Long-time Slashdot reader dyork brings new from The Internet Society: IPv6 deployment hit a milestone this month related to the four major US providers (Verizon Wireless, T-Mobile USA, Sprint, AT&T): "IPv6 is the dominant protocol for traffic from those mobile networks to major IPv6-capable content providers."
A graph on their "World IPv6 Launch" site shows those carriers are now delivering close to 55% of their traffic over IPv6 to major IPv6-capable content providers -- up from just 37.59% in December. "This is really remarkable progress in the four years since World IPv6 Launch in 2012, and the growth of IPv6 deployment in 2016 is showing no signs of abating." In fact, the NTIA is now requesting feedback from organizations that have already implemented IPv6, noting that while we've used up all the 4.3 billion IPv4 addresses, IPv6 offers 340 undecillion IP addresses -- that is, 340 followed by 36 digits.

An anonymous reader writes from a report via Baltimore Sun: Civil rights groups have complained to the FCC over the Baltimore Police Department's use of stingray phone tracking devices. They claim that "the way police use it interferes with emergency calls and is racially discriminatory." Baltimore Sun reports: "The complaint argues that the police department doesn't have a proper license to use the devices and is in violation of federal law. It calls on regulators at the Federal Communications Commission to step in and formally remind law enforcement agencies of the rules. 'The public is relying on the Commission to carry out its statutory obligation to do so, to fulfill its public commitment to do so, and to put an end to widespread network interference caused by rampant unlicensed transmissions made by BPD and other departments around the country,' the groups say in the complaint. Police in Baltimore acknowledged in court last year that they had used the devices thousands of times to investigate crimes ranging from violent attacks to the theft of cellphones. Investigators had been concealing the technology from judges and defense lawyers and after the revelations Maryland's second highest court ruled that police should get a warrant before using a Stingray. The groups argue that surveillance using the devices also undermines people's free speech rights and describe the use of Stingrays as an electronic form of the intrusive police practices described in the scathing Justice Department report on the police department's pattern of civil rights violations."

Slashdot reader Nicola Hahn writes: While reporters clamor about the hacking of the Democratic National Committee, NSA whistleblower James Bamford offers an important reminder: American intelligence has been actively breaching email servers in foreign countries like Mexico and Germany for years. According to Bamford documents leaked by former NSA specialist Ed Snowden show that the agency is intent on "tracking virtually everyone connected to the Internet." This includes American citizens. So it might not be surprising that another NSA whistleblower, William Binney, has suggested that certain elements within the American intelligence community may actually be responsible for the DNC hack.

This raises an interesting question: facing down an intelligence service that is in a class by itself, what can the average person do? One researcher responds to this question using an approach that borrows a [strategy] from the movie THX 1138: "The T-H-X account is six percent over budget. The case is to be terminated."
To avoid surveillance, the article suggests "get off the grid entirely... Find alternate channels of communication, places where the coveted home-field advantage doesn't exist... this is about making surveillance expensive." The article also suggests "old school" technologies, for example a quick wireless ad-hoc network in a crowded food court. Any thoughts?

The Edmonton Police Service has admitted to Motherboard that it owns a Stingray and that it used the [surveillance] device in the past during investigations. After Vancouver cops admitted to using the phone tracker to investigate an abduction in 2007, Motherboard called up other local police stations in Canada to ask if they had also previously used one. As you can imagine, the other stations kept mum. In the US, Stingrays are a regular part of government and law enforcement agencies' surveillance arsenal. But Vancouver's and Edmonton's police services are the first law enforcement offices in Canada to confirm that they've used the device. Motherboard adds: According an emailed statement from police spokesperson Anna Batchelor, Edmonton's cops have "used the device in the past during investigations," but would not release any additional details in order to "to protect [Edmonton Police Service] operations." Until now, the only law enforcement in the country known to use the devices was the Royal Canadian Mounted Police, the country's analogue to the US Federal Bureau of Investigation. These suitcase-sized surveillance tools have been used in the past by the Vancouver and Toronto police, but the Vancouver police have said they borrowed the Stingray from the RCMP, and in Toronto an RCMP technician was on hand, at least in that incident. The Edmonton police's comment to Motherboard is the first time a local police department in Canada has publicly admitted to owning a Stingray device.

Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.

More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.
In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.

An anonymous Slashdot reader quotes a report from ABC News: A new Illinois law limits how police can use devices that cast a wide net in gathering cellphone data... [Stingray] gathers phone-usage data on targets of criminal investigations, but it also gathers data on other cellphones -- hundreds or even thousands of them -- in the area. The new law requires police to delete the phone information of anyone who wasn't an investigation target within 24 hours. It also prohibits police from accessing data for use in an investigation not authorized by a judge.

A dozen other states have adopted such regulations, and Congress is considering legislation that would strengthen federal guidelines already in place... Privacy advocates worry that without limits on how much data can be gathered or how long it can be stored, law enforcement could use the technology to build databases that track the behavior and movement of people who are not part of criminal investigations.
Earlier this month a U.S. judge threw out evidence gathered with Stingray for the first time, saying that without a search warrant, "the government may not turn a citizen's cell phone into a tracking device." The ACLU has identified 66 agencies in 24 states using Stingray technology, "but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide."

This week saw the release of the Moto Z Droid and Force Droid, new Android smartphones from Motorola and Lenovo with snap-on modules. Slashdot reader MojoKid writes that the Z Force Droid "is sheathed behind Moto ShatterShield technology making it virtually indestructible." Motorola guarantees it not to crack or shatter if dropped... However, what's truly standout are Moto Mods, which are snap-on back-packs of sorts that add new features, like the JBL Speaker, Moto Insta-Projector and Incipio OffGrid Power Pack (2220 mAh) mods... Even the fairly complex projector mod fires up in seconds and works really well.
But the Verge has called it "a good phone headed down the wrong path," adding "this company is competing in the global smartphone market, not a high school science fair, and its success will depend on presenting better value than the competition, not cleverer design. Without the benefit of the value-projecting fairy dust of brands like Apple and Beats, Lenovo will have an uphill climb trying to justify its Moto Mods pricing with functionality and looks, and our review has shown that none of the company's extras are essential."

An anonymous reader writes from a report via The Verge: Corning has unveiled their new Gorilla Glass 5, which should make its way to high-end smartphones and other electronic devices later this year and into 2017. Gorilla Glass 5 is designed to improve drop performance from devices that are dropped onto rough surfaces from waist heigh to shoulder height. Corning says it can survive up to 80 percent of the time when dropped from 1.6 meters. For comparison, Gorilla Glass 4, which was released in the fall of 2014, was marketed as being twice as tough as the previous version and twice as likely to survive drops onto uneven surfaces from about a meter high. Some things to note include the fact that in Corning's tests, the 80 percent survival rate was with pieces of glass that were 0.6mm thick -- Corning now makes glass as thin as 0.4mm. Depending on how thin manufacturers want the glass in their devices, the durability results may vary. Also, most of demos consisted of dropping the glass face down, rather than on its side or corner. Corning's vice president and general manger John Bayne said if the glass is dropped in such a way, it's going to depend on the overall design of the phone, not just the glass. Gorilla Glass 5 is currently in production, though the company says we'll hear more about it "in the next few months." There's no word as to whether or not the glass will be ready in time for the wave of devices expected this fall.

An anonymous reader write: To address the problem of motorists killed by police officers, Shervin Pishevar, the Iranian-born VC who backed Uber, is suggesting an app that allows police officers to communicate with motorists during traffic stops without either party leaving their vehicles. USA Today reports that Pishevar "says he has slept very little in the past 48 hours as he seeks input from law enforcement, software engineers and designers, lawmakers and from community members," and he's now working with former New York City police commissioner. Engadget has criticized Pishevar's proposal, writing "Dear Silicon Valley, not everything can be solved with apps."

At midnight on Friday, Uber also shut down their service for one minute "to create a moment of reflection for the Uber Community,", and also added a peace sign to their app, encouraging its users to "take a moment to think about what we can do to help," and changed the countdown for the arrival of a car into the amount of time left "to reflect on gun violence".

The Independent newspaper reports that the warrantless NSA surveillance programs revealed by Edward Snowden are facing a constitutional challenge in court for the first time: Lawyers for Mohamed Mohamud have argued that surveillance evidence used to convict the Somali-American man, found guilty of plotting to bomb a Christmas tree-lighting ceremony, was gathered in a manner that was unconstitutional. The lawyers laid out their arguments on Wednesday before a panel of judges of the 9th US Circuit Court of Appeals in Portland, close to the plaza where Mohamud tried detonating a fake bomb that was part of an undercover operation...

Stephen Sady, Mohamud's lawyer, urged the court to grant his client a new trial on the grounds that the evidence used against Mohamud should never have been permitted in the courtroom. Mr Sady told the judges that using surveillance information on foreigners, which does not require a warrant, to spy on any Americans they communicate with was "an incredible diminution of the privacy rights of all Americans⦠That is a step that should never be taken."
Last year saw a record number of wiretaps authorized by state and federal judges -- 4,148, more than twice as many as the 1,773 that took place in 2005 -- and not a single request was rejected. (More than 95% were for cellphones, and 81% for narcotics investigations.) But The Independent notes that U.S. law enforcement officials have admitted they also "incidentally" collect information about Americans without a warrant, and then sometimes later use that information in criminal investigations. In Mohamud's case, which dates back to 2010, "There's no doubt he tried to explode a car bomb in America," writes Slashdot reader Bruce66423, arguing that this case "elegantly demonstrates the issue of how far legal rights should overwhelm common sense."

An anonymous reader writes: The Samsung Galaxy S7 Active is apparently not-so-active. It should be the more durable version of the Galaxy S7 family but apparently it's not. Because of this, Consumer reports is not going to mark it as "Recommended" even though it performed very well in all the other tests it ran. [Jerry Beilinson writes from Consumer Reports:] "Consumer Reports technicians placed a Galaxy S7 Active in a water tank pressurized to 2.12 pounds-per-square-inch, the equivalent of just under five feet of water, and set a timer for 30 minutes. When we removed the phone, the screen was obscured by green lines, and tiny bubbles were visible in the lenses of the front- and rear-facing cameras. The touchscreen wasn't responsive. Following our standard procedure when a sample fails an immersion test, we submitted a second Galaxy S7 Active to the same test. That phone failed as well. After we removed it from the tank, the screen cycled on and off every few seconds, and moisture could be seen in the front and back camera lenses. We also noticed water in the slot holding the SIM card. For a couple of days following the test, the screens of both phones would light up when the phones were plugged in, though the displays could not be read. The phones never returned to functionality." Samsung has said "The Samsung Galaxy S7 active device is one of the most rugged phones to date and is highly resistant to scratches and IP68 certified. There may be an off-chance that a defective device is not as watertight as it should be." Although, given the fact that Consumer Reports tested multiple devices, Samsung could have a widespread issue on their hands. They company said it is investigating the issue.

An anonymous reader writes from a report via The Hill: Late Tuesday night, the Federal Communications Commission ruled that the entire federal government is exempt from consumer protection laws that limit unwanted robocalls. They ruled that the Telephone Consumer Protection Act of 1991 doesn't apply to the federal government, while the law does bar businesses from making numerous autodialed or prerecorded calls to a person's cellphone. The FCC did also make contractors working on behalf of the government exempt from the law as well. Earlier this year, a Supreme Court case found that the law does not apply to the government because of sovereign immunity. However, the FCC ruled that the government falls outside the law's definition of a "person." "Indeed, had Congress wanted to subject the federal government to the TCPA, it easily could have done so by defining 'person' to include the federal government," according to the ruling. Therefore, contractors hired by members of Congress can robocall individuals to participate in town halls, government researchers can place autodialed calls to the cellphones of survey respondents, and contractors can make similar calls to offer information about social security. The ruling does not apply to lawmakers who are using the calls for political campaigns.

An anonymous reader writes: Apple has patented a system that prohibits smartphone users from taking photos and videos at concerts, movie theaters and other events where people tend to ignore such restrictions. The patent has been award to Apple today and was first spotted by Patently Apple. QZ reports: "It outlines a system which would allow venues to use an infrared emitter to remotely disable the camera function on smartphones. According to the patent, infrared beams could be picked up by the camera, and interpreted by the smartphone as a command to block the user from taking any photos or videos of whatever they're seeing. The patent also outlines ways that infrared blasters could actually improve someone's experience at a venue. For example, the beams could be used to send information to museum-goers by pointing a smartphone camera at a blaster placed next to a piece of art." The report also mentions that the patent could in theory be used to help police limit smartphone filming of acts of brutality, or help a government shut off filming in certain locations. Last week, SlashGear reported that Alicia Keys is the latest musician to ban cellphones at her events.

An anonymous reader cites an Engadget report:Over the years we've seen Plex's media software run across a number of different devices, from PCs to game consoles to NAS and cellphones. Now, it's teamed up with Western Digital for what it says is the first portable Plex Media Server. The hardware is handled by the My Passport Wireless Pro, a battery-powered portable hard drive that can run standalone for 10 hours, charge mobile devices, and back up data via SD or USB 3.0. The all-in-one box can even create a WiFi network to sync with mobile devices or stream media to any device running Plex. The 2TB version is ready to take your stuff on the go for $230, and upgrading to 3TB only costs an extra $20.

Shane McGlaun, reporting for SlashGear:It appears that artists of all sorts are getting very serious about keeping fans from using smartphones while they are at their concerts or events. The latest musician to ban cell phones at her events is Alicia Keys. Fans aren't forced to give up their smartphones at the door to be locked up in some locker or box until the show is over. Rather, fans are handed a special pouch that is locked up with their smartphone inside the fan keeps that pouch with them during the event, but they can't get to the device to call, take photos, or shoot video. If they need to use their device during the show the users can go back to the door and a worker passes a disc about the size of a bagel over the bag to unlock it and the fan can step outside to use their smartphone.

An anonymous reader quotes the San Jose Mercury News technology blog: "The $400 million awarded to Apple in a patent-infringement case against Samsung is a moving target... On Friday, the U.S. Department of Justice filed a "friend of the court" brief to the Supreme Court, asking justices to void the $400 million award and send the case back to a lower court to determine if a new trial is needed... Samsung has argued that it should be liable only for profits attributable to a specific design that violated a patent, not an entire phone, and that the law should be interpreted to impose liability related to "components of the phones, rather than the phones themselves, according to the brief. The department came down on Samsung's side on the component argument, and blasted a federal circuit court ruling that had upheld the jury award.
Ironically, earlier this week Steve Wozniak was praising Samsung for its innovation, both in virtual reality headsets and with a Samsung camera that takes a picture whenever you say "smile".

An anonymous reader writes: In 2014 Facebook introduced a feature which can use your phone's microphone to identify songs you're listening to -- but "we don't record your conversations," they're reminding users. A mass communication professor at the University of South Florida tried discussing specific topics near her phone, then discovered Facebook appeared to be showing ads related to what she'd said. Though she wasn't convinced there was a link, the Independent newspaper reported that "The claim chimes with anecdotal reports online that the site appears to show ads for things that people have mentioned in passing."

An official statement Thursday reiterated that "Facebook does not use your phone's microphone to inform ads or to change what you see in News Feed." But another news site sees these concerns as a reminder of all the permissions users routinely grant to their apps. "Go into your phone's application settings and you'll see a whole list of what an app like Facebook has access to: your camera, your location, your contacts, and, yes, your microphone too. How about this for a warning? By downloading Facebook you give the app 'permission to record audio at any time without your confirmation.' Tom's Guide security editor Paul Wagenseil says Facebook can...listen to your conversations...but it would be illegal to do so."
Meanwhile, the FBI "can neither confirm nor deny" that it's ever tapped an Amazon Echo device.

An anonymous reader writes:Sudden cardiac arrest is usually fatal. But Seattle's Fire Department has joined with the city's Medic One Foundation to develop an app which alerts emergency dispatchers and also CPR-trained bystanders when someone needs CPR. The PulsePoint app also shows the location of the nearest defibrillator, and Seattle's mayor says he hopes it will save lives. A Spokane version of the app is already credited with helping to save the life of an infant, and the Medic One Foundation hopes to work with more local fire department to bring the app to the rest of Washington State.

An anonymous reader quotes this report from Engadget: Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the 'indirect costs' of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue...

To his credit, Reichl notes that he'd like to move to encryption as soon as he believes it's possible. You can also verify that you're getting a signed download, if you're worried. However, it's still contradictory to develop a security-centric app and decide that security should take a back seat.
An update on the site says the software's version information file is now digitally signed, adding that KeePass "neither downloads nor installs any new version automatically. Users have to do this manually... users should check whether the file is digitally signed... HTTPS cannot prevent a compromise of the download server; checking the digital signature does."

Researchers have now demonstrated that even with modern laptop, desktop, and server computers, an inexpensive attack can harvest 4,096-bit encryption keys using a parabolic microphone within 33 feet -- or even from 12 inches away, using a cellphone microphone. An anonymous reader quotes this article from The Register: In both cases it took an hour of listening to get the 4,096-bit RSA key... As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components... The team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.