Home / Tag Archives: yorker-vanity

Tag Archives: yorker-vanity

iOS 9’s space-saving "app slicing" disabled for now, will return in future update (Andrew Cunningham/Ars Technica)

Enlarge / Apple's sample universal binary here is just 60 percent of its original size when downloaded to an iPad or iPhone. Andrew Cunningham Further Reading Back in June, we wrote a bit about App Thinning , a collection of iOS 9 features that are supposed to make iOS 9 apps take up less space on iDevices. Apple has just announced to developers that one of those features, "app slicing," is not available in current iOS 9 versions due to an iCloud bug. It will be re-enabled in a future iOS update after the bug has been resolved. App slicing ensures that your iDevice only downloads the app assets it needs to work. In older versions of iOS, all devices downloaded "universal" versions of apps that included all of the assets those apps needed to work on each and every targeted iDevice. If you downloaded an app to your iPhone 5, for example, it could include larger image assets made for the larger-screened iPhones 6 and 6 Plus, 64-bit code that its 32-bit processor couldn't use, and Metal graphics code that its GPU didn't support. That's all wasted space, a problem app slicing was designed to resolve. Apple says the iCloud bug affects users who are restoring backups to new devices—if you moved from that iPhone 5 to a new iPhone 6S, for example, iCloud would restore iPhone 5-compatible versions of some apps without the assets required by the newer, larger device. For now, Apple says that devices running iOS 9 will continue to download the universal versions of apps along with all their assets, whether they're needed by your specific device or not.  TestFlight , the beta app distribution service that Apple purchased in 2014, will continue to distribute software tailored for specific devices, but regular users will need to wait for that iOS update before they begin to see the feature's benefits.

Read More »

Minecraft Windows 10 edition will launch on Oculus Rift in 2016 (Sam Machkovech/Ars Technica)

The second day of this year's Oculus Connect conference for virtual reality developers kicked off with an announcement-rich keynote presentation. While the event was short on new game announcements, one big one got the crowd's attention: Minecraft . A brief video confirmed that the hit game's Windows 10 edition will launch on the Oculus Rift "next year," and it will allow players to navigate their blocky worlds in VR with the Xbox One controller. Oculus CEO Brendan Iribe confirmed that the Oculus Touch handheld controller system will launch in the "second quarter next year," which is a firmer confirmation than a previous "first half of 2016" estimate . After showing off that system's impressive "toybox" demo, Iribe confirmed that the Touch controllers will require a second motion sensor "for improved sensing," so be ready to make room in your home's potential VR room should you want to try the tech out. The Touch sizzle reel confirmed that a few previously SteamVR exclusive games would now also launch for Oculus Touch, including Job Simulator and The Gallery: Six Elements . It also had Oculus' own answer to SteamVR's Tilt Brush, a "digital clay molding" art app called Medium . "Every great platform has to have a paint app, and this is our paint app," Iribe told the Oculus Connect crowd. Epic Games' Bullet Train. Additionally, Epic Games' Tim Sweeney took the stage to show off  Bullet Train , an upcoming VR action game for Oculus Touch that includes  a warping mechanic much like SteamVR's The Gallery: Six Elements , meaning characters may potentially be able to move around the world without experiencing VR nausea. Since virtual reality gaming on PCs demands incredibly powerful performance —particularly to support a 90 frames-per-second visual refresh, in order to reduce nausea and discomfort—Oculus announced a new "Oculus Ready" initiative through which computer manufacturers can slap a sticker on a PC that meets Oculus Rift's performance minimums. Announced partners for the program include Asus, Dell, and Alienware (itself a wholly owned Dell subsidiary). Oculus wanted the crowd to know that there's no shortage of interested Oculus developers, so they took the opportunity to announce that "over 200,000" developers had registered to create games for the new VR platform

Read More »

Broadband is a "core utility" like electricity, White House report says (Jon Brodkin/Ars Technica)

Broadband Internet service "has steadily shifted from an optional amenity to a core utility" and is now "taking its place alongside water, sewer, and electricity as essential infrastructure for communities," says a report released by the White House yesterday. Further Reading The report was written by the Broadband Opportunity Council, which was created by President Obama and is chaired by the heads of the Commerce and Agriculture departments. In an accompanying blog post , the White House touted Obama's "leadership" in expanding broadband access but said that nearly 51 million Americans still cannot purchase wired broadband with download speeds of at least 25Mbps. The statistic was based on data from 2013, so things may have improved since then. But it's time for a government-wide effort to expand broadband deployment and adoption, the White House blog post said. The Council "reviewed every major Federal program that provides support for broadband, from the Department of Housing and Urban Development and Health and Human Services to the Department of Justice," noted the Obama administration. The report made several recommendations, and federal agencies have committed to the following: Modernizing Federal programs valued at approximately $10 billion to include broadband as an eligible program expenditure, such as the Department of Agriculture’s (USDA) Community Facilities (CF) program, which will help communities around the country bring broadband to health clinics and recreation centers; Creating an online inventory of data on Federal assets, such as Department of the Interior (DOI) telecommunications towers that can help support faster and more economical broadband deployments to remote areas of the country; Streamlining the applications for programs and broadband permitting processes to support broadband deployment and foster competition; and Creating a portal for information on Federal broadband funding and loan programs to help communities easily identify resources as they seek to expand access to broadband. Some federal programs that can support broadband "lack specific guidelines to promote its use," while others should put more money into broadband, the Council report said. The report also recommended that federal agencies promote "dig once" policies that put fiber or fiber conduit underground when streets are dug up for other purposes. The White House said it will implement the recommendations over the next 18 months. Obama previously urged the Federal Communications Commission  to regulate broadband providers as common carriers, a designation traditionally applied to utilities. The FCC did so, but it  stressed that its new rules aren't utility-style regulation because they don't include the strictest regulations traditionally applied to phone service

Read More »

Active malware campaign has hijacked thousands of WordPress sites in just 15 days, has spiked to over 5K new infections daily (Dan Goodin/Ars…

This is what happens at the network level when a browser visits an infected site. Malwarebytes Attackers have hijacked thousands of websites running the WordPress content management system and are using them to infect unsuspecting visitors with potent malware exploits, researchers said Thursday. The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post . The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit , which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor. "If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can," Cid wrote. "What’s the easiest way to reach out to endpoints? Websites, of course." On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties.

Read More »

Google sends out invites for press event on September 29 at 9 AM PT, new Nexus devices and Chromecast expected; event will be livestreamed on YouTube…

Google We know it's late Friday but this little message just popped into our inbox. Google is holding an event September 29 where the company is promising "tasty new treats and much s'more." September 29 has been the rumored launch date for Google's Nexus line for a few weeks now, and it looks like the rumor mill was right on target. Google is expected to launch updates to the Nexus 5 and Nexus 6. The new 2015 Nexus 5 will be built by LG , while Huawei is handling the 2015 Nexus 6. Both are geared up for Marshmallow with fingerprint readers and USB Type C, and have other goodies like laser autofocus for the camera and front-facing stereo speakers. The event should also see the launch of Android 6.0 Marshmallow , and we might even see the rumored Chromecast 2 that leaked today. The event will be livestreamed at youtube.com/google. © 2015 Condé Nast. All rights reserved Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012) Your California Privacy Rights The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices

Read More »

Google’s Project Zero team finds address space layout randomization offers less protection against Stagefright than Google PR claims (Dan Goodin/Ars…

Ron Amadeo Members of Google's Project Zero vulnerability research team have challenged a key talking point surrounding the security of Google's Android mobile operating system. To wit, a key exploit mitigation known as address space layout randomization does much less than the company's overworked public relations people say in blocking attacks targeting critical weaknesses in Android's stagefright media library. As Ars reported beginning in July, a series of vulnerabilities in the libstagefright library made it possible for attackers to remotely execute malicious code on close to one billion Android phones . In the following seven weeks, Google has released updates that either lessen the severity of attacks or directly fix the underlying cause, although many users have yet to receive the fixes, and some probably never will . Throughout the resulting media storm, Google PR people have repeatedly held up the assurance that the raft of stagefright vulnerabilities is difficult to exploit in practice on phones running recent Android versions. The reason, they said: address space layout randomization, which came to maturity in Android 4.1, neutralizes such attacks. Generally speaking, ASLR does nothing to fix a buffer overflow or similar software bug that causes the vulnerability in the first place. Instead, the defense vastly decreases the chances that a remote-code-execution attack exploiting such bugs will succeed. ASLR does this by loading downloaded scripts in a different memory location each time the operating system is rebooted. If the attacker can't locate the malicious code, the exploit results in a simple crash, rather than a game-over hack. On Wednesday, Project Zero researchers tested a home-grown stagefright exploit on a Nexus 5 device running an Android 5.x version. The results showed that at best, ASLR will lower the chances their exploit will succeed. Meanwhile, Joshua Drake, the security researcher who first disclosed the critical vulnerabilities in the code library, said Android ASLR does even less to prevent a new custom exploit he has developed from working. The ASLR shortcomings stem from two root causes. First the randomization offers just eight bits of entropy, meaning there are only 2 8 , or 256, possible locations where attackers can find their malicious payload

Read More »

Man arrested for parodying mayor on Twitter gets $125K in civil lawsuit (David Kravets/Ars Technica)

An Illinois man arrested when his residence was raided for parodying his town's mayor on Twitter is settling a civil rights lawsuit with the city of Peoria for $125,000. The accord spells out that the local authorities are not to prosecute people for parodies or satire. Further Reading Plaintiff Jon Daniel, the operator of the @peoriamayor handle, was initially accused last year of impersonating a public official in violation of Illinois law. However, the 30-year-old was never charged. His arrest was kicked off after the local mayor, Jim Ardis, was concerned that the tweets in that account falsely portrayed him as a drug abuser who associates with prostitutes. One tweet Ardis was concerned about said, "Who stole my crackpipe?" As part of the agreement , (PDF) which includes legal fees, his attorneys from the American Civil Liberties Union said Peoria will publish a "directive" to the police department making it clear that Illinois law criminalizing impersonation of a public official does not include parody and satire. "The directive makes clear that parody should never be the predicate for a criminal investigation and that the action against Mr. Daniel should never be repeated again," Karen Sheley, an ACLU attorney, said in a statement. Daniel said he never "dreamed" that he would be arrested for his fake Twitter account. "I am satisfied with the outcome in this case," Daniel said in a statement. "I always thought that the twitter account was a joke for me and for my friends." As we previously reported, the city had defended the arrest: In its first response to the lawsuit, the city of Peoria's and Mayor Jim Ardis' attorney told Ars that the mayor and city officials believed Daniel was breaching an Illinois law making it illegal to impersonate a public official. The mayor's attorney said city officials got a judge to issue warrants from Twitter and Comcast to track down Daniel. In short, they were just following the law

Read More »

Pwn2Own loses HP as its sponsor amid concerns of compliance with the Wassenaar Arrangement, an international treaty that has rules governing software…

The next scheduled Pwn2Own hacking competition has lost Hewlett-Packard as its longstanding sponsor out of legal concerns that the company could run afoul of recent changes to an international treaty that governs software exploits. Dragos Raiu, organizer of both Pwn2Own and the PacSec West security conference in Japan, said HP lawyers spent more than $1 million researching the recent changes to the so-called Wassenaar Arrangement. He said they ultimately concluded that the legal uncertainty and compliance hurdles were too high for them to move forward. "I am left being kind of grumpy now that HP is not involved," Raiu told Ars. He said that he plans to organize a scaled-down hacking competition to fill the void at this year's conference, which is scheduled for November 11 and 12. Pwn2Own has become one of the more closely followed events among security professionals. The hacking competition offers hundreds of thousands of dollars for exploits that target software vulnerabilities found in Windows, OS X, iOS, and Android. Besides highlighting the relative ease of exploiting bugs, the contest allows HP's Tipping Point division to update its intrusion prevention software with definitions that detect and block such attacks. Raiu said HP pulled out this year following changes made earlier this year to the Wassenaar arrangement . It added specific curbs around the exports of "intrusion malware" and "intrusion exploits." Raiu said Japan's implementation of Wassenaar is so vague and cumbersome that they expose researchers and organizers to a high amount of legal uncertainty. What, for instance, is the status of thumbdrives containing exploit software that was debugged at the last minute in Japan and is then brought back to the US, where Tipping Point is headquartered. By contrast, Raiu said Canada's implementation of Wassenaar was much more clear and simpler to comply with. That likely explains why HP sponsored the Pwn2Own competition in March at the CanSecWest conference in Vancouver, British Columbia. HP released a statement that read: Due to the complexity of obtaining real-time import/export licenses in countries that participate in the Wassenaar Arrangement, the ZDI has notified conference organizer, Dragos Ruiu, that it will not be holding the Pwn2Own contest at PacSecWest in November.

Read More »

Improved Simplocker Android malware disguises as an NSA app, has infected tens of thousands of devices using XMPP (Sean Gallagher/Ars Technica)

Apparently, NSA only takes payment via PayPal for penalties for bad app downloads? That doesn't seem right... A new variant of mobile ransomware that encrypts the content of Android smartphones is putting a new spin on both how it communicates with its masters and how it spurs its victims into action. The updated version of Simplocker masquerades on app stores and download pages as a legitimate application, and uses an open instant messaging protocol to connect to command and control servers. The malware requests administrative permissions to sink its hooks deep into Android. Once it's installed, it announces itself to some victims by telling them it was planted by the NSA—and to get their files back, they'll have to pay a "fine." Ofer Caspi of Check Point's malware research team wrote in a report posted this week that the team has "evidence that users have already paid hundreds of thousands of dollars to get their files "unencrypted" by this new variant. He estimates that the number of infected devices so far numbers in the tens of thousands, but may be much higher. Because the software can't easily be removed once it is installed, and because the files it encrypts can't be recovered without it, victims have no choice but to either pay $500 to get their files decrypted or  wipe the device and start from scratch. While posing as a legal or governmental authority to intimidate the victim into paying up is not new, the use of Extensible Messaging and Presence Protocol (XMPP), the instant messaging protocol used by Jabber and previously by GTalk, is a shift in tactics to evade detection by anti-malware tools. XMPP communication makes it more difficult for security and anti-malware tools to catch the ransomware before it can communicate with its command and control network because it conceals the communication in a form that looks like normal instant message communications. Most previous ransomware packages have communicated with a website over HTTPS to obtain encryption keys; those websites can generally be identified by their URLs, IP addresses, or the signature of their Web requests and then blocked. An application making a secure HTTP request to a suspicious destination would be a good sign that something bad was afoot. But the XMPP communications channel used by the new Simplocker variant uses an external Android library to communicate with the command and control network through a legitimate messaging relay server.

Read More »

Journalists arrested on terrorism charges in Turkey for using crypto software (Glyn Moody/Ars Technica)

Three journalists working with Vice News have been charged with "engaging in terrorist activity" on behalf of ISIL (ISIS), because one of them used encryption software. A Turkish official told Al Jazeera : "The main issue seems to be that the journalists' fixer uses a complex encryption system on his personal computer that a lot of ISIL militants also utilise for strategic communications." There are no details as to what that "complex encryption system" might be, but it seems likely that it is nothing more than the PGP email encryption software, or perhaps the The Onion Router (TOR) system, both of which are very widely used, and not just by ISIL. The correspondent and cameraman for Vice News, who are both British, and their fixer , who is Iraqi but Turkey-based, were arrested last Thursday in Diyarbakir, located in south-eastern Turkey, and an important centre for the country's Kurdish population. According to The Guardian , the Vice News journalists were covering "recent clashes between Turkish security forces and the Patriotic Revolutionary Youth Movement, the youth wing of the outlawed Kurdistan Workers’ Party (PKK)." Further Reading Exposing those tensions would not have endeared them to the Turkish authorities, and the real reason for their arrest may be to stop them reporting on this sensitive issue. What is particularly troubling, however, is that it seems the mere use of encryption software is enough for three journalists to be arrested on terrorism charges. As Ars has reported, this demonisation of crypto is not confined to foreign lands. The UK prime minister, David Cameron, has said he does not intend to "leave a safe space—a new means of communication—for terrorists to communicate with each other," whatever that means in practice. Similarly, law enforcement officials on both sides of the Atlantic have warned of things " going dark " because of the growing use of encryption by criminals. The latest move by the Turkish authorities is simply one more attempt to paint crypto as inherently suspicious, perhaps with a view to making its use explicitly illegal at some point. This post originated on Ars Technica UK

Read More »

PhantomAlert files suit against Waze, claims Waze copied its database, incorporated it into its own application before sale to Google (Cyrus…

Further Reading PhantomAlert , a company that makes a Waze-like traffic smartphone app, has now sued its better-known rival for copyright infringement. The Washington DC-based company argues in a Tuesday filing that after a failed data-sharing deal between itself and Waze collapsed in 2010, within two years, Waze apparently stole PhantomAlert’s "points of interest" database. As the civil complaint states : Among other methods, PhantomAlert determined that Waze had copied its Points of Interest database by observing the presence of fictitious Points of Interest in the Waze application, which PhantomAlert had seeded into its own database for the purpose of detecting copying. On information and belief, Waze copied the PhantomAlert database on multiple occasions after late 2012, re-incorporated the copied data into the Waze application, and continued to display the Points of Interest data to the users of the Waze application. Then, as the case alleges, when Waze was sold to Google in June 2013, the company profited handsomely from this theft. "Waze needed to grow its database to increase its value and become more attractive to potential acquirers," Karl Kronenberger, PhantomAlert’s attorney, said in a statement . "Our complaint alleges that Waze stole PhantomAlert’s database when Waze could not get it legally, and then sold itself to Google for over $1 billion." The lawsuit asks the court to shut down Waze entirely, and to order Google to pay unspecified damages. “I started PhantomAlert seven years ago as an entrepreneur with a dream, and now that dream has been crushed by companies that are profiting from the years of blood, sweat and tears our team put into our product," Joseph Scott Seyoum, PhantomAlert's CEO, said in the same statement. Kronenberger did not respond to Ars’ request for comment as to how exactly this database was stolen. Google also did not immediately respond to Ars’ request for comment.

Read More »

Snapdragon 820’s custom CPU is twice as fast, efficient as disappointing 810 (Andrew Cunningham/Ars Technica)

Qualcomm Further Reading Qualcomm's new Snapdragon 820 flagship won't actually ship in any phones before early 2016, but the company continues to dole out bits of information ahead of the launch . Today it's talking in very broad terms about the CPU, which is based on a brand-new custom 64-bit architecture called Kryo. Kryo is Qualcomm's official successor to Krait, the CPU architecture used in a wide range of Snapdragon chips from the S4 all the way up to the 805. The toasty Snapdragon 810 used a mix of off-the-shelf ARM Cortex A57 and A53 CPU cores to bring 64-bit ARMv8 compatibility to high-end phones while Qualcomm finished its own architecture. Kryo, which will initially run at clock speeds up to 2.2GHz, promises to be twice as fast as the 810 while also being twice as power efficient. Some of this is no doubt due to architectural improvements, but it will help that the 820 will be built on a 14nm FinFET manufacturing process—Qualcomm doesn't name its manufacturing partner, but Samsung is the most likely candidate. The Kryo CPU cores in the 820 will be accompanied by a new Adreno 530 GPU , the first in the Adreno 500-series of products. The GPU will support the latest OpenGL ES, OpenCL, and Vulkan APIs, and Qualcomm says that it will be 40 percent faster and 40 percent more power efficient than the Adreno 430 in the 810. Phones and tablets are such tightly integrated devices that we'll need to see shipping hardware before we can really say how well the Snapdragon 820 performs, but Qualcomm's early numbers all paint an optimistic picture. © 2015 Condé Nast. All rights reserved Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012) Your California Privacy Rights The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices

Read More »

Former Secret Service agent Shaun Bridges pleads guilty to theft of $820K in bitcoin during Silk Road investigation (Joe Mullin/Ars Technica)

SAN FRANCISCO—Shaun Bridges, a former Secret Service agent who was investigating the Silk Road drug trafficking website, pled guilty today to charges of money laundering and obstruction of justice. Bridges' scheme was straightforward and very profitable. After Silk Road admin Curtis Green was arrested in January 2013, he debriefed agents in Baltimore. Bridges took his admin credentials, logged in, and started locking Silk Road drug dealers out of their accounts. He then looted the accounts, grabbing about 20,000 Bitcoins, and put them into his own account. US District Judge Richard Seeborg read out each of the government accusations against Bridges in court today, and the man responded "yes sir," acknowledging he had committed each of the acts. Shaun Bridges Bridges moved the Bitcoins into his Mt. Gox account. They were worth more than $300,000 at the time of the theft. Bridges moved the money into a Fideltity account called Quantum International Investments LLC between March and May of that year. By then, the bitcoins were worth about $820,000. Bridges also pled guilty to obstructing the Baltimore investigation of Silk Road and later to the internal investigation of his own behavior. At one point, he talked to a colleague who was being interviewed and agreed "to tell a consistent story" about his unauthorized use of a FINCEN database. The plea agreement includes sentencing recommendations, but it isn't known what those are at this time. "You understand these are simply recommendations, and it will be for me to decide what the appropriate sentence is?" Seeborg asked. "I do," said Bridges

Read More »

KeyRaider malware infecting jailbroken iPhones stole over 225K valid Apple account logins, thousands of certificates, private keys, and purchasing…

A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts, making it one of the largest Apple account compromises to be caused by malware. KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia , which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts. Researchers with Palo Alto Networks worked with members of the Chinese iPhone community Weiphone after members found the unauthorized charges. In a blog post published Sunday , the Palo Alto Networks researchers wrote: KeyRaider has successfully stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts. The malware uploads stolen data to its command and control (C2) server, which itself contains vulnerabilities that expose user information. The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS. These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials. Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom. As if the theft of the Apple account credentials wasn't bad enough, the data was uploaded to a website that contained a SQL-injection vulnerability .

Read More »

FTC to hold PrivacyCon in Washington, DC, on January 14 to bring together privacy and security researchers with policymakers (Edith Ramirez/Ars…

View of the Federal Trade Commission from the Newseum. As the chief US agency charged with protecting consumer privacy, the Federal Trade Commission strives to help foster a marketplace where technology flourishes, while also ensuring that consumer privacy is safeguarded. To do this, we need to ensure that we stay on top of the latest research in data security and privacy. We know that innovators need freedom to innovate, and we also know that consumers care deeply about their privacy, whether that involves mobile and online tracking or the collection of other personal data streams such as geolocation. So how can the FTC better protect consumers and promote innovation as personalization, connected cars, health and fitness devices, and other technologies emerge? By making sure our work is informed by the best minds helping to drive the digital revolution. We hear frequently from industry groups, consumer advocates, and government colleagues about policy issues. We also hear from technologists, but not as much as we'd like—we need more of them to weigh in on these important issues. Policymakers need to ensure that privacy is respected while innovation flourishes, and technology academics and researchers are crucial to hitting that sweet spot. To make this meeting of minds happen, the FTC is announcing a new forum called PrivacyCon , which aims to bring together leading privacy and security researchers with policymakers to present and discuss their latest findings. The FTC will host the first PrivacyCon in Washington, DC, on January 14. Technologists are important to policymaking for a number of reasons. They can help shine a light on privacy and security gaps. They can develop honeypots, crawlers, and other tools to highlight the types of information companies collect, to identify what kinds of choices consumers are making, and to assess whether these choices are being respected

Read More »