vendredi 28 avril 2017

Amazon’s Alexa Inches Closer To Human With Ability To Whisper, Raise Voice

Sure, talking to a speaker definitely isn’t the same as talking to your friend, but if you have an Echo — or other device with Alexa integration — it may soon seem more like a human-to-human convo. 

That’s because Amazon is providing the virtual assistant with a new set of speaking skills that allow her to have a more “natural” expression.

According to Amazon, this means giving Alexa the ability to pause for emphasis, whisper, change pitch and volume, and bleep out expletives (which humans don’t do when they speak, but it is kind of funny).

The new abilities were created through Speech Synthesis Markup Language (SSML) that allows app developers to code Alexa reactions into applications. By adding the codes, Amazon says developers will be able to control how Alexa generates speech.

For example, including the Amazon effect “whispered” will result in Alexa using a softer voice, while “expletive” will make the assistant bleep out a word that may cause offense.

TechCrunch notes that while developers can now make Alexa sound more humanlike, Amazon has also put some controls in place. For example, you won’t be able to make Alexa project high-pitched screams or squeaks — yet.

So, no annoying your friends when they walk in the door.



Apple, Uber, Tesla Ask California To Revise Rules For Self-Driving Cars

Now that California has proposed rules intended to make it easier for tech companies to test self-driving vehicles on public streets, those companies are calling on the state to make additional changes that would further favor the industry.

Tesla, Apple, Uber, and other companies delving into the self-driving vehicle market asked the California DMV to revise its proposals related to the type of vehicles allowed under the self-driving programs and reporting systems.

The proposed rules require that autonomous vehicle testers include data on the times a car’s self-driving mechanisms are turned off, or disengaged, and put under the control of a human driver. The idea is that this will provide some transparency about the amount of time these cars spend actually driving themselves.

However, in its letter [PDF] to the DMV, Apple argues that this requirement is too strict and that it doesn’t provide the public an accurate metric to consider.

Apple, which is reportedly prepping to begin testing self-driving tech, lists a number of situations where autonomous systems might be turned off that shouldn’t be factored into these reports.

For example, if a system is turned off so that the driver can navigate a construction zone; or when a driver uses their discretion to manually disengage the system because of a possible threat from an approaching vehicle.

The letter even suggests that system errors or failures should not be included in these disengagement reports, unless they affect the safety of the vehicle.

In fact, Apple only wants to limit these reports to incidents where a driver has to assume control “to prevent a crash or traffic violation.”

Seeking to possibly test larger self-driving vehicles, Tesla asked [PDF] the DMV to revise a provision that would bar autonomous testing in vehicles that weigh more than 10,000 pounds. Tesla contends this does not promote safety and stifles innovation.

The company also disagreed with a DMV proposal that prevents companies from selling test vehicles to anyone other than another company that is testing self-driving cars.

While this rule is intended to prevent prototype vehicles from making their way to the market, Tesla says that many of the cars it currently manufactures have the sensing and computational hardware necessary for full self-driving — they just haven’t had the features activated. As opposed to some cars with obvious mounted sensor rigs, the only difference between a self-driving Tesla and a Tesla you’d see at the mall parking lot is software.

Tesla says it should be able to sell test cars because it can “return the vehicles to production condition by re-loading production software… However, if such a vehicle has participated in any testing on public roads in California, the rule-making would prevent Tesla from ever being able to re-sell the vehicle.”

Uber, which has had a back-and-forth relationship with California when it comes to self-driving tests, is obviously hoping to have a fleet of self-driving cars to pick up paying customers, but the proposed rule would not allow Uber or anyone to charge for rides in test vehicles.

“Paying members of the public should have the opportunity to ride in autonomous test vehicles with drivers,” the company says [PDF]. “Having paying riders is an important part of testing… and the safety represents in the Department’s testing regulations are sufficient to keep passengers safe.”

Uber also takes issue with a provision that asks companies to coordinate tests with local law enforcement.

While it might be nice to give a heads up that driverless cars are going to be testing in the area, Uber believes it would not provide an accurate testing environment.

“The coordination requirement risks created a fractured and inefficient testing regime because local authorities have neither the guidance nor expertise to evaluate the technology.”

As for Alphabet Inc’s Waymo, the company asks [PDF] the DMV to provide clarity on what type of permit is required depending on whether or not a driver is present.

The company also suggests that the DMV revise its definition of “remote operator,” as the current provision does not recognize that functions of a remote operator can be preformed by multiple people.



4 Misleading Things ISPs And The FCC Need To Stop Claiming About Net Neutrality

Flower Shop Owner Accused Of Stealing Plants From Cemetery

You might walk past a grave and see a beautiful bouquet of flowers and think “Those would look good in my living room,” but (we’re hoping) you don’t follow through on the impulse for free flora. However, one florist has been accused of repeatedly stealing plants and flowers from local grave sites.

Police in Pequannock Township, NJ, say they received multiple reports of items being filched from graves at a church cemetery.

Detectives went to work, replacing two of the missing plants in front of an ash columbarium and installing surveillance cameras in the area last week.

Two days later, property managers reported that the plants were missing again. Surveillance footage showed a woman driving up in a minivan, getting out of the car, and taking the plants.

Officers working with another local police department were able to identify the suspect from the video footage, as she’s a former police dispatcher and current flower shop owner in the neighboring town.

The woman was arrested and charged with the theft of moveable property and released. It’s unclear whether or not she actually sold any of the pilfered plants. Because nothing says “I love you” like a bouquet of freshly gathered grave flowers.

[h/t ABC-7]



AT&T Users Have No Way To Know How Much Data They’re Tethering, Despite 10GB Cap

When AT&T resurrected unlimited data plans, it also introduced a feature it had shunned the first time around: letting subscribers use their phone as a mobile hotspot (AKA “tethering”), but only up to 10 GB per month. But there’s a flaw in AT&T’s execution that prevents users from knowing how much tethering data they’ve actually used.

AT&T’s new “unlimited” plans have a total monthly threshold of 22 GB, but only 10 GB of that can be used for tethering. Problem is, the wireless giant doesn’t separate hotspot data from the rest, meaning there’s no way to tell when you’ll hit that 10 GB limit, after which AT&T can slow tethering data down to a crawl.

Reader Michael uses one of these plans, and was annoyed to discover that he can’t keep track of how much of that data cap he’s used. He says he contacted various AT&T support departments, all of which confirmed his suspicion that while the carrier keeps track of his data use through his phone and when using the phone as a hotspot, customers have no way to access this information.

“I was told that their system keeps track and will throttle customers but that neither I, nor any AT&T rep has the ability to check on the amount of data used over tethering,” he wrote to Consumerist.

Michael is an iPhone user, and iOS does keep track of this information, but it tracks data use over the lifetime of the phone or between manual resets. He would have to remember to reset the meter exactly when the billing cycle rolls over. That might not be all that useful, anyway.

“I suspect [the iPhone’s] number will be different from the AT&T internal system,” he speculates.

Consumerist contacted AT&T and found that what the support employees told Michael is true. No one can tell him how much data he’s used through tethering.

“AT&T wireless customers can check their overall data usage per line through the MyAT&T portal either online or through the app on their device,” a spokesperson for the carrier told us. “We do not currently break out the tethering usage as a line item but plan to do so later this year.”

There you have it, AT&T unlimited customers. The feature isn’t available in time for the actual debut of tethering on unlimited accounts, but it will be at some point in 2017.



Mallgoers Would Rather Deal With Pigeon Poop Than Noisy Bird Call Recordings

Although music to shop by isn’t going to please everyone, shoppers at one New York mall would rather risk getting hit by bird droppings than listen to the sounds coming out of the complex’s speakers.

Officials at the Rego Center mall in the NYC borough of Queens have installed a system that blasts noisy bird calls every 30 seconds or so, in an effort to deal with a recent infestation of pigeons that have been nesting and pooping in an atrium near one of the mall’s entrances, reports The New York Post.

“That place had a serious bird problem,” one employee told dnainfo, with droppings crusting thickly on planters and benches in the area.

It seems to be working so far, notes ABC-7, noting that only a handful of pigeons landed in the area in a two-hour period.

But the amplified recorded screeching of aggressive birds — macaws, reports CBS New York — is getting on some shoppers’ nerves.

“Many people have been scratching their heads and other are feeling annoyed by the ‘influx of automated birds,’” a local resident and activist told danainfo. “There are better methods of reducing the assembly of pigeons and birds.”

Even one shopper who has been pooped on previously at the mall says he prefers the risk of falling feces to the noise coming out of the mall speakers.

“If you stay here for an hour, it starts to bother you. Of course, it’s going to make you crazy,” he told the Post.

Some say the noise is worth putting up with, however.

“I’d rather hear the bird calls, lesser of two evils,” a Queens resident told ABC-7, though he admitted that he personally didn’t find the noise to be “obtrusive or annoying.”



Why Aren’t More Cord-Cutters Flocking To Live-TV Streaming Services?

Millions of Americans have canceled their cable TV subscriptions in the last decade, choosing instead to get their video entertainment over the internet. A growing number of services have popped up in recent years that offer cable-like live-TV streaming for this audience: Sling TV, DirecTV Now, PlayStation Vue, YouTube TV, with Hulu planning to launch a competitor soon, and Comcast reportedly looking to get into the fray. Yet, despite the multiple options and the large potential market of cord-cutters and cord-nevers, these platforms have yet to win over the masses.

While most companies have been cagey about their subscriber numbers to these relatively new streaming platforms, analyst Dan Rayburn estimated this week that Sling TV — the oldest of the existing live-TV services — has around 1.3 million subscribers after more than two years of availability.

In all, predicts Rayburn, this entire market will have a total of fewer than 3 million subscribers by year’s end. While that’s not horrible, it’s only a fraction of the potential audience for these services. Even the estimate of 1.3 million Sling subscribers is about one-tenth the size of parent company’s Dish’s subscriber base.

AT&T’s DirecTV Now reportedly got off to a decent start, adding 200,000 subscribers in its first month, but it’s unclear how many of those people have stuck around or how many subscribers have been added in the months since.

So why haven’t the many millions of people who have cut the cord, never had a cable connection, or really hate their cable company rushed to give their money to these services that are generally less-expensive than pay-TV, and don’t require contracts or leased hardware?

We have some thoughts.

1. They’re Too Much Like Cable

The dream of many cord-cutters is the ability to cherry-pick the channels they pay for, but — in spite of Sling’s potentiall misleading “A La Carte TV” slogan — none of these live-TV services come even close to fulfilling that goal.

At best, they provide somewhat affordable alternatives to basic cable, but what are the odds that Sling TV subscribers are regularly watching more than 4-5 of the 20+ channels they have to pay for?

Additionally, DirecTV Now and PS Vue have largely copied the cable TV model of charging different rates for tiers of channels. For example, if you want NFL Network on PS Vue, you’ve got to pay for the mid-level “Core” tier that is $5/month more expensive. Yes, it also includes a bunch of other channels, but you may not want any of them.

2. Some People Still Like Pay-TV

While traditional cable companies have indeed lost a lot of subscribers as video streaming has become more popular, it’s still the overwhelmingly most popular way to get TV.

Since 2007, Comcast has lost around 3 million video subscribers, but it still has more than 21 million households paying for TV service. And its video subscriber losses appear to have flattened in recent quarters. That doesn’t mean the cord-cutting is done; it’s just an indicator that — as we get to in a second — many people aren’t ready to replace their current setup with live-TV streaming.

3. Playing Wait-And-See

Even though video technology seems to change on a moment-by-moment basis, consumers aren’t always eager to be the first to test the latest thing, especially if it means having to ditch the system you’re familiar with.

There continue to be hiccups and issues with the current streaming platforms — connection errors; lagging, stuttering video; hardware requirements; geographic and content limitations — that most people don’t feel they need to worry about with cable.

The lack of DVR service in Sling, DirecTV Now, and Vue have also not helped. Vue offers an ability to tag shows that will be remotely stored, but watching “recorded” content on the Sony platform can be so much of a chore that you don’t want to use it. Likewise, many networks and shows on these platforms don’t allow DVR functionality like pausing or rewinding.

Despite these streaming platforms being marketed as cable replacements, their user interfaces often appear to have been designed by people who have never seen a basic TV listing grid, and often present the platform’s

So there are certainly some potential cord-cutters — how many, we can’t even begin to estimate — just waiting to be convinced that these platforms will work and offer them something worth going through the hassle of canceling their cable subscription.

After all…

4. Breaking Up With Cable Companies Is A Pain

Aside from multi-year contracts that can result in hundreds — sometimes thousands — of dollars in penalties for early cancellation, cable providers do not make it easy to sever your ties with the company.

Unlike purchasing service, which can usually be done online without ever having to speak to anyone, cancelling can involve lengthy chats with desperate customer-retention employees. If you make it through that gauntlet, you’ll then have to return your TV equipment, which often means putting it in the mail or going to the local cable company office and waiting in line while holding several DVRs (that you’ve probably paid hundreds of dollars in leasing fees for but must return ASAP or face having to pay for in full).

Even when customers return their cable boxes, there’s always the chance that a mistake will be made and you’ll continue to charged for equipment you no longer possess, or charged the full price for equipment they claim you never returned. We’ve heard countless stories of this sort of buffoonery from customers of seemingly every cable and satellite provider, so there’s no reason to assume that once you hand over your cable box, that’s the last you’ll have to deal with your pay-TV carrier.

In fact, many cord-cutters aren’t fully cutting their connection to their cable company, as it’s often their internet service provider. Depending on their package and the discounts offered to customers who purchase bundles of services, there may be little to no savings in replacing their pay-TV subscription with a TV-streaming service if the cost of their internet service goes up.

5. Some People Just Don’t Want Live TV

The real danger for cable providers isn’t cord-cutting, but the coming generations of consumers that prefer to watch whatever they want wherever they want on whatever device they want. Yes, many pay-TV companies offer the ability to watch live-TV anywhere, but what about viewers who don’t really care about watching something live?

These are people who may be perfectly content watching shows on Netflix, Hulu, HBO Now, Amazon Prime, or any of the other growing array of subscription streaming libraries. They may not miss being able to watch the local evening news because they don’t understand why you would wait until 10 or 11 p.m. to watch a short, ad-interrupted recap of news that you already saw elsewhere because you were online most of the day.

It may be difficult for both cable companies and live-TV streaming services to convince these consumers to pay $20-$100/month for a bunch of channels they will probably never watch and limited on-demand content.

There’s no doubt that streaming is the future of video entertainment. Even the cable companies plan to (eventually, maybe) replace most cable boxes with apps that work on your TV and connected devices. The question that still needs to be answered is whether live TV is the future, or if coming generations will snicker at us for trying to shoehorn this decades-old “you’ll watch when we tell you to watch” format into technology that is intended to give the user the ultimate control over when and what they view.



Appeals Court Upholds Decision To Block $54B Anthem, Cigna Merger

The $54 billion marriage between health insurance behemoths Anthem and Cigna is still off after a federal appeals court denied Anthem’s efforts to overturn a previous court order blocking the mega-merger.

In a 2-1 ruling [PDF] the U.S. Court of Appeals for the District of Columbia Circuit upheld a federal judge’s ruling from February that blocked the merger on grounds that the deal would not benefit consumers.

Anthem and Cigna, who are now suing each other over the merger, appealed the February decision [PDF] claiming that the court improperly declined to consider the claimed billions of dollars in medical savings.

According to Anthem, the merger’s efficiencies would benefit customers directly by reducing the costs of customer medical claims through lower provider rates, without harm to the providers.

However, the court — along with the Department of Justice and several states that sued to prevent the merger — point out that medical cost savings claims were “not verified, not specific to the merger, and not even real efficiencies.”

“The evidence has also shown that the merger is likely to result in higher prices, and that it will have other anticompetitive effects,” D.C. District Court Judge Amy Berman Jackson said in the initial order blocking the merger. “It will eliminate the two firms’ vigorous competition against each other for national accounts, reduce the number of national carriers available to respond to solicitations in the future, and diminish the prospects for innovation in the market.”

As such, the appeals court found that the district court did not abuse its discretion in blocking the merger based on Anthem’s failure to show that savings from the deal was enough to offset anticompetitive effect of removing Cigna from the marketplace.

New York Attorney General Eric Schneiderman, who was part of the group that filed a lawsuit against the merger, applauded the appeals court decision.

“Today’s decision is a win for consumers in New York and across the country,” he said in a statement. “We are very pleased that the Court of Appeals agreed with the District Court’s finding that this merger would violate antitrust laws by substantially lessening competition in commercial health insurance markets, likely leading to increased health insurance premiums and reduced quality and innovation.“

How We Got Here

Anthem and Cigna announced their intention to live in corporate merged bliss back in 2015.

A year later, however, the Department of Justice and 14 several states filed suit to block the deal, arguing that the merger would “fundamentally reshape the health insurance industry,” reduce health care access, competition, and options for tens of millions of Americans.

The DOJ argued that the mergers would reduce competition in three key places: for individuals buying health insurance on the exchange marketplace, for employers buying group plans for employees, and for Medicare recipients seeking supplemental care.

Since the February decision, Cigna has given up its dreams of a merger with Anthem, suing the company not only for its $1.85 billion “break-up fee” but for other damages totaling $13 billion. Cigna claims that Anthem violated the terms of their agreement, and that its strategy was the deal’s downfall.

Anthem wasn’t ready to let go, however, and quickly shot back with a lawsuit of its own, seeking a temporary restraining order to block Cigna from ending their agreement.

Anthem said the lawsuit is a reaction to “Cigna’s campaign to sabotage the merger and to try to deflect attention from its repeated willful breaches of the merger agreement.”

While these legal matters are in realm of their own, the two companies likely won’t have much to argue about soon, as the appeal’s court ruling Friday effectively kills the merger bid.



It’s Disturbingly Easy To Reroute Someone Else’s Mail

The U.S. Postal Service has made the process of changing your address when you move super easy and convenient, by just filling out a form online and paying $1. Maybe that’s not so good, though: The process is so easy that an identity thief can redirect your mall to their address by just filling out a form online and paying $1.

A couple who were victims of this scheme contacted Kurtis Ming of CBS Sacramento to share their story. Yes, they received a letter at their home address that told them their mail was being redirected, but by the time that showed up, important mail like a Medicare card and a package containing prescription medication was redirected to the identity thief. The identity thief also opened a credit card in the husband’s name.

As an experiment, reporter Ming tried the USPS change of address form and tried to have a co-worker’s mail re-directed to him. She didn’t have to give permission, and her mail began to appear in his mailbox just over a week later.

The chief postal inspector issued only a statement about how important security is, while still making no changes to the process of changing one’s address.

“The U.S. Postal Service considers the security and sanctity of mail as one of its highest priorities. We continue to assess enhanced security options, as we determine the best alternatives to protect the needs of consumers.”

A local congressman is now pushing for hearings, and the Chief Postal Inspector would be compelled to testify.

The system that we have now was designed to make changing one’s address when moving more convenient.



People Who Paid Thousands For “Luxury” Music Festival Stuck In The Bahamas After Event Falls Apart

For some, an outdoor music festival means portable toilets, camping, and braving the elements in the name of a good time with good tunes. But for music lovers who shelled out anywhere from $1,500 to $200,000 for a ticket to a “luxury” festival experience in the Bahamas that promised famous faces and fancy food, they were expecting a much more lavish experience than what reality provided.

The Fyre Festival — organized by ‘90s rapper Ja Rule — was billed as “an immersive music festival” held over “two transformative weekends” on a “remote and private island” (that was once owned by Pablo Escobar, a fact no doubt relished by the hipster) in the Exumas district featuring “the best in food, art, music, and adventure.”

On social media as well as in its own promotional video, the event — nay! Experience — appears to take place in a land where everyone looks good in a bikini and they can spend all day jumping off yachts and all night partying with their fellow beautiful people before sleeping it off in an “eco-friendly, geodesic dome.”

For the chance to attend this luxury event, hundreds of festivalgoers reportedly paid anywhere from $1,500 to $12,000 per ticket, depending on the package. The Washington Post notes that there was even a $250,000 pass for a full VIP experience.

But when ticketholders showed up, they say they found themselves not in paradise, but in some kind of island hell from which they could not escape: One festival attendee says things started going wrong as soon as people started to arrive Thursday morning: Villas were just tents, no famous musical acts were on the bill, and top chefs were nowhere to be found.

“The food they served was like a soup kitchen, and there wasn’t enough of it,” she told CBS Dallas-Fort Worth.

Others Tweeted photos of the promised event versus the real one:

Even Blink 1-82 dropped out, points out Buzzfeed, and Ja Rule was nowhere to be found, despite promoting the event just days before:

Those geodesic domes? Not as promised, either, and more like tents:

A writer who was on the island told Buzzfeed that although people had suspicions the event would disappoint in the weeks leading up to it, they gave Fyre the benefit of the doubt. That was a mistake.

“It was complete chaos,” he told Buzzfeed, saying that lodging hadn’t been set up when they arrived, and that the food court “was reminiscent of a state fair and not the ‘world class international culinary experience’ that they advertised.”

Many people had had enough, by this point, including the festivalgoer who spoke with CBS DFW. She was in a group of more than 100 people who grabbed a bus to Nassau Airport. They say they were promised a plane out on Friday morning.

“Everyone was ready to go, but they checked our passports a million times, said things weren’t matching up,” she says. “They asked us to step out of the plane.”

Others noted that airport officials had chained the doors to keep people from going anywhere:

As of this morning, people were still waiting in the Bahamas:

Some people couldn’t get to Exumas in the first place, despite Fyre’s promise of a roundtrip flight from Miami to the district, as the festival announced it had to cancel all inbound charter flights.

This morning, Fyre issued a statement on Twitter and its website saying that the festival had been “fully postponed,” and asked for customers’ patience.

“Due to circumstances out of our control, the physical infrastructure was not in place on time and we are unable to fulfill on that vision safely and enjoyably for our guests,” Fyre said.

Festival officials say they are “working tirelessly to get flights scheduled and get everyone off of Great Exuma and home safely as quickly as we can.”

“We are working to place everyone on complimentary charters back to Miami today; this process has commenced and the safety and comfort of our guests is our top priority.”

Soon after, the Bahamas Ministry of Tourism apologized to travelers, and said it was “extremely disappointed in the way events unfolded” with the festival.



82,000 Osprey Baby Carriers Recalled After Reports Of Children Falling Through Leg Holes

Strapping on a baby carrier and toting around your child can make things a lot easier for a busy parent or caregiver. But before you hit the hiking trail, you might want to make sure your carrier isn’t one of the Osprey backpacks being recalled following reports of children falling out.

Osprey Child Safety Products announced Thursday the recall of 82,000 Poco child carriers after receiving reports that children have fallen from the seats.

According to a notice posted with the Consumer Product Safety Commission, a child in the carrier can slip though the leg openings.

So far, Osprey says it is aware of four reports of children falling through the leg openings, including one that resulted in a skull fracture and one involving scratches to the head.

Osprey advises consumers to immediately stop using the carriers and contact Osprey by calling 866- 951-5197 or emailing pocoseatpad@ospreypacks.com for a free seat pad insert.

The carrier, which was sold in “Romper Red,” “Koala Grey,” and “Bouncing Blue,” have a metal frame and a great padded child’s seat inside.

Affected carriers can be identified by the production date stamped on the black label sewn into the interior of the large lower zippered compartment on the back.

Recalled carriers have the following production codes: S12SBPR1, S12SBPR1B, S12SBPR2, S12SBPR3, S12SBPR4, F12SBPR1, F12SBPR2, S13SB IPO, S13SBPR1, S13SBPR2, S13SBPR3, S13SBPR4, F13SBPR1, F13SBPR2, F13SBPR3, S14SBPR1, S14SBPR2, S14SBPR3, S14SBPR4, S14SBPR5.

The carriers were sold for $200 to $300 at REI and other specialty stores and online from Jan. 2012 to Dec. 2015.



Uber Makes It Easier To Delete Accounts, Control Use Of Location Data

Until now, deleting the Uber app from your phone did nothing to cancel your account with the ride-hailing platform. To do that, you had to contact customer service. It’s still not that easy to end your relationship with Uber, but at least now you can do it without assistance from the company.

A new update to Uber allows users to initiate an account deletion from within the app itself, purging their information, including any stored payment card data.

It might be satisfying to delete the app from your device, but that doesn’t do away with your account on the service, including your ride history and stored payment card information. Before the change, users who wanted to quit the service as well as delete the app had to contact customer service. Now they can initiate an account deletion request from within the app, and their information will be purged.

New settings also let users control the app’s access to their location at any given time. You can even set the app to not draw location data from your phone at all, instead having you type in addresses. On the other end, you can share your current location with your friends, which is handy if you’ve hailed a ride to meet up with them somewhere.

The company says that it’s a coincidence that Uber is changing the account deletion process so its own employees don’t need to intervene after the #DeleteUber campaign caught on on social media. Turning account deletion into a self-service function has been in the works for a year or so, a spokesman for the company told The Verge.

Uber claims the update to the cancellation process is not a reaction to the #DeleteUber campaign that flared up on social media in recent months. Instead, the company tells The Verge that it has been working on this tweak for about a year.

This change comes after a series of revelations about the company’s use of customer data, including tracking which phones had the app after it was deleted and buying data about customers’ use of rival Lyft and aggressively pushing drivers who also worked for Lyft to drive for Uber more by using sham Lyft accounts.



Purdue University Buys For-Profit Kaplan University, But Is It A Good Idea?

On the surface, Purdue University and Kaplan University don’t have a lot in common: One is a public university from Indiana and the other is a for-profit chain mostly offering online courses. But now they have one rather large thing in common: ownership. Purdue has purchased Kaplan — for a dollar.

Purdue University announced Thursday that it would purchase Kaplan University — a for-profit chain currently owned by Graham Holdings — and take it nonprofit.

The new school — referred to as New University in a Graham Holdings’ Securities and Exchange Commission filing — will consist of Kaplan’s current campuses and learning centers, institutional operations and assets, 32,000 student, and 3,000 employees.

The Deal

Purdue isn’t actually purchasing Kaplan outright, instead it is entering into an agreement with Graham

Instead of paying millions of dollars for the for-profit chain, Purdue will initially only pay Graham $1, reports the Washington Post (which was previously owned by Graham).

In exchange, Kaplan Inc., which sells online learning systems to nonprofit colleges, will continue to provide operational support, including marketing, human resources, and financial aid administration to the new university for 30 years, with a buy-out option after six years.

Additionally, the deal notes that Kaplan is not entitled to receive any reimbursement of costs of these services until New University has first covered all of its operating costs and set aside $10 million for each of its first five years of operations, according to the Graham Holdings filing.

Eventually, Kaplan will receive reimbursement for its costs of providing support to the school, as well as a fee equal to 12.5% of New University’s revenue.

Why Is This Happening?

While Purdue and Kaplan University don’t have much in common, besides that whole “we’re a school thing,” the move to combine forces is meant to provide each school with a benefit.

For instance, by switching to a nonprofit status, Kaplan University could shed some of its stigma associated with for-profit colleges.

Kaplan has been at the center of some scrutiny in recent years. The Washington Post reports the chain is party to investigations by the attorneys general of Illinois, Delaware, and North Carolina.

In 2015, the company agreed to a settlement in Massachusetts to resolve allegations that it misled students about job placement rates.

For Purdue, the deal provides a dedicated avenue to expand its online learning programs.

“None of us knows how fast or in what direction online higher education will evolve, but we know its role will grow, and we intend that Purdue be positioned to be a leader as that happens,” Purdue president Mitch Daniels said in a statement.

Additionally, as we’ve previously reported, while transferring to nonprofit status means schools must follow stricter restrictions on moneymaking ventures, some former owners aren’t having trouble with finances.

For instance, the New York Times reported in 2015 that in some cases, owners have been able to finance the purchase of their for-profit colleges by offering loans and tax-deductible donations to an affiliated nonprofit. The new nonprofit then rents the buildings used for the school from the original owner and more often than not, the management team for the institution remains relatively unchanged.

 

Should It Happen?

Consumer advocates have previously raised concerns with schools moving from for-profit to nonprofit status, noting that the reasons for the switch might not be above-board.

As for the Purdue/Kaplan deal there are still several details that haven’t been provided. For example, how much will enrolling at the school cost? Will tuition carry the for-profit price tag or the more modest cost of a public university?

Suzanne Martindale, policy staff attorney for our colleagues at Consumers Union, tells Consumerist that the deal is a bit odd for an established university like Purdue.

But only time, and details, will provide answers to whether this marriage should move forward.

“If Purdue takes an active role in restructuring Kaplan, so that it becomes a nonprofit delivering quality education to students at a reasonable price, then perhaps it’s a step forward compared to Kaplan’s past performance,” she said.

“But if they don’t exercise real oversight to ensure that the Kaplan arm truly runs as a mission-driven nonprofit, the deal could harm students, not to mention hurt Purdue’s reputation.”



Reality Check: Airlines Won’t Stop Overbooking (And You Won’t Get Rich Being Bumped)

Despite promises from United Airlines and Delta Air Lines to boost compensation for bumped passengers and Southwest Airline’s vow to do away with the practice altogether, you probably aren’t going to score $10,000 the next time you fly — and there’s still a chance your flight will be overbooked in the future.

For all the apologies and vouchers handed out whenever a flight is overbooked, airlines are fully aware that they often have more people slated to sit on a plane than there are seats on that jet.

That’s because they know that bad things happen that ruin or change travelers’ plans: Someone doesn’t set an alarm, traffic is bad on the way to the airport, or a traveler misses their connection. So to cover their butts, overbooking or overselling a flight to account for those inevitable no-shows makes sense for carriers, notes The Wall Street Journal .

Many of the large carriers have taken the stance that if they don’t intentionally oversell a flight, they’d have to raise ticket prices instead — which is something passengers would surely rail against.

It seems to be working: In 2016, U.S. airlines filled 82.2% of their seats, the WSJ notes.

Indeed, Delta CEO Ed Bastian called overbooking “a valid business process” earlier this month.

“It is not a question…as to whether you overbook,” he told investors. “It’s how you manage an overbook situation.”

You still might get bumped even if the airline doesn’t overbook. For example, carriers often switch from larger to smaller aircraft, or need to accommodate employees as in the case of United and Dr. David Dao.

To that end, while involuntarily bumping passengers can happen — and in some rare instances, lead to unfortunate altercations like the one with United and Dr. David Dao, the paying passenger dragged off a flight earlier this month — it’s not likely that you’ll get a chance to score thousands of dollars if you’re denied boarding despite holding a ticket.

Bloomberg points out that the new headline-grabbing maximum payouts of $10,000 for bumped passengers are largely just publicity stunts, given that most passengers are more than willing to give up their seats on a flight for less than $1,000.

Yes, one Delta flyer and her family ultimately racked up $11,000 by allowing themselves to be bumped from crammed flights, but that was for three seats, and involved giving up those seats on multiple flights. The most Delta paid out per seat to that family was $1,350, which is still $8,650 less than the new “maximum.”

According to government data [PDF], last year, about 434,400 people willingly gave up their seats, while about 40,600 found themselves in “involuntary denied boarding” situations



Consumerist Friday Flickr Finds

Here are six of the best photos that readers added to the Consumerist Flickr Pool in the last week, picked for usability in a Consumerist post or for just plain neatness.

Want to see your pictures on our site? Our Flickr pool is the place where Consumerist readers upload photos for possible use in future Consumerist posts. Just be a registered Flickr user, go here, and click “Join Group?” up on the top right. Choose your best photos, then click “send to group” on the individual images you want to add to the pool.



jeudi 27 avril 2017

Wells Fargo Shareholders Say Bank Staff “Rounded Up” Undocumented Workers As Part Of Phony Account Scam

We’re all well aware by this point that Wells Fargo employees opened up more than 2 million bogus accounts in customers’ names in order to game the bank’s sales incentive/quota system. Some former bank staffers revealed what they claim are some of the tricks used to create these fake accounts — including rounding up undocumented day laborers at convenience stores and construction sites to get them to sign up for accounts (only to then allegedly give them additional accounts they didn’t ask for).

This is all according to a memorandum [PDF] filed this week in a shareholder lawsuits that accuses the Wells Fargo board of directors of being a “lap dog, rather than the watch dog” and repeatedly turning a “blind eye to obvious ‘red flag’ warnings of illegal conduct – warnings from every direction, including from employees, customers, regulators, and even third-party lawsuits.”

“When foot traffic was slow, the branch manager on duty instructed Wells Fargo employees of Hispanic heritage to go to a nearby 7-Eleven”

As the bank recently acknowledged in a pending class-action settlement, Wells Fargo employees were creating fraudulent accounts as far back as 2002 — 14 years before the bank admitted to the bad behavior. The shareholders say that during all those years, bank staffers came up with creative — if allegedly illegal, unethical, and immoral — methods of boosting their sales numbers.

In a sworn declaration, a former Wells Fargo banker in Petaluma, CA, says that the pressure from management to meet sales goals “led branch employees to engage in unethical practices to keep up.”

He claims that elderly customers regularly complained about fake accounts, saying “every time they met with a local banker at Wells Fargo for any reason, upwards of 9-10 new debit cards would be issued in their names without their authorization.”

“Wells Fargo employees were instructed to ‘round up’ a group of the undocumented workers and drive them back to the Wells Fargo branch to open up checking accounts and savings accounts”

One tactic he cites for allegedly ginning up sales numbers was to take advantage of the undocumented laborers in the area.

“When foot traffic was slow, the branch manager on duty instructed Wells Fargo employees of Hispanic heritage to go to a nearby 7-Eleven,” he recalls in his sworn statement. “The Wells Fargo employees were instructed to ‘round up’ a group of the undocumented workers and drive them back to the Wells Fargo branch to open up checking accounts and savings accounts.”

Why would these day laborers go for this? The banker says that Wells would offer to waive check-cashing fees for these workers.

He tells the court that, from what he was told by Wells employees at other branches in California, this practice was not uncommon.

In fact, in another sworn declaration, a former manager from a Wells Fargo branch clear across the country in eastern Pennsylvania says that when sales began to sag at her bank, upper management began a program dubbed “Hit the Streets Thursdays,” in which Hispanic branch employees were allegedly instructed to “force random people off the streets or from Social Security offices to them into local branches and pressure them into opening new accounts.”

A third statement, this time from a Wells Fargo banker in Utah, seems to mesh with these allegations. In his declaration, he says that his branch would regularly target workers at nearby construction sites or the local Coca-Cola facility — both places where workers were often unbanked because of their immigration status.

“Hispanic branch employees were allegedly instructed to ‘force random people off the streets or from Social Security offices to them into local branches and pressure them into opening new accounts'”

According to his statement, management encouraged bans to “promise the undocumented immigrants that they would not have to pay any fees to cash their checks.”

But what these people didn’t know was that Wells employees were also opening up savings accounts and credit cards for people who had not asked for either. So long as those additional accounts weren’t closed within 60 days, the bankers would receive credit for the sale, according to the statement.

Similarly, while bank employees allegedly offered cash to the Coca-Cola employees to open accounts, this banker says Wells staff intentionally did not tell these new customers that their accounts had minimum balance requirements.

Additional statements from previous Wells employees highlight other alleged bad behavior on the bank’s part.

A banker from Arizona tells the court that he was pressured into bringing on a Wells Fargo sales staffer with a reputation for being the leading salesperson for the entire state. The banker says this employee was opening 30 to 40 accounts each week, which he describes as a “ridiculous amount for any store.”

The problem was, notes the banker, this new guy was signing up a lot of new customers, but didn’t seem to have all that much work to do after those accounts were started.

When the banker looked at this employee’s sales records, he says he noticed some issues. According to the banker, the sales rep was opening around new accounts for each customer. He was also allegedly “opening 40-50 accounts and assigning them to people with fake names each week, or he was opening accounts for other workers in our store without telling them.”

The banker says these accounts were never used, though debit cards were issued. This is important, he explains in his declaration, because a new account have to have a debit card associated with it for the account to be credited as a sale; the rules never said anything about the cards ever having to be used.

This sales rep allegedly funded bogus accounts by temporarily transferring money from existing accounts. Sometimes he forgot, says the banker, resulting in actual customers — who had no idea they were being defrauded — being hit with overdraft charges.

The banker says he brought these concerns to his manager, who dismissed them and insisted the questionable sales were all legitimate. What’s more, when a management position opened up at this branch, this alleged fraudster was promoted. The banker says his boss told him to “play ball, or get out.” That boss was also promoted, to district manager.

He says he later attempted to contact the Wells Fargo ethics hotline, but claims that he soon learned that the other employee had brought an ethics charge against him for wrongfully accessing his sales records. You can probably guess which of the two men was fired by the bank.

In a statement to the San Francisco Chronicle, a rep for Wells Fargo says the claims raised by these former employees are “offensive, because they run counter to the expectations of Wells Fargo, and would be a violation of policies we have in place to safeguard against abuses.”

“These allegations are inconsistent with our policies, values and the relationships we work hard to build with all parts of our community,” said the spokesman. “Wells Fargo has long been committed to providing banking services to immigrants in a manner that complies fully with the law, and we have controls in place to ensure we comply with requirements.”



77-Year-Old Insurance Agent Pleads Guilty To Conning Customers Out Of $8.2M

A Pennsylvania insurance agent could spend more than five years in prison after pleading guilty for his part in a scheme that swindled millions of dollars from customers.

Federal prosecutors accused 77-year-old John Hogan of running a 14 year-long promissory note scheme that bilked more than $8.2 million from clients.

According to an indictment [PDF] filed in the federal court of Western District of Pennsylvania, from 2002 to 2016, Hogan persuaded clients of his business— Hogan & Associates — to borrow against the cash value of their insurance policies so that he could provide loans to individuals in need of capital.

Hogan, who claimed to be a financial advisor but was not licensed, told his clients that borrowing against or “cashing out” these insurance policies was a better investment than simply borrowing from a bank or investing their money.

In order to persuade clients to lend the funds, Hogan claimed that these “client-investors” would receive at least a 10% return.

To participate in Hogan’s investment opportunity, clients were asked to send him checks of less than $10,000.

To give the scheme an air of authenticity, Hogan would prepare promissory notes that contained the subheading “John F. Hogan-Financial Coordinators.” The notes promised to pay the principal sum of money to the investor by a certain date typically one or two years in the future.

When the note came due, Hogan would persuade the lenders to “roll over” the investment for additional years. Meaning he did not have to repay the balance.

The indictment claims that Hogan never actually had borrowers and instead used the money to prop up 25 homes and investment properties he owned, his business, and to provide interest payments to clients he had previously persuaded to lend money.

The Associated Press reports that in one case, a client provided Hogan with $1.7 million by sending 249 checks to the agent. While the woman received a few interest payments, none of the original loans were repaid, according to assistant U.S. attorney George Melucci.



Coca-Cola: Dead Mouse Was Too Fresh To Be Found In A Coke Can

A South Dakota man claims he purchased — and drank from — a can of Coca-Cola that had a mouse sealed inside, making him ill and causing him to miss work. But the Coke folks say this just isn’t possible, since a mouse sealed in a soft drink can would have been more decomposed.

The plaintiff bought bought the allegedly mousy beverage in June 2016, and claims that he drank most of the 16-ounce can before feeling something solid something solid inside shift and touch his lips. When he poured out the rest of the liquid, and cut the can open, he says he found the bonus rodent.

He is suing Coca-Cola for a modest amount, having medical bills related to his illness that total around $1,000, and he missed 60 hours of work. He also says that he lost thirty pounds due to his illness.

Coca-Cola, however, disputes that it’s possible to find such an intact mouse in one of its beverage cans. In the time that it would take for a mouse to be sealed inside a can at a bottling plant, then for the can to be distributed to a retail store and purchased, the mouse would have decomposed enough to have “compromised the can,” or given off gases that would make the can bulge or burst.

An attorney from Minnesota who is on the team representing Coke explained to the Mitchell Republic that the company “takes these cases extremely seriously and tries them all,” since allegations of mouse contamination are damaging to its brand. Settling for a modest amount would be cheaper and easier, but the company would rather defend itself at trial.

The plaintiff’s attorney originally filed the case as an expedited civil trial under a new law in South Dakota, but Coca-Cola has moved to hold a full trial instead, which would take multiple days and allow for more witnesses.

One of those witnesses would be a veterinary pathologist, who would testify about the condition of the mouse. We don’t have a picture of it as it came out of the can, but one of Coca-Cola’s attorneys gave a vivid description.

“It had fur. It had blood on its nose. Its limbs were intact. There was very minor decomposition,” he told the court.

In a similar case eight years ago involving a can of Diet Pepsi, the animal inside the beverage had decomposed to the point that the customer who found it thought that it was a mouse. It turned out to be an already-gutted toad.

The plaintiff is seeking $2,026 and general damages, plus interest.



United Airlines Reaches Confidential Settlement With Forcibly Removed Passenger

United Airlines and Dr. David Dao — the paying passenger who was forcibly removed from his seat to make room for an airline employee — have reached a deal that preempts a potentially lengthy legal battle. Though what that settlement entails will likely remain a mystery.

On the same day that United announced several “substantial” changes to the way it “flies, serves, and respects its customers,” the legal team for Dao says they’ve negotiated an “amicable” settlement for the injuries he received during the April 9 incident.

We’ll likely never know how much Dao will receive, as the settlement includes a provision that the amount remain confidential, which he and his attorneys have agreed to.

Attorney Thomas Demetrio praised United CEO Oscar Munoz for doing “the right thing.”

“In addition, United has taken full responsibility for what happened on Flight 3411, without attempting to blame others, including the City of Chicago,” Demetrio said in a statement. “For this acceptance of corporate accountability, United is to be applauded.”

As a result of his ordeal, Demetrio says Dao has become “the unintended champion for the adoption of changes which will certain help improve the lives of literally millions of travelers.”

The attorney adds that he hopes other airlines will learn from this experience and “follow United’s lead in helping to improve the passenger flying experience with an emphasis on empathy, patience, respect, and dignity.”



Toyota Recalls 228,000 Trucks Over Concerns About Loss Of Control

Toyota is recalling 228,000 late model Toyota trucks over concerns that a leak may cause drivers to lose control of their vehicles.

The recall affects model year 2016 and 2017 Toyota Tacoma trucks with rear differentials that may leak oil.

According to the carmaker, if the vehicle is continuously operated with a leak, the rear differential could become damaged, which can result in noise and reduced propulsion. In some cases the rear differential could seize, resulting in a loss of control of the vehicle and increasing the risk of a crash.

Toyota says that it will notify owners of affected vehicles in mid-June, and dealers will check the vehicle’s rear differential for leaks.

If no leak is found, the vehicle fasteners will be re-tightened. If a leak is found, the rear differential carrier gasket will be replaced with a new one, and new fasteners will be installed.

In the case that there is damage to the rear differential, the entire assembly will be replaced.



Here’s The Timeline For The Likely Death Of Net Neutrality

New FCC Chair Ajit Pai vowed to kill off net neutrality if he could before he ever got the job, and yesterday he made good on his word, introducing a plan to roll back the reclassification of broadband as a vital piece of infrastructure, and remove the FCC’s and remove the FCC’s authority to insist on an internet where companies like Comcast, Verizon, Charter, and AT&T don’t have any say in where you go or what you do online..

However, government regulations can’t be flipped on and off like a light switch. The FCC is a complicated bureaucracy with rules and procedures that have to be followed — and that Pai, a stickler for the rules, has often admonished the Commission for failing to adhere well enough to in his opinion.

In short, net neutrality may ultimately die, but if so it’s probably going to be a slow, loud death.

Getting to the Open Internet Order in the first place was a thirteen-month journey from losing the old rule in Jan. 2014 to approving the current one in Feb. 2015. And the road between yesterday’s speech and any potential reversal of the Order is just as winding.

Here are the key milestones you can expect.

Today: Pai’s office has made public the full draft text of his proposal [PDF].

This document doesn’t actually change anything. It’s a Notice of Proposed Rulemaking (NPRM). Think of it like a first draft: It means that the FCC is considering a new rule, and is giving notice about what they think it could be. (The related notice of inquiry, meanwhile, means that they’re asking a question.)

May 18: The Commission will vote on the NPRM in its regular monthly open meeting.

Barring any sudden, shocking surprises, the Commissioners will vote 2-1 (with Chairman Pai and Commissioner Michael O’Rielly in favor and Commissioner Mignon Clyburn dissenting) to consider the proposal. That doesn’t change anything, either, but it does kick off the formal review process.

After the NPRM is adopted, it has to get printed in the Federal Register. That can take anything from a couple of days to a couple of weeks, but after that, it’s off to the races.

The review process and comment period (likely June-August): This is the part where everyone with an opinion gets to tell the FCC what they think.

The review process has several parts. The most important, for everyone who isn’t an FCC employee, is the public comment period.

Once the NPRM is printed in the Federal Register, comment period is officially, formally open for the Commission to gather input from stakeholders. (You can, technically, comment now — the docket is open — but given how wedded Pai is to formal processes, comments that come in “correctly” probably stand a better chance of gaining traction.)

In this case, “stakeholders” includes not only businesses and consumer advocacy groups, but also literally everyone who uses the internet — i.e., you. Typically, comment periods run in three stages: for 30 days or so, followed by another 15 or 30 days for reply comments, and another 15 or 30 days for replies to the replies.

Basically, the way that works is something like this: Let’s say and ISP files a comment in the first window saying, “Title II is rubbish.” During the second window, anyone can file a comment directly rebutting the ISP’s argument, rather than the FCC’s initial proposal as made (“ISP is wrong, this is not rubbish”). And then in the third window, the ISP can explain why it disagrees and was right to begin with (“For these ten reasons, we stand by our assertion of ‘rubbish'”).

All told, the periods tend to get a little muddled with high-volume proceedings, but the overall gist is that the public gets a few months in which to have its say, depending on if Pai’s office extends them or not. (In 2014, then-Chairman Tom Wheeler’s office had to extend the deadline for net neutrality comments after overwhelming demand crashed the system.)

The closing deadline for the first comment period is July 17, 2017.
The closing deadline for the reply comment period is August 16, 2017.

After the comment period (September until… who knows): This is basically the make-or-break point, and it could occur any time between August and never.

Once the FCC has completed its gathering of public input and its internal review, it can shift gears. The first draft — the NPRM — gets edited into its final form, taking all the public comments, internal review, and answers to the notice of inquiry into account.

That becomes an Order, on which the Commission then votes again. If a majority votes in favor of the Order, it becomes law.

If it becomes clear that a majority will not vote in favor of an Order, however, it usually disappears quietly into the night instead of having to take the public loss — as we saw happen in Sept. 2016 with the now-dead set-top box proposal, for example.

If the Commission Adopts An Order: If, after completing its review, the Commission goes ahead and reverses the Open Internet Order anyway, this is when we’d find ourselves in lawsuit city.

The timing of this, too, depends on the final Order being published in the Federal Register. The FCC voted to adopt the Open Internet Rule on Feb. 26, 2015, but it wasn’t printed in the Federal Register until April 13. That kicked off the 60-day window in which any “aggrieved party” can sue.

In 2014, it was like clockwork: The window opened on April 13 and the lawsuits landed on April 14, the very next day.

If it comes to that, it’s anyone’s guess how long things take after. The court heard oral arguments on the matter eight months later, on Dec. 4, and issued a ruling — upholding the existing rule — six months later, in June, 2016.

That means the entire process — from the FCC starting to consider a rule, through adopting it, and through completing the lawsuits over it — ran about 2 1/2 years, start to finish. And we could now be looking at something like that once again.



Feds Sue Four Online Payday Lenders For Collecting On Void Debts

Last year, federal regulators released a report that found online payday lenders — despite their clean, professional websites — could be just as bad, if not worse, than their storefront counterparts. Today, the Consumer Financial Protection Bureau provided yet another example of how these companies can wreak havoc on consumers’ finances by skirting the law. 

The CFPB announced today that it had filed a lawsuit [PDF] against four California-based online lenders accusing them of making deceptive demands and illegally taking money from consumers’ accounts for debts they didn’t actually owe.

Unlike some lenders who have tried to collect debts from people when they belonged to someone else, the CFPB claims that Golden Valley Lending, Inc., Silver Cloud Financial, Inc., Mountain Summit Financial, Inc., and Majestic Lake Financial attempted to collect on payday loans that were invalid based on state laws.

According to the CFPB complaint, since at least 2012, Golden Valley Lending and Silver Cloud Financial have offered online loans of between $300 and $1,200 with annual interest rates ranging from 440% up to 950%. Mountain Summit Financial began offering similar loans in 2014, while Majestic Lake Financial began doing so in 2015.

A typical $800 loan from the lenders would eventually balloon to approximately $3,320 over the course of 10 months, according to the complaint.

However, the four lenders — which provided installment loans to consumers in all 50 states through their websites — could not legally collect on these debts because they were void under state laws governing interest rate caps or the licensing of lenders.

In fact, 17 states where the loans were made — including Arizona, Arkansas, Colorado, Connecticut, Illinois, Indiana, Kentucky, Massachusetts, Minnesota, Montana, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, and South Dakota — have laws in place related to licensing requirements and restricting the amount of interest that can be charged on loans.

An investigation by the CFPB found that not only did the loans in some states exceed usury laws, the lenders did not have proper licensing in other states. As a result, the CFPB claims that thousands of loans made by the company were void and could not be collected.

Despite this, the four lenders allegedly created the false impression that they had a legal right to collect payments and that consumers had a legal obligation to pay off the loans.

In order to collect funds from some of these consumers, the CFPB claims the four lenders made electronic withdrawals from consumers’ bank accounts or called or sent letters to consumers demanding payment for debts that were not owed.

In the case of electronic withdrawals, the CFPB claims that while the lenders told borrowers they could repay their debts by sending in a paper check, when a customer sent in a check the lender’s loan agreement allowed them to create an electronic fund transfer that allowed the company to debit money from accounts directly.

Additionally, the Bureau alleges that the lenders’ websites did not properly disclose the annual percentage rates for the loans.

For example, each of the lenders website included a “FAQ” section that answered “How much does the consumer loan cost.” The company stated that “Our service fee is $30 per $100 loaned. This fee is charged every two weeks on your due dates, based upon the principal amount outstanding.”

Instead of providing the APR, the sites simply stated in fine print, “Complete disclosure of APR, fees, and payment terms are set forth in the loan agreement.”

In all, the CFPB claims the companies violated the Truth in Lending Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act.

With its lawsuit, the Bureau seeks monetary relief for consumers, civil penalties, and injunctive relief, including prohibiting the collection of the void loans.



Taco Bell Will Offer Free Dinner Reservations At Its Test Kitchen

It’s no Wonka Chocolate Factory, but if you’re into trying stunt food before anyone else, Taco Bell will be inviting a limited number of people behind the scenes for a free meal in its test kitchen.

The fast food chain is partnering with OpenTable for a promotion that will let 32 customers make reservations at Taco Bell HQ in Irvine, CA, reports Nation’s Restaurant News. Company chefs will serve diners new products and food creations before they hit restaurants – if they ever make it that far at all.

Taco Bell’s version of a golden ticket? It won’t reveal the OpenTable link for the May 19 meal until May 5, so you’ll have to be quick if you’re desperate to get in.

“The chance to be the first to see our innovative food, where it’s created, from the chefs who make it happen, is a unique experience that’s never been available to the public until now,” said Liz Matthews, Taco Bell’s chief food officer.

Dinner is free, but you have to be at least 21 to make a reservation. You’ll also have to pay your own way to get to California, Taco Bell says.

Though this promo is only open to a limited amount of customers, the chain says it will host more dining events throughout the year.



Home Depot Data Leak Exposes Gap in Consumer Privacy Protection

Recently, Consumerist received an anonymous tip pointing to an internet address that hosted digital images of bathtubs, garage doors, kitchen countertops, contractors at work on various projects, and customers picking out and paying for products in a home-center store. The site also hosted 13 Excel spreadsheets of customer records, including the full names, phone numbers, mailing addresses and email addresses of approximately 8,000 people, as well as other information chronicling the apparent installation complaints of each customer.

The internet address that hosted these spreadsheets — along with one random document containing a scanned printout of a customer’s name, address, and signature — was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines (several of the email addresses listed, when typed into a Google search, surfaced the documents), and completely accessible to the open internet.

This data leak was small by comparison to many high-profile security incidents of the past few years, but it offers a view into what may well be a vast class of personal information that is offered virtually no legal protection by the various state laws that largely define what is, and is not, a data breach.

While the spreadsheets contained no credit card data, bank account information, or Social Security numbers — which are considered legally protected data — the level of transaction detail was extensive.

Each entry contained a record of a complaint logged with Home Depot’s MyInstall program, a service the home-improvement retailer offers customers to help them communicate and coordinate with its network of installers. The records in the spreadsheet included the type of product or installation service each customer had an issue with (carpet, garage doors, countertops, etc.), the reason for the complaint (“defective merchandise,” “leaks,” “incorrect placement”) as well as the name of the “care agent” who had presumably serviced the complaint.

It’s unclear how long the data had been publicly exposed, but the files have since been removed from Home Depot’s site. When reached for comment, Home Depot responded in an e-mailed statement: “The information was out there, and as hard as it would have been for anyone to find, it shouldn’t have been [out there]. This was an inadvertent human error that we addressed as soon as we discovered it. Although the data was low-risk and not the type of information commonly used for fraud or identity theft, we take the matter very seriously.”

Home Depot has attracted scrutiny in the past when it comes to data security. In the spring of 2014, hackers used compromised vendor credentials to penetrate the company’s internal IT systems and, after exploring the company’s network, installed custom malware on 7,500 of the company’s self-checkout registers. For a period of five months, the intruders collected the personal and financial information of approximately 56 million of Home Depot’s customers.

This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014. But the appearance (and disappearance) of these files on HomeDepot.com raises a variety of questions that go way beyond the circumstances of this one incident. For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?

An Invitation to Imposters

Viewed one way, some of the customer information in the spreadsheets found on HomeDepot.com could be listed in an ordinary phone book. But when combined with the context of transaction information, the data could prove highly valuable to a motivated scammer.

Brian Krebs, a cybersecurity expert who runs the influential site KrebsOnSecurity.com, says that data such as names and addresses, as well as customer service details could be useful for “pretexting,” where a scammer convinces his or her target of a pre-existing relationship in order to get access to more valuable information. (Pretexting is also known by a number of other names, such as “spear phishing,” or “imposter scams.”)

“Just a little bit of information about a person can demonstrate that you already have a relationship with that person as a service provider or company the target has done business with previously,” he explains. Krebs was the one who broke the story of Home Depot’s breach in 2014, as well as Target’s massive data breach in 2013, in which hackers stole the credit or debit card data for approximately 40 million people.

Hackers routinely use Google searches to find unsecure documents with customer data or company secrets. A clever scammer who got hold of spreadsheets like the ones that were hosted on HomeDepot.com could call the listed customers, pretending to be from Home Depot by using the transaction details in the document as a “pretext” for obtaining more valuable info, such as account credentials, bank account numbers, or social security numbers.

In addition to being used by scammers directly, personal data is also bought, sold, and traded. The more detailed the information, the more useful (and thus valuable) it is to the scammer.

“A lot of information or partial information can be traded on the black market and on dark web sites,” says Nat Wood, associate director of the Bureau of Consumer Protection’s Division of Consumer and Business Education at the Federal Trade Commission (FTC), referring to the parts of the web that are hidden from search engines and cloaked in encryption.

Wood works to educate consumers and businesses on security best practices and was only asked general questions about pretexting, imposter scams, and phishing and is not commenting specifically on Home Depot. He notes that less-sensitive personal information can be combined with data obtained through illegal means.

“Sometimes the scammers have part of your Social Security number, or they know a lot about you,” says Wood. “They know where you live and your name and some of your relations. They either know, or can guess, an account that you have, and they sound very legitimate.”

Wood says imposter scams are a growing area of concern for the FTC and are not at all uncommon.

“There are a lot of people placing phone calls who are lying about who they are to get information, or get money,” says Wood. “It’s wise to have some skepticism and to check things out.” The FTC gets so many complaints to both the agency and its partners that Wood characterizes it as an “epidemic of imposters.”

How Customer Data Leaks

According to experts we spoke with, there are a variety of ways this sort of customer data could become exposed on a company’s website. It could be either a deliberate action or an unfortunate mistake by an employee or vendor with the ability to upload data to the company’s public-facing website; or it could be the result of a lack of investment in systems and tools designed to secure and transmit data.

“Sometimes it’s not even intentional,” says Jeremy Koppen, principal consultant with Mandiant, a division of the cybersecurity firm FireEye, a company that helps companies clear their servers of malware and plug security holes after data breaches — known in the industry as “incident response.”

According to Koppen, who was not briefed on the specifics of the Home Depot situation, internal data sometimes ends up on external sites because of incorrectly configured systems, or possibly from employees who don’t realize that they are leaving this information out there for the taking.

“I think a lot of it comes down to asset management, and making sure you’re aware of all the systems and where they are in the environment,” he explains, adding that Mandiant has worked with businesses that have strict policies but are still falling short when it comes to ensuring that staffers actually follow the organization’s guidelines.

When we described the files that were present on Home Depot’s site to experts at the Cyber Independent Testing Lab (CITL), a partner of Consumer Reports in a new initiative to develop a privacy standard for the Internet of Things and other digital products and services, they saw it as part of a deeper issue.

“An organization of this size should be expected to train their employees better on how to handle personally identifying information,” said Sarah Zatko, chief scientist at CITL, “Having support issues logged in an Excel file is surprising for this large a company, let alone on a publicly facing system.”

A Regulatory Vacuum

It’s nearly impossible to tell how widespread this sort of data leakage could be beyond the Home Depot case, since the state laws that largely define when and how companies need to notify customers when their data is exposed don’t generally cover personal information if it’s not tied to a financial account or medical record. “Email addresses are mentioned in some breach notification laws, but only when breached in combination with a password,” says Pam Greenberg of the National Conference of State Legislatures (NCSL).

The NCSL advocates on behalf of state lawmakers, and also acts as a central clearinghouse for information on state laws, and its site lists a variety of internet privacy legislation protecting everything from records of e-book rentals and purchases to Social Security numbers to the browsing information of customers of internet service providers. But Greenberg wasn’t aware of any state laws that require businesses to encrypt customer transaction records that don’t include financial data, or to notify their customers if such information was accessed by an unauthorized outside user when not in combination with a breached password.

Two bills introduced in Congress in 2011 and 2014 would have expanded the type of consumer data leaks that would trigger a breach notification, but neither gathered enough support to become law. In 2015, legislation introduced by Sen. Patrick Leahy (D-Vt.) sought to add consumer protections for a few new categories of sensitive personal data — including unique biometric data, like fingerprints; physical and mental health information; geolocation data; and private digital photographs and videos.

Sen. Leahy remains hopeful that a solution can be found, and told us in an emailed statement that there is “some bipartisan support for consumer privacy.”

“Though security concerns and fast-evolving technologies have complicated the debate, Americans still value their privacy,” Leahy said. In Consumer Reports’ Consumer Voices survey published earlier this year, 65 percent of Americans told us they are either slightly or not at all confident that their personal data is private and not distributed without their knowledge.

Protect Yourself

Home Depot says that it has no plans to proactively contact MyInstall customers whose information was exposed through these documents. A company representative cited a concern that a promise to reach out to consumers might itself invite phishing scams.

The company did say that customers who wanted to check to see if their information was in these spreadsheets could do so at Home Depot’s main customer service line: 800-466-3337.

Even if you’ve never been a Home Depot MyInstall customer, there are some things you can do to see if your data has been exposed elsewhere. One place to start is by trying a few targeted Google searches. Google’s web crawlers have the ability to index public-facing files stored on company websites — that includes PDFs and some Excel and Word documents.

If you want to try to search for any exposed files that may have your name or email address, you can use special search operators to limit your search to certain file formats. Try including “filetype:pdf”, “filetype:doc”, or “filetype:xls” along with your name in your Google searches. MIT’s library has a guide to using search operators that you may find useful.

If you find something that looks off, you can report it to the FTC at ftc.gov/complaint. You should also contact any company that seems to be hosting your data inappropriately, and ask that it be taken down.

Most importantly, consumers should always stay alert for pretexting scams. Because companies don’t have a legal obligation to report these sorts of data leaks, you may never know if this type of information about you has been exposed. And as we’ve seen, it can be disconcerting, but not illegal, for companies to collect and host your “public” personal information on the internet.

If you get a call from someone — even if they seem to know information that only a company you’ve done business with should know — don’t just take them at their word. And if someone is trying to pressure you with a scary story, don’t panic. Instead, raise an eyebrow. Creating a sense of urgency is a tactic imposter scammers use to keep you from having enough time to put two and two together, according to Nat Wood of the FTC.

“Scammers are really ingenious, and they try to rush you,” says Wood. “They try to give you a sense of urgency. They try to make you afraid that some kind of terrible threat is going to happen… They try very hard to have you not think, ‘Wait a minute, is this real?’; ‘What do I know about this person?’; ‘Is there a way for me to verify it?’ Because if you have that thought, and check it out, they’re not likely to succeed.”

Also, if you suspect you have been targeted by a scammer, you should report it to the FTC.

“Those complaints are made available to hundreds of law enforcement agencies through the Consumer Sentinel Network. You don’t have to have lost money,” Wood explains. “We really appreciate it when people take the time to let us know they’ve seen fraud out in the world, whether they’ve fallen for it or not. It makes a difference.”