy. But if you're looking for his prime motivating factor for putting in what amounted to 70 hours worth of work:
"My primary motivation," Thoman said, "is because I don't like playing games at low resolution."You're welcome, everyone else that wants to play the PC version of the game. Here's where this gets really fun: how many people kept the game instead of returning it, or decided to buy the game after finding out the now-famous Durante had released a patch for the game that made it better? It's impossible to know the answer to those questions, but surely there was some impact. The developers of the game had said they'd release a patch as a fix as well, but that the resolution of the game was way down the priority list, leaving fans for whom that was a major factor out in the cold. Until Durante stepped in. They probably owe him a big fat thank you, at the very least. In fact, some fans of Thorman's have suggested he offer his work to companies as a paid service, but he insists it's just a hobby.
"I do this for fun," he said. "The more you do it as work, the less it will seem like fun."And the game companies benefit. Who says free never did anyone any good? Meanwhile, this ought to be a lesson to every producer out there on just how big an asset their fans and communities can be.
To date, there has been no way to run apps on Android with real and reliable privacy controls. Android version 4.3 and higher take a huge step in the right direction, letting users install apps while denying some of the apps' attempts to collect the user's data.
Android was built from scratch to have quite a sophisticated and strongly enforced system of per-app permissions. But many of the privacy-sensitive permissions are poorly delineated and confusing.1 And the way the OS and Google's Play Store worked, users could not install an app but say "no" to that app's demand that it be able to read their address book, track their location, or grab their phone number or IMEI.
This turned out to be the fundamental problem with the previous Android model: installing an app was an all-or-nothing proposition, and there were few practical ways to protect yourself against the apps you'd installed, or even really see what they were up to.
In the early days, that model was at an improvement on its major competitor, Apple's iOS, which didn't even have a permissions model. But after various privacy scandals, Apple started forcing apps to ask for permission to collect data: first location and then other categories, like address books and photos. So for the past two years, the iPhone's app privacy options have been miles ahead of Android's.
This changed with the release of Android 4.3, which added awesome new OS features to enhance privacy protection. You can unlock this functionality by installing a tool like App Ops Launcher. When you run it, you can easily control most of the privacy-threatening permissions your apps have tried to obtain. Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done.2
Despite being overdue and not quite complete, App Ops Launcher is a huge advance in Android privacy. Its availability means Android 4.3+ a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be. The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets.
A driver with a Taxi Magic card reader asked if he could run a credit card through Square.
The chairman of the D.C. Taxicab Commission has announced a crackdown on cab drivers he says are gaming the system.
Any time you hail a cab in Washington, you should be able to pay with your credit card. While regulators believe most cabbies are in compliance, an unknown number are having technical problems with their new credit card readers.
So instead of using their approved devices, many of these cabbies are using the mobile card reader Square to process credit card payments. D.C. Taxicab Commission chairman Ron Linton is putting those drivers on notice.
"We are going and are taking action and planning action to confiscate and fine drivers who use unapproved devices such as Square," Linton says.
When asked how commission planned to catch violators, the chairman said: "We know how to find it out."
Linton says the commission is also investigating 76 complaints filed by customers who say their cabbies wouldn't let them use credit cards.
"If they have a working system and deny its working, that's a violation," Linton says. "If they have a non-working system, they shouldn't be picking up the passengers."
Drivers waiting to pick up passengers outside Union Station say they are not lying or cheating the system. They say their credit card machines are glitchy.
"New equipment, sometimes works, sometimes it don't," says driver Abebe Elis.
Cabbies commonly used Square before the commission imposed its modernization program on the District's taxi fleet. Square is unable to track trip data or send the $.25 fare surcharge to the taxicab commission, so it is not on the approved list of payment processors.
Pirate Bay Founder Warg Being Held in Solitary Confinement - Slashdot
From Torrent Freak comes news that one of the Pirate Bay founders is now being held in solitary confinement after Sweden turned him over to Denmark. From the article: "In a recent letter sent to Amnesty and shared with TorrentFreak, Gottfrid’s mother Kristina explains her son’s plight. S...
The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, now on the advisory board of Subsentio, a firm that helps telecommunications carriers comply with federal wiretap statutes.Still, the report details how the FBI can insert malware in a variety of ways, and that the malware can often do things like turn on your camera without the light turning on. Most reports of malware concerning turning on cameras in the past still had the light go on. It appears that this is all the more reason for people to tape over their cameras. That said, it could be even worse. If they can turn on your camera remotely, they can almost certainly turn on your microphone remotely also. And, of course, with a microphone there is no light in the first place and you can't just cover it up. Voila, instant wiretaps beyond just phone calls. Seems extreme, but does anyone doubt that the FBI can do this, and likely does do this?
The FBI’s technology continues to advance as users move away from traditional computers and become more savvy about disguising their locations and identities. “Because of encryption and because targets are increasingly using mobile devices, law enforcement is realizing that more and more they’re going to have to be on the device — or in the cloud,” Thomas said, referring to remote storage services. “There’s the realization out there that they’re going to have to use these types of tools more and more.”
The ability to remotely activate video feeds was among the issues cited in a case in Houston, where federal magistrate Judge Stephen W. Smith rejected a search warrant request from the FBI in April. In that case, first reported by the Wall Street Journal, Smith ruled that the use of such technology in a bank fraud case was “extremely intrusive” and ran the risk of accidentally capturing information of people not under suspicion of any crime.
Smith also said that a magistrate’s court based in Texas lacked jurisdiction to approve a search of a computer whose location was unknown. He wrote that such surveillance software may violate the Fourth Amendment’s limits on unwarranted searches and seizures.
Yet another federal magistrate judge, in Austin, approved the FBI’s request to conduct a “one-time limited search” — not involving the computer’s camera — by sending surveillance software to the e-mail account of a federal fugitive in December 2012.
It looks like this is the typical case of once law enforcement has a tool it's looking to use it more and more, even as it clearly has not yet worked out the kinks -- and there's been no real chance for a comprehensive look at whether or not the use of such tools is legal, beyond what individual judges are deciding on a case by case basis.
Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, nearly five months after the first threatening call from Mo. The order gave the FBI two weeks to attempt to activate surveillance software sent to the email@example.com e-mail address. All investigators needed, it seemed, was for Mo to sign on to his account and, almost instantaneously, the software would start reporting information back to Quantico.
The logistical hurdles proved to be even more complex than the legal ones. The first search warrant request botched the Yahoo e-mail address for Mo, mixing up a single letter and prompting the submission of a corrected request. A software update to a program the surveillance software was planning to target, meanwhile, raised fears of a malfunction, forcing the FBI to refashion its malicious software before sending it to Mo’s computer.
The warrant authorizes an “Internet web link” that would download the surveillance software to Mo’s computer when he signed on to his Yahoo account. (Yahoo, when questioned by The Washington Post, issued a statement saying it had no knowledge of the case and did not assist in any way.)
The surveillance software was sent across the Internet on Dec. 14, 2012 — three days after the warrant was issued — but the FBI’s program didn’t function properly, according to a court document submitted in February,
“The program hidden in the link sent to texan.slayer@Ã‚Âyahoo.com never actually executed as designed,” a federal agent reported in a handwritten note to the court.
Through the magic of lenticular printing—you know, those pictures with two separate images on them, and you switch back and forth by moving it around—Brooklyn-based startup gifpop is printing the pinnacle of human artistic achievement: The gif. Yes, you can upload your own, though the limit is ten frames. You can even choose two still images—like, for instance, happy Bilbo and Bilbo flipping everyone off. There has to be a catch, like you’re not allowed to use gifs from copyrighted material or something. The website doesn’t specify, but the universe cannot be good enough to allow me to have a physical copy of Nathan Fillion being judgey to carry around with me, close to my heart.
Every year it's something. Some colorful construction of cloth or fluff or plastic or silicon, the big holiday toy that no actively loved child can do without. Graphic designer Abby Ryan Bennett tracks the trend for 50 years, from the Easy-Bake Oven to the Wii U.
Read more of this story at Slashdot.
An approach that does work is for the tracking entity to use https, the secure web protocol, for its communication with the user’s computer. This ensures that the unique ID that is transmitted is protected by encryption in a way that doesn’t leak to an eavesdropper any information about which connections are to the same user. Implementing https on a larger site is not as easy as it should be, but it seems to be the price of surveillance-proof tracking.For what it's worth "not as easy as it should be" would be considered by some to be something of an understatement. It's not easy, period. But it's becoming increasingly clear that it's something that probably needs to be done. Eight giant internet companies earlier this week took a strong stand on reforming surveillance. To show that they're serious about this, moving to an all HTTPS world would be a very clear step that they're not just saying things, but actually doing things to protect their users' privacy from an overreaching NSA.
Another approach to protecting users is to switch to a method that holds all of the stored information on the client side, that is, in the user’s browser. The idea is that rather than having the server accumulate a record of the user’s activities (or some kind of preference profile based on those activities), you would instead have the user’s browser store the same information for you. This approach is taken by some of the privacy-preserving behavioral advertising systems that have been proposed. If information is accumulated on the user’s own computer, there doesn’t need to be a unique identifier that is sent across the Internet every time the user accesses your site. Instead, you can send encrypted data only at the times you need it. This requires more aggressive re-engineering of an ad or analytics service, but it provides additional benefits to the user in terms of privacy and transparency.As he notes, there are significant challenges there as well, and potential side effects in the way certain things would work, but it is also an approach worth exploring.