Facebook agrees to $650M settlement to end Illinois privacy lawsuit

A judge has approved a settlement valued at $650 million from Facebook to end a privacy lawsuit, one which alleged the social network used facial recognition technology on user photos stored on its iPhone app without permission.

The lawsuit, which started in April 2015, alleged Facebook did not gain consent from users to use its facial tagging features on their photographs. Originally filed by Chicago attorney Jay Edelson on behalf of plaintiff Carlo Licata, the complaint claimed the consent-less tagging was not allowed under privacy laws in Illinois.

The case originated in Cook County Circuit Court before moving to Chicago federal court then California, reports the Chicago Tribune. On reaching California, the lawsuit attained class-action status.

The class in question constitutes approximately 6.9 million Facebook users in Illinois that Facebook created and stored a face template for after June 7, 2011. Close to 1.6 million claim forms were filed ahead of the November 23 deadline for joining, making up roughly 22% of potential class members.

Facebook went against the Illinois Biometric Information Privacy Act, the complaint alleged, which is among the toughest privacy laws in the United States. Part of the act requires companies to gain permission from users before being able to start using biometric systems with their data, which includes facial recognition systems.

U.D. District Judge James Donato called the settlement one of the largest of its kind for privacy, and a “landmark result” for class members. “Overall, the settlement is a major win for consumers in the hotly contested area of digital privacy,” said Donato.

Of the $650 million settlement, each class member is expected to receive at least $345, while three named plaintiffs will be awarded $5,000 apiece. Edelson will be paid $97.5 million in attorney’s fees and around $915,000 in expenses.

Checks could be sent out to class members within two months, though an appeal over the decision could still be made, prolonging the case.

The settlement news arrives at a time when Facebook is attacking Apple over its looming privacy-related changes. In concern for a potential loss of advertising revenue due to reduced tracking in iOS 14’s App Tracking Transparency, Facebook has attacked Apple with ad campaigns framing the changes as being bad for small businesses.

Reports have also surfaced claiming Facebook CEO Mark Zuckerberg has been repeatedly angered by Apple’s privacy stance, and that he wanted to “inflict pain” to the iPhone maker.

This is not the only privacy lawsuit Facebook faces over its biometric data usage. In August 2020, it was sued in a Redwood City, California state court for allegedly “collecting, storing, and profiting” from the biometric data of more than 100 million Instagram users, again over the use of facial recognition.

Portless 'iPhone 13' could restore iOS without needing a cable

A version of the “iPhone 13” that lacks a Lightning port could force changes to recovery processes, a report claims, with an “Internet Recovery” mode allowing for the reinstallation of iOS without needing to connect the iPhone to a Mac or PC.

Recovering an unresponsive iPhone usually requires it to be connected to another device, typically via the Lightning port on the base. If rumors of a port-less iPhone are true, the lack of a Lightning port or any other standard physical connection may make the device difficult to maintain.

To allow for a complete reinstallation of iOS on an unresponsive iPhone without a distinct physical connection, Apple is allegedly looking at ways to do so. Based on rumors from Appleosophy, the main way to do this is by something tentatively called “Internet Recovery.”

Apple’s software teams are said to be examining three ways to make the iPhone enter a mode that will allow it to recover.

The first method involves a user putting the iPhone into a manual recovery mode, triggering the Internet Restore broadcast. This is picked up by nearby Macs or a PC with iTunes installed, which will bring up prompts to guide the user through the rest of the restoration.

The second way is for the device itself to enter the mode automatically, again bringing up the same prompts. A third apparently involves using Bluetooth as a “last resort” measure to broadcast the signal and for data transfers.

Apple is thought to be interested in using the first two methods for recovery options, and has apparently been testing the processes for a while. However, it is claimed the processes are currently too slow for public use, indicating more work is needed on the subject.

While wireless recovery options are the main focus of the effort, physical access still isn’t being completely forgotten. A hardware team is apparently considering using pogo pads to initiate a physical connection, without requiring a standard port to be available.

Currently, it is suggested Apple could hide the pads at the back of the SIM card slot and use a custom SIM card tray cable to interface with them.

Hidden ports aren’t new to Apple, such as the one in the back of the Apple TV as well as the Apple Watch. However, it is claimed the team working on the problem isn’t allowed to make housing modifications, such as to shield the pads behind a door or panel, which could make development tougher.

Port-less iPhone rumors have circulated over the years, but have so far yet to be proven right. The relative lack of a track record for the outlet also makes it difficult to consider how genuine the rumor is at this time.

The “iPhone 13” is currently rumored to have an always-on display that could also run at 120Hz, a four-camera system on the back with LiDAR, a minimized notch, and the return of Touch ID.

Apple says Developer Transition Kit must be returned by March 31

Apple in an email sent out on Friday requested developers who took part in the Universal App Quick Start Program to return the Developer Transition Kit, a custom A12Z Bionic-powered Mac mini designed to prepare app makers for Apple Silicon Macs.

According to the letter, program participants have until March 31, 2021, to return the loaned DTK to Apple.

“Now that the new MacBook Air, Mac mini, and MacBook Pro powered by the Apple M1 chip are available, youll need to return the Developer Transition Kit (DTK ) that was loaned to you as part of the program. Please follow the instructions below to return the DTK, at no cost to you,” Apple says in a post to its dedicated Universal App Quick Start Program website.

Developer Steve Troughton-Smith notes carrier DHL will begin to collect the devices without prior warning starting March 8. That stands in contrast to U.S. protocols, which simply require developers to print out a prepaid shipping label and send the unit out via UPS.

Apple in the email reminds Quick Start Program members of a $500 one-time-use promo code that can be used toward the online purchase of a new M1 Mac or other Apple products. The code is not applicable to Apple Gift Cards and AppleCare+, the company says.

The company in early February notified members that it would soon request the return of DTK hardware. At the time, Apple said it would offer a $200 promotional code for the purchase of a 13-inch MacBook Pro, MacBook Air or Mac mini equipped with an M1 chip. That sum was bumped up to $500 — the cost of a DTK lease — after developers expressed disapproval of the original plan.

Fitted with an A12Z, the Mac mini was equipped with 16GB of RAM, a 512GB SSD, two USB-C ports, two USB 3.0 ports, HDMI 2.0 and Gigabit Ethernet, trappings designed to mimic the first M1 Mac computers. It came loaded with a beta version of macOS Big Sur and Xcode 12.

'Narcos' star Wagner Moura to star in Apple TV+ original 'Shining Girls'

Wagner Moura, best known for his turn as Pablo Escobar in Netflix series “Narcos,” will lead opposite Elisabeth Moss in Apple TV+ thriller “Shining Girls,” according to a report on Friday.

“Shining Girls” is a metaphysical, time travel thriller based on Lauren Beukes’ 2013 best-selling novel. The story revolves around a Depression-era drifter who discovers a key to a house that unlocks to different eras in Chicago’s history. In order to travel through the portal, however, he must murder women burning with potential.

Moss (“Mad Men,” “The West Wing”) is set to star as a reporter who survived an assault by the antagonist in the 1980s, and is now hunting him down. Moura will play Dan, a journalist breaking news of the copycat attacks, reports Deadline.

Showrunner Silka Luisa is adapting Beukes’ novel for television and will serve as an executive producer. Moss will also executive produce through studio Love & Squalor Pictures alongside Lindsey McManus.

Apple TV+ scored “Shining Girls” as part of a first-look deal with Leonardo DiCaprio’s Appian Way Productions. DiCaprio will executive produce with the Jennifer Davidson.

The show joins a growing Apple TV+ catalog that spans genres, from comedies like “Ted Lasso” to mystery/horror tale “Servant” and a variety of documentaries.

Mageia 8 has been released

[Distributions] Posted Feb 26, 2021 22:36 UTC (Fri) by jake

The Mageia distribution has announced the release of Mageia 8. It comes with the usual array of new packages, including a 5.10.16 kernel, Plasma 5.20.4, GNOME 3.38, Firefox 78, Chromium 88, LibreOffice 7.0.4.2, and more. “ARM support has continued to develop, with both AArch64 and ARMv7 now having all packages built and being close to primary architectures now. Support for Wi-Fi installation in the classical installer using WPA2 encryption has been added, as well as improved support for newer filesystems allowing installations on F2FS. Support for NILFS, XFS, exFAT and Windows 10 NTFS has been improved to allow for better partition management. The Live installer has also had significant development. Boot times have been greatly reduced with the use of Zstd compression and improved hardware detection and the support for installing updates as a final step of the installation has been added. Zstd compression has also been applied to the rescue mode, allowing for faster startup, support for encrypted LVM/LUKS has also been added.

Comments (none posted)

NSA Releases Guidance on Zero-Trust Architecture

A new document provides guidance for businesses planning to implement a zero-trust system management strategy.

The National Security Agency (NSA) today published a document to explain the zero-trust model and its benefits, challenges involved with implementation, and advice to navigate the process.

As cloud, multicloud, and hybrid network environments become the norm for businesses, the resulting complexity, combined with evolving threats, puts many at risk. Traditional perimeter-based network defenses with layers of security tools are often insufficient. Companies need a better way to protect infrastructure and provide granular access to data, services, and apps.

“The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses,” NSA officials wrote.

Zero trust requires strong authentication for both user and device identities. Use of multifactor authentication, which is recommended in this model, can make credential theft more difficult. 

The implementation of zero trust takes time and effort, but it doesn’t have to be done all at once. Many businesses may be able to incorporate zero-trust concepts into existing network infrastructure; however, the transition to a mature architecture often requires additional capabilities. Officials advise planning out the integration as a “continually maturing roadmap,” starting with initial preparation and continuing on to basic, intermediate, and advanced stages.

As with all major projects, there are challenges. Officials note potential roadblocks include lack of support from enterprise leadership or users. If leadership isn’t willing to provide the needed resources to sustain a zero-trust architecture, or users are allowed to bypass policies, then zero trust won’t prove beneficial, they say.

Read the full document here for more details.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

The Edge Pro Tip: Fasten Your Seatbelts

An unprecedented 2020 has shaken up security leaders’ usual list of must-have technologies for 2021. Where do they plan to spend next?

Read more about security leaders’ spending priorities here.

The Edge is Dark Reading’s home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

Recommended Reading:

More Insights

How to watch the Post Malone Pokemon 25 virtual concert on your iPhone, iPad, or Mac

Pokemon is holding a Post Malone concert in honor of its 25-year anniversary on February 27. Here’s how to watch the event on your iPhone, iPad, or Mac.

Pokemon day commemorates the anniversary of the release of the original versions of Pokemon Red and Pokemon Green in Japan in 1996. The Pokemon Company is holding a concert to kick off its yearlong celebration which will take place on Saturday, February 27 at 7:00 PM Eastern Time.

Direct links:

This virtual concert will feature Post Malone and “lots of unexpected surprises.” The Pokemon company also promises several P25 Music announcements at the end of the concert.

West: Post-Spectre web development

[Security] Posted Feb 26, 2021 19:55 UTC (Fri) by corbet

Mike West has posted a detailed exploration of what is really required to protect sensitive information in web applications from speculative-execution exploits. “Spectre-like side-channel attacks inexorably lead to a model in which active web content (JavaScript, WASM, probably CSS if we tried hard enough, and so on) can read any and all data which has entered the address space of the process which hosts it. While this has deep implications for user agent implementations’ internal hardening strategies (stack canaries, ASLR, etc), here we’ll remain focused on the core implication at the web platform level, which is both simple and profound: any data which flows into a process hosting a given origin is legible to that origin. We must design accordingly.

Comments (none posted)