364 prison inmates housed across a series of Idaho corrections facilities stole nearly $225,000 worth of digital credits by exploiting a vulnerability in tablets provided by JPay company, according to the Press. JPay is a noon governmental company that provides digital services like email, music, games, and money transfer to prison inmates.

 JPay provides inmates with access to the outside world, and some prisons often adopt its services to help with rehabilitation and education. It does not appear to use taxpayer money to fund any of its services, nor does any of its revenue from digital sales typically go to the state. Instead, JPay will either let family members or friends of inmates purchase the tablet for them, or it will foot the bill for the device itself, as it did for 53,000 inmates in the New York State prison system earlier this year.

 The company appears to earn revenue in part by charging inmates for email use and digital media downloads, by using a credit system to do so. “Having one of these tablets helps your loved ones pass the time, keep engaged and stay connected to you,” reads the company’s product page for the JP5 tablet. By “intentionally exploiting a vulnerability within JPay to improperly increase their JPay account balances,” hundreds of inmates credited their own accounts, Idaho Department of Correction spokesman Jeff Ray explained in a statement. 

According to the AP, some of the inmates gave themselves $1,000 in credits, while the largest amount was just under $10,000 worth. “This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Ray added.

Hundreds of YouTube channels have had their videos removed from the site following a BBC investigation that found the widespread promotion of an essay-writing service as a way for students to cheat at school.

During last summer’s Champion’s League Final in Cardiff, Wales, South Wales Police began a facial recognition pilot program designed to check event-goers against a database of 500,000 images of persons of interest. Almost a year later, The Guardian reports that the pilot yielded 2,470 potential matches, of which, 2,297 were found to be “false positives.”

In a records request (via Wired), the South Wales Police revealed that at events such as the 2017 Champion’s League Final, the Automated Facial Recognition (AFR) ‘Locate’ system flagged 2,470 people — with only 173 positive matches. Figures from the report reveal that of the 2,685 alerts from 15 events, only 234 have been “True Positives”, with another 2,451 false positives. But in its press release, the SWP note they’ve made 2,000 positive matches and have used that information to make 450 arrests in the past nine months. We’ve reached out to the SWP to ask about the differences in numbers, and will update if we hear back.

AFR works by taking live feeds from CCTV cameras mounted at specific locations or on vehicles, and matches faces against a database of 500,000 images. In instances where the system flags someone, an officer will either disregard it, or will send officers to speak with the individual in question. “If an incorrect match has been made” the SWP explains, “officers will explain to the individual what has happened and invite them to see the equipment along with providing them with a Fair Processing Notice.” The force also says that there have been no arrests in the event of a false positive.

They explain that no facial recognition program is 100 percent accurate, and that technical issues “will continue to be a common problem for the foreseeable future.” The SWP also notes that a number of the false positives were the result of poor-quality images provided by other agencies.

Despite that high number of false positives results, the SWP say that the pilot has been a “resounding success,” and that the “overall effectiveness of facial recognition has been high.” But while the pilot has yielded some arrests (the SWP also note that they have been cognizant of the privacy risks), Wired cites privacy groups such as Big Brother Watch, which have criticized the technology as a “dangerously inaccurate policing tool,” and indicated that they will be launching a campaign against the technology next month in parliament.

Last December, Ashley Sehatti sold her 2015 Jetta back to a local Volkswagen dealership in California. So when the calendar turned over, she didn’t understand why she was still getting sent monthly reports about the car’s health. After another one came in April, she finally logged on to VW’s online portal for Car-Net, the telematics system that runs in many of the company’s modern cars.

VOLKSWAGEN DOESN’T WIPE CAR-NET ACCOUNTS EVEN IF THE CAR IS RESOLD THROUGH A DEALER

What Sehatti hadn’t realized is that Volkswagen puts the burden of disabling access to Car-Net squarely on the customer in its terms of service agreement when they decide to sell or exchange a car — even if the car is going back to a VW dealer. If a VW owner sells their car without disabling Car-Net, and the vehicle’s next owner doesn’t immediately sign up for the service, there’s a chance that the previous owner could still have access to compromising information about that car.

Google will implement new transparency rules concerning US election ads this week. In a blog post, Google Senior Vice President Kent Walker says that anyone who wants to purchase election ads in the US will now be required to prove that they’re a US citizen or resident by providing a “a government-issued ID and other key information.”

Google also says that it will begin to release a new Transparency Report that will outline who is purchasing political ads, and how much they’re spending, and will also roll out a “searchable library” for users to search through to find the identity of advertisers.

The move follows updated policies from Facebook, which said earlier last month that it will require advertisers and page managers to verify their identity if they want to run ads around political issues.

Google’s smartwatch platform, Wear OS, is getting several updates that should make interacting with Google Assistant more convenient with watches using the platform.

AT&T is skipping out on the LG G7 in favor of an unnamed LG device to be released this summer. Now, thanks to a leak from AndroidHeadlines, we know that phone may be the LG V35 ThinQ.
The biggest change from the V30S ThinQ to the V35 ThinQ seems to be the cameras, which are reportedly getting the same upgrade as the G7’s rear shooters: a pair of dual 16-megapixel sensors. And while details for the internal hardware haven’t made their way online yet, it would stand to reason that the V35 ThinQ would offer an upgraded Snapdragon 845 processor over last year’s 835.