The Federal Trade Commission reported Friday that the number of consumer complaints about unwanted telemarketing phone calls has dropped over 50% since 2021, continuing a trend that started three years ago. From a report: This year, the FTC has received 1.1 million reports regarding robocalls, down from 1.2 million one year before 2023 and from more than 3.4 million in 2021. According to this year's National Do Not Call Registry Data Book -- which provides the most recent data on robocall complaints together with a complete state-by-state analysis -- the highest number of consumer complaints targeted unwanted calls about medical and prescription issues, with more than 170,000 reports (most of them robocalls) received until September 30, 2024.

Google is rolling out AI-powered scam call detection for Android phones, aiming to protect users from increasingly sophisticated phone fraud schemes. The new feature, available in beta for Pixel 6 and newer devices, analyzes conversation patterns in real-time to identify potential scams. When suspicious patterns emerge, such as urgently requesting fund transfers, the system alerts users through audio, haptic, and visual warnings.

The detection system operates entirely on-device using Google's machine learning models, with no call audio or transcripts stored or transmitted externally. While Pixel 9 devices utilize Google's advanced Gemini Nano AI model, earlier Pixel phones use the standard machine learning for detection, the company said. The feature, which is opt-in and can be disabled at any time, is currently limited to English-speaking Phone by Google beta users in the United States. Google plans to expand availability to additional Android devices in the future.

During a public joint hearing today titled "Unidentified Anomalous Phenomena: Exposing the Truth," four experts testified that the U.S. is running secret UAP programs, including crash retrieval and reverse-engineering programs for advanced nonhuman technology. Although the Pentagon maintains there's no evidence of alien spacecraft, witnesses like Luis Elizondo and Michael Gold argue that UAPs represent an intelligence enigma and call for open, stigma-free study to address potential security concerns and unknown scientific possibilities. NPR reports: Tim Gallaudet, retired rear admiral, U.S. Navy; CEO of Ocean STL Consulting, LLC
"Confirmation that UAPs are interacting with humanity came for me in January 2015," Gallaudet said in his written testimony (PDF). He describes being part of a pre-deployment naval exercise off the U.S. East Coast that culminated in the famous "Go Fast" video, in which a Navy F/A-18 jet's sensors recorded "an unidentified object exhibiting flight and structural characteristics unlike anything in our arsenal." He was among a group of commanders involved in the exercise who received an email containing the video, which was sent by the operations officer of Fleet Forces Command, Gallaudet said. "The very next day, the email disappeared from my account and those of the other recipients without explanation," he said.

Luis Elizondo, author and former Department of Defense official
Elizondo's written testimony (PDF) was brief and alleged that a secretive arms race is playing out on the global stage. "Let me be clear: UAP are real," he wrote. "Advanced technologies not made by our Government -- or any other government -- are monitoring sensitive military installations around the globe. Furthermore, the U.S. is in possession of UAP technologies, as are some of our adversaries." Elizondo is a former intelligence officer who later "managed a highly sensitive Special Access Program on behalf of the White House and the National Security Council," according to his official bio (PDF). "By 2012, [Elizondo] was the senior ranking person of the DOD's Advanced Aerospace Threat Identification Program, a secretive Pentagon unit that studied unidentified anomalous phenomena," his bio states, adding that he resigned in 2017.

Michael Gold, former NASA associate administrator of space policy and partnerships; member of NASA UAP Independent Study Team
Gold's written testimony (PDF) stressed the need for government agencies and academics to "overcome the pernicious stigma that continues to impede scientific dialogue and open discussions" about unexplained phenomena. "As the saying goes, the truth is out there," Gold said, "we just need to be bold enough and brave enough to face it."

Michael Shellenberger, founder of Public, a news outlet on the Substack platform
Shellenberger's testimony (PDF) ran to some 214 pages, including a lengthy timeline of UAP reports from 1947 to 2023. Shellenberger pressed the White House and Congress to act, calling for the adoption of UAP transparency legislation and cutting funds for any related programs that aren't disclosed to lawmakers. "UAP transparency is bi-partisan and critical to our national security," his written testimony stated. You can watch the proceeding here.

Italy has emerged as a major global spyware hub alongside Israel and India, with at least six major vendors operating in the country with limited oversight, The Record reported this week, citing researchers and Italian experts. Companies like RCS Labs, which has operated since 1992, sell surveillance tools to both domestic law enforcement and foreign governments including Kazakhstan, Syria, and several Asian nations.

Italian authorities can rent spyware for $160 per day without large acquisition costs, leading to thousands of domestic surveillance operations in recent years. While new regulations taking effect in February 2024 will require judges to evaluate specific reasons for spyware use, critics cited in the story say the reform package won't address core issues like the lack of centralized oversight. The country's competitive marketplace and relatively lax export controls have also enabled Italian vendors to expand their overseas sales.

Longtime Slashdot reader thephydes writes: The hearing will go ahead on November 13 at 11:30 ET (16:30 GMT). Apparently, it will "further pull back the curtain on secret UAP research programs conducted by the U.S. government, and undisclosed findings they have yielded," according to a House statement. It's driven by two republicans, Nancy Mace (R-S.C.) and Glenn Grothman (R-Wis.), who say: "Americans deserve to understand what the government has learned about UAP sightings, and the nature of any potential threats these phenomena pose. We can only ensure that understanding by providing consistent, systemic transparency. We look forward to hearing from expert witnesses on ways to shed more light and bring greater accountability to this issue." "Expert witnesses in the hearing will include Luis Elizondo, a decorated former counterintelligence officer who has claimed for years that the U.S. government is hiding knowledge of UAP, including materials recovered from crashed flying saucers," reports Space.com. "The House hearing will also include Tim Gallaudet, a retired U.S. Navy Rear Admiral who observed unidentified submersible objects, arguing that 'these underwater anomalies jeopardize US maritime security.'"

"Other speakers at the hearing include journalist Michael Shellenberger, who has also claimed the U.S. government is hiding UFO crash retrieval programs, and former NASA Associate Administrator of Space Policy and Partnerships Michael Gold, who is a member of NASA's independent UAP study team."

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Major retailers are considering embedding radio-emitting threads into clothing as a novel anti-theft measure amid soaring retail crime rates, according to Bloomberg, citing industry sources. The technology, developed by Spanish firm Myruns, uses conductive ink derived from cellulose to create threads five times thinner than human hair that can trigger security alarms.

Zara owner Inditex has discussed implementing the system, though the company says it has no plans for in-store testing. Retail theft caused an estimated $73 billion in lost sales in the U.S. in 2022, according to the National Retail Federation, while UK losses doubled to $4.2 billion in 2023. The crisis has prompted retailers to increase security personnel and surveillance systems. The threadlike technology could provide an alternative to traditional metal-based security tags, potentially offering biodegradable and recyclable anti-theft protection.

D-Link confirmed no fix will be issued for the over 60,000 D-Link NAS devices that are vulnerable to a critical command injection flaw (CVE-2024-10914), allowing unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests. The networking company advises users to retire or isolate the affected devices from public internet access. BleepingComputer reports: The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses: DNS-320 Version 1.00; DNS-320LW Version 1.01.0914.2012; DNS-325 Version 1.01, Version 1.02; and DNS-340L Version 1.08. [...] A search that Netsecfish conducted on the FOFA platform returned 61,147 results at 41,097 unique IP addresses for D-Link devices vulnerable to CVE-2024-10914.

In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products. If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions. The same researcher discovered in April this year an arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, impacting mostly the same D-Link NAS models as the latest flaw.

Amazon has confirmed that employee data was compromised after a "security event" at a third-party vendor. From a report: In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations," Montgomery said.

Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn't have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach. The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year's mass-exploitation of MOVEit Transfer.

Google will require all new mobile chipsets launching with Android 15 to support its Android Virtualization Framework (AVF), a significant shift in the operating system's security architecture. The mandate, reports AndroidAuthority that got a hold of Android's latest Vendor Software Requirements document, affects major chipmakers including Qualcomm, MediaTek, and Samsung's Exynos division. New processors like the Snapdragon 8 Elite and Dimensity 9400 must implement AVF support to receive Android certification.

AVF, introduced with Android 13, creates isolated environments for security-sensitive operations including code compilation and DRM applications. The framework also enables full operating system virtualization, with Google demonstrating Chrome OS running in a virtual machine on Android devices.

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

Tuesday at California's Vandenberg Space Force base, the U.S. launched a Minuteman III missile, "in an important test of the weapon's ability to strike its targets with multiple warheads," according to Air and Space Forces magazine: The Minuteman III missiles that form a critical leg of the U.S. nuclear triad each carry one nuclear-armed reentry vehicle. But the missile that was tested carried three test warheads... The intercontinental ballastic missile (ICBM) test was controlled by an airborne command post in a test of the U.S. ability to launch its nuclear deterrent from a survivable platform.... Gen. Thomas A. Bussiere, the commander of Air Force Global Strike Command, said in a release: "An airborne launch validates the survivability of our ICBMs, which serve as the strategic backstop of our nation's defense and defense of allies and partners...."

The three test reentry vehicles — one high-fidelity Joint Test Assembly, which carries non-nuclear explosives, and two telemetry Joint Test Assembly objects — struck the Reagan Test Site near the Kwajalein Atoll in the Marshall Islands roughly 30 minutes later after launch, a flight of about 4,200 miles. "They make up essentially a mock warhead," Col. Dustin Harmon, the commander of the 377th Test and Evaluation Group, the nation's operational ICBM test unit, said in an interview with Air & Space Forces Magazine. "There's two different types. One is telemetered, so it's got a radio transmitter in it, it's got antennas, gyroscopes, accelerometers — all the things that can sense motion and movement. And we fly those or we can put one in there that's called a high-fidelity. That is assembled much like an actual weapon would be, except we use surrogate materials, and so we want it to fly similarly to an actual weapon. ... It has the explosives in it that a normal warhead would to drive a detonation, but there's nothing to drive...."

The U.S. government formally notified Russia in advance of the launch in accordance with a 1988 bilateral agreement. More than 145 countries were also provided with advance notice of the launch under the Hague Code of Conduct — an international understanding on launch notifications. The U.S. also provided advance notice to China, a DOD spokesperson told Air & Space Forces Magazine. China notified the U.S. of an ICBM launch over the Pacific Ocean in September. There is no formal agreement between Washington and Beijing that requires such notifications, but each side provided them to avoid miscalculations.
Test launches happen three times a year, according to the article, yielding "several gigabytes of data" about reentry vehicles, subsystems, and payloads. "There are 400 Minuteman III missiles currently in service across Colorado, Montana, Nebraska, North Dakota, and Wyoming."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.

An anonymous reader shared this report from Phoronix: Intel's Linux kernel test robot has reported a 3888.9% performance improvement in the mainline Linux kernel as of this past week...

Intel thankfully has the resources to maintain this automated service for per-kernel commit/patch testing and has been maintaining their public kernel test robot for years now to help catch performance changes both positive and negative to the Linux kernel code. The commit in question causing this massive uplift to performance is mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes. The patch message confirms it will fix some prior performance regressions and deliver some major uplift in specialized cases...

That mmap patch merged last week affects just one line of code.
This week the Register also reported that Linus Torvalds revised a previously-submitted security tweak that addressed Spectre and Meltdown security holes, writing in his commit message that "The kernel test robot reports a 2.6 percent improvement in the per_thread_ops benchmark."

A 2002 Slashdot post informed the world that "Recently Blake Ross, a developer of the Phoenix web browser, has made a post on the Mozillazine forums looking for a new name for the project. Apparently the people over at Phoenix Technologies decided that the name interferes with their trademark since they make an 'internet access device'..."

And then, on November 9 of 2004, the BBC reported that "Microsoft's Internet Explorer has a serious rival in the long-awaited Firefox 1.0 web browser, which has just been released." Their headline? "Firefox Browser Takes on Microsoft." Fans of the software have banded together to raise cash to pay for an advert in the New York Times announcing that version 1.0 of the browser is available. ["Are you fed up with your browser? You're not alone...."] The release of Firefox 1.0 on 9 November might even cause a few heads to turn at Microsoft because the program is steadily winning people away from the software giant's Internet Explorer browser.

Firefox has been created by the Mozilla Foundation which was started by former browser maker Netscape back in 1998... Earlier incarnations, but which had the same core technology, were called Phoenix and Firebird. Since then the software has been gaining praise and converts, not least because of the large number of security problems that have come to light in Microsoft's Internet Explorer. Rivals to IE got a boost in late June when two US computer security organisations warned people to avoid the Microsoft program to avoid falling victim to a serious vulnerability.

Internet monitoring firm WebSideStory has charted the growing population of people using the Firefox browser and says it is responsible for slowly eroding the stranglehold of IE. Before July this year, according to WebSideStory, Internet Explorer was used by about 95% of web surfers. That figure had remained static for years. In July the IE using population dropped to 94.7% and by the end of October stood at 92.9%. The Mozilla Foundation claims that Firefox has been downloaded almost eight million times and has publicly said it would be happy to garner 10% of the Windows- using, net-browsing population.

Firefox is proving popular because, at the moment, it has far fewer security holes than Internet Explorer and has some innovations lacking in Microsoft's program. For instance, Firefox allows the pages of different websites to be arranged as tabs so users can switch easily between them. It blocks pop-ups, has a neat way of finding text on a page and lets you search through the pages you have browsed...
Firefox celebrated its 20th anniversary with a special video touting new and upcoming features like tab previews, marking up PDFs, and tab grouping.

And upgrading to the latest version of Firefox now displays this message on a "What's New" page. "Whether you just downloaded Firefox or have been with us since the beginning, you are a vital part of helping us make the internet a better place.

"We can't wait to show you what's coming next." ("Check out our special edition wallpapers — open a new tab and click the gear icon at the top right corner...")

Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, 404 Media is reporting, citing a law enforcement document it obtained. From the report: The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.

"The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network," the document reads. Apple did not provide a response on whether it introduced such an update in time for publication.

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

Starting November 11, TSMC plans to stop supplying 7 nm and smaller chips to Chinese companies working on AI processors and GPUs. "The move is reportedly to ensure it remains compliant with US export restrictions," reports The Register. From the report: This will not affect Chinese customers wanting 7 nm chips from TSMC for other applications such as mobile and communications, according to Nikkei, which said the overall impact on the chipmaker's revenue is likely to be minimal. TrendForce further cites another China-based source who claims the move was at the behest of the US Department of Commerce, which informed TSMC that any such shipments should not proceed unless approved and licensed by its BIS (Bureau of Industry and Security). We asked the agency for confirmation.

Any moves by the silicon supremo is likely to be out of caution to pre-empt accusations from Washington that it isn't doing enough to prevent advanced technology from getting into the hands of Chinese entities that have been sanctioned. As TrendForce notes, it "highlights the foundry giant's delicate position in the global semiconductor supply chain amid the heating chip war between the world's two superpowers."

An anonymous reader quotes a report from Ars Technica: Anthropic has announced a partnership with Palantir and Amazon Web Services to bring its Claude AI models to unspecified US intelligence and defense agencies. Claude, a family of AI language models similar to those that power ChatGPT, will work within Palantir's platform using AWS hosting to process and analyze data. But some critics have called out the deal as contradictory to Anthropic's widely-publicized "AI safety" aims. On X, former Google co-head of AI ethics Timnit Gebru wrote of Anthropic's new deal with Palantir, "Look at how they care so much about 'existential risks to humanity.'"

The partnership makes Claude available within Palantir's Impact Level 6 environment (IL6), a defense-accredited system that handles data critical to national security up to the "secret" classification level. This move follows a broader trend of AI companies seeking defense contracts, with Meta offering its Llama models to defense partners and OpenAI pursuing closer ties with the Defense Department. In a press release, the companies outlined three main tasks for Claude in defense and intelligence settings: performing operations on large volumes of complex data at high speeds, identifying patterns and trends within that data, and streamlining document review and preparation.

While the partnership announcement suggests broad potential for AI-powered intelligence analysis, it states that human officials will retain their decision-making authority in these operations. As a reference point for the technology's capabilities, Palantir reported that one (unnamed) American insurance company used 78 AI agents powered by their platform and Claude to reduce an underwriting process from two weeks to three hours. The new collaboration builds on Anthropic's earlier integration of Claude into AWS GovCloud, a service built for government cloud computing. Anthropic, which recently began operations in Europe, has been seeking funding at a valuation up to $40 billion. The company has raised $7.6 billion, with Amazon as its primary investor.

An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State. "Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."