Man Pleads Guilty To Illegally Accessing Hundreds Of Snapchat Accounts And Sending Nude Photos

BUFFALO, N.Y.-U.S. Attorney James P. Kennedy Jr. announced today that David Mondore, 29, of New York, New York, pleaded guilty before Senior U.S. District Judge William M. Skretny to accessing a protected computer without authorization and, by means of such conduct, furthering the intended fraud and obtaining anything of value. The charge carries a maximum penalty of five years in prison and a $250,000 fine.

Assistant U.S. Attorney Charles M. Kruly, who is handling the case, stated that between July 2018 and August 2020, the defendant gained unauthorized access to, and control of, Snapchat accounts belonging to third parties. After doing so, Mondore often located nude “selfie” photos saved in the victims’ “My Eyes Only” folder, which the defendant then saved to his own phone.

After gaining unauthorized access to a victim’s Snapchat account, Mondore typically sent messages from the Snapchat account to the victim’s Snapchat contacts, sending them under the ruse that the first victim needed the second victim’s Snapchat login credentials to access the second victim’s account. After receiving the second victim’s login credentials and gaining unauthorized access to the second victim’s Snapchat account, Mondore sent a text message to the second victim using a smartphone application that allowed him to anonymize his true phone number. The text message purported to be from Snapchat Security and requested—as a way of verifying that the second victim’s Snapchat account had been legitimately accessed—that the second victim send the passcode for his or her “My Eyes Only” folder. After the second victim sent his or her “My Eyes Only” passcode, Mondore could, and did, gain unauthorized access to the second victim’s “My Eyes Only” folder, from which he could locate and save the second victim’s nude photos. After gaining access to the second victim’s Snapchat account, the defendant then repeated this pattern of activity by using the second victim’s Snapchat account to contact, and then gain unauthorized access to, Snapchat accounts belonging to the second victim’s Snapchat contacts.

For example, in December 2019, Victim 1 received a Snapchat message from a Snapchat account belonging to an acquaintance known as Victim 2. The person who contacted Victim 1 from Victim 2’s Snapchat account asked Victim 1 for her Snapchat login credentials so that Victim 2 could use Victim 1’s Snapchat account to verify whether Victim 2 had been “blocked” by another Snapchat user. Victim 1 sent her Snapchat login credentials to Victim 2. Victim 1 then received a text message purporting to be from Snapchat Security, but which was, in reality, sent from the defendant’s smartphone. The text message stated that Victim 1’s Snapchat account had been locked and could only be unlocked if Victim 1 provided the passcode for her “My Eyes Only” folder. After gaining access to Victim 1’s “My Eyes Only” folder, Mondore sent an explicit photo of Victim 1 to 116 of Victim 1’s Snapchat contacts with a caption reading: “Flash me back if we are besties.” Four of Victim 1’s Snapchat contacts responded by sending the defendant explicit photos of themselves.

Mondore gained unauthorized access to Snapchat accounts belonging to 14 victims in the Western District of New York. The defendant admits that he gained unauthorized access to at least 300 Snapchat accounts belonging to victims both in the Western District of New York and elsewhere.

The plea is the result of an investigation by the Federal Bureau of Investigation, under the direction of Special Agent-in-Charge Stephen Belongia.

Sentencing is scheduled for September 29, 2021, before Judge Skretny.

via Online Criminal Justice News

June 16, 2021 at 07:30PM

TikTok Quietly Updated Its Privacy Policy to Collect Users’ Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform.

The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes.

“We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection,” the ByteDance-owned company said in a newly introduced section called “Image and Audio Information.”

On top of this, the company’s privacy policy also notes that it may collect information about “the nature of the audio, and the text of the words spoken in your User Content” so as to “enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.”

Besides not clearly defining the exact nature of biometrics being collected or offering a convincing reason as to why this data gathering is necessary in the first place, the vaguely worded language could allow TikTok to amass such sensitive data without users’ explicit consent.

Given that only a handful of states in the U.S. — California, Illinois, New York, Texas, and Washington — have laws restricting companies from collecting such data, the move could mean that TikTok doesn’t have to ask permission from its users in other states, as noted by TechCrunch. In other words, users are agreeing to have their biometric data collected simply by agreeing to its terms of service.

The revisions to its privacy policy come months after TikTok agreed to pay $92 million to settle a class-action lawsuit that alleged the app violated the Illinois’ Biometric Information Privacy Act (BIPA) by clandestinely capturing biometric and personal data from users in the U.S. to targets ads without meeting the informed consent requirements of the state law.

As part of the settlement, TikTok complied to avoid collecting or storing biometric information, biometric identifiers, geolocation, or GPS data unless expressly disclosed in its privacy policy. Viewed in this light, it’s possible that the changes are a result of this agreement.

Found this article interesting? Follow THN on






to read more exclusive content we post.

via The Hacker News

June 5, 2021 at 07:33AM

Florida makes it illegal for Facebook and Twitter to ban politicians

Florida Gov. Ron DeSantis, speaks during the Conservative Political Action Conference (CPAC) in Orlando, Florida, on Friday, Feb. 26, 2021.

Florida Gov. Ron DeSantis yesterday signed a bill into law to stop what he called the “censorship” of conservatives on social-media websites such as Twitter and Facebook. The law is likely to be challenged in court and has been described as blatantly unconstitutional by legal experts and advocacy groups across the political spectrum.

But Florida’s governor and legislature were undeterred by the possibility that courts will strike down the law as violating the First Amendment. The law gives Floridians the right to sue Big Tech companies over content-moderation decisions and prohibits the companies from “deplatforming” political candidates and journalistic enterprises. It is scheduled to take effect on July 1.

“This session, we took action to ensure that ‘We the People’—real Floridians across the Sunshine State—are guaranteed protection against the Silicon Valley elites,” DeSantis, who has a Harvard University law degree, said in a press release. “Many in our state have experienced censorship and other tyrannical behavior firsthand in Cuba and Venezuela. If Big Tech censors enforce rules inconsistently, to discriminate in favor of the dominant Silicon Valley ideology, they will now be held accountable.” Lt. Gov. Jeanette Nuñez said the law is important because many Floridians “know the dangers of being silenced or have been silenced themselves under communist rule.”

The new law (full text) carves out an exception for tech companies that happen to also own theme parks. That would exempt both Disney and Comcast, the latter of which owns NBCUniversal including Universal Theme Parks. Specifically, the law exempts “any information service, system, Internet search engine, or access software provider operated by a company that owns and operates a theme park or entertainment complex as defined in [Florida law].” To qualify for the exemption, the company’s theme park or entertainment complex must be “comprised of at least 25 contiguous acres,” provide “permanent exhibitions and a variety of recreational activities,” and have “a minimum of 1 million visitors annually.”

While the governor’s announcement didn’t explain the theme-park exemption, it said that “Floridians treated unfairly by Big Tech platforms will have the right to sue companies that violate this law—and win monetary damages. This reform safeguards the rights of every Floridian by requiring social-media companies to be transparent about their content moderation practices and give users proper notice of changes to those policies, which prevents Big Tech bureaucrats from ‘moving the goalposts’ to silence viewpoints they don’t like.”

Additionally, the Florida attorney general “can bring action against technology companies that violate this law, under Florida’s Unfair and Deceptive Trade Practices Act.” Companies that violate the law “will be restricted from contracting with any public entity.”

Ban on banning politicians

The prohibition on kicking politicians off social media platforms allows the Florida Election Commission to “impose fines of $250,000 per day on any social media company that deplatforms any candidate for statewide office, and $25,000 per day for deplatforming candidates for non-statewide offices.”

The law says that “[a] social media platform may not willfully deplatform a candidate for office who is known by the social media platform to be a candidate” and that the “platform must provide each user a method by which the user may be identified as a qualified candidate.” Deplatform is defined as “the action or practice by a social media platform to permanently delete or ban a user or to temporarily delete or ban a user from the social media platform for more than 14 days.”

DeSantis objected to the banning of then-President Donald Trump, who was kicked off Twitter and Facebook for inciting violence. “Any Floridian can block any candidate they don’t want to hear from, and that is a right that belongs to each citizen—it’s not for Big Tech companies to decide,” the governor’s announcement said.

US Sen. Ron Wyden (D-Ore.) blasted Florida’s leaders in a statement yesterday. “Following Donald Trump’s lead, Republican-led states are determined to pass laws to force websites and apps to host lies, misinformation and other slime, with full knowledge that those laws are unconstitutional,” Wyden said. “The latest such example out of Florida—which compels online sites to host the speech of politicians—is particularly egregious, and an invitation for extremists, racists and liars to register as political candidates just to keep their posts online.”

While numerous experts believe the Florida law will eventually be struck down, Supreme Court Justice Clarence Thomas recently argued that social media platforms could be regulated as “common carriers.”

Defining censorship

Nuñez claimed that there has been “an effort to silence, intimidate, and wipe out dissenting voices by the leftist media and big corporations. Today, by signing SB 7072 into law, Florida is taking back the virtual public square as a place where information and ideas can flow freely. Many of our constituents know the dangers of being silenced or have been silenced themselves under communist rule. Thankfully in Florida we have a governor that fights against big tech oligarchs that contrive, manipulate, and censor if you voice views that run contrary to their radical leftist narrative.”

The law requires social media platforms to “publish the standards, including detailed definitions, it uses or has used for determining how to censor, deplatform, and shadow ban” and to “apply censorship, deplatforming, and shadow banning standards in a consistent manner among its users on the platform.” It also says the platforms “may not take any action to censor, deplatform, or shadow ban a journalistic enterprise based on the content of its publication or broadcast,” unless the content is “obscene.”

The law defines censorship as “any action taken by a social media platform to delete, regulate, restrict, edit, alter, inhibit the publication or republication of, suspend a right to post, remove, or post an addendum to any content or material posted by a user,” and “actions to inhibit the ability of a user to be viewable by or to interact with another user of the social media platform.” Shadow banning is defined as actions “to limit or eliminate the exposure of a user or content or material posted by a user to other users of the social media platform.”

Supreme Court precedent may doom Florida law

Experts who say the new law is unconstitutional cite a previous case in which a similar Florida law was struck down. After DeSantis announced the proposal in February, First Amendment attorney Ari Cohn told Law & Crime that it “raises the same issue as a previous Florida law which required newspapers that criticized a political candidate to publish that candidate’s response.” In the 1974 case, Miami Herald v. Tornillo, “the Supreme Court struck down the law, ruling that it violated the newspapers’ First Amendment right to choose which content to run or not run,” Cohn said. That case involved a law enacted in 1913.

The Law & Crime article continued:

Professor Daxton “Chip” Stewart, a media law expert who referred to the proposal as “hilariously unconstitutional,” said that DeSantis exhibited a fundamental misunderstanding of corporations’ rights.

“Basically, DeSantis seems to forget that private companies like Facebook and Twitter have First Amendment rights, too,” Stewart noted. “The government can’t force them to host speech they don’t want to, or threaten punishment like these absurd fines for refusing to give platforms to people they find intolerable. Just as a platform can remove accounts of terrorists or the KKK or a cabal that conspires to violently overthrow the government, they can remove accounts of any other individual.”

EFF and TechFreedom agree

The Electronic Frontier Foundation cited the same case. “Since Tornillo, courts have consistently applied it as binding precedent, including applying Tornillo to social media and Internet search engines, the very targets of the [Florida] Transparency in Technology Act (unless they own a theme park),” EFF General Counsel Kurt Opsahl wrote earlier this month. “Indeed, the compelled speech doctrine has even been used to strike down other attempts to counter perceived censorship of conservative speakers.”

On the Lawfare blog in March, TechFreedom Internet Policy Counsel Corbin Barthold and President Berin Szóka also pointed to the Miami Herald v. Tornillo case as an example of why the new law won’t pass constitutional muster. The Supreme Court “has repeatedly held that digital media enjoy the same First Amendment protection as traditional media,” they wrote.

“Only once has the Supreme Court upheld a ‘fairness’ or ‘equal time’ mandate on privately owned media. But that was a special case,” they wrote. “In 1969, Red Lion Broadcasting Co. v. FCC upheld the Federal Communication Commission’s Fairness Doctrine only because broadcast frequencies are scarce, they are owned by the public, and the government licenses their use—clear ‘state action.'”

DeSantis’ argument that Big Tech companies are monopolistic is similar to an argument rejected in the 1974 case, they wrote. “The plaintiff in Miami Herald made a similar argument—and, indeed, many local markets really did have only a single newspaper,” Barthold and Szóka wrote. “Yet the court ruled that no degree of monopoly power could diminish the First Amendment’s protection of newspapers’ editorial discretion.”

Section 230 also protects websites

Wyden pointed out that Section 230 of the Communications Decency Act is also relevant. That US law gives legal immunity to online platforms that block or modify content posted by users.

“The First Amendment to the United States Constitution—backstopped by Section 230—makes it abundantly clear that states have no power to compel private companies to host speech, especially from politicians,” Wyden said. “People eager to chip away at core First Amendment protections for speech must remember that the consequences won’t just impact content they dislike—they’ll apply to everything. Government control of speech on, or off-line, will inevitably be abused by those in power, as made crystal clear by Republican state legislatures at home, and governments abroad like India and China that are already censoring critics.”

via Ars Technica

May 25, 2021 at 02:56PM