After Russia invaded Ukraine in late February, "VPNs have been downloaded in Russia by the hundreds of thousands a day," reports the Washington Post, "a massive surge in demand that represents a direct challenge to President Vladimir Putin and his attempt to seal Russians off from the wider world.

"By protecting the locations and identities of users, VPNs are now granting millions of Russians access to blocked material...." Daily downloads in Russia of the 10 most popular VPNs jumped from below 15,000 just before the war to as many as 475,000 in March. As of this week, downloads were continuing at a rate of nearly 300,000 a day, according to data compiled for The Washington Post by the analytics firm Apptopia, which relies on information from apps, public data and an algorithm to come up with estimates. Russian clients typically download multiple VPNs, but the data suggests millions of new users per month. In early April, Russian telecom operator Yota reported that the number of VPN users was over 50 times as high as in January, according to the Tass state news service.

The Internet Protection Society, a digital rights group associated with jailed Russian opposition leader Alexei Navalny, launched its own VPN service last month and reached its limit of 300,000 users within 10 days, according to executive director Mikhail Klimarev. Based on internal surveys, he estimates that the number of VPN users in Russia has risen to roughly 30 percent of the 100 million Internet users in Russia. To combat Putin, "Ukraine needs Javelin and Russians need Internet," Klimarev said....

In the days before the war, and in the weeks since then, Russian authorities have also ratcheted up pressure on Google, asking the search engine to remove thousands of Internet sites associated with VPNs, according to the Lumen database, an archive of legal complaints related to Internet content. Google, which did not respond to a request for comment, still includes banned sites in search results.... Although downloading a VPN is technically easy, usually requiring only a few clicks, purchasing a paid VPN has become complicated in Russia, as Western sanctions have rendered Russian credit and debit cards nearly useless outside the country. That has forced many to resort to free VPNs, which can have spotty service and can sell information about users.

Vytautas Kaziukonis, chief executive of Surfshark — a Lithuania-based VPN that saw a 20-fold increase in Russian users in March — said some of those customers are now paying in cryptocurrencies or through people they know in third countries.
One 52-year-old told the Post that downloading a VPN "brought back memories of the 1980s in the Soviet Union, when he used a shortwave radio to hear forbidden news of dissident arrests on Radio Liberty, which is funded by the United States."

"We didn't know what was going on around us. That's true again now."

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. BleepingComputer reports: The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." Like many users, we unexpectedly received a password reset email from Heroku, even though BleepingComputer does not have any OAuth integrations that use Heroku apps or GitHub. This indicated that these password resets were related to another matter. [...]

In its quest to be more transparent with the community, Heroku has shed some light on the incident, starting a few hours ago. "We value transparency and understand our customers are seeking a deeper understanding of the impact of this incident and our response to date," says Heroku. The cloud platform further stated that after working with GitHub, threat intel vendors, industry partners and law enforcement during the investigation it had reached a point where more information could be shared without compromising the ongoing investigation:

"On April 7, 2022, a threat actor obtained access to a Heroku database and downloaded stored customer GitHub integration OAuth tokens. Access to the environment was gained by leveraging a compromised token for a Heroku machine account. According to GitHub, the threat actor began enumerating metadata about customer repositories with the downloaded OAuth tokens on April 8, 2022. On April 9, 2022, the attacker downloaded a subset of the Heroku private GitHub repositories from GitHub, containing some Heroku source code. GitHub identified the activity on April 12, 2022, and notified Salesforce on April 13, 2022, at which time we began our investigation. As a result, on April 16, 2022, we revoked all GitHub integration OAuth tokens, preventing customers from deploying apps from GitHub through the Heroku Dashboard or via automation. We remain committed to ensuring the integration is secure before we re-enable this functionality." Heroku users are advised to continue monitoring the security notification page for updates related to the incident.

Slashdot reader schwit1 shares this report from an automotive blog called The Truth About Cars: A group of German automakers, chemical concerns, and battery producers have announced the joint development of a "battery passport" designed to help government regulators trace the history of the cells. The consortium is funded by the German government and is supposed to work in tandem with new battery regulations that are being prepared by the European Union.

According to the German economic ministry, officially the Federal Ministry for Economic Affairs and Climate Action, the overarching plan is for the EU to mandate traceable hardware be installed in all batteries used in the continent by 2026. Those intended for use in electric vehicles are up first, with the passport scheme also serving to chronicle everything from the vehicle's repair history to where the power cell's raw materials were sourced.
Reuters reports that batteries "could carry a QR code linking to an online database where EV owners, businesses or regulators could access information on the battery's composition." This digital tool should also make it easier to recycle raw materials inside batteries, the government statement said, which would cut dependence on foreign suppliers which control the vast majority of resources, like lithium and nickel, essential for battery production.

While Russia's "relentless digital assaults" on Ukraine might seem less damaging than anticipated, the attacks actually focused on a different goal with "chilling potential consequences," reports the Associated Press. "Data collection."

Even in an early February blog post, Microsoft said Russia's intelligence agency had tried "exfiltrating sensitive information" over the previous six months from military, government, military, judiciary and law enforcement agencies.

The AP reports: Ukrainian agencies breached on the eve of the February 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites. The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine's population, cybersecurity and military intelligence analysts say. It's information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.

"Fantastically useful information if you're planning an occupation," Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, "knowing exactly which car everyone drives and where they live and all that."

As the digital age evolves, information dominance is increasingly wielded for social control, as China has shown in its repression of the Uyghur minority. It was no surprise to Ukrainian officials that a prewar priority for Russia would be compiling information on committed patriots. "The idea was to kill or imprison these people at the early stages of occupation," Victor Zhora, a senior Ukrainian cyber defense official, alleged.... There is little doubt political targeting is a goal. Ukraine says Russian forces have killed and kidnapped local leaders where they grab territory....

The Ukrainian government says the Jan. 14 auto insurance hack resulted in the pilfering of up to 80% of Ukrainian policies registered with the Motor Transport Bureau.
But the article also points out that Ukraine also "appears to have done significant data collection — quietly assisted by the U.S., the U.K., and other partners — targeting Russian soldiers, spies and police, including rich geolocation data." Serhii Demediuk [deputy secretary of Ukraine's National Security and Defense Council] said the country knows "exactly where and when a particular serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land."

"We know their cell phone numbers, the names of their parents, wives, children, their home addresses," who their neighbors are, where they went to school and the names of their teachers, he said.

Analysts caution that some claims about data collection from both sides of the conflict may be exaggerated. But in recordings posted online by Ukrainian Digital Transformation Minister Mikhailo Fedorov, callers are heard phoning the far-flung wives of Russian soldiers and posing as Russian state security officials to say parcels shipped to them from Belarus were looted from Ukrainian homes.

In one, a nervous-sounding woman acknowledges receiving what she calls souvenirs — a woman's bag, a keychain.

The caller tells her she shares criminal liability, that her husband "killed people in Ukraine and stole their stuff."

She hangs up.

An anonymous reader shares a report: C onstance Chioma calls her son every morning to check that he is safe while studying in northeast Nigeria, a region plagued by deadly attacks by Islamist insurgents and armed kidnappings. Earlier this month, she could not get through. She later realised her SIM card was one of about 73 million - more than a third of the 198 million in Nigeria - which have been barred from making outgoing calls because they have not been registered in the national digital identity database.

[...] Nigeria is among dozens of African countries including Ghana, Egypt and Kenya with SIM registration laws that authorities say are necessary for security purposes, but digital rights experts here say increase surveillance and hurts privacy. Nigeria has been rolling out 11-digit electronic national identity cards for almost a decade, which record an individual's personal and biometric data, including fingerprints and photo. The National Identity Number (NIN) is required to open a bank account, apply for a driver's license, vote, get health insurance, and file tax returns. In 2020, Nigeria's telecommunications regulator said every active mobile phone number must be linked to the user's NIN. It repeatedly extended the deadline until March 31 this year. The government said outgoing calls were being barred from April 4 here from any mobile phone numbers that had not complied.

CNN profiles Bellingcat, a Netherlands-based investigative group specializing in "open-source intelligence". And investigator Christo Grozev tells CNN that authoritarian governments make their work easier, because "they love to gather data, comprehensive data, on ... what they consider to be their subjects, and therefore there's a lot of centralized data."

"And second, there's a lot of petty corruption ... within the law enforcement system, and this data market thrives on that." Billions have been spent on creating sophisticated encrypted communications for the military in Russia. But most of that money has been stolen in corrupt kickbacks, and the result is they didn't have that functioning system... It is shocking how incompetent they are. But it was to be expected, because it's a reflection of 23 years of corrupt government.
Interestingly there's apparently less corruption in China — though more whistleblowers. But Bellingcat's first investigation involved the 2014 downing of a Boeing 777 over eastern Ukraine that killed 283 passengers. (The Dutch Safety Board later concluded it was downed by a surface-to-air missile launched from pro-Russian separatist-controlled territory in Ukraine.) "At that time, a lot of public data was available on Russian soldiers, Russian spies, and so on and so forth — because they still hadn't caught up with the times, so they kept a lot of digital traces, social media, posting selfies in front of weapons that shoot down airliners. That's where we kind of perfected the art of reconstructing a crime based on digital breadcrumbs..."

"By 2016, it was no longer possible to find soldiers leaving status selfies on the internet because a new law had been passed in Russia, for example, banning the use of mobile phones by secret services and by soldiers. So we had to develop a new way to get data on government crime. We found our way into this gray market of data in Russia, which is comprised of many, many gigabytes of leaked databases, car registration databases, passport databases. Most of these are available for free, completely freely downloadable from torrent sites or from forums and the internet." And for some of them, they're more current. You actually can buy the data through a broker, so we decided that in cases when we have a strong enough hypothesis that a government has committed the crime, we should probably drop our ethical boundaries from using such data — as long as it is verifiable, as long as it is not coming from one source only but corroborated by at least two or three other sources of data. That's how we develop it. And the first big use case for this approach was the ... poisoning of Sergei and Yulia Skripal in 2018 (in the United Kingdom), when we used this combination of open source and data bought from the gray market in Russia to piece together who exactly the two poisoners were. And that worked tremendously....

It has been what I best describe as a multilevel computer game.... [W]hen we first learned that we can get private data, passport files and residence files on Russian spies who go around killing people, they closed the files on those people. So every spy suddenly had a missing passport file in the central password database. But that opened up a completely new way for us to identify spies, because we were just able to compare older versions of the database to newer versions. So that allowed us to find a bad group of spies that we didn't even know existed before.

The Russian government did realize that that's maybe a bad idea to hide them from us, so they reopened those files but just started poisoning data. They started changing the photographs of some of these people to similar looking, like lookalikes of the people, so that they confused us or embarrass us if we publish a finding but it's for the wrong guy. And then we'll learn how to beat that.
When asked about having dropped some ethical boundaries about data use, Grozev replies "everything changes. Therefore, the rules of journalism should change with the changing times." "And it's not common that journalism was investigating governments conducting government-sanctioned crimes, but now it's happening." With a country's ruler proclaiming perpetual supreme power, "This is not a model that traditional journalism can investigate properly. It's not even a model that traditional law enforcement can investigate properly." I'll give an example. When the British police asked, by international agreement, for cooperation from the Russian government to provide evidence on who exactly these guys were who were hanging around the Skripals' house in 2018, they got completely fraudulent, fake data from the Russian government....

So the only way to counter that as a journalist is to get the data that the Russian government is refusing to hand over. And if this is the only way to get it, and if you can be sure that you can prove that this is valid data and authentic data — I think it is incumbent on journalists to find the truth. And especially when law enforcement refuses to find the truth because of honoring the sovereign system of respecting other governments.
It was Bellingcat that identified the spies who's poisoned Russian opposition leader Alexey Navalny. CNN suggests that for more details on their investigation, and "to understand Vladimir Putin's stranglehold on power in Russia, watch the new film Navalny which premieres Sunday at 9 p.m. ET on CNN."

The movie's tagline? "Poison always leaves a trail."

Ukrainian officials "have run more than 8,600 facial recognition searches on dead or captured Russian soldiers in the 50 days since Moscow's invasion began, using the scans to identify bodies and contact hundreds of their families," reports the Washington Post.

Ukraine's IT Army (taking direction from Ukraine's government) "says it has used those identifications to inform the families of the deaths of 582 Russians, including by sending them photos of the abandoned corpses." The Ukrainians champion the use of face-scanning software from the U.S. tech firm Clearview AI as a brutal but effective way to stir up dissent inside Russia, discourage other fighters and hasten an end to a devastating war. But some military and technology analysts worry that the strategy could backfire, inflaming anger over a shock campaign directed at mothers who may be thousands of miles from the drivers of the Kremlin's war machine.

The West's solidarity with Ukraine makes it tempting to support such a radical act designed to capitalize on family grief, said Stephanie Hare, a surveillance researcher in London. But contacting soldiers' parents, she said, is "classic psychological warfare" and could set a dangerous new standard for future conflicts. "If it were Russian soldiers doing this with Ukrainian mothers, we might say, 'Oh, my God, that's barbaric,' " she said. "And is it actually working? Or is it making them say: 'Look at these lawless, cruel Ukrainians, doing this to our boys?' "

Clearview AI's chief executive, Hoan Ton-That, told The Washington Post that more than 340 officials across five Ukrainian government agencies now can use its tool to run facial recognition searches whenever they want, free of charge. Clearview employees now hold weekly, sometimes daily, training calls over Zoom with new police and military officials looking to gain access. Ton-That recounted several "'oh, wow' moments" as the Ukrainians witnessed how much data — including family photos, social media posts and relationship details — they could gather from a single cadaver scan.

Some of them are using Clearview's mobile app to scan faces while on the battlefield, he said. Others have logged in for training while stationed at a checkpoint or out on patrol, the night sky visible behind their faces. "They're so enthusiastic," Ton-That said. "Their energy is really high. They say they're going to win, every call...."
About 10% of Clearview's database came from Russia's biggest social network, the Post learns from Clearview's chief executive, ""making it a potentially useful tool for battlefield scans." Ukrainian agencies, Ton-That said, have used the app to confirm the identities of people at military checkpoints and to check whether a Ukrainian is a possible Russian infiltrator or saboteur. He argued that the system could deter Russian soldiers from committing war crimes, for fear of being identified, and said the Ukrainians are considering using the tool to verify the identities of Ukrainian refugees and their hosts as they flee for safety.... Beyond scanning corpses, Ukraine also is using facial recognition to identify Russian soldiers caught on camera looting Ukrainian homes and storefronts, an official with Ukraine's Digital Transformation Ministry told The Post. Mykhailo Fedorov, the head of that ministry, this month shared on Twitter and Instagram the name, hometown and personal photo of a man he said was recorded shipping hundreds of pounds of looted clothes from a Belarus post office to his home in eastern Russia. "Our technology will find all of them," he wrote.
The article asks what happens if software makes a mistake in its identification — but Clearview's chief executive argues their tool is accurate Ton-That said the company's sole ambition is to help defend a besieged country. But he also acknowledged the war has helped provide a "good example for other parts of the U.S. government to see how these use cases work."

"This is a new war," he said. And the Ukrainians are "very creative with what they've been able to do."
Thanks to Slashdot readers fbobraga and schwit1 for submitting the article.

An anonymous reader quotes a report from Motherboard: Last year, T-Mobile confirmed it was breached after hackers offered to sell the personal data of 30 million of its customers for 6 bitcoin worth around $270,000 at the time. According to court documents unsealed today and reviewed by Motherboard, a third-party hired by T-Mobile tried to pay the hackers for exclusive access to that data and limit it from leaking more widely. The plan ultimately failed, and the criminals continued to sell the data despite the third-party giving them a total of $200,000. But the news unearths some of the controversial tactics that might be used by companies as they respond to data breaches, either to mitigate the leak of stolen information or in an attempt to identify who has breached their networks.

On Tuesday, the Department of Justice unsealed an indictment against Diogo Santos Coelho, who it alleges is the administrator of a popular hacking site called RaidForums. Law enforcement also uploaded a banner to the RaidForums site announcing they had taken over its domain. Coelho was arrested in the United Kingdom in March. Included in the affidavit in support of request for his extradition to the United States is a section describing a particular set of data that was advertised on RaidForums in August. [...] The document does not name the victim company, instead referring to it as Company 3, but says another post confirmed that the data belonging to "a major telecommunications company and wireless network operator that provides services in the United States.

The document goes on to say that this company "hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals." An employee of this third-party posed as a potential buyer and used the RaidForums' administrator's middleman service to buy a sample of the data for $50,000 in Bitcoin, the document reads. That employee then purchased the entire database for around $150,000, with the caveat that SubVirt would delete their copy of the data, it adds. The purpose of the deletion would be that this undercover customer would be the only one with a copy of the stolen information, greatly limiting the chance of it leaking out further. That's not what happened. The document says that "it appears the co-conspirators continued to attempt to sell the databases after the third-party's purchase." Company 3, the unnamed telecommunications firm that hired this third-party, was T-Mobile, according to Motherboard's review of the timeline and information included in the court records. The third-party that paid cybercriminals $200,000 may have been Mandiant, though the security company has yet to confirm with Motherboard. In March, Mandiant announced it was being acquired by Google.

Nissan is working with NASA on a new type of battery for electric vehicles that promises to charge more quickly and be lighter yet safe, the Japanese automaker said Friday. CBS News reports: The all-solid-state battery will replace the lithium-ion battery now in use for a 2028 product launch and a pilot plant launch in 2024, according to Nissan. The battery would be stable enough to be used in pacemakers, Nissan said. When finished, it will be about half the size of the current battery and fully charge in 15 minutes instead of a few hours.

The collaboration with the U.S. space program, as well as the University of California San Diego, involves the testing of various materials, Corporate Vice President Kazuhiro Doi told reporters. "Both NASA and Nissan need the same kind of battery," he said. Nissan and NASA are using what's called the "original material informatics platform," a computerized database, to test various combinations to see what works best among hundreds of thousands of materials, Doi said. The goal is to avoid the use of expensive materials like rare metals needed for lithium-ion batteries.

The startup promises a fairly-distributed, cryptocurrency-based universal basic income. So far all it's done is build a biometric database from the bodies of the poor. MIT Technology Review reports: On a sunny morning last December, Iyus Ruswandi, a 35-year-old furniture maker in the village of Gunungguruh, Indonesia, was woken up early by his mother. A technology company was holding some kind of "social assistance giveaway" at the local Islamic elementary school, she said, and she urged him to go. Ruswandi joined a long line of residents, mostly women, some of whom had been waiting since 6 a.m. In the pandemic-battered economy, any kind of assistance was welcome. At the front of the line, representatives of Worldcoin Indonesia were collecting emails and phone numbers, or aiming a futuristic metal orb at villagers' faces to scan their irises and other biometric data. Village officials were also on site, passing out numbered tickets to the waiting residents to help keep order. Ruswandi asked a Worldcoin representative what charity this was but learned nothing new: as his mother said, they were giving away money.

Gunungguruh was not alone in receiving a visit from Worldcoin. In villages across West Java, Indonesia -- as well as college campuses, metro stops, markets, and urban centers in two dozen countries, most of them in the developing world -- Worldcoin representatives were showing up for a day or two and collecting biometric data. In return they were known to offer everything from free cash (often local currency as well as Worldcoin tokens) to Airpods to promises of future wealth. In some cases they also made payments to local government officials. What they were not providing was much information on their real intentions. This left many, including Ruswandi, perplexed: What was Worldcoin doing with all these iris scans?

To answer that question, and better understand Worldcoin's registration and distribution process, MIT Technology Review interviewed over 35 individuals in six countries -- Indonesia, Kenya, Sudan, Ghana, Chile, and Norway -- who either worked for or on behalf of Worldcoin, had been scanned, or were unsuccessfully recruited to participate. We observed scans at a registration event in Indonesia, read conversations on social media and in mobile chat groups, and consulted reviews of Worldcoin's wallet in the Google Play and Apple stores. We interviewed Worldcoin CEO Alex Blania, and submitted to the company a detailed list of reporting findings and questions for comment. Our investigation revealed wide gaps between Worldcoin's public messaging, which focused on protecting privacy, and what users experienced. We found that the company's representatives used deceptive marketing practices, collected more personal data than it acknowledged, and failed to obtain meaningful informed consent. These practices may violate the European Union's General Data Protection Regulations (GDPR) -- a likelihood that the company's own data consent policy acknowledged and asked users to accept -- as well as local laws.

An anonymous reader shares a report: Almost the entire global population (99%) breathes air that exceeds WHO air quality limits, and threatens their health. A record number of over 6000 cities in 117 countries are now monitoring air quality, but the people living in them are still breathing unhealthy levels of fine particulate matter and nitrogen dioxide, with people in low and middle-income countries suffering the highest exposures. The findings have prompted the World Health Organization to highlight the importance of curbing fossil fuel use and taking other tangible steps to reduce air pollution levels.

Released in the lead-up to World Health Day, which this year celebrates the theme Our planet, our health, the 2022 update of the World Health Organization's air quality database introduces, for the first time, ground measurements of annual mean concentrations of nitrogen dioxide (NO2), a common urban pollutant and precursor of particulate matter and ozone. It also includes measurements of particulate matter with diameters equal or smaller than 10 um (PM10) or 2.5 um (PM2.5). Both groups of pollutants originate mainly from human activities related to fossil fuel combustion. The new air quality database is the most extensive yet in its coverage of air pollution exposure on the ground. Some 2,000 more cities/human settlements are now recording ground monitoring data for particulate matter, PM10 and/or PM2.5, than the last update. This marks an almost 6-fold rise in reporting since the database was launched in 2011.

slack_justyb writes: After the failure of the Chrome user-tracking system that was called FLoC, Google's latest try at topic tracking to replace the 3rd party cookie (that Chrome is the only browser to still support) is FLEDGE and the most recent drop of Canary has this on full display for users and privacy advocates to dive deeper into. This recent release shows Google's hand that it views user tracking as a mandatory part of internet usage, especially given this system's eye-rolling name of "Privacy Sandbox" and the tightness in the coupling of this new API to the browser directly.

The new API will allow the browser itself to build what it believes to be things that you are interested in, based on broad topics that Google creates. New topics and methods for how you are placed into those topics will be added to the browser's database and indexing software via updates from Google. The main point to take away here though is that the topic database is built using your CPU's time. At this time, opting out of the browser building this interest database is possible thus saving you a few cycles from being used for that purpose. In the future there may not be a way to stop the browser from using cycles to build the database; the only means may be to just constantly remove all interest from your personal database. At this time there doesn't seem to be any way to completely turn off the underlying API. A website that expects this API will always succeed in "some sort of response" so long as you are using Chrome. The response may be that you are interested in nothing, but a response none-the-less. Of course, sending a response of "interested in nothing" would more than likely require someone constantly, and timely, clearing out the interest database, especially if at some later time the option to turn off the building of the database is removed.

With 82% of Google's empire based on ad revenue, this latest development in Chrome shows that Google is not keen on any moves to threaten their main money maker. Google continues to argue that it is mandatory that it builds a user tracking and advertising system into Chrome, and the company says it won't block third-party cookies until it accomplishes that -- no matter what the final solution may ultimately be. The upshot, if it can be called that, of the FLEDGE API over FLoC, is that abuse of FLEDGE looks to yield less valuable results. And attempting to use the API alone to pick out an individual user via fingerprinting or other methods employed elsewhere seems to be rather difficult to do. But only time will tell if that remains true or just Google idealizing this new API. As for the current timeline, here's what the company had to say in the latest Chromium Blog post: "Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We'll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we'll make API testing available in the stable version of Chrome to expand testing to more Chrome users."

Apple Stores and Apple Authorized Service Providers will now be alerted if an iPhone has been reported as missing in the GSMA Device Registry when a customer brings in the device to be serviced, according to an internal memo obtained by MacRumors. From the report: If an Apple technician sees a message in their internal MobileGenius or GSX systems indicating that the device has been reported as missing, they are instructed to decline the repair, according to Apple's memo shared on Monday. The new policy should help to reduce the amount of stolen iPhones brought to Apple for repair. The GSMA Device Registry is a global database designed for customers to report their devices as missing in the event of loss or theft. The report notes that Apple Stores and Apple Authorized Service Providers "are already unable to service an iPhone if the customer cannot disable Find My iPhone."

In 2018 police arrested "the Golden State Killer" — now a 72-year-old man who had committed 13 murders between 1974 and 1986, the New York Times remembers: What made the investigation possible was GEDmatch, a low-frills, online gathering place for people to upload DNA test results from popular direct-to-consumer services such as Ancestry or 23andMe, in hopes of connecting with unknown relatives. The authorities' decision to mine the genealogical enthusiasts' data for investigative leads was shocking at the time, and led the site to warn users. But the practice has continued, and has since been used in hundreds of cases.
But now using similar techniques, a wellness coach born in Mississippi (through a Facebook group called DNA Detectives) has helped over 200 strangers identify their unknown parents, the Times reports.

And she's recently donated more than $100,000 to a genetics lab called Othram — to fund the sequencing of DNA to solve cold cases back in her home state. "These families have waited so long for answers," she told the New York Times, which calls her "part of a growing cohort of amateur DNA detectives..." [Othram] created a site called DNASolves to tell the stories of horrific crimes and tragic John and Jane Does — with catchy names like "Christmas tree lady" and "angel baby" — to encourage people to fund budget-crunched police departments, so that they can hire Othram. A competitor, Parabon NanoLabs, had created a similar site called JusticeDrive, which has raised around $30,000.

In addition to money, Othram encouraged supporters to donate their DNA, a request that some critics called unseemly, saying donors should contribute to databases easily available to all investigators. "Some people are too nervous to put their DNA in a general database," said Mr. Mittelman, who declined to say how large his database is. "Ours is purpose-built for law enforcement."
Another group raising money for genetic investigations are the producers of true-crime podcasts — and their listeners. According to the article, the podcast-producing company Audiochuck has donated roughly $800,000 to organizations doing investigative genealogical research (including Othram), though the majority went to a nonprofit started by the host of the "Crime Junkie" podcast. (And that nonprofit raised another $250,000, some through crowdfunding.)

"Why just listen to a murder podcast when you can help police comb through genealogical databases for the second cousins of suspected killers and their unidentified victims?" the Times asks? So far donors around the country have given at least a million dollars to the cause. They could usher in a world where few crimes go unsolved — but only if society is willing to accept, and fund, DNA dragnets.... A group of well-off friends calling themselves the Vegas Justice League has given Othram $45,000, resulting in the solving of three murder-rape cases in Las Vegas, including those of two teenage girls killed in 1979 and in 1989.... [T]he perpetrators were dead....

Natalie Ram, a law professor at the University of Maryland, expressed concern about "the public picking and choosing between cases," saying investigative priorities could be determined by who can donate the most. Ms. Ram said the "largest share" of cases solved so far with the method "tend to involve white female victims...."

Ms. Ram is also concerned about the constitutional privacy issues raised by the searches, particularly for those people who haven't taken DNA tests or uploaded their results to the public internet. Even if you resolve never to put your DNA on a site accessible to law enforcement authorities, you share DNA with many other people so could still be discoverable. All it takes is your sibling, aunt or even a distant cousin deciding differently.

"Music was one of the first industries that felt the sonic boom of the internet, starting with song-sharing websites like Napster in the late 1990s and iTunes digital downloads later," writes the New York Times.

They take a quick look at how the music industry "survived an online revolution," arguing that streaming services "saved the music industry from the jaws of the internet," making it financially healthy and giving it a wider reach.

"But all is not entirely well." Even now, the music industry in the United States generates less revenue than at the peak of the CD. There's a raging debate about how long the gravy train from streaming will last. And many musicians and others say that they're not sharing in the spoils from the digital transformation....

First, I'll lay out the case that the music industry is doing awesome. More than 500 million people around the world pay for digital music, mostly in fees for services such as Spotify, Apple Music or Tencent Music, which is based in China. Those services have given the industry something it has never had before: a steady stream of cash every month. The industry also is making money a gazillion ways. When you watch a music video on YouTube, money flows to the people responsible for that song. TikTok pays record companies when videos feature their popular songs....

Revenue for the music industry has been increasing consistently since 2015, but revenue from all sources — including streaming subscriptions, CDs and royalties from elevator music — is still less than it was in 1999. Total industry revenue back then was about $24 billion adjusted for inflation, and revenue in 2021 was $15 billion, according to the Recording Industry Association of America. (Global sales data from a different music trade group show a similar trajectory.) There aren't an infinite number of people who are willing to pay the going rate in many countries of $10 a month to access a whole bunch of songs on their phones via a service like Spotify. That's what worries people who believe the music industry's digital success has peaked.
Finally, the article points out that even the most-popular songs...aren't as popular as songs got in the past. And then it links to a story headlined "Streaming Saved Music. Artists Hate It."

"The big winners are the streaming services and the large record companies. The losers are the 99 percent of artists who aren't at Beyoncé's level of fame. And they're angry about not sharing in the music industry's success."

The Washington Post looks at what happened after Starlink activated its satellite-based internet service to help Ukraine: Ukraine has already received thousands of antennas from Musk's companies and European allies, which has proved "very effective," Ukraine's minister of digital transformation, Mykhailo Fedorov said in an interview with The Washington Post Friday. "The quality of the link is excellent," Fedorov said through a translator, using a Starlink connection from an undisclosed location. "We are using thousands, in the area of thousands, of terminals with new shipments arriving every other day...." A person familiar with Starlink's effort in Ukraine, speaking on the condition of anonymity to discuss sensitive matters, said there are more than 5,000 terminals in the country....

Internet flows deteriorated on the first day of Russia's invasion of Ukraine on Feb. 24 and have not fully recovered, according to data-monitoring services. But since that initial dip, connectivity has remained fairly stable, with mainly temporary, isolated outages even during heavy Russian shelling. "Every day there are outages, but generally service comes back," said Doug Madory, director of Internet analysis for Kentik, which monitors global data flows.

Even before Fedorov tweeted at Musk for help, SpaceX was working on a way to get Starlink to Ukraine. President and COO Gwynne Shotwell said in a talk at California Institute of Technology this month that the company had been working for several weeks to get regulatory approval to allow the satellites to communicate in Ukraine.
In addition, the Washington Post reports, this week on Twitter Elon Musk also "challenged Putin to a fight and followed up by pledging he would use just one hand if Putin was scared. And he told Putin he could bring a bear." Reached for comment by the Post's reporters, Elon Musk responded by telling The Post to give his regards "to your puppet master Besos," following it with two emojis.

But the Post's article also argues Starlink's technology "could have widespread implications for the future of war. Internet has become an essential tool for communication, staying informed and even powering weapons." And The Telegraph reports that Starlink "is helping Ukrainian forces win the drone war as they use the technology in their effort to track and kill invading Russians." In the vanguard of Ukraine's astonishingly effective military effort against Vladimir Putin's forces is a unit called Aerorozvidka (Aerial Reconnaissance) which is using surveillance and attack drones to target Russian tanks and positions. Amid internet and power outages, which are expected to get worse, Ukraine is turning to the newly available Starlink system for some of its communications. Drone teams in the field, sometimes in badly connected rural areas, are able to use Starlink to connect them to targeters and intelligence on their battlefield database. They can direct the drones to drop anti-tank munitions, sometimes flying up silently to Russian forces at night as they sleep in their vehicles...

Should Ukraine's internet largely collapse, the "drone warriors" of Aerorozvidka would still be able to communicate with their bases by sending signals from mobile Starlink terminals, and using ground stations in neighbouring countries including Poland.... As Ukraine's internet is inevitably degraded, Starlink will be an alternative. General James Dickinson, commander of US Space Command, told the Senate armed services committee: "What we're seeing with Elon Musk and the Starlink capabilities is really showing us what a megaconstellation, or a proliferated architecture, can provide in terms of redundancy and capability."
It's not all Starlink. The Telegraph points out that "The Ukrainian system benefitted from equipment given by Western countries, including radio communications which superceded Soviet-era technology, and the US has also poured in millions of dollars to protect against Russian hacking, jamming of signals and attempts to 'spoof' GPS technology."

And meanwhile, weakness in Russia's own communications infrastructure may have played a role in the killing of five senior Russian generals in the last three weeks, according to a recent CNN interview with retired U.S. army general and former CIA director David Petraeus: "The bottom line is that [Russia's] command-and-control has broken down. Their communications have been jammed by the Ukranians.

Their secure comms didn't work. They had to go single-channel. That's jammable, and that's exactly what the Ukranians have been doing to that. They used cellphones. The Ukranians blocked the prefix for Russia, so that didn't work. Then they took down 3G. [The Russians] are literally stealing cellphones from Ukranian civilians to communicate among each other.

So what happens? The column gets stopped. An impatient general is sitting back there in his armored or whatever vehicle. He goes forward to find out what's going on... And the Ukranians have very, very good snipers, and they've just been picking them off left and right.
Thanks to long-time Slashdot reader schwit1 for submitting the story.

An anonymous reader quotes a report from The Register: Last year, the Graph Foundation had to rethink how it develops and distributes its Open Native Graph Database (ONgDB) after it settled a trademark and copyright claim by database biz Neo4j. The Graph Foundation agreed [PDF] it would no longer claim specific versions of ONgDB, its Neo4j Enterprise Edition fork, are a "100 percent free and open source version" of Neo4J EE. And last month, two other companies challenged by Neo4j -- PureThink and iGov -- were also required by a court ruling to make similar concessions.

ONgDB is forked from Neo4j EE, which in May 2018 dropped the GNU Affero General Public License (AGPL) and adopted a new license that incorporates the AGPLv3 alongside additional limitations spelled out in the Commons Clause license. This new Neo4j EE license forbade non-paying users of the software from reselling the code or offering some support services, and thus is not open source as defined by the Open Source Initiative. The Graph Foundation, PureThink, and iGov offered ONgDB as a "free and open source" version of Neo4j in the hope of winning customers who preferred an open-source license. That made it more challenging for Neo4j to compete.

So in 2018 and 2019 Neo4j and its Swedish subsidiary pursued legal claims against the respective firms and their principals for trademark and copyright infringement, among other things. The Graph Foundation settled [PDF] in February 2021 as the company explained in a blog post. The organization discontinued support for ONgDB versions 3.4, 3.5 and 3.6. And it released ONgDB 1.0 in their place as a fork of AGPLv3 licensed Neo4j EE version 3.4.0.rc02. Last May, the judge hearing the claims against PureThink, and iGov granted Neo4j's motion for partial summary judgment [PDF] and forbade the defendants from infringing on the company's Neo4j trademark and from advertising ONgDB "as a free and open source drop-in replacement of Neo4j Enterprise Edition" The defendants appealed, and in February the US Court of Appeals for the Ninth Circuit affirmed a lower court decision that the company's "statements regarding ONgDB as 'free and open source' versions of Neo4j EE are false." "Stop saying Open Source when it's not," said the Open Source Initiative in a blog post. "The US Court of Appeals for the Ninth Circuit recently affirmed a lower court decision concluding what we've always known: that it's false advertising to claim that software is 'open source' when it's not licensed under an open source license."

Long-term exposure to air pollution can increase the risk of autoimmune disease, research has found. From a report: Exposure to particulates has already been linked to strokes, brain cancer, miscarriage and mental health problems. A global review, published in 2019, concluded that almost every cell in the body could be affected by dirty air. Now researchers at the University of Verona have found that long-term exposure to high levels of air pollution was associated with an approximately 40% higher risk of rheumatoid arthritis, a 20% higher risk of inflammatory bowel disease such as Crohn's and ulcerative colitis, and a 15% higher risk of connective tissue diseases, such as lupus. The study, published in the journal RMD Open, took comprehensive medical information about 81,363 men and women on an Italian database monitoring risk of fractures between June 2016 and November 2020. About 12% were diagnosed with an autoimmune disease during this period.

Reuters reports: Ukraine's defense ministry on Saturday began using Clearview AI's facial recognition technology, the company's chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead. Ukraine is receiving free access to Clearview AI's powerful search engine for faces, letting authorities potentially vet people of interest at checkpoints, among other uses, added Lee Wolosky, an adviser to Clearview and former diplomat under U.S. presidents Barack Obama and Joe Biden.

The plans started forming after Russia invaded Ukraine and Clearview Chief Executive Hoan Ton-That sent a letter to Kyiv offering assistance, according to a copy seen by Reuters. Clearview said it had not offered the technology to Russia, which calls its actions in Ukraine a "special operation...."

The Clearview founder said his startup had more than 2 billion images from the Russian social media service VKontakte at its disposal, out of a database of over 10 billion photos total. That database can help Ukraine identify the dead more easily than trying to match fingerprints and works even if there is facial damage, Ton-That wrote.... Ton-That's letter also said Clearview's technology could be used to reunite refugees separated from their families, identify Russian operatives and help the government debunk false social media posts related to the war.

The exact purpose for which Ukraine's defense ministry is using the technology is unclear, Ton-That said. Other parts of Ukraine's government are expected to deploy Clearview in the coming days, he and Wolosky said.

An anonymous reader quotes a report from Motherboard: Transparency organization Distributed Denial of Secrets has released what it says is 800GB of data from a section of Roskomnadzor, the Russian government body responsible for censorship in the country. On Distributed Denial of Secrets' website, the organization describes the data as coming from a hack and says that Anonymous claimed responsibility. Roskomnadzor is the agency that has in recent days announced a block of Facebook and other websites in the country as the war in Ukraine intensifies.

Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of Bashkortostan is in the west of the country. Motherboard found references to the Republic of Bashkortostan in some of the released files. The data is split into two main categories: a series of over 360,000 files totalling in at 526.9GB and which date up to as recently as March 5, and then two databases that are 290.6GB in size, according to Distributed Denial of Secrets' website. "The source, a part of Anonymous, urgently felt the Russian people should have access to information about their government. They also expressed their opposition to the Russian people being cut off from independent media and the outside world," wrote DDoSecrets on its website, as highlighted by Forbes.

"We will soon be releasing the raw data while we look for solutions to extracting the data. One appears to be a legal research database that was, according to the file timestamp, last modified in 2020. The other appears to be a database for HR procedures." Given the size of the leak and timing, they note "it's always possible that something could be modified or planted."