With the presidential election fast approaching, recent moves by the Trump administration appear designed to undermine the security and integrity of the vote. And that's not even counting the long-standing Postal Service shenanigans. Facebook rolled out a series of measures this week designed to minimize how much it contributes to the problem, including message-forwarding limits that have already helped WhatsApp fight misinformation.
Porn sites haven't gotten much better at taking down nonconsensual deepfake videos; if anything, recent research suggests that the problem has gotten appreciably worse. Apple accidentally gave malware its "notarized" seal of approval, letting it run on macOS despite being one of the most prolific forms of adware on Macs. And a critical flaw in a WordPress plug-in put hundreds of thousands of sites at risk; it's fixed now, but make sure you update to the latest version of File Manager with haste.
Apple and Google have rejiggered their role in contact tracing, taking the burden off of public health authorities to make their own apps. In other Google news, we looked at how the company uses so-called dark patterns in its search results and privacy settings, the last in our month-long series on manipulative UX.
Elsewhere we took a look at the controversial geofencing warrants that use smartphone location data to place suspects at the scenes of crimes. We explored how the FBI has improved the way it notifies hacking victims, and we showed you how to protect the data on your laptop.
If you have a little extra time this weekend, it's worth checking out the talk that cryptographer Seny Kamara gave recently about how his field too frequently overlooks marginalized communities.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
The summer of wayward cyberteens continues. Authorities have arrested a 16-year-old they say launched a rudimentary distributed denial-of-service attack against Miami-Dade County schools. Despite using Low Orbit Ion Cannon, a dated DDoS tool that most systems should have little trouble handling, the Florida teen was able to disrupt remote learning in the district for several days. The high school suspect's court date is set for October 8.
Speaking of Florida, take some time to read this Tampa Bay Times investigation of predictive policing in Pasco County, which feels like a particularly dystopian version of the increasingly popular practice. County law enforcement have repeatedly harassed suspected future-criminals, the report says, often without warrants or probably cause. Cities like Los Angeles and Chicago have abandoned their predictive policing programs in recent years, citing a lack of efficacy and inconsistent targeting. Not so in Pasco County.
Motherboard this week reports that Amazon has used discreet access to private Facebook groups for drivers in its Flex program to monitor potential problems for the company, including organized labor initiatives. The analysis extends to Reddit forums, Twitter, and other websites where Flex drivers might gather. The company also created a tool that monitors posts in those spaces in real time and sorts the topics of conversation into dozens of searchable categories. The revelation comes the same week that Amazon published job listings for "intelligence analysts" who could among other duties "track labor organizing threats." Amazon took the posts down after public outcry.
There's new evidence that a Mexican drug cartel may be loading up cheap drones with explosives to use as weapons. They wouldn't be the first; ISIS used the technique, and Venezuelan president Nicolas Madura was targeted by two DJI M600 drones in 2018, each carrying 1 kilogram of C-4 explosive. But each new incident of drones breaking bad is a reminder that, after all these years, there's still no great (legal) way to stop them.