Netflix Password Sharing Crackdown To Expand To US In Q2 2023

Netflix is planning a “broad rollout” of the password sharing crackdown that it began implementing in 2022, the company said today in its Q1 2023 earnings report (PDF). MacRumors reports: The “paid sharing” plan that Netflix has been testing in a limited number of countries will expand to additional countries in the second quarter, including the United States. Netflix said that it was “pleased with the results” of the password sharing restrictions that it implemented in Canada, New Zealand, Spain, and Portugal earlier this year. Netflix initially planned to start eliminating password sharing in the United States in the first quarter of the year, but the company said that it had learned from its tests and “found opportunities to improve the experience for members.” There is a “cancel reaction” expected in each market where paid sharing is implemented, but increased revenue comes later as borrowers activate their own Netflix accounts and existing members add “extra member” accounts.

In Canada, paid sharing resulted in a larger Netflix membership base and an acceleration in revenue growth, which has given Netflix the confidence to expand it to the United States. When Netflix brings its paid sharing rules to the United States, multi-household account use will no longer be permitted. Netflix subscribers who share an account with those who do not live with them will need to pay for an additional member. In Canada, Netflix charges $7.99 CAD for an extra member, which is around $6. […] Netflix claims that more than 100 million households are sharing accounts, which is impacting its ability to “invest in and improve Netflix” for paying members.

Read more of this story at Slashdot.

Amazon Sued For Not Telling New York Store Customers About Facial Recognition

Amazon did not alert its New York City customers that they were being monitored by facial recognition technology, a lawsuit filed Thursday alleges. CNBC reports: In a class-action suit, lawyers for Alfredo Perez said that the company failed to tell visitors to Amazon Go convenience stores that the technology was in use. Thanks to a 2021 law, New York is the only major American city to require businesses to post signs if they’re tracking customers’ biometric information, such as facial scans or fingerprints. […] The lawsuit says that Amazon only recently put up signs informing New York customers of its use of facial recognition technology, more than a year after the disclosure law went into effect. “To make this ‘Just Walk Out’ technology possible, the Amazon Go stores constantly collect and use customers’ biometric identifier information, including by scanning the palms of some customers to identify them and by applying computer vision, deep learning algorithms, and sensor fusion that measure the shape and size of each customer’s body to identify customers, track where they move in the stores, and determine what they have purchased,” says the lawsuit.

“It means that even a global tech giant can’t ignore local privacy laws,” Albert Cahn, project director, said in a text message. “As we wait for long overdue federal privacy laws, it shows there is so much local governments can do to protect their residents.”

Read more of this story at Slashdot.

The Washington Post Says There’s ‘No Real Reason’ to Use a VPN

Some people try to hide parts of their email address from online scrapers by spelling out “at” and “dot,” notes a Washington Post technology newsletter. But unfortunately, “This spam-fighting trick doesn’t work. At all.” They warn that it’s not just a “piece of anti-spam fiction,” but “an example of the digital self-protection myths that drain your time and energy and make you less safe.

“Today, let’s kill off four privacy and security bogus beliefs, including that you need a VPN to stay safe online. (No, you probably don’t.)
Myth No. 3: You need a VPN to stay safe online.
…for most people in the United States and other democracies, “There is no real reason why you should use a VPN,” said Frédéric Rivain, chief technology officer of Dashlane, a password management service that also offers a VPN…. If you’re researching sensitive subjects like depression and don’t want family members to know or corporations to keep records of your activities, Rivain said you might be better off using a privacy-focused web browser such as Brave or the search engine DuckDuckGo. If you use a VPN, that company has records of what you’re doing. And advertisers will still figure out how to pitch ads based on your online activities.

P.S. If you’re concerned about crooks stealing your info when you use WiFi networks in coffee shops or airports and want to use a VPN to disguise what you’re doing, you probably don’t need to. Using public WiFi is safe now in most circumstances, my colleague Tatum Hunter has reported.
“Many VPNs are also dodgy and may do far more harm than good,” their myth-busting continues, referring readers to an earlier analysis by the Washington Post (with some safe recommendations).

On a more sympathetic note, they acknowledge that “It’s exhausting to be a human on the internet. Companies and public officials could be doing far more to protect you.”

But as it is, “the internet is a nonstop scam machine and a little paranoia is healthy.”

Read more of this story at Slashdot.

Tile Ads Undetectable Anti-Theft Mode To Tracking Devices, With $1 Million Fine If Used For Stalking

AirTag competitor Tile today announced a new Anti-Theft Mode for Tile tracking devices, which is designed to make Tile accessories undetectable by the anti-stalking Scan and Secure feature. MacRumors reports: Scan and Secure is a security measure that Tile implemented in order to allow iPhone and Android users to scan for and detect nearby Tile devices to keep them from being used for stalking purposes. Unfortunately, Scan and Secure undermines the anti-theft capabilities of the Tile because a stolen device’s Tile can be located and removed, something also possible with similar security features added for AirTags. Tile’s Anti-Theft Mode disables Scan and Secure so a Tile tracking device will not be able to be located by a person who does not own the tracker. To prevent stalking with Anti-Theft Mode, Tile says that customers must register using multi-factor identification and agree to stringent usage terms, which include a $1 million fine if the device ends up being used to track a person without their consent.

The Anti-Theft Mode option is meant to make it easier to locate stolen items by preventing thieves from knowing an item is being tracked. Tile points out that in addition to Anti-Theft Mode, its trackers do not notify nearby smartphone users when an unknown Bluetooth tracker is traveling with them, making them more useful for tracking stolen items than AirTags. Apple has added alerts for nearby AirTags to prevent AirTags from being used for tracking people. Enabling Anti-Theft mode will require users to link a government-issued ID card to their Tile account, submitting to an “advanced ID verification process” that uses a biometric scan to detect fake IDs. […] Anti-Theft Mode is rolling out to Tile users starting today, and will be available to all users in the coming weeks.

Read more of this story at Slashdot.

Dashlane Publishes Its Source Code To GitHub In Transparency Push

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent. TechCrunch reports: The Dashlane Android app code is available now alongside the iOS incarnation, though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn’t specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase “fully open source,” but in response to a handful of questions posed by TechCrunch, it appears that won’t in fact be the case.

At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too –” however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a Creative Commons Attribution-NonCommercial 4.0 license, which technically means that users are allowed to copy, share and build upon the codebase so long as it’s for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. […]

“The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application,” the company wrote. “Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code.” On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called “white-hat hackers” will now be better equipped to earn bug bounties. “Transparency and trust are part of our company values, and we strive to reflect those values in everything we do,” Dashlane continued. “We hope that being transparent about our code base will increase the trust customers have in our product.”

Read more of this story at Slashdot.

Apple Device Analytics Contain Identifying iCloud User Data, Claim Security Researchers

A new analysis has claimed that Apple’s device analytics contain information that can directly link information about how a device is used, its performance, features, and more, directly to a specific user, despite Apple’s claims otherwise. MacRumors reports: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an ID called “dsId,” which stands for Directory Services Identifier. The analysis found that the dsId identifier is unique to every iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

On Apple’s device analytics and privacy legal page, the company says no information collected from a device for analytics purposes is traceable back to a specific user. “iPhone Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. None of the collected information identifies you personally,” the company claims. In one possible differentiator, Apple says that if a user agrees to send analytics information from multiple devices logged onto the same iCloud account, it may “correlate some usage data about Apple apps across those devices by syncing using end-to-end encryption.” Even in doing so, however, Apple says the user remains unidentifiable to Apple. We’ve reached out to Apple for comment.

Read more of this story at Slashdot.

Customs Officials Have Copied Americans’ Phone Data at Massive Scale

SpzToid writes: U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from cellphones, iPads and computers seized from travelers at the country’s airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer. The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.

Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for “allowing indiscriminate rifling through Americans’ private records” and called for stronger privacy protections. The revelations add new detail to what’s known about the expanding ways that federal investigators use technology that many Americans may not understand or consent to. Agents from the FBI and Immigration and Customs Enforcement, another Department of Homeland Security agency, have run facial recognition searches on millions of Americans’ driver’s license photos. They have tapped private databases of people’s financial and utility records to learn where they live. And they have gleaned location data from license-plate reader databases that can be used to track where people drive.

Read more of this story at Slashdot.

Google Tracks 39 Types of Personal Data, Apple Tracks 12

New research claims that of five major Big Tech firms, Google tracks more private data about users than any other — and Apple tracks the least. AppleInsider reports: Apple has previously introduced App Tracking Transparency specifically to protect the privacy of users from other companies. However, a new report says that Apple is also avoiding doing any more tracking itself than is needed to run its services. According to StockApps.com, Apple “is the most privacy-conscious firm out there.” “Apple only stores the information that is necessary to maintain users’ accounts,” it continues. “This is because their website is not as reliant on advertising revenue as are Google, Twitter, and Facebook.”

The StockApps.com report does not list what it describes as the “data points” that Big Tech firms collect for every user. However, it says they include location details, browser history, activity on third-party websites, and in Google’s case, also emails in Gmail. It also doesn’t detail its methodology, but does say that it used marketing firm digitalinformationworld to investigate Apple, Amazon, Facebook, Google, and Twitter. Of these five, Google reportedly tracks 39 separate data points per user, while Apple tracks only 12. Unexpectedly, Facebook is stated as tracking only 14 data points, while Amazon tracks 23, and Twitter tracks 24.

Read more of this story at Slashdot.