The global average internet connection speed rose 21 percent year-over-year in Q3 to 6.3 Mbps, Akamai reported Wednesday. South Korea had the highest average speed at 26.3 Mbps, while Hong Kong had 20.1 Mbps and Norway had 20 Mbps. The U.S. placed No. 12 with an average of 16.3 Mbps. The U.S. average Q3 speed was up 30 percent. The U.K. had the top average mobile connection speed at 23.7 Mbps, while Venezuela had the slowest at 2.2 Mbps. U.S. average mobile speed was 7.5 Mbps. The number of IPv4 addresses connecting to Akamai increased by 0.7 percent from Q2 to 806 million, mostly offsetting a decrease in IPv4 use during that quarter, Akamai said. The report found Belgium remained the “clear global leader” in IPv6 adoption, noting that 39 percent of the country’s connections to Akamai occurred via IPv6. Verizon, AT&T Communications America and Comcast were the ISPs with the largest volumes of Akamai connections using IPv6, the web caching provider said.

In 2016, data breaches and cyberattacks resulted in more than 2.15 billion records being compromised, including the more than 500 million Yahoo user accounts that were stolen two years ago, said cybersecurity firm IT Governance in an updated blog post Tuesday. Last year, breaches totaled 480 million, wrote Lewis Morgan, a social media marketing executive who compiled the list. He said he initially didn't include the breach at Yahoo in his count because it occurred in late 2014, but decided to add it because the incident was first reported in September (see 1609220046).

The number of connected IoT devices, sensors and actuators will top 46 billion in 2021, Juniper reported Tuesday, but hurdles remain. The 200 percent jump from 2016 will be driven by lower hardware costs, said Juniper. Challenges remain, including complexity in developing large-scale IoT deployments and cybersecurity issues that have reached a “boiling point,” it said.

Released from gag orders, Google started posting online copies of national security letters (NSLs) it has received whether through litigation or legislation, wrote Richard Salgado, the company's director-law enforcement and information security, in a Tuesday blog post. "Our goal in doing so is to shed more light on the nature and scope of NSLs," he said. "We minimized redactions to protect privacy interests, but the content of the NSLs remain as they were when served." An NSL is a type of administrative subpoena that seeks subscriber information relevant to a terrorism investigation or clandestine activity and usually is accompanied with a gag order. Salgado said the company's efforts include "working with the government to publish statistics about NSLs we’ve received, successfully fighting NSL gag provisions in court, and leading the effort to ensure that Internet companies can be more transparent with users about the volume and scope of national security demands that we receive." The 2015 USA Freedom Act that allows companies to make more detailed disclosures of NSLs they receive has helped companies be more transparent, he added. The law also requires DOJ to regularly review gag orders in NSLs and remove those no longer needed.

ICANN received minimal but mixed stakeholder response through Monday on its proposal to implement a revised policy for consistent labeling and display of “thick” WHOIS registration data for all generic top-level domains. Thick registration data includes data associated with the domain name itself, along with the registrant and other contacts of the domain name. Thin registration data has only data associated with the domain name itself. The revised labeling policy plan ICANN proposed in October doesn't require registries to implement a registration data access protocol (RDAP) service to achieve consistent labeling, which was criticized by the Registry Stakeholder Group (RySG), ICANN said. RySG said it “supports the removal” of the RDAP requirement from the labeling policy plan. RDAP “is outside the scope of the Thick Whois PDP recommendations,” the stakeholder group commented: “The RySG’s concerns with the inclusion of RDAP were compounded by the introduction of a requirement to implement the RDAP in accordance with an Operational Profile that was introduced unilaterally by ICANN staff” in the policy plan. The Internet Architecture Board urged ICANN to remove “all barriers to the deployment and use of RDAP.” The protocol “was developed within the IETF [Internet Engineering Task Force], by technical contributors whose affiliations include registries, registrars, and other WHOIS users and providers, to resolve the technical shortcomings of WHOIS,” IAB said. “Given the well known issues with WHOIS, the IAB strongly encourages ICANN, Registrars, and Registries to begin experimenting with RDAP as soon as possible.” The Generic Names Supporting Organization's IP Constituency (IPC) said it “has no substantive objections” to the revised policy plan but believes the decision to not include the RDAP requirement is "a 180 degree reversal” by ICANN. “While this requirement has been a consistent feature of the CLD [consistent labeling and display] implementation plan throughout the drafting process, ICANN staff completely reversed its position on it within days” of RySG's objection, the IPC wrote. “Wholly apart from the merits of the RySG objections, IPC empathizes with its frustrations regarding staff unresponsiveness. IPC will certainly bear this precedent in mind the next time the ICANN staff fails to heed IPC’s well-considered and repeatedly-voiced objections to a proposed course of action.” Verisign urged ICANN to include provisions in the labeling policy plan to allow extensions to the plan's Aug. 1, 2017, effective date. “It is possible for legitimate issues to arise during the implementation of the [CLD] Policy (include security and stability concerns) which may impact the ability of Registry Operators to comply with the” effective date, the company commented.

Aura Labs, marketer of a mobile blood pressure app, agreed to settle FTC allegations the app's readings aren't as precise as a traditional around-the-arm blood pressure cuff, said the commission in a Monday news release. Commissioners voted 3-0 to authorize staff to file the complaint and stipulated order, which was filed and signed by a judge in U.S. District Court for the Central District of California, the FTC said. “For someone with high blood pressure who relies on accurate readings, this deception can actually be hazardous,” said Consumer Protection Bureau Director Jessica Rich. “While the Commission encourages the development of new technologies, health-related claims should not go beyond the scientific evidence available to support them.” The commission said the company, which does business as AuraLife and AuraWare, and its co-owner Ryan Archdeacon are barred from making deceptive claims about the app and any health benefit claims without supporting scientific evidence. The settlement also imposed a nearly $600,000 judgment, which is suspended because the defendants are unable to pay unless they misrepresented their financial condition, the commission said. In a statement on the company's website, Archdeacon said the dialogue with the FTC "was a learning experience" for both sides and the company values consumer safety. "That being said, we feel that the agency's heavy handed approach can stifle innovation with a costly and bureaucratic process," he said. "A conversation regarding potential concerns early on would have allowed the Commission and the company to reach a swift resolution, saving time, energy and taxpayer dollars."

Facebook discovered a discrepancy between the counts of its "Like" and "Share" buttons on the Graph API (application program interface) and the counts when a user enters a URL in the mobile app's search bar, said the social media network in a Friday blog post. "We are looking into why inputting the URL as a search query in Facebook’s mobile app might have corresponding numbers that can be higher or lower in certain cases." The company said it's trying to fix the problem. The post said the metrics count the number of likes of a URL off the site, the number of shares of a link from Facebook and the number of likes and comments on stories about a URL. Also in the post, Facebook said it's updating a tool to help advertisers better calculate how many people they can expect to reach with ads when they're creating ad campaigns; it's improving the "methodology for sampling and extrapolating potential audience sizes ... to provide a more accurate estimate for a given target audience and to better account for audiences across multiple platforms." The company said advertisers should see less than a 10 percent change in sizes in the tool. Plus, the company said it fixed an error that will count streaming reactions to live broadcasts on a post instead of counting them on shares of a post. Facebook said the total counts were right, but the metric was captured in the wrong place. The fix will be applied starting in mid-December for newly created live videos, increasing "Reactions to Post" by 500 percent on average and decreasing "Reactions from Shares of Post" by 25 percent on average (see 1609300034).

Australia-based Moose Toys, which makes "SelfieMic," should stop advertising claims that "imply" children under 13 also can use the app StarMaker, which is promoted with the product, but is age-restricted -- a recommendation accepted by the toymaker, said the Children's Advertising Review Unit in a Friday news release. CARU, which is the ad industry's investigative unit, administered by the Council of Better Business Bureaus, said it found Moose's TV ad that portrayed the use of the product and app for children under 13 through routine monitoring. "However, users seeking to save videos, share them with friends, redeem bonus tokens for popular songs and purchase songs with the app, are required to share personally identifiable information [PII] as part of a registration process," said the release. "To prevent children under the age of 13 from sharing such information, the app contains an age gate." StarMaker Interactive's privacy policy said its StarMaker app isn't directed to children under 13, "and we do not knowingly collect PII from children under 13." CARU said it wanted Moose Toys to remove the TV ad or modify it to accurately depict how children under 13 could "realistically use the product." In its advertiser's statement, the toymaker said it accepts the recommendations, according to CARU. Moose didn't comment.

Social media aggregator Power Ventures, which was found to have violated the Computer Fraud and Abuse Act after it received a cease and desist letter from Facebook not to access users' accounts even with their permission, was denied a panel rehearing and rehearing en banc in an amended opinion issued Friday by a three-judge panel for the 9th U.S. Circuit Court of Appeals (see 1609290027 and 1609130012). "The full court has been advised of the petition for rehearing en banc, and no judge of the court has requested a vote on it," said the order. Its July 12 opinion (in Pacer) was amended to include the order. "No further petitions for panel rehearing or rehearing en banc shall be entertained." George Washington University Law School professor Orin Kerr, one of the lawyers representing Power Ventures CEO Steven Vachani, previously told us he was hopeful the petition for rehearing would be granted. "We are disappointed, but we're evaluating our options," emailed Kerr. Facebook didn't comment.

Parents "strongly support, and desire, the benefits of student data collection and use" the closer that such data use is tied to individual classrooms and to a child, found a Future of Privacy Forum survey released Thursday. FPF Policy Counsel Amelia Vance said in a post that the findings parallel last year's study. She said parents increasingly are seeing value that school districts get from use of personal data such as grades, attendance, disciplinary records and participation in school lunch programs, plus traditionally sensitive data. Vance wrote, there's support for the collection and use of parents' marital status, family income, Social Security numbers and race and ethnicity, which is "critical for research that identifies potentially discriminatory policies and practices." She said the survey also found nearly all parents of school-age children want to be "informed with whom and for what purpose their child's record is being shared." One area that needs more awareness, she said, is helping parents better understand current laws and practices that protect student data, since "slightly fewer parents" this year than last felt confident about such requirements. Rates of technology use by students and parents in schools went up by 20 percent since last year.