Ex-director accuses iRobot of firing him for pointing out the home-cleaner droids broke safety, govt regulations

We expect a certain amount of cookie-based tracking on retail websites and social networks, but in some countries up to 90 percent of government sites have implemented trackers – and serve them seemingly without user consent. 

A study by IMDEA, a research facility in Madrid, Spain, evaluated more than 118,000 URLs of 5,500 government websites – think .gov, .gov.uk. .gov.au, .gc.ca, etc. – hosted in the twenty largest global economies (the G20) and discovered a surprising tracking cookie problem, even among countries party to Europe's GDPR and those with their own data privacy regulations.

On average, the study found, more than half of cookies created on G20 government websites were third-party cookies, meaning they were created by outside entities typically to collect information on the user. While the proportion of cookies issued by third-party trackers ought to be zero on a government web site, some (in Russia for example) had as many as 90 percent of the cookies come from known third-party cookies or trackers.

Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.

Plexada is seeking almost $56 million in denied revenue, damages, and legal costs for work that occurred from 2015 through 2020.

A partner at Plexada, filed a statement with the Lagos State High Court describing the dispute. The document, provided to The Register, accuses Oracle of retaliating against Plexada and trying to ruin the firm's business for seeking to be paid.

Updated After nearly two years of legal wrangling, the European Parliament on Tuesday passed the Digital Markets Act and the Digital Services Act, teeing up a showdown between the continent and US tech giants.

With the two sets of laws approved, the measures move to the European Council for passage. If green-lit, as is expected over the next few months, the DMA and DSA will go to EU nations to implement and put into action. We note that neither act will be enforceable until January 1, 2024 at the earliest. 

Both acts place restrictions on the behavior of large tech companies. The DMA aims to rein in the power of "gatekeepers" that are too large to be avoided, while the DSA operates under the assumption that "what is illegal offline, should be illegal online," as the EU Parliament describes it.

Comment For all their differences, the biggest tech companies share one thing in common: They don't like to stay in their lane. 

In the more than 20 years we've evolved alongside Apple, Google and Amazon, and the slightly less than 20 we've lived with Facebook, each has branched into areas different from their founding purpose.

Cloud services, ecommerce, hardware and advertising have variously cropped up to displace original businesses, and in recent years, the news has shifted to will-they-won't-they discussions of whether big tech is looking to enter the financial services space. 

TikTok, owned by Chinese outfit ByteDance, last month said it was making an effort to minimize the amount of data from US users that gets transferred outside of America, following reports that company engineers in the Middle Kingdom had access to US customer data.

"100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," TikTok said in a June 17, 2022 post, while acknowledging that customer information still got backed up to its data center in Singapore. The biz promised to delete US users' private data from its own servers and to "fully pivot to Oracle cloud servers located in the US."

That pivot has not yet been completed. According to a June 30, 2022 letter [PDF] from TikTok CEO Shou Zi Chew, obtained by the New York Times on Friday, some China-based employees with sufficient security clearance can still access data from US TikTok users, including public videos and comments.

A Moscow court has fined Airbnb, Twitch, UPS, and Pinterest for not storing Russian user data locally, according to Russian regulator Roskomnadzor.

The decision was handed down by the Tagansky District Court of Moscow after the four foreign companies allegedly did not provide documents confirming that the storage and processing of Russian personal data was conducted entirely in the country.

Twitch, Pinterest and Airbnb were fined approximately $38,500 while UPS received a fine of roughly $19,200.

A US congressional hearing on "combating tech bro culture" in the venture capital world is will take place this week, with some of the biggest names in startup funding under the spotlight.

The House Financial Services Committee's Task Force on Financial Technology is scheduled to meet on Thursday. FSC majority staff said in a memo [PDF] the hearing will focus on how VCs have failed to invest in, say, fintech companies founded by women and people of color. 

We're told Sallie Krawcheck, CEO and cofounder of Ellevest; Marceau Michel, founder of Black Founders Matter; Abbey Wemimo, cofounder and co-CEO of Esusu; and Maryam Haque, executive director of Venture Forward have at least been invited to speak at the meeting.

Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.

The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.

Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.

Updated The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).

OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).

But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.

The world's governments are eager to let someone else handle their IT headaches, according to a recent Gartner report, which found a healthy appetite for "anything-as-a-service" (XaaS) platforms to cut the costs of bureaucracy.

These trends will push government IT spending to $565 billion in 2022, up 5 percent from last year, the analyst house claims. Gartner believes the majority of new government IT investments will be on service platforms by 2026.

"The pandemic sped up public-sector adoption of cloud solutions and the XaaS model for accelerated legacy modernization and new service implementations," Gartner analyst Daniel Snyder said in a release. "Fifty-four percent of government CIOs responding to the 2022 Gartner CIO survey indicated that they expect to allocate additional funding to cloud platforms in 2022, while 35 percent will decrease investments in legacy infrastructure and datacenter technologies."