An anonymous reader quotes a report from Motherboard: The Pentagon is carrying out warrantless surveillance of Americans, according to a new letter written by Senator Ron Wyden and obtained by Motherboard. Senator Wyden's office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.

Some of the answers the DoD provided were given in a form that means Wyden's office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public. A Wyden aide told Motherboard that the Senator is unable to make the information public at this time, but believes it would meaningfully inform the debate around how the DoD is interpreting the law and its purchases of data. "I write to urge you to release to the public information about the Department of Defense's (DoD) warrantless surveillance of Americans," the letter, addressed to Secretary of Defense Lloyd J. Austin III, reads. Wyden and his staff with appropriate security clearances are able to review classified responses, a Wyden aide told Motherboard. Wyden's office declined to provide Motherboard with specifics about the classified answer. But a Wyden aide said that the question related to the DoD buying internet metadata.

"Are any DoD components buying and using without a court order internet metadata, including 'netflow' and Domain Name System (DNS) records," the question read, and asked whether those records were about "domestic internet communications (where the sender and recipient are both U.S. IP addresses)" and "internet communications where one side of the communication is a U.S. IP address and the other side is located abroad." Netflow data creates a picture of traffic flow and volume across a network. DNS records relate to when a user looks up a particular domain, and a system then converts that text into the specific IP address for a computer to understand; essentially a form of internet browsing history. Wyden's new letter to Austin urging the DoD to release that answer and others says "Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar."

Elon Musk-founded SpaceX is in the process of rolling out Starlink as a satellite internet provider around the world. As part of a new partnership, Google Cloud data centers will be home to key Starlink infrastructure in order to let enterprise users better access key services. 9to5Google reports: This partnership starts with SpaceX building Starlink ground stations inside Google data centers for "secure, low-latency, and reliable delivery of data" from existing fiber networks to space and back to end users. There are currently over 1,500 Starlink satellites in orbit, with more launching on a regular basis aboard Falcon 9 rockets. The end goal is to make cloud services, data, and applications available to businesses in rural or remote areas: "Connectivity from Starlink's constellation of low-Earth-orbit satellites provides a path for these organizations to deliver data and applications to teams distributed across countries and continents, quickly and securely." The first Google Cloud and Starlink customers will be able to benefit from this partnership in the second half of 2021.

Some of the world's biggest chip buyers, including Apple, Microsoft and Alphabet's Google, are joining top chip-makers such as Intel to create a new lobbying group to press for government chip manufacturing subsidies. From a report: The newly formed Semiconductors in America Coalition, which also includes Amazon.com's Amazon Web Services, said Tuesday it has asked U.S. lawmakers to provide funding for the CHIPS for America Act, for which President Joe Biden has asked Congress to provide $50 billion. "Robust funding of the CHIPS Act would help America build the additional capacity necessary to have more resilient supply chains to ensure critical technologies will be there when we need them," the group said in a letter to Democratic and Republican leaders in both houses of the U.S. Congress.

A global chip shortage has hit automakers hard, with Ford Motor saying it could halve second-quarter production. Automotive industry groups have pressed the Biden administration to secure chip supply for car factories. But Reuters last week reported administration officials were reluctant to use a national security law to redirect computer chips to automakers because doing so could hurt other industries. The new coalition includes some of those other chip-consuming industries, with members such as AT&T, Cisco Systems, General Electric, Hewlett Packard Enterprise and Verizon Communications. It cautioned against government actions to favor a single industry such as automakers.

The US Federal Communications Commission has unanimously approved the final rules to implement the $7.17 billion Emergency Connectivity Fund Program. The FCC program will provide funding for schools and libraries across the country to buy laptops, tablets, Wi-Fi hotspots and broadband connections to help students and teachers to access the internet for online learning during the pandemic. From a report: The program is part of President Joe Biden's $1.9 trillion American Rescue Plan. It also follows the FCC approving a plan in February to administer $3.2 billion in emergency relief to subsidize broadband for millions of Americans during the pandemic. That program will provide $50 per month to low-income households and $75 per month to households on Native American lands to cover the cost of broadband services starting May 12. It also provides $100 toward buying a laptop or tablet. "Between this Emergency Connectivity Fund Program and the Emergency Broadband Benefit Program, we are investing more than $10 billion in American students and households," Jessica Rosenworcel, acting chairwoman of the FCC, said in a statement Monday. "These investments will help more Americans access online education, healthcare and employment resources. They will help close the homework gap for students nationwide."

The average US home-Internet bill increased 19 percent during the first three years of the Trump administration, disproving former Federal Communications Commission Chairman Ajit Pai's claim that deregulation lowered prices, according to a new report by advocacy group Free Press. From a report: For tens of millions of families that aren't wealthy, "these increases are felt deeply, forcing difficult decisions about which services to forgo so they can maintain critical Internet access services," Free Press wrote. The 19 percent Trump-era increase is adjusted for inflation to match the value of 2020 dollars, with the monthly cost rising from $39.35 in 2016 to $47.01 in 2019. Without the inflation adjustment, the average household Internet price rose from $36.48 in 2016 to $46.38 in 2019, an increase of 27 percent.

schwit1 writes: Are there aliens out there? Breakthrough Listen, a privately-funded project searching for evidence of alien life, has released the first results from its survey of 60 million stars in an area looking towards the galactic center, noting that it found no evidence of any technological transmissions signaling an alien civilization from any of those stars. The kind of signals they were looking for were not beacons sent out intentionally by alien civilizations, such as television or radio broadcasts, but unintentional transmissions, such as radar transmissions meant for other purposes but still beamed into space. They found none. The paper can be downloaded here (PDF).

Multiple unsecured entry points allowed researchers to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy. Ars Technica reports: This week, security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group have shared details on how they were able to get their hands on sensitive systems and data hosted at Fermilab. After enumerating and peeking inside the fnal.gov subdomains using commonly available tools like amass, dirsearch, and nmap, the researchers discovered open directories, open ports, and unsecured services that attackers could have used to extract proprietary data. The server exposed configuration data for one of Fermilab's experiments called "NoVa," which concerns studying the purpose of neutrinos in the evolution of the cosmos. The researchers discovered that one of the tar.gz archives hosted on the FTP server contained Apache Tomcat server credentials in plaintext. The researchers verified that the credentials were valid at the time of their discovery but ceased experimenting further so as to keep their research efforts ethical.

Likewise, in another set of unrestricted subdomains, the researchers found over 4,500 tickets used for tracking Fermilab's internal projects. Many of these contained sensitive attachments and private communications. And yet another server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information. A fourth server identified by the researchers exposed 5,795 documents and 53,685 file entries without requiring any authentication. [...] Fermilab was quick to respond to the researchers' initial report and squashed the bugs swiftly.

The Office of the New York Attorney General said in a new report that a campaign funded by the broadband industry submitted millions of fake comments supporting the 2017 repeal of net neutrality. wiggles shares a report: The Federal Communications Commission's contentious 2017 repeal undid Obama-era rules that barred internet service providers from slowing or blocking websites and apps or charging companies more for faster speeds to consumers. The industry had sued to stop these rules during the Obama administration but lost. The proceeding generated a record-breaking number of comments -- more than 22 million -- and nearly 18 million were fake, the attorney general's office found. It has long been known that the tally included fake comments. One 19-year-old in California submitted more than 7.7 million pro-net neutrality comments. The attorney general's office did not identify the origins of another "distinct group" of more than 1.6 million pro-net neutrality comments, many of which used mailing addresses outside the U.S. A broadband industry group, called Broadband for America, spent $4.2 million generating more than 8.5 million of the fake FCC comments. Half a million fake letters were also sent to Congress.

Around a third of all smartphones in the world are believed to be affected by a new vulnerability in a Qualcomm modem component that can grant attackers access to the device's call and SMS history and even audio conversations. From a report: The vulnerability -- tracked as CVE-2020-11292 -- resides in the Qualcomm mobile station modem (MSM), a chip that allows devices to connect to mobile networks. First designed in the early 90s, the chip has been updated across the years to support 2G, 3G, 4G, and 5G cellular communications and has slowly become one of the world's most ubiquitous technologies, especially with smartphone vendors.

Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and OnePlus, just to name a few. But in a report published today by Israeli security firm Check Point, the company said its researchers found a vulnerability in Qualcomm MSM Interface (QMI), the protocol that allows the chip to communicate with the smartphone's operating system. Researches said that malformed Type-Length-Value (TLV) packets received by the MSM component via the QMI interface could trigger a memory corruption (buffer overflow) that can allow attackers to run their own code.

SpaceX has received more than 500,000 preorders for its Starlink satellite internet service and anticipates no technical problems meeting the demand, founder Elon Musk said on Tuesday. Reuters reports: "Only limitation is high density of users in urban areas," Musk tweeted, responding to a post from a CNBC reporter that said the $99 deposits SpaceX took for the service were fully refundable and did not guarantee service. SpaceX has not set a date for Starlink's service launch, but commercial service would not likely be offered in 2020 as it had previously planned. The company plans to eventually deploy 12,000 satellites in total and has said the Starlink constellation will cost it roughly $10 billion.

As the Epic Games v. Apple trial progresses into its third day, Apple's internal documents and communications with various companies are continuing to surface, giving us some insight into the dealings that Apple has had around the App Store. From a report: Back in December 2018, Netflix stopped offering in-app subscription options for new or resubscribing members and instead began requiring them to sign up for Netflix outside of the App Store in order to avoid paying Apple's 30 percent cut. As it turns out, Apple executives were unhappy with Netflix's decision, and made attempts to persuade Netflix to keep in-app purchases available. The subject hasn't yet been broached in the live in-person trial that's going on right now, but news outlet 9to5Mac highlighted emails between Apple executives discussing Netflix's decision. When Apple learned that Netflix was A/B testing the removal of in-app purchases in certain countries, Apple started scrambling to put a stop to it. Apple's App Store Business Management Director Carson Oliver sent out an email in February 2018 outlining Netflix's testing plans and asked his fellow App Store executives whether Apple should take "punitive measures" against Netflix. "Do we want to take any punitive measures in response to the test (for examples, pulling all global featuring during the test period)? If so, how should those punitive measures be communicated to Netflix? (sic)," asked Oliver.

An anonymous reader shares a report: Three young men got into a car in Walworth County, Wis., in May 2017. They were set on driving at rapid speeds down a long, cornfield-lined road -- and sharing their escapade on social media. As the 17-year-old behind the wheel accelerated to 123 miles per hour, one of the passengers opened Snapchat. His parents say their son wanted to capture the experience using an app feature -- the controversial "speed filter" -- that documents real-life speed, hoping for engagement and attention from followers on the messaging app. It was one of the last things the trio did before the vehicle ran off the road and crashed into a tree, killing all of them. Was Snapchat partially to blame? The boys' parents think so. And, in a surprise decision on Tuesday, a federal appeals court ordered that the parents should have the right to sue Snap.

The ruling, from a three-judge panel of the 9th U.S. Circuit Court of Appeals, has set off intense debate among legal watchers about the future of a decades-old law that has shielded tech companies from civil lawsuits. The boys' parents sued Snap, the maker of Snapchat, after the tragedy. They alleged that the company "knowingly created a dangerous game" through its filter and bore some responsibility. The district court responded how courts usually do when a tech platform is sued in a civil lawsuit: by dismissing the case. The judge cited the sweeping immunity that social media companies enjoy under Section 230 of the Communications Decency Act. The law provides legal immunity to tech companies from libel and other civil suits for what people post on sites, regardless of how harmful it may be. But the appeals court's reversal paves a way around the all-powerful law, saying it doesn't apply because this case is not about what someone posted to Snapchat, but rather the design of the app itself.

The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote attack vectors. The Record reports: Known as 21Nails, the vulnerabilities were discovered by security firm Qualys. The bugs impact Exim, a type of email server known as a mail transfer agent (MTA) that helps email traffic travel across the internet and reach its intended destinations. While there are different MTA clients available, an April 2021 survey shows that Exim has a market share of nearly 60% among all MTA solutions, being widely adopted around the internet. The 21Nails vulnerabilities, if left unpatched, could allow threat actors to take over these systems and then intercept or tamper with email communications passing through the Exim server.

As Qualys explains in its security advisory, the 21Nails vulnerabilities are as bad as it gets. All Exim server versions released in the past 17 years, since 2004, the beginning of the project's Git history, are affected by the 21Nails bugs. This includes 11 vulnerabilities that require local access to the server to exploit, but also 10 bugs that can be exploited remotely across the internet. Security experts recommend that Exim server owners update to Exim version 4.94 to protect their systems against attacks.

An anonymous reader quotes a report from Ars Technica: Frontier Communications emerged from Chapter 11 bankruptcy on Friday, saying that it plans to double its fiber-to-the-premises footprint by extending fiber to an additional 3 million homes and businesses. "Frontier is deploying capital and pursuing an extensive fiber build-out plan that will accelerate the company's transformation from a legacy provider of copper-based services to a fiber-based provider... Under the first phase of the plan, Frontier intends to invest heavily and pass more than 3 million homes and business locations, enabling a total of over 6 million homes and businesses with Gig-plus speeds," the company said in a press release.

Expanding to 3 million additional homes will take multiple years, as Frontier said it plans to reach "approximately 495,000 additional locations in 2021." That apparently includes 100,000 new fiber locations already built in the first three months of this year. Frontier is analyzing whether it can "at least double the build rate next year," Frontier's newly hired CEO Nick Jeffery said, according to FierceTelecom. "We have 3.4 million total fiber passings today and plan to at least double this footprint over the coming years," Jeffery also said.

Frontier's current network consists of copper lines that pass 11.8 million homes and businesses and fiber lines passing 3.4 million homes and businesses, Frontier said in a presentation for investors. Even if Frontier achieves its goal of doubling its fiber network, over 8 million homes and businesses would remain stuck on Frontier's old copper network, which provides slower DSL service. Although Frontier didn't promise to extend fiber to all or even to a majority of its copper locations, its presentation said the company's network has a "substantial competitive advantage relative to competitors" because it includes "12 million copper passings to potentially convert to fiber."

Indian telecom ministry on Tuesday said it has granted several telecom service providers permission to conduct a six-month trial for the use and application of 5G technology in the country. From a report: New Delhi has granted approval to over a dozen firm spanning multiple nationalities -- excluding China. Among the telecom operators that have received the grant include Jio Platforms, Airtel, Vodafone Idea, and MTNL. These firms, the ministry said, will work with original equipment manufacturers and tech providers Ericsson, Nokia, Samsung, and C-Dot. Jio Platforms, additionally, has been granted permission to conduct trials using its own homegrown technology. In a press note, the Department of Telecommunications didn't specify anything about China, but a person familiar with the matter confirmed that Chinese giants Huawei and ZTE aren't among those who have received the approval. [...] India's move on Tuesday follows similar decisions taken by the U.S., UK, and Australia, all of which have expressed concerns about Huawei and ZTE and their ties with the Chinese government.

Friday the Free Software Foundation awarded their coveted "Respects Your Freedom" (RYF) certification to another new product: the Free Software Wireless-N Mini Router v3 (TPE-R1300) from ThinkPenguin, Inc.

Just 45 products currently hold the FSF's certification "that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy." (That is to say, they run on 100% free software, allow the installation of modified software, and are free from DRM, spyware and tracking.) The FSF writes: As with previous routers from ThinkPenguin, the Free Software Wireless-N Mini Router v3 ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, who is the maintainer of libreCMC and a former FSF intern.

The router enables users to run multiple devices on a network through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers...

"ThinkPenguin once again demonstrates a long-standing commitment to protecting the rights of their users. With the latest iteration of the Wireless-N Mini Router, users know that they'll have up to date hardware they can trust for years to come," said the FSF's licensing and compliance manager, Donald Robertson, III.
Phoronix points its readers to the device's page at ThinkPenguin.com "should you be looking to build out your wireless network using the decade old 802.11n standard."

"There are simply too many points of uncertainty for us to move forward with confidence right now," explains a FAQ addressing this year's cancellation for the annual Burning Man festival.

"The physical, psychic, and emotional impacts of this pandemic are real and the recovery from this experience will happen at different rates of speed," organizers said in an announcement. "This is the time to gather with our friends, crews, families and communities..." They also argued that in an abstract sense, "Burning Man is happening right NOW, all around you," urging people to create experiences, opportunities and connection at the local level. (Their suggestions include planning to join a mass "Burn Night" livestreaming event on September 4, or preparing for "Virtual Burning Man" from August 21 to September 5, 2021.)

Last year's virtual event drew 165,000 participants, reports NPR, adding that this year's cancellation of a mass real-world gathering "has put many people in the event's host community at ease." Wary of a trend of rising coronavirus cases in some parts of the region, Washoe County's district health officer Kevin Dick said "the right call was made," in order to lower the risk of spreading infection.
And SFist also notes the festival's "Invitation to the Future" program "where $2,500 buys you a reservation to buy tickets whenever they do announce the event — but that $2,500 does not get you a ticket." "This is a reservation that will guarantee someone the ability to purchase a regular priced ticket for the next two editions of Black Rock City," the Burning Man Project communications team says in an email to SFist...

Per the fine print of this arrangement, there will be only 1,000 of these $2,500 reservations that are essentially tickets to buy tickets... "It's going very well!," Burning Man's communications team tells us. "We're so grateful for our generous community. As of this writing, we have only a few hundred left...."

Burning Man has to get creative, and maybe perks for big spenders is an acceptable one-time trade-off to ensure its ongoing solvency. The project has gone nearly two years since its last infusion of direct ticket revenue, and the permits and attorney fees necessary to pull off this event on federal land have not gotten any cheaper despite the pandemic.

Earlier this week, The Verge reported that Microsoft now has 145 million people using its Microsoft Teams communications app, an increase of 26 percent over last year's reported 115 million daily active users. From the report: To put the 145 million figure in perspective, at the beginning of the pandemic, Microsoft had around 32 million daily active users of Microsoft Teams. That jumped to 75 million in a matter of weeks, and these numbers have more than doubled since even the early days of the pandemic. It's an impressive amount of growth, just as Microsoft has been aggressively pushing businesses to move to the cloud and adopt Teams over the past year.

As always, it's difficult to compare to rival services. Google and Zoom don't reveal daily active users and opt for a more vague daily active participants. This means a single user could be counted multiple times if they participate in different meetings during a day. Zoom revealed it had 300 million daily active participants last year, and Google said last year it had 100 million daily active participants. Slack revealed it had 12.5 million concurrent users during the beginning of the pandemic last year, but the company has shied away from daily active user counts ever since.

Trade groups representing AT&T, Verizon and other telecom companies are opening fire on a new law requiring them to provide discounted internet service to low-income households in New York. From a report: New York's first-in-the-nation law could be adopted by other states at a time when the White House has signaled it wants to reduce broadband prices for all Americans. Driving the news: Trade associations USTelecom, CTIA, the New York State Telecommunications Association and others representing smaller companies filed a lawsuit Friday against New York's new law requiring providers in the state to offer broadband service for $15 a month to low-income households. New York estimates that 7 million people in 2.7 million households will qualify for the discounted service. "This program -- the first of its kind in the nation -- will ensure that no New Yorker will have to forego having reliable home internet service and no child's education will have to suffer due to their economic situation," Governor Andrew Cuomo said in a statement when he signed the legislation in April.

According to Bloomberg, Verizon is considering selling AOL and Yahoo -- two once high-flying dot-com brands it purchased in 2015 and 2017, respectively. Bloomberg reports: Verizon Media could fetch as much as $5 billion [...]. The company is talking to Apollo Global Management about a deal, they said. It couldn't immediately be learned how a deal would be structured or if other suitors may emerge. No final decision has been made and Verizon could opt to keep the unit. The move comes as Verizon divests tertiary media assets while ramping up its focus on its wireless business and the the rollout of its 5G service. Last year, it agreed to sell the HuffPost online news service to BuzzFeed Inc. and it unloaded the blogging platform Tumblr in 2019. This divestiture would mark Verizon's final retreat from an expensive foray into online advertising, a strategy that never really took off.