News

An anonymous reader quotes a report from CBS News: Scientists and researchers are celebrating what they call a "dream" discovery after an exploratory drill confirmed a high concentration of helium buried deep in Minnesota's Iron Range. Thomas Abraham-James, CEO of Pulsar Helium, said the confirmed presence of helium could be one of the most significant such finds in the world. CBS News Minnesota toured the drill site soon after the drill rig first broke ground at the beginning of February. The discovery happened more than three weeks later at about 2 a.m. Thursday, as a drill reached its depth of 2,200 feet below the surface. According to Abraham-James, the helium concentration was measured at 12.4%, which is higher than forecasted and roughly 30 times the industry standard for commercial helium. "12.4% is just a dream. It's perfect," he said. Now that helium is confirmed to be underground in Babbitt, Abraham-James said the next phase of the project is a feasibility study by an independent third party to study the size of the well and whether it could support a full-service helium plant. "It's not just about drilling one hole, but now proving up the geological models, being able to get some really good data that wasn't captured in the original discovery," he explained. "It has the potential to really contribute to local society." The company said the feasibility study could take until the end of the year to complete.

Read more of this story at Slashdot.

Since implementing a remote-first policy in 2021, Yelp says it's experienced a surge in job applications and a more satisfied workforce. Fortune reports: Last year, the total number of job applicants was 43% higher compared to 2021, according to Yelp's 2024 Remote Work Report released earlier this month. The number of applicants for sales roles skyrocketed by 103%, and prospects for its general and administrative (G&A) positions shot up 52% over the same time period. Those increases fall in line with data that shows a tidal wave of applicants clamoring for remote jobs. "It's rewarding to see both the level of interest and the quality of our applicants," Carmen Amara, chief people officer at Yelp, told Fortune. "Remote work has allowed us to attract a number of candidates who previously would not have applied to Yelp due to their location." Despite arguments that remote work weakens workers' connections and growth opportunities, Yelp says it has found the opposite to be true. About 90% of the company's more than 4,700 employees say they have found effective ways to collaborate remotely, and 91% say they are confident in upward career mobility while working out of the office. Flexible schedules have also facilitated a healthy work-life balance -- about 89% of the company's workers say they can manage personal and professional demands, and the same amount say that the remote model has allowed them to make positive changes for their wellbeing. Notably, Yelp's global tenure has increased to 3.5 years in 2023, compared to 2.8 years the year prior. The company says it's using the money it saved from shutting down its underutilized offices in New York City, Chicago, and Washington D.C., to funnel back into employee benefits, professional development, and wellness reimbursements.

Read more of this story at Slashdot.

Emma Roth reports via The Verge: If you still haven't migrated your Oculus account to a Meta one, you might want to do that soon. In an email sent to users, the company says it will delete Oculus accounts on March 29th, 2024, preventing you from reactivating or retrieving your apps, in-app purchases, store credits, and more. You'll lose your achievements, friends list, and any content created with your Oculus account if you don't migrate to a Meta account before then. Oculus accounts have been on the way out since 2020, when the company then known as Facebook started requiring new users to sign up with Facebook accounts instead. However, it added the ability to create a Meta account in 2022, offering an alternative to users who didn't want to link their Facebook account to their Quest headset. Meta stopped letting users log in to their Oculus accounts in January 2023. If you've got a Quest gathering dust in a drawer somewhere, now's your last chance to migrate your Oculus account to a Meta one. You can migrate your account by heading to this page and signing up for a Meta account with the same email you've used for Oculus. From there, you'll be able to access all of the same games, data, and other purchases saved to your Oculus account.

Read more of this story at Slashdot.

The California Public Utilities Commission (CPUC) approved Alphabet's Waymo robotaxi service to operate in Los Angeles and some cities near San Francisco. Reuters reports: Waymo, which already operates in San Francisco and Phoenix, applied on Jan 19 to expand its driverless services, saying it would work with policymakers, first responders and community organizations. Last month, the CPUC suspended the application "for further staff review." "Waymo may begin fared driverless passenger service operations in the specified areas of Los Angeles and the San Francisco Peninsula, effective today," the regulator said on a notice posted to its website Friday.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Gizmodo: For 20 years, a loosely organized group of Wikipedia editors toiled away curating a collection of 15,000 articles on a single subject: the roads and highways of the United States. Despite minor disagreements, the US Roads Project mostly worked in harmony, but recently, a long-simmering debate over the website's rules drove this community to the brink. Efforts at compromise fell apart. There was a schism, and in the fall of 2023, the editors packed up their articles and moved over to a website dedicated to roads and roads alone. It's called AARoads, a promised land where the editors hope, at last, that they can find peace. "Roads are a background piece. People drive on them every day, but they don't give them much attention," said editor Michael Gronseth, who goes by Imzadi1979 on Wikipedia, where he dedicated his work to Michigan highways, specifically. But a road has so much to offer if you look beyond the asphalt. It's the nexus of history, geography, travel, and government, a seemingly perfect subject for the hyper-fixations of Wikipedia. "But there was a shift about a year ago," Gronseth said. "More editors started telling us that what we're doing isn't important enough, and we should go work on more significant topics." [...] The Roads Project had a number of adversaries, but the chief rival is a group known as the New Page Patrol, or the NPP for short. The NPP has a singular mission. When a new page goes up on Wikipedia, it gets reviewed by the NPP. The Patrol has special editing privileges and if a new article doesn't meet the website's standards, the NPP takes it down. "There's a faction of people who feel that basically anything is valid to be published on Wikipedia. They say, 'Hey, just throw it out there! Anything goes.' That's not where I come down." said Bil Zeleny, a former member of the NPP who goes by onel5969 on Wikipedia, a reference to the unusual spelling of his first name. At his peak, Zeleny said he was reviewing upwards of 100,000 articles a year, and he rejected a lot of articles about roads during his time. After years of frustration, Zeleny felt he was seeing too many new road articles that weren't following the rules -- entire articles that cited nothing other than Google Maps, he said. Enough was enough. Zeleny decided it was time to bring the subject to the council. Zeleny brought up the problem on the NPP discussion forum, sparking months of heated debate. Eventually, the issue became so serious that some editors proposed an official policy change on the use of maps as a source. Rule changes require a process called "Request for Comment," where everyone is invited to share their thoughts on the issue. Over the course of a month, Wikipedia users had written more than 56,000 words on the subject. For reference, that's about twice as long as Ernest Hemingway's novel The Old Man and the Sea. In the end, the roads project was successful. The vote was decisive, and Wikipedia updated its "No Original Research" policy to clarify that it's ok to cite maps and other visual sources. But this, ultimately, was a victory with no winners. "Some of us felt attacked," Gronseth said. On the US Roads Project's Discord channel, a different debate was brewing. The website didn't feel safe anymore. What would happen at the next request for comment? The community decided it was time to fork. "We don't want our articles deleted. It didn't feel like we had a choice," he said. The Wikipedia platform is designed for interoperability. If you want to start your own Wiki, you can split off and take your Wikipedia work with you, a process known as "forking." [...] Over the course of several months, the US Roads Project did the same. Leaving Wikipedia was painful, but the fight that drove the roads editors away was just as difficult for people on the other side. Some editors embroiled in the roads fights deleted their accounts, though none of these ex-Wikipedian's responded to Gizmodo's requests for comment. Bil Zeleny was among the casualties. After almost six years of hard work on the New Post Patrol, he reached the breaking point. The controversy had pushed him too far, and Zeleny resigned from the NPP. [...] AARoads actually predates Wikipedia, tracing its origins all the way back to the prehistoric internet days of the year 2000, complete with articles, maps, forums, and a collection of over 10,000 photos of highway signs and markers. When the US Roads Project needed a new home, AARoads was happy to oblige. It's a beautiful resource. It even has backlinks to relevant non-roads articles on the regular Wikipedia. But for some, it isn't home. "There are members who disagree with me, but my ultimate goal is to fork back," said Gronseth. "We made our articles license-compatible, so they can be exported back to Wikipedia someday if that becomes an option. I don't want to stay separate. I want to be part of the Wikipedia community. But we don't know where things will land, and for now, we've struck out on our own."

Read more of this story at Slashdot.

Paul Kunert writes in an exclusive report for The Register: IBM is asking staff who want to take voluntary redundancy to raise their hand as it embarks on a new round of global job cuts, though roles in Europe and within a handful of departments are expected to shoulder the brunt. The Resource Action, as Big Blue likes to euphemistically refer to layoffs, shouldn't be a massive surprise to anyone with more than a passing interest in IBM as it was signaled last month in a Q4 earnings call. Insiders told us this latest process is not considered to be financial but "transformative," although IBM was quite clear in January when CFO James Kavanaugh discussed achieving "$3 billion annual run rate in savings by the end of 2024." This is a third bigger than the initial ambition. The Reg understands that 80 percent of the reduction target is aimed at Enterprise Operations & Support (EO&S) and Q2C missions, Finance & Operations (including Procurement, CIO, HR, Marketing & Comms and Global Real Estate). The European Works Council, one IBMer told us, has informed staff that circa 50 percent of IBM's reduction goal will impact staffing levels across the European continent. As if often the preferred route, IBM is seeking employees that are happy to take voluntary redundancy, rather than ditching someone that doesn't want to leave. The sources we spoke to did not reveal the total population in scope for redundancies or the numbers of volunteers being sought. IBM did not confirm the numbers either. [...] Slovakia, we're told, is to feel the tightest squeeze with around a third of IBM's cuts in Europe landing on its International (shared services) Center in Bratislava; the Center in Hungary that supports EO&S/ Q2C, as well as the Finance function in Bulgaria are also going to absorb what our sources described as the most dramatic staff reductions.

Read more of this story at Slashdot.

The Supreme Court of Canada ruled today that police must now have a warrant or court order to obtain a person or organization's IP address. CBC News reports: The top court was asked to consider whether an IP address alone, without any of the personal information attached to it, was protected by an expectation of privacy under the Charter. In a five-four split decision, the court said a reasonable expectation of privacy is attached to the numbers making up a person's IP address, and just getting those numbers alone constitutes a search. Writing for the majority, Justice Andromache Karakatsanis wrote that an IP address is "the crucial link between an internet user and their online activity." "Thus, the subject matter of this search was the information these IP addresses could reveal about specific internet users including, ultimately, their identity." Writing for the four dissenting judges, Justice Suzanne Cote disagreed with that central point, saying there should be no expectation of privacy around an IP address alone. [...] In the Supreme Court majority decision, Karakatsanis said that only considering the information associated with an IP address to be protected by the Charter and not the IP address itself "reflects piecemeal reasoning" that ignores the broad purpose of the Charter. The ruling said the privacy interests cannot be limited to what the IP address can reveal on its own "without consideration of what it can reveal in combination with other available information, particularly from third-party websites." It went on to say that because an IP address unlocks a user's identity, it comes with a reasonable expectation of privacy and is therefore protected by the Charter. "If [the Charter] is to meaningfully protect the online privacy of Canadians in today's overwhelmingly digital world, it must protect their IP addresses," the ruling said. Justice Cote, writing on behalf of justices Richard Wagner, Malcolm Rowe and Michelle O'Bonsawin, acknowledged that IP addresses "are not sought for their own sake" but are "sought for the information they reveal." "However, the evidentiary record in this case establishes that an IP address, on its own, reveals only limited information," she wrote. Cote said the biographical personal information the law was designed to protect are not revealed through having access to an IP address. Police must use that IP address to access personal information that is held by an ISP or a website that tracks customers' IP addresses to determine their habits. "On its own, an IP address does not even reveal browsing habits," Cote wrote. "What it reveals is a user's ISP -- hardly a more private piece of information than electricity usage or heat emissions." Cote said placing a reasonable expectation of privacy on an IP address alone upsets the careful balance the Supreme Court has struck between Canadians' privacy interests and the needs of law enforcement. "It would be inconsistent with a functional approach to defining the subject matter of the search to effectively hold that any step taken in an investigation engages a reasonable expectation of privacy," the dissenting opinion said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users' access to their Facebook, Google and TikTok accounts. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. YX International claims to send 5 million SMS text messages daily. But the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database's public IP address. Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world's largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. The database had monthly logs dating back to July 2023 and was growing in size by the minute. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. The database went offline a short time later.

Read more of this story at Slashdot.

Stack Overflow has launched an API that will require all AI models trained on its coding question-and-answer content to attribute sources linking back to its posts. And it will cost money to use the site's content. From a report: "All products based on models that consume public Stack Overflow data are required to provide attribution back to the highest relevance posts that influenced the summary given by the model," it confirmed in a statement. The Overflow API is designed to act as a knowledge database to help developers build more accurate and helpful code-generation models. Google announced it was using the service to access relevant information from Stack Overflow via the API and integrate the data with its latest Gemini models, and for its cloud storage console.

Read more of this story at Slashdot.

Rates of obesity in the U.S. and around the world have more than doubled over the past three decades, according to a new study in The Lancet. From a report: More than 1 billion people worldwide now have obesity, a sign of worsening nutrition that's also raising the risk of leading causes of death and disease such as high blood pressure, cancer and diabetes. The global rate of obesity more than doubled among women, from 8.8% to 18.5%, and nearly tripled in men, from 4.8% to 14.0%, between 1990 and 2022, according to research that pulls from over 3,600 studies. The obesity rate among children and adolescents increased by roughly four times, from 1.7% to 6.9% in girls and 2.1% to 9.3% in boys. Just over 4 in 10 adults and 2 in 5 kids in the U.S. are obese. The U.S. now has the world's 10th-highest male obesity rate and 36th-highest female obesity rate. In 1990, the U.S. had the world's 17th-highest male obesity rate and the 41st-highest female obesity rate.

Read more of this story at Slashdot.

Energy-related emissions of carbon dioxide hit a record high in 2023, the International Energy Agency (IEA) said in a report on Friday. The IEA analysis showed that it rose by 410 million tonnes, or 1.1%, in 2023 to 37.4 billion tonnes. From a report: "Far from falling rapidly -- as is required to meet the global climate goals set out in the Paris Agreement -- CO2 emissions reached a new record high," the IEA said. However, the Paris-based watchdog also found clean energy including wind and solar energy, as well as electric vehicles, had helped to offset the impact of the continued burning of coal and oil growth, which was 1.3% in 2022. The reopening of China's economy after the COVID-19 pandemic and a recovery in the aviation sector contributed to an overall rise, the IEA said in its report. Severe droughts last year in China, the United States, India, and other countries hampered hydropower production. It accounted for around 40% of the rise in emissions or 170 million tonnes of CO2. "Without this effect, emissions from the global electricity sector would have fallen in 2023," the IEA said. Carbon dioxide emissions from coal accounted for the remaining increase. The IEA analysis showed that 2023 was the first year in which at least half of electricity generation in industrialized countries came from low-emission sources such as renewable energy and nuclear power. Energy-related emissions in the United States fell by 4.1%, and 9% in the European Union, driven by a surge in renewable power generation.

Read more of this story at Slashdot.

Startup wind-down services are seeing rapid growth as failed startups look for help shutting down. Pitchbook: On the phone with a founder who recently wound down his seed-stage software startup, I asked him what his plan was next. Having laid off all of his employees in autumn of last year, he was the last man standing: tasked with the thankless job of shutting down the company, returning capital, and dealing with tax documents. To handle the bureaucracy, the founder used Sunset, one of the companies that sprung up last year to respond to the burgeoning industry of failed startups. In a sign of the times, such wind-down startups are growing rapidly. Sunset saw 9x quarter-over-quarter revenue growth and a 65% monthly customer growth rate between November 2023 and January 2024. Competitor SimpleClosure, which closed a $4 million seed round this month led by Infinity Ventures, has passed the $1 million mark in annualized revenue and also recorded a monthly growth rate of over 50% in the same period. Since its public launch in September, the startup's revenue has increased more than 14x. Even larger startups are interested in the additional help. "We've now had multiple companies that have become customers that have raised tens of millions [in venture funding]," said Dori Yona, co-founder and CEO of SimpleClosure. In early February, equity management platform Carta joined the bandwagon: CEO Henry Ward announced in a blog post a new startup shutdown service, Carta Conclusions. "[T]he work of dissolving a company is exceptionally unpleasant. It is also, by definition, zero-value to the founder, the company, and the world," Ward wrote. Carta's entrance could disrupt its competitors, given its existing relationships with a large customer base of startups and access to internal startup data on cap table management, which could help it to accurately target prospects. Founders never want to think about the possibility of failure, but the vast majority of startups never make it to a successful liquidity event.

Read more of this story at Slashdot.

Nikon is working with NASA to make a mirrorless camera that astronauts will use during the agency's incoming Artemis III mission to document their return to the Moon. From a report: On Thursday, NASA announced that it had entered a Space Act agreement with Nikon to develop the Handheld Universal Lunar Camera (HULC), a camera system designed to capture imagery in low light and survive the harsh lunar environment. The crewed Artemis III mission -- which will launch "no earlier than September 2026" -- aims to explore the lunar south pole, a region of the Moon that contains water ice within permanently shadowed craters. That makes it an area of scientific interest, but the extreme lighting and temperature conditions pose particular technical challenges for operating equipment within the lunar south pole region. Nikon's full-frame Z9 flagship has already been used in thermal, vacuum, and radiation testing before the agreement, with a modified version of the camera forming the base of the HULC system alongside Nikkor lenses. The HULC design also implements thermal blankets designed by NASA to protect the camera from dust and extreme temperatures and modified electrical components to minimize potential issues caused by radiation. A custom grip with modified buttons has been used to make it easier for suited crew members to operate the camera system while wearing gloves.

Read more of this story at Slashdot.

Russian space officials have acknowledged a continuing air leak from the Russian segment of the International Space Station, but said it poses no danger to its crew. From a report: The Roscosmos state corporation said that specialists were monitoring the leak and the crew "regularly conducts work to locate and fix possible spots of the leak." It said in a statement carried by Russian news agencies: "There is no threat to the crew or the station itself." Joel Montalbano, Nasa's station project manager, had noted on Wednesday that the leak in the Russian segment has increased but emphasised that it remained small and posed no threat to the crew's safety or vehicle operations. As the space outpost is ageing, the crew has to spend more time to repair and maintain it, Roscosmos said. Russian space officials first reported a leak in the Zvezda module in August 2020 and later that year Russian crew members located what they believed was its source and tried to fix it. In November 2021, another potentially leaky spot was found in a different part of the Russian section of the station. Roscosmos and Nasa have said the leak posed no danger to the crew and did not affect operations on the station. There have been other glitches. In October, coolant leaked from an external backup radiator for Russia's new science lab, Nauka, although its main thermal control system was working normally and space officials said the crew and the station were not in danger.

Read more of this story at Slashdot.

Apple is reversing its previous decision to remove support for Home Screen web apps in iOS 17.4 for EU users. Apple's statement: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA. The need to remove the capability was informed by the complex security and privacy concerns associated with web apps to support alternative browser engines that would require building a new integration architecture that does not currently exist in iOS. We have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability in the EU. This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS. Developers and users who may have been impacted by the removal of Home Screen web apps in the beta release of iOS in the EU can expect the return of the existing functionality for Home Screen web apps with the availability of iOS 17.4 in early March.

Read more of this story at Slashdot.

HP launched a subscription service this week that rents people a printer, allots them a specific amount of printed pages, and sends them ink for a monthly fee. From a report: HP is framing its service as a way to simplify printing for families and small businesses, but the deal also comes with monitoring and a years-long commitment. Prices range from $6.99 per month for a plan that includes an HP Envy printer (the current model is the 6020e) and 20 printed pages. The priciest plan includes an HP OfficeJet Pro rental and 700 printed pages for $35.99 per month. HP says it will provide subscribers with ink deliveries when they're running low and 24/7 support via phone or chat (although it's dubious how much you want to rely on HP support). Support doesn't include on or offsite repairs or part replacements. The subscription's terms of service (TOS) note that the service doesn't cover damage or failure caused by, unsurprisingly, "use of non-HP media supplies and other products" or if you use your printer more than what your plan calls for. HP calls this an All-In-Plan; if you subscribe, the tech company will be all in on your printing activities. One of the most perturbing aspects of the subscription plan is that it requires subscribers to keep their printers connected to the Internet. HP seeks two-year subscriber commitments, charging up to $270 plus taxes if canceled early.

Read more of this story at Slashdot.

A number of government agencies in the European Union and elsewhere have voiced concerns about security risks as Apple opens up its iPhones and iPads to rival app stores to comply with EU tech rules, Apple said on Friday. From a report: Under the Digital Markets Act, from March 7 Apple will be required to offer alternative app stores on iPhones and allow developers to opt out of using its in-app payment system, which charges fees of up to 30%. The U.S. tech giant, which on Jan. 24 detailed the changes to bring its App Store in line with the EU rules, said "sideloading" has sparked concerns from both EU and non-EU government agencies and users.

Read more of this story at Slashdot.

Google is cracking down on rooted Android devices, blocking multiple people from using the RCS message feature in Google Messages. From a report: Users with rooted phones -- a process that unlocks privileged access to the Android operating system, like jailbreaking iPhones -- have made several reports on the Google Messages support page, Reddit, and XDA's web forum over the last few months, finding they're suddenly unable to send or receive RCS messages. One example from Reddit user u/joefuf shows that RCS messages would simply vanish after hitting the send button. Several reports also mention that Google Messages gave no indication that RCS chat was no longer working, and was still showing as connected and working in Google Messages. In a statement sent to the Verge where we asked if Google is blocking rooted devices from using RCS, Google communications manager Ivy Hunt said the company is "ensuring that message-issuing/receiving devices are following the operating measures defined by the RCS standard" in a bid to prevent spam and abuse on Google Messages. In other words, yes, Google is blocking RCS on rooted devices.

Read more of this story at Slashdot.

An anonymous reader shares a report: Google pulled more than a dozen popular Indian apps including recruitment platform Naukri, matrimony service Shaadi, audio storytelling platforms Kuku FM and Stage and real-estate manager 99acres from Play Store on Friday after warning that it will be taking actions against developers who have persistently not complied with its billing policies, escalating a three-year dispute in what is the company's largest market by users. Google said that 10 companies in the country, including "many well-established" names it did not disclose, had avoided paying fees despite benefiting from the platform. The Android-maker, owned by Alphabet, said a small group of developers in India had more than three years to prepare and comply with Play Store's payments policy but opted against it. These firms continue to comply with payment policies of other app stores, Google said. Some Android apps of matrimony platforms Shaadi, Matrimony.com and Bharat Matrimony were pulled from the Play Store Friday. Info Edge's Naukri and 99acres, audio storytelling apps Kuku FM and Stage, Alt Balaji's Altt, dating service Quack Quack were also axed from the store. Murugavel Janakiraman, chief executive of Bharat Matrimony, said Google had pulled about 10 of the Indian firm's apps from the store. Bharat Matrimony is evaluating legal options, he told TechCrunch, adding that he believes Google has violated an Indian antitrust watchdog's order in its removal of the apps today. It's a "dark day for the India internet," he added. Lal Chand Bisu, co-founder and chief executive of Kuku FM lambasted at Google, saying the Android-maker had turned "the most evil" partner to do business with and the Indian startup ecosystem was "completely" in its control.

Read more of this story at Slashdot.

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk. As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies. Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating. Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable. The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff. This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.

Read more of this story at Slashdot.