Met police say suspect is accused of harassment and offences under the Online Safety Act

A man has been arrested after several men in political circles were targeted in an alleged honeytrap plot.

The Metropolitan police said the suspect was held in Islington, north London on Wednesday accused of harassment and offences under the Online Safety Act.

• Plastic beer cups thrown at manager after Slovenia draw
• Southgate: ‘I understand the narrative towards me’

Gareth Southgate talked about being in “an unusual environment” after having plastic beer cups thrown at him by England fans and hearing his team booed off after their 0-0 draw with Slovenia on Tuesday night.

Although a point was enough for England to go through to last 16 as winners of Group C, the reaction in the stands at the Cologne Stadium was hardly complimentary after another ineffective attacking ­display against opponents ranked 57th in the world.

The captain is too good a passer to be left up front, too good a poacher to be a No 10 and not fit enough to do both

Around 48 minutes into this musty, vaguely icky game – a game that felt like it was a few weeks past its sell-by date, a game that came coated in a thin, unidentifiable layer of mildew – Bukayo Saka got the ball in England’s right channel and played a simple short pass into Harry Kane.

For all his current travails, the vagaries of form and fitness, Kane is nothing if not a fearsome striker of a football. When he really connects, as he did here, the ball simply explodes off his boot: all gunpowder and venom and pure, coiled power. Two problems. First, Kane was facing away from goal. Second, he wasn’t actually attempting a shot but, in fact, trying to bring the ball under control.

It had been universally accepted that England needed a performance to reinvigorate their fans here in ­Germany after the toil of their ­opening Euro 2024 ties against Serbia and Denmark. One of the principal takeaways from a claustrophobic and emotional night was that the fans were certainly connected.

Moved to boo at the interval after a display that lacked bite, they raised the intensity in the second period, belting out their songs for almost the duration of it. There was something faintly heroic about their efforts. They got louder and louder because they believed that a goal was coming. And if they did not believe, they sang anyway, ­losing themselves in the moment, the occasion. Call it blind faith.

• France finish second after 1-1 draw with Poland
• ‘We will be ready for the round of 16,’ says manager

Didier Deschamps has conceded France have made life difficult for themselves after failing to top Group D but said he is optimistic his team will fully click in the last 16 and that they should treat the knockout stage as “a new competition”. France, two-time European champions, finished second after recording a single victory and failing to score a goal themselves in open play.

Kylian Mbappé’s penalty on his return was not enough to secured victory against the eliminated Poland, with the former Borussia Dortmund striker Robert Lewandowski equalising from the spot in the 79th minute.

Locals at the Green Duck in Stourbridge are fiercely proud of England’s star player

“They adore him. Everyone around here adores him. What he’s done, it’s absolutely ridiculous,” says 26-year-old football fan Kyle Jackson.

It’s nearly an hour before the kick-off in England’s final group game against Slovenia on Tuesday evening and the benches of the Green Duck Brewery in Stourbridge are already packed – and Jude Bellingham is the player everyone is waiting to watch.

• Group C match in Cologne kicks off at 8pm (BST)
• Denmark v Serbia – live with John Brewin

Conor presses really well and his forward running is an important asset. We think he can stretch them defensively and also win second balls in midfield.

We’ve spoken to the players about trying to win the ball higher, and then use it with more composure. We’ve been very honest about our assessment of our performances; we know there’s more to come. But we can talk all we like, we have to go and do it.

#ConnorGallagher is already trending. Come on England fans: if you’re gonna slag him off, at least show your support by spelling his name correctly.

Peter Soulsby says party should be reminding Leicester East voters about sex and drug allegations against former MP

Keith Vaz could be re-elected as an MP because Labour is failing to highlight that he was disgraced in office amid drug and sex allegations, the Labour mayor of Leicester has said.

Peter Soulsby said he was “disappointed and frustrated” by his party’s complacency, which could allow the former Europe minister to win back his former seat of Leicester East.

There was the moment of unbridled joy Kylian Mbappé had presumably visualised in recent days: whipping off his black mask and celebrating before thousands of France supporters in the imposing, iconic steep Sudtribune. He struck a second-half penalty to relieve France’s goalscoring frustrations but by the end of a stodgy team performance he cut a contrasting figure, fidgeting with the mechanics of his mask in sticky heat. Mbappé was easily France’s best player but the bad news for France was there was another returning forward in the shape of Robert Lewandowski, who earned an unlikely point, also scoring from the spot.

It was a damaging goal with ramifications in Group D, Austria beating France to top spot. Lewandowski, Poland’s all-time record goalscorer and captain who scored 74 goals for Borussia Dortmund, had to retake his penalty after the France goalkeeper Mike Maignan jumped off his line prematurely to save his effort from 12 yards. Lewandowski kept his cool to repeat the same staggered run-up, waiting for Maignan to blink first, and he squeezed his shot into the same corner down to the goalkeeper’s right. Mbappé moved towards the touchline to ask questions of the fourth official, Rade Obrenovic, about the validity of Lewandowski’s second effort. There would be no reprieve.

Charity says it has ‘breathing space’ after donation, as Liverpool food bank network also receives ‘incredible gift’

Taylor Swift has a convoy of at least 50 trucks for her Eras tour, and now her donations to food banks in every UK city in which she performs have enabled one charity to use a lorry of its own.

Thanks to a discreet donation by Swift – the largest donation by an individual that Cardiff Foodbank has ever received – the charity says it has the “breathing space” to try something different.

A lawyer’s offer, a judgment that foretold years of legal wrangling, and diplomatic pressure all played a part in the release of the WikiLeaks founder

It was, as his friends described it, the “last kick of the British establishment”. At 2am on Monday, Julian Assange, the founder of Wikileaks, was woken in his small cell in the high-security Belmarsh prison, south-east London, and ordered to dress before being put in handcuffs.

It was the beginning of the end of Assange’s incarceration in Britain but it was going to be on his jailers’ terms.

Unesco officials recommend adding Wiltshire stone circle amid fears road scheme would compromise its integrity

Stonehenge is likely to be put on a list of world heritage sites that are in danger because of the plan to build a tunnel under the precious landscape.

Unesco officials have recommended adding the Wiltshire stone circle and the area around it to the list because of concerns that the tunnel would “compromise the integrity” of one of the Earth’s great prehistoric sites.

Other lenders likely to follow suit as analysts say cuts of up to 0.31 percentage points could fuel ‘summer of savings’

• Business live – latest updates

HSBC and Barclays are cutting rates on their fixed mortgage deals in what some brokers claim could be the start of a “summer of savings” for homebuyers and those looking to remortgage.

Barclays has reduced rates by more than 0.25 percentage points in some cases from Tuesday, and its cuts led to a quick response from HSBC, which said it would be cutting rates across its home loans range with effect from Wednesday.

Heart-lifting adaptation of Doyle’s children’s novel follows cheeky 12-year-old Mia as she faces the loss of her beloved granny

Roddy Doyle’s novel for kids, about childhood grief, has been turned into a gorgeous family animation with a big heart, charming without being too sugary. It’s a gentle introduction to death with its non-religious message that in the end, when someone dear to us dies, what we are left with is their love, and what they have shown us about how to love.

A cheeky, flame-haired 12-year-old Dublin girl called Mary, voiced by Mia O’Connor, wants to be a famous chef when she grows up. The movie opens with Mary competing for the summer camp at an elite catering school. When the snooty judges criticise her tarte tartin, Mary’s grandmother Emer (Rosaleen Linehan) lets rips at “the eejits with the clipboards”. Back at home, granny Emer falls ill and is rushed to hospital. The news is not good and, what with her granny being sick, plus hormones, Mary is raging. There’s real warmth in the scenes at home: her exhausted, worried mum Scarlett (Sharon Horgan) doesn’t cook (“this spag bol is about as Italian as Bono”), dad is cheerful taxi driver Paddy (Brendan Gleeson), and there’s two galumphing brothers; everyone drinks endless cups of tea.

Gerard Gorman faced unimaginable horror as an 11-year-old boarder in County Armagh. The pain haunted him for decades – then he took on the church

It was November 1970 and Northern Ireland was sliding into the Troubles, but for Gerard Gorman, a new pupil at St Colman’s College, the horror of that era began when Fr Malachy Finegan summoned him into a room, closed the door and told him to sit on a sofa.

Gorman was 11 years old and small for his age, with big blue eyes. Two months earlier, he had started as a boarder at the Catholic boys’ school in Newry, County Armagh. Staff tended to be aloof or intimidating, except Finegan, the religious education teacher, who was solicitous and avuncular.

Many describe Hunt as a good local MP but some are looking to tactical voting to punish the Conservatives

The beautiful Surrey Hills are well known for two things: a high concentration of some of the UK’s richest residents, who commute from the “stockbroker belt” to well-paying jobs in London, and some of the country’s most popular cycling routes.

The two combined on a recent chilly Saturday morning in a 100km bike ride that passed through the picturesque lanes of the newly created Godalming and Ash constituency. Most of the 10 riders from Velo Club Godalming Haslemere were happy to chat politics as they pedalled up (and down) 1,168 metres of the county’s steepest hills on customised carbon-fibre racing bikes, some of which cost more than a family car.

Enlarge (credit: Getty Images)

Often times, when I am researching something about computers or coding that has been around a very long while, I will come across a document on a university website that tells me more about that thing than any Wikipedia page or archive ever could.

It's usually a PDF, though sometimes a plaintext file, on a .edu subdirectory that starts with a username preceded by a tilde (~) character. This is typically a document that a professor, faced with the same questions semester after semester, has put together to save the most time possible and get back to their work. I recently found such a document inside Princeton University's astrophysics department: "An Introduction to the X Window System," written by Robert Lupton.

X Window System, which turned 40 years old earlier this week, was something you had to know how to use to work with space-facing instruments back in the early 1980s, when VT100s, VAX-11/750s, and Sun Microsystems boxes would share space at college computer labs. As the member of the AstroPhysical Sciences Department at Princeton who knew the most about computers back then, it fell to Lupton to fix things and take questions.

Read 10 remaining paragraphs | Comments

Enlarge / New research lends further credence to the "population crash" theory about Easter Island being just a myth. (credit: Arian Zwegers/CC BY 2.0)

For centuries, Western scholars have touted the fate of the native population on Easter Island (Rapa Nui) as a case study in the devastating cost of environmentally unsustainable living. The story goes that the people on the remote island chopped down all the trees to build massive stone statues, triggering a population collapse. Their numbers were further depleted when Europeans discovered the island and brought foreign diseases, among other factors. But an alternative narrative began to emerge in the 21st century that the earliest inhabitants actually lived quite sustainably until that point. A new paper published in the journal Science Advances offers another key piece of evidence in support of that alternative hypothesis.

As previously reported, Easter Island is famous for its giant monumental statues, called moai, built some 800 years ago and typically mounted on platforms called ahu. Scholars have puzzled over the moai on Easter Island for decades, pondering their cultural significance, as well as how a Stone Age culture managed to carve and transport statues weighing as much as 92 tons. The first Europeans arrived in the 17th century and found only a few thousand inhabitants on a tiny island (just 14 by 7 miles across) thousands of miles away from any other land. Since then, in order to explain the presence of so many moai, the assumption has been that the island was once home to tens of thousands of people.

But perhaps they didn't need tens of thousands of people to accomplish that feat. Back in 2012, Carl Lipo of Binghamton University and Terry Hunt of the University of Arizona showed that you could transport a 10-foot, 5-ton moai a few hundred yards with just 18 people and three strong ropes by employing a rocking motion. [UPDATE: An eagle-eyed reader alerted us to the 1980s work of Czech experimental archaeologist Pavel Pavel, who conducted similar practical experiments on Easter Island after being inspired by Thor Heyerdahl's Kon Tiki. Pavel concluded that just 16 men and one leader were sufficient to transport the statues.]

Read 14 remaining paragraphs | Comments

Today just so happens to be the 40th birthday of X, the venerable windowing system that’s on its way out, at least in the Linux world. From the original announcement by Robert W. Scheifler:

I’ve spent the last couple weeks writing a window system for the VS100. I stole a fair amount of code from W, surrounded it with an asynchronous rather than a synchronous interface, and called it X. Overall performance appears to be about twice that of W. The code seems fairly solid at this point, although there are still some deficiencies to be fixed up.

We at LCS have stopped using W, and are now actively building applications on X. Anyone else using W should seriously consider switching. This is not the ultimate window system, but I believe it is a good starting point for experimentation. Right at the moment there is a CLU (and an Argus) interface to X; a C interface is in the works. The three existing applications are a text editor (TED), an Argus I/O interface, and a primitive window manager. There is no documentation yet; anyone crazy enough to volunteer? I may get around to it eventually.

↫ Robert W. Scheifler

Reading this announcement email made me wonder if way back then, in 1984, the year of my birth, there were also people poo-pooing this new thing called “X” for not having all the features W had. There must’ve people posting angry messages on various BBS servers about how X is dumb and useless since it doesn’t have their feature in W that allows them to use an acoustic modem to send a signal over their internal telephone system by slapping their terminal in just the right spot to activate their Betamax that’s hotwired into the telephone system.

I mean, W was only about a year old at the time, so probably not, but there must’ve been a lot of complaining and whining about this newfangled X thing, and now, 40 years later, long after it has outgrown its usefulness, we’re again dealing with people so hell-bent on keeping an outdated system running but hoping – nay, demanding – others to do the actual work of maintaining it.

X served its purpose. It took way too long, but we’ve moved on. Virtually every new Linux user since roughly 12-24 months ago will most likely never use X, and never even know what it was. They’re using a more modern, more stable, more performant, more secure, and better maintained system, leading to a better user experience, and that’s something we should all agree on is a good thing.

There’s incredibly good news for people who use accessibility tools on Linux, but who were facing serious, gamebreaking problems when trying to use Wayland. Matt Campbell, of the GNOME accessibility team, has been hard at work on an entirely new accessibility architecture for modern free desktops, and he’s got some impressive results to show for it already.

I’ve now implemented enough of the new architecture that Orca is basically usable on Wayland with some real GTK 4 apps, including Nautilus, Text Editor, Podcasts, and the Fractal client for Matrix. Orca keyboard commands and keyboard learn mode work, with either Caps Lock or Insert as the Orca modifier. Mouse review also works more or less. Flat review is also working. The Orca command to left-click the current flat review item works for standard GTK 4 widgets.

↫ Matt Campbell

One of the major goals of the project was to enable such accessibility support for Flatpak applications without having to pass an exception for the AT-SPI bus. what this means is that the new accessibility architecture can run as part of a Flatpak application without having to break out of their sandbox, which is obviously a hugely important feature to implement.

There’s still a lot of work to be done, though. Something like the GNOME shell doesn’t yet support Newton, of course, so that’s still using the older, much slower AT-SPI bus. Wayland also doesn’t support mouse synthesizing yet, things like font, size, style, and colour aren’t exposed yet, and there’s a many more limitations due to this being such a new project. The project also isn’t trying to be GNOME-specific; Campbell wants to work with the other desktops to eventually end up with an accessibility architecture that is truly cross-desktop.

The blog post further goes into great detail about implementation details, current and possible future shortcomings, and a lot more.

• The inevitability of a united Ireland - "As demographics keep shifting, the direction of travel seems fixed despite ongoing conflict."
• The prospect of a united Ireland emerges as a republican leader takes office in Belfast - "Until now, Northern Ireland's first minister has always come from a British unionist party, but Sinn Fein, which advocates for Northern Ireland to rejoin the Republic, won the most seats in the assembly for the first time in 2022... The elevation of a nationalist to the top seat at Stormont has sparked the question of whether Irish unity is on the horizon." (Is a United Ireland on the Horizon?)
• Tall order for Sinn Fein to revive suddenly flagging Irish election hopes - "Failing to enter government for the first time would be a major setback to its ambition of seeking a referendum on unifying with Northern Ireland, the British region where it is already the lead party."
• A united Ireland is closer than ever. Let's make it a paradise for all of us, not just corporate tax-dodgers - "Arguing over anthems and flags is a distraction. This is our one chance to create an inclusive society across our whole island."

• Star Trek predicts United Ireland in 2024 - "This clip is taken from an episode called 'The High Ground'. The result of this short conversation, and the general theme of the program being centred around insurgency as a means to achieve freedom, led to the BBC (The British Broadcasting Corporation- Britain's national broadcaster) and Sky TV (a Satellite Broadcaster) putting a ban on showing the episode. When Sky did show the episode they cut the part about Irish reunification in 2024. In Ireland on RTE (Raidió Teilifís Éireann-Ireland's national broadcaster) the showing of the full episode came with a warning describing the content as 'Fictional and Aspirational.'"
• Did Star Trek predict an Irish reunification in 2024? - "As you can imagine, the episode was mired in controversy because of the mention of the Irish unification. As a result, the episode wasn't broadcast in the UK or Ireland unedited until 2006. In addition, the actual episode was also disliked by the series writer Ronald D Moore who said in an interview in 1995: 'We didn't have anything interesting to say about terrorism except that it's bad and Beverly gets kidnapped – ho hum. They take her down to the caves and we get to have nice, big preachy speeches about terrorism and freedom, fighting and security forces versus society. It's a very unsatisfying episode and the staff wasn't really happy with it.'"
• Could Star Trek's prediction that Ireland and Northern Ireland will reunify come true? - "The writer of that episode, Melinda Snodgrass, joins News Breakfast to discuss why she wrote that line in the 1990s."
• @MMSnodgrass: "It wasn't just filler. It was to reference the fact that Earth had united and nation states had ended in the Federation."[1]
• Star Trek's Biggest Prediction For 2024: Irish Unification Explained - "The episode aired in 1990 when the Troubles were ongoing and topical. The line implies that the Troubles/armed struggle lasted into the 2020s until the IRA got the U.K. to concede the territory to the Republic of Ireland. However, reality was not so violent. In the 1980s, the Sinn Féin party (meaning We Ourselves, then led by Irish Republican leader Gerry Adams) refocused on electoral politics. This culminated in the Good Friday Agreement between the British and Irish governments, signed in 1998. Under the agreement, Northern Ireland was still part of the U.K., but citizens could claim dual citizenship and the North would be self-governed (the new Northern Irish Assembly required power-sharing to maintain this balance). Moreover, if Northern Ireland chooses to leave the U.K. by referendum, they are allowed to do so."
• Sanctuary Districts And Irish Unification: Star Trek's Vision Of 2024 Comes Strikingly Close - "Despite living in a world of conflict, we have reason to be hopeful. We are growing as a people, but growth is painful. Star Trek gave us the confidence that war and social strife would push us to leave those injustices behind, but offscreen life offers no such reassurance. Science fiction predicted the future, but illustrated clearly that the path to get there would offer the same difficulties we'd always known. It's going to be up to us to make sure that the sacrifices we make now will be seen as worthwhile by future generations."

Less than a month after 3.5.0, IceWM is already shipping version 3.6.0. Once again not a major, earth-shattering release, it does contain at least one really cool feature that I think it pretty nifty: if you double-click on a window border, it will maximise just that side of the window. Pretty neat.

For the rest, it’s small changes and bug fixes for this venerable window manager.

In the run-up to July's general election, the Guardian video team is touring the UK looking at the issues that matter to voters. After swimmers and rowers fell sick from sewage discharges into the River Thames we went to the seat of Henley and Thame to see how environmental concerns rank for voters in a seat that has been Conservative for more than 100 years

Cleveland Essential Services Functioning

Cleveland Cyberattack Follows Wichita Ransomware; Healthcare Network Hit

Switzerland Disruption Efforts and Cybersecurity

Agenda and Key Issues

To Wrap Up

Source: www.databreachtoday.com – Author: 1 Identity & Access Management , Multi-factor & Risk-based Authentication , Security Operations Silver Lake Waterman Investment in Hypr Fuels Product Development, Market Expansion Michael Novinson (MichaelNovinson) • June 7, 2024     Bojan Simic, co-founder and CEO, Hypr (Image: Hypr) A decade-old identity assurance vendor raised $30 million from Silver […]

La entrada Hypr Secures $30M to Expand Identity Protection Platform – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Wayland 1.23.0 has been released. This new release includes the usual bugfixes and protocol clarifications, a number of new features few of us will really understand because we lack the expertise, and most importantly of all: OpenBSD support.

That’s it. That’s the news.

In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.

The post A Major Industrial Cybersecurity Threat: Living off the Land Attacks appeared first on Security Boulevard.

IceWM, the venerable window manager we’ve all used at some point in our lives, has released a new version, 3.5.0. It’s a relatively minor release, so you’ve got things like a new install option which will install an extra theme, a fix for porting to NetBSD 10, translation updates, and more such small improvements. The AddressBar, a command line in the taskbar that can be summoned with ctrl+alt+space, also got some love, with file argument completion and support for the cd and pwd commands.

You can compile IceWM yourself, of course, but it’ll most likely find its way into your distribution’s repository quickly enough.

Linux auto tiling manager with hot corner support for Openbox, Fluxbox, IceWM, Xfwm, KWin, Marco, Muffin, Mutter and other EWMH compliant window managers using the X11 window system. Therefore, this project provides dynamic tiling for XFCE, LXDE, LXQt, KDE and GNOME (Mate, Deepin, Cinnamon, Budgie) based desktop environments.

Simply keep your current window manager and install cortile on top of it. Once enabled, the tiling manager will handle resizing and positioning of existing and new windows.

↫ Cortile GitHub page

I’ve always been mildly interested in trying out a proper tiling window manager – of which are millions – but installing and setting up an entirely new environment always felt a bit like overkill for something I’m just curious about instead of actually intending to use it permanently. This seems like a great solution to this issue.

Image: Shutterstock.

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.

At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.

Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.

Periodically, Apple and Google mobile devices will forward their locations — by querying GPS and/or by using cellular towers as landmarks — along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it’s what allows your mobile phone to continue displaying your planned route even when the device can’t get a fix on GPS.

With Google’s WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths — via an application programming interface (API) request to Google — whose WPS responds with the device’s computed position. Google’s WPS requires at least two BSSIDs to calculate a device’s approximate position.

Apple’s WPS also accepts a list of nearby BSSIDs, but instead of computing the device’s location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple’s API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user’s location based on known landmarks.

In essence, Google’s WPS computes the user’s location and shares it with the device. Apple’s WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own.

That’s according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple’s API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random.

They learned that while only about three million of those randomly generated BSSIDs were known to Apple’s Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups.

UMD Associate Professor David Levin and Ph.D student Erik Rye found they could mostly avoid requesting unallocated BSSIDs by consulting the list of BSSID ranges assigned to specific device manufacturers. That list is maintained by the Institute of Electrical and Electronics Engineers (IEEE), which is also sponsoring the privacy and security conference where Rye is slated to present the UMD research later today.

Plotting the locations returned by Apple’s WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points. The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America.

A “heatmap” of BSSIDs the UMD team said they discovered by guessing randomly at BSSIDs.

The researchers said that by zeroing in on or “geofencing” other smaller regions indexed by Apple’s location API, they could monitor how Wi-Fi access points moved over time. Why might that be a big deal? They found that by geofencing active conflict zones in Ukraine, they were able to determine the location and movement of Starlink devices used by both Ukrainian and Russian forces.

The reason they were able to do that is that each Starlink terminal — the dish and associated hardware that allows a Starlink customer to receive Internet service from a constellation of orbiting Starlink satellites — includes its own Wi-Fi access point, whose location is going to be automatically indexed by any nearby Apple devices that have location services enabled.

A heatmap of Starlink routers in Ukraine. Image: UMD.

The University of Maryland team geo-fenced various conflict zones in Ukraine, and identified at least 3,722 Starlink terminals geolocated in Ukraine.

“We find what appear to be personal devices being brought by military personnel into war zones, exposing pre-deployment sites and military positions,” the researchers wrote. “Our results also show individuals who have left Ukraine to a wide range of countries, validating public reports of where Ukrainian refugees have resettled.”

In an interview with KrebsOnSecurity, the UMD team said they found that in addition to exposing Russian troop pre-deployment sites, the location data made it easy to see where devices in contested regions originated from.

“This includes residential addresses throughout the world,” Levin said. “We even believe we can identify people who have joined the Ukraine Foreign Legion.”

A simplified map of where BSSIDs that enter the Donbas and Crimea regions of Ukraine originate. Image: UMD.

Levin and Rye said they shared their findings with Starlink in March 2024, and that Starlink told them the company began shipping software updates in 2023 that force Starlink access points to randomize their BSSIDs.

Starlink’s parent SpaceX did not respond to requests for comment. But the researchers shared a graphic they said was created from their Starlink BSSID monitoring data, which shows that just in the past month there was a substantial drop in the number of Starlink devices that were geo-locatable using Apple’s API.

UMD researchers shared this graphic, which shows their ability to monitor the location and movement of Starlink devices by BSSID dropped precipitously in the past month.

They also shared a written statement they received from Starlink, which acknowledged that Starlink User Terminal routers originally used a static BSSID/MAC:

“In early 2023 a software update was released that randomized the main router BSSID. Subsequent software releases have included randomization of the BSSID of WiFi repeaters associated with the main router. Software updates that include the repeater randomization functionality are currently being deployed fleet-wide on a region-by-region basis. We believe the data outlined in your paper is based on Starlink main routers and or repeaters that were queried prior to receiving these randomization updates.”

The researchers also focused their geofencing on the Israel-Hamas war in Gaza, and were able to track the migration and disappearance of devices throughout the Gaza Strip as Israeli forces cut power to the country and bombing campaigns knocked out key infrastructure.

“As time progressed, the number of Gazan BSSIDs that are geolocatable continued to decline,” they wrote. “By the end of the month, only 28% of the original BSSIDs were still found in the Apple WPS.”

In late March 2024, Apple quietly updated its website to note that anyone can opt out of having the location of their wireless access points collected and shared by Apple — by appending “_nomap” to the end of the Wi-Fi access point’s name (SSID). Adding “_nomap” to your Wi-Fi network name also blocks Google from indexing its location.

Apple updated its privacy and location services policy in March 2024 to allow people to opt out of having their Wi-Fi access point indexed by its service, by appending “_nomap” to the network’s name.

Asked about the changes, Apple said they have respected the “_nomap” flag on SSIDs for some time, but that this was only called out in a support article earlier this year.

Rye said Apple’s response addressed the most depressing aspect of their research: That there was previously no way for anyone to opt out of this data collection.

“You may not have Apple products, but if you have an access point and someone near you owns an Apple device, your BSSID will be in [Apple’s] database,” he said. “What’s important to note here is that every access point is being tracked, without opting in, whether they run an Apple device or not. Only after we disclosed this to Apple have they added the ability for people to opt out.”

The researchers said they hope Apple will consider additional safeguards, such as proactive ways to limit abuses of its location API.

“It’s a good first step,” Levin said of Apple’s privacy update in March. “But this data represents a really serious privacy vulnerability. I would hope Apple would put further restrictions on the use of its API, like rate-limiting these queries to keep people from accumulating massive amounts of data like we did.”

The UMD researchers said they omitted certain details from their study to protect the users they were able to track, noting that the methods they used could present risks for those fleeing abusive relationships or stalkers.

“We observe routers move between cities and countries, potentially representing their owner’s relocation or a business transaction between an old and new owner,” they wrote. “While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location.”

The researchers said Wi-Fi access points that can be created using a mobile device’s built-in cellular modem do not create a location privacy risk for their users because mobile phone hotspots will choose a random BSSID when activated.

“Modern Android and iOS devices will choose a random BSSID when you go into hotspot mode,” he said. “Hotspots are already implementing the strongest recommendations for privacy protections. It’s other types of devices that don’t do that.”

For example, they discovered that certain commonly used travel routers compound the potential privacy risks.

“Because travel routers are frequently used on campers or boats, we see a significant number of them move between campgrounds, RV parks, and marinas,” the UMD duo wrote. “They are used by vacationers who move between residential dwellings and hotels. We have evidence of their use by military members as they deploy from their homes and bases to war zones.”

A copy of the UMD research is available here (PDF).

Update, May 22, 4:54 p.m. ET: Added response from Apple.

Ordinary modifiers are normally straightforward, in that they are additional keys that are held down as you type the main key. Control, Shift, and Alt all work this way (by default). However, some modifiers are ‘sticky’, where you tap their key once to turn them on and then tap their key again to turn them off. The obvious example of this is Caps Lock (unless you turn its effects off, remapping its physical key to be, say, another Ctrl key). Another example, one that many X users have historically wound up quietly cursing, is NumLock. Why people wind up cursing NumLock, and why I have a program to control its state, is because of how X programs (such as window managers) often do their key and mouse button bindings.

↫ Chris Siebenmann

I always have an applet in my KDE panel that shows me if I have any sticky modifiers enabled without realising it. On some of my keyboards, this isn’t always easily noticable, especially when you’re focused on what’s happening on your display. A little icon that only shows up when a sticky modifier is engaged solves this problem, as it immediately stands out in your peripheral vision.

Ban Khun Samut Chin, a coastal village in Samut Prakan province, Thailand, has been slowly swallowed by the sea over the past few decades. This has led to the relocation of the school and many homes, resulting in a dwindling population. Currently, there are only four students attending the school, often leaving just one in each classroom. The village has experienced severe coastal erosion, causing 1.1-2km (0.5-1.2 miles) of shoreline to disappear since the mid-1950s