Southern California has adopted a new air pollution rule aimed at slashing noxious emissions from warehouse trucks that move goods sold by Amazon and other e-commerce retailers. Ars Technica reports: Diesel pollution from heavy trucks causes everything from asthma to heart attacks, and even Parkinson's disease. Previously, such pollution tended to be concentrated around shipping ports and highways, but the growth of e-commerce has created a new source that is affecting neighborhoods farther inland. There are nearly 34,000 warehouses enclosing 1.17 billion square feet of space in the Los Angeles region alone. The rule, which was adopted late last week by a 9-4 vote of the South Coast Air Quality Management District (AQMD), would cover around 3,300 warehouses that are larger than 100,000 square feet. The rule seeks to reduce the amount of diesel particulate matter and nitrogen oxides produced by trucks serving these facilities. The district covers more than 17 million people, or nearly half the state's population.

The way the South Coast AQMD is approaching warehouse-related pollution is novel. Rather than attempting to control traffic flow to and from the facilities, the regulator will require warehouse owners to take various steps to reduce pollution in the area. That could include buying electric or fuel-cell trucks, adding solar panels to the building roofs, or installing air filters at nearby homes, hospitals, and schools. Each of these measures is assigned a point value, and warehouse operators must achieve a certain total to offset the emissions from their truck traffic. If they cannot meet the goal through mitigation measures, they can pay a fee instead. South Coast AQMD is phasing in compliance depending on the size of the facility. Warehouses that are over 250,000 square feet must meet their goals by June 30, 2022. Warehouses over 150,000 square feet must comply by the same day the following year, and those over 100,000 square feet get until June 30, 2024. Amazon's typical warehouses, for example, range in size from 600,000 to 1 million square feet. [...] The new rule is expected to save 150 to 300 lives and prevent 2,500 to 5,800 asthma attacks between 2022 and 2031. Overall, the public health benefits could be as large as $2.7 billion over the same timeframe.

Chinese television maker Skyworth has issued an apology after a consumer found that his set was quietly collecting a wide range of private data and sending it to a Beijing-based analytics company without his consent. From a report: A network traffic analysis revealed that a Skyworth smart TV scanned for other devices connected to the same local network every 10 minutes and gathered data that included device names, IP addresses, network latency and even the names of other Wi-Fi networks within range, according to a post last week on the Chinese developer forum V2EX. The data was sent to the Beijing-based firm Gozen Data, the forum user said. Gozen is a data analytics company that specialises in targeted advertising on smart TVs, and it calls itself Chinaâs first "home marketing company empowered by big data centred on family data."

The user did not identify himself, and efforts to contact the person received no reply. However, the post quickly picked up steam, touching a nerve among Chinese consumers and prompting angry comments. "Isn't this already the criminal offence of spying on people?" asked one user on Sina.com, a Chinese financial news portal. "Whom will the collected data be sold to, and who is the end user of this data?"

Facebook was ordered to stop collecting German users' data from its WhatsApp unit, after a regulator in the nation said the company's attempt to make users agree to the practice in its updated terms isn't legal. From a report: Johannes Caspar, who heads Hamburg's privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said. "The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide," Caspar said in a statement on Tuesday. "We need to prevent damage and disadvantages linked to such a black-box-procedure." The order strikes at the heart of Facebook's business model and advertising strategy. It echoes a similar and contested step by Germany's antitrust office attacking the network's habit of collecting data about what users do online and merging the information with their Facebook profiles. That trove of information allows ads to be tailored to individual users -- creating a cash cow for Facebook.

An anonymous reader quotes a report from NBC News: The Department of Homeland Security has begun implementing a strategy to gather and analyze intelligence about security threats from public social media posts, DHS officials said. The goal is to build a warning system to detect the sort of posts that appeared to predict an attack on the U.S. Capitol on Jan. 6 but were missed or ignored by law enforcement and intelligence agencies, the officials said. The focus is not on the identity of the posters but rather on gleaning insights about potential security threats based on emerging narratives and grievances. So far, DHS is using human beings, not computer algorithms, to make sense of the data, the officials said. "We're not looking at who are the individual posters," said a senior official involved in the effort. "We are looking at what narratives are resonating and spreading across platforms. From there you may be able to determine what are the potential targets you need to protect."

The officials didn't describe what criteria or methods the analysts would use to parse the data. They said DHS officials have been consulting with social media companies, private companies and nonprofit groups that analyze open-source social media data. Law enforcement officers and intelligence analysts are legally entitled to examine -- without warrants -- what people say openly on Twitter, Facebook and other public social media forums, just as they can take in information from reading newspapers. But civil liberties groups generally oppose government monitoring of social media, arguing that it doesn't produce much intelligence and risks chilling free speech.

Dartmouth college switched to remote tests when the coronavirus ended in-person exams — then accused 17 medical students of cheating, reports the New York Times: At the heart of the accusations is Dartmouth's use of the Canvas system to retroactively track student activity during remote exams without their knowledge. In the process, the medical school may have overstepped by using certain online activity data to try to pinpoint cheating, leading to some erroneous accusations, according to independent technology experts, a review of the software code and school documents obtained by The New York Times.

Dartmouth's drive to root out cheating provides a sobering case study of how the coronavirus has accelerated colleges' reliance on technology, normalizing student tracking in ways that are likely to endure after the pandemic. While universities have long used anti-plagiarism software and other anti-cheating apps, the pandemic has pushed hundreds of schools that switched to remote learning to embrace more invasive tools. Over the last year, many have required students to download software that can take over their computers during remote exams or use webcams to monitor their eye movements for possibly suspicious activity, even as technology experts have warned that such tools can be invasive, insecure, unfair and inaccurate.

Some universities are now facing a backlash over the technology....

While some students may have cheated, technology experts said, it would be difficult for a disciplinary committee to distinguish cheating from noncheating based on the data snapshots that Dartmouth provided to accused students. And in an analysis of the Canvas software code, the Times found instances in which the system automatically generated activity data even when no one was using a device. "If other schools follow the precedent that Dartmouth is setting here, any student can be accused based on the flimsiest technical evidence," said Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation, a digital rights organization, who analyzed Dartmouth's methodology.

Seven of the 17 accused students have had their cases dismissed. In at least one of those cases, administrators said, "automated Canvas processes are likely to have created the data that was seen rather than deliberate activity by the user," according to a school email that students made public. The 10 others have been expelled, suspended or received course failures and unprofessional-conduct marks on their records that could curtail their medical careers... Tensions flared in early April when an anonymous student account on Instagram posted about the cheating charges. Soon after, Dartmouth issued a social media policy warning that students' anonymous posts "may still be traced back" to them.... The conduct review committee then issued decisions in 10 of the cases, telling several students that they would be expelled, suspending others and requiring some to retake courses or repeat a year of school at a cost of nearly $70,000...

Several students said they were now so afraid of being unfairly targeted in a data-mining dragnet that they had pushed the medical school to offer in-person exams with human proctors. Others said they had advised prospective medical students against coming to Dartmouth.

A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.

This week CNN investigated PimEyes, a "mysterious" but powerful facial-recognition search engine: If you upload a picture of your face to PimEyes' website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images. PimEyes is open to anyone with internet access. It's a stark contrast from Clearview AI, which became well-known for building its enormous stash of faces with images of people from social networks and limits its use to law enforcement (Clearview has said it has hundreds of such customers).

PimEyes' decision to make facial-recognition software available to the general public crosses a line that technology companies are typically unwilling to traverse, and opens up endless possibilities for how it can be used and abused. Imagine a potential employer digging into your past, an abusive ex tracking you, or a random stranger snapping a photo of you in public and then finding you online. This is all possible through PimEyes: Though the website instructs users to search for themselves, it doesn't stop them from uploading photos of anyone. At the same time, it doesn't explicitly identify anyone by name, but as CNN Business discovered by using the site, that information may be just clicks away from images PimEyes pulls up...

PimEyes lets users see a limited number of small, somewhat pixelated search results at no cost, or you can pay a monthly fee, which starts at $29.99, for more extensive search results and features (such as to click through to see full-size images on the websites where PimEyes found them and to set up alerts for when PimEyes finds new pictures of faces online that its software believes match an uploaded face)... Although PimEyes instructs visitors to only search for their own face, there's no mechanism on the site to ensure it's used this way... There's also no way to ensure this facial-recognition technology isn't used to misidentify people...

The website currently lists no information about who owns or runs the search engine, or how to reach them, and users must submit a form to get answers to questions or help with accounts.

As Mother's Day approached, CNN Business Editor Samantha Murphy Kelly clipped a keychain with one of Apple's tiny new "AirTag" Bluetooth trackers onto her son's book bag, in an experiment that "highlighted how easily these trackers could be used to track another person." Location trackers aren't new — there are similar products from Samsung, Sony and Tile — but AirTags' powerful Ultra Wideband technology chip allows it to more accurately determine the location and enables precise augmented reality directional arrows that populate on the iPhone or iPad's screen. While AirTags are explicitly intended for items only, Apple has added safeguards to cut down on unwanted tracking. For example, the company does not store location data, and it will send an alert to an iOS device user if an AirTag appears to be following them when its owner is not around. If the AirTag doesn't re-tether to the owner's iOS device after three days, the tracker will start to make a noise.

"We take customer safety very seriously and are committed to AirTag's privacy and security," the company said in a statement to CNN Business. "AirTag is designed with a set of proactive features to discourage unwanted tracking — a first in the industry — and the Find My network includes a smart, tunable system with deterrents...." The safeguards are a work in progress as the software rolls out and users begin interacting with the devices. When my babysitter recently took my son to an appointment, using my set of keys with an AirTag attached, she was not informed that she was carrying an AirTag — separated from my phone. (She hadn't yet updated her phone's software to iOS 14.5.) Non-iPhone users can hold their phones close to the AirTags and, via short-range wireless technology, information pops up on how to disable the tracker, but that's if the person knows they're being tracked and locates it. In addition, three days is a long time for an AirTag to keep quiet before making a noise....

Apple said one of the main reasons it spent so much time developing safeguards was the sheer size of its Find My app network. But it's the AirTags' reliance on that broader network that creates much of the need for the safeguards in the first place, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project and a fellow at the NYU School of Law. "That's because Apple is turning more than a billion iOS devices into a network for tracking AirTags, while Tile will only operate when in range of the small number of people using the Tile app.... The benefits of finding our keys a bit quicker isn't worth the danger of creating a new global tracking network."

CNN tells the story of Luisa Neubauer, a 25-year-old woman who took the German government to court last year — and won: On April 29, the country's Supreme Court announced that some provisions of the 2019 climate change act were unconstitutional and "incompatible with fundamental rights," because they lacked a detailed plan for reducing emissions and placed the burden for future climate action on young people. The court ordered the government to come up with new provisions that "specify in greater detail how the reduction targets for greenhouse gas emissions" by the end of next year. The decision made headlines across the world...

"This case changes everything," she said. "It's not nice to have climate action, it's our fundamental right that the government protects us from the climate crisis...."

Climate lawsuits are becoming an increasingly popular and powerful tool for climate change activists. A January report released by the United Nations Environment Programme found that the number of climate litigation cases filed around the world nearly doubled between 2017 and 2020. Crucially, the governments are starting to lose. Neubauer's victory came just months after a court in Paris ruled that France was legally responsible for its failure to meet emission cutting targets. Another similar case involving six young people from Portugal was fast-tracked at the European Court of Human Rights last October...

The cases are most often centered around the idea that future generations have a right to live in a world that is not completely decimated by the climate crisis.
Long-time Slashdot reader AmiMoJo shares an Ars Technica story noting that in addition to the German suit, "A similar lawsuit in the U.S. has been winding its way through the courts." First filed in 2015 on behalf of a group of children and teenagers, the suit accused the U.S. government of violating the plaintiffs' constitutional rights to life, liberty, and property by not taking stronger action on climate change.

NBC News reports more than 440 Americans have now been charged with storming the U.S. Capitol building on January 6th, with charges now filed against people from 44 of America's 50 states. They describe it as "one of the largest criminal investigations in American history." The largest number come from Texas, Pennsylvania, and Florida, in that order. Men outnumber women among those arrested by 7 to 1, with an average age of 39, according to figures compiled by the Program on Extremism at George Washington University in Washington, D.C. A total of 44 are military veterans.
Hundreds of arrests happened because rioters later bragged online: In nearly 90 percent of the cases, charges have been based at least in part on a person's own social media accounts.

A New York man, Robert Chapman, bragged on the dating app Bumble that he'd been in the Capitol during the riot. The person he was seeking to date responded, "We are not a match," and notified the FBI.
In fact, the investigative agency has now received "hundreds of thousands" of tips from the public, and has even posted photos of people who participated in the riots online asking for the public's help to identify them.

But NBC also reports that technology is being used to identify participants:

• "Investigators have also used facial recognition software, comparing images from surveillance cameras and an outpouring of social media and news agency videos against photo databases of the FBI and at least one other federal agency, Customs and Border Protection, according to court documents."

• Investigators "have also subpoenaed records from companies providing cellphone service, allowing agents to tell whether a specific person's phone was inside the Capitol during the siege."

Slashdot reader ytene writes: As reported by The Intercept, U.S. Customs and Border Protection have just spent $456,063 for a package of technology specifically designed to access smartphone data via a motor vehicle. From the article:

"...part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones."

This data can include "Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been, when and where a vehicle's lights are turned on, and which doors are opened and closed at specific locations" as well as "gear shifts, odometer reads, ignition cycles, speed logs, and more. This car-based surveillance, in other words, goes many miles beyond the car itself."

Perhaps the most remarkable claim, however, was, "We had a Ford Explorer we pulled the system out, and we recovered 70 phones that had been connected to it. All of their call logs, their contacts and their SMS."

Mohammad Tajsar, an attorney with the American Civil Liberties Union (ACLU), is quoted as saying, "Whenever we have surveillance technology that's deeply invasive, we are disturbed," he said. "When it's in the hands of an agency that's consistently refused any kind of attempt at basic accountability, reform, or oversight, then it's Defcon 1."

America's Justice Department proposed a new rule Friday to update the definition of "firearm" for the first time since 1968, in an effort to close the so-called "ghost gun" loophole.

UPI reports: Attorney General Merrick Garland said the modernized definition would require retailers to perform background checks on customers before selling some ready-made kits that allow people to build their own guns. Such guns are known as "ghost guns" because they don't have serial numbers and can't be traced. "Criminals and others barred from owning a gun should not be able to exploit a loophole to evade background checks and to escape detection by law enforcement," Garland said...

Under the proposed rule, manufacturers must include a serial number on the firearm frame or receiver in a kit. Firearm dealers also must add serial numbers to 3D-printed guns or other un-serialized firearms they take into their inventory.

"Colonial Pipeline, which accounts for 45% of the East Coast's fuel, said it has shut down its operations due to a cyberattack," reports ZDNet. "The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure.

"The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil, and fuel for the U.S. Military."

UPDATE: Saturday the company confirmed that the attack involved ransomware.

The Associated Press reports: Colonial Pipeline said the attack took place Friday and also affected some of its information technology systems. The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies. "Colonial Pipeline is taking steps to understand and resolve this issue," the company said in a late Friday statement. "At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one or two days would be minimal, he said, but an outage of five or six days could causes shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., area. Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

The precise nature of the attack was unclear, including who launched it and what the motives were...

Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame's Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions. "The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren't in place," Chapple said...
The article also points out the U.S. government says it's "undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks....to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity. The White House has announced a 100-day initiative aimed at protecting the country's electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time. The Justice Department has also announced a new task force dedicated to countering ransomware attacks...

schwit1 shares a report from UPI: The State Department announced it has reached a $13 million settlement with U.S. defense contractor Honeywell International over allegations it exported technical data concerning fighter jets and other military vehicles to foreign countries, including China. The settlement resolves 34 charges the State Department leveled against the company for disclosing dozens of engineering prints showing dimensions, geometries and layouts for manufacturing parts for aircraft, gas turbine engines and military electronics.

Honeywell voluntarily informed the department in two disclosures that it had violated arms export control laws by sending the technical drawings to foreign countries, the State Department said in a statement. Honeywell had identified 71-controlled drawings that it had exported to Canada, Ireland, China and Taiwan between July 2011 and October 2015. "The U.S. government reviewed copies of the 71 drawings and determined that exports to and retransfers in the PRC of drawings for certain parts and components for the engine platforms for the F-35 Joint Strike Fighter, B-1B Lancer Long-Range Strategic Bomber and the F-22 Fighter Aircraft harmed U.S. national security," the document said. In a statement emailed to UPI, Honeywell explained it "inadvertently shared" the technology that was assessed as impacting national security during "normal business discussions" but remarked that the schematics were commercially available worldwide. "No detailed manufacturing or engineering expertise was shared," it said.

The company has agreed to pay the fine and have an external compliance officer oversee the consent agreement for at least 18 months as well as conduct an external audit of its compliance program.

An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. MacRumors reports: According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device to iOS 14.5. The data is based on a sampling of 2.5 million daily mobile active users. When looking at users worldwide who allow app tracking, the figure rises to 12% of users in a 5.3 million user sample size.

With the release of iOS 14.5, apps must now ask for and receive user permission before they can access a device's random advertising identifier, which is used to track user activity across apps and websites. Users can either enable or disable the ability for apps to ask to track them. Apple disables the setting by default. Since the update almost two weeks ago, Flurry's figures show a stable rate of app-tracking opt-outs, with the worldwide figure hovering between 11-13%, and 2-5% in the U.S. The challenge for the personalized ads market will be significant if the first two weeks end up reflecting a long-term trend.

The U.S. and U.K. released details on Friday about how Russia's foreign intelligence service operates in cyberspace, the latest effort to try to disrupt future attacks. From a report: The report contains technical resources about the group's tactics, including breaching email in order to find passwords and other information to further infiltrate organizations, in addition to providing software flaws commonly exploited by the hackers. It also offers details about how network administrators can counter the attackers' tactics. "The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, health-care and energy targets globally for intelligence gain," the two countries wrote in a Friday report authored jointly by the U.K.'s National Cyber Security Centre and three U.S. agencies, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.

An anonymous reader shares a report: It's safe to say WhatsApp didn't have the ideal start to 2021. Less than a week into the new year, the Facebook-owned instant messaging app had already annoyed hundreds of thousands of users with its scary worded notification about a planned policy update. The backlash grew fast and millions of people, including several high-profile figures, started to explore rival apps Signal and Telegram.

Even governments, including India's -- WhatsApp's biggest market by users -- expressed concerns. (In the case of India, also an antitrust probe.) The backlash prompted WhatsApp to offer a series of clarifications and assurances to users, and it also postponed the deadline for enforcing the planned update by three months. Now with the May 15 deadline just a week away, we are able to quantify the real-world impact the aforementioned backlash had on WhatsApp's user base: Nada. The vast majority of users that WhatsApp has notified about the planned update in recent months have accepted the update, a WhatsApp spokesperson told TechCrunch. And the app continues to grow, added the spokesperson without sharing the exact figures.

An anonymous reader quotes a report from The Intercept: Even as President Joe Biden called for Congress during his joint address last week to pass labor reform legislation, a slate of gig companies has spent over $1 million lobbying Congress to influence the PRO Act and other related issues in 2021 alone, according to newly released lobbying disclosures. Ride-hailing companies Uber and Lyft and delivery apps DoorDash and Instacart spent at least $1,190,000 on 32 lobbyists to persuade members of Congress on the PRO Act, first quarter disclosure reports show. The bill, which the House of Representatives passed in early March, would allow many gig workers to unionize and make it harder for companies to union-bust, among other changes.

Uber alone spent $540,000 in the first quarter of 2021 lobbying on "issues related to the future of work and the on-demand economy, possible anti-competitive activities that could limit consumers access to app-based technologies," the PRO Act, and other related labor issues. Lyft spent $430,000, DoorDash $120,000, and Instacart $100,000 on lobbying on the PRO Act and other issues, according to disclosures. The PRO Act would make the most pivotal changes to labor law since the 1970s. In addition to giving many gig workers the right to unionize, it would grant employees whistleblower protections and prohibit companies from retaliating against participants in strikes and other union-related activities. A 2019 report from Gallup commissioned by Intuit estimated that 17 percent of U.S. adults engaged in self-employment. These reforms threaten the profits of gig companies, which rely on a large and fluid group of independent contractors.

Starting next year, apps on Google Play will show details about what data they collect, as well as other information about their privacy and security practices, in a new safety section in their listing. From a report: The announcement comes just a few months after Apple started displaying similar privacy information in the App Store. In the same way Apple's policy covers both its own apps and those developed by third parties, Google says its first-party apps will also be required to provide this information. According to Google, the initiative is meant to "help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security." The section will detail what user data an app has access to (like location, contacts, or personal info like an email address), but Google says it also wants to let developers give context to explain how it's used and what it means for their apps' functionality.

In particular, Google says apps will give information about whether data is encrypted, whether they comply with Google's policies around apps aimed at children, and whether users can opt out of data sharing. Google says the information will also highlight whether a third party has verified the app's safety section, and whether users can request that their data be deleted. The new policy won't come into effect for several months, and Google says this should give developers enough time to implement the changes.

LeeLynx shares a report from The Register: The majority of Android and iOS apps created for US public and private schools send student data to assorted third parties, researchers have found, calling into question privacy commitments from Apple and Google as app store stewards. The Me2B Alliance, a non-profit technology policy group, examined a random sample of 73 mobile applications used in 38 different schools across 14 US states and found 60 percent were transmitting student data. The apps in question send data using software development kits or SDKs, which consist of modular code libraries that can be used to implement utility functions, analytics, or advertising without the hassle of creating these capabilities from scratch. Examples include: Google's AdMob, Firebase, and Sign-in SDKs, Square's OK HTTP and Okio SDKs, and Facebook's Bolts SDK, among others.

The data that concerns Me2B includes: identifiers (IDFA, MAID, etc), Calendar, Contacts, Photos/Media Files, Location, Network Data (IP address), permissions related to Camera, Microphone, Device ID, and Calls. About 49 percent of the apps reviewed sent student data to Google and about 14 percent communicated with Facebook, with the balance routing info to advertising and analytics firms, many among them characterized as high risk by the Me2B researchers. Among the public school apps, 67 per cent sent data to third parties; private school apps proved less likely to send data to third parties (57 percent). Interestingly, the research group found a signifiant difference across mobile platforms. According to The Register, "91 percent of student Android apps sent data to high-risk third parties while only 26 percent of iOS apps did so, and 20 percent of Android apps piped data to very high-risk third parties while only 2.6 percent of iOS did so."

The report adds: "Nonetheless, the researchers expressed concern that 95 percent of third-party data channels in the surveyed student apps are active even when the user is not signed in and that these apps send data as soon as the app is loaded."