News in brief: cookie monster slain; FBI disclosure on shooter’s iPhone; Mayer to step down

Your daily round-up of some of the other security stories in the news

Brussels kills the cookie monster

Farewell to the EU cookie monster – probably. Buried in a proposal from Brussels today to update current rules on privacy is a note to “streamline” the “cookie provision” that has required EU-based websites to show users an annoying but well-intentioned pop-up informing them that cookies were being collected.

The general consensus is that it made little difference to people’s privacy and so the plan is that the new ePrivacy regulation, of which the proposal to ditch cookies is part, will come into effect in May next year, alongside GDPR.

The proposal concedes that the cookies pop-up “has resulted in an overload of consent requests for internet users” and notes that in future, “no consent is needed for non-privacy intrusive cookies in improving internet experience (eg to remember shopping cart history)”.

The proposal isn’t just about removing intrusive pop-ups: it also calls for tough new rules on tracking the users of messaging apps such as WhatsApp and Messenger, and for providers of services to ask for specific consent from users to use their data for advertising purposes.

FBI sheds not much light on San Bernadino phone

A little – but not much – light was shed on the FBI’s breaking into the iPhone of  Syed Rizwan Farook, the San Bernadino shooter who killed  14 people in December 2015.

Associated Press, Vice Media and Gannett, the parent of USA Today, sued the FBI in September with the aim of discovering who the FBI had hired and how much it had paid to break into the encrypted device recovered by police after the shooting, in which Farook and his wife were killed.

The FBI released 100 pages of heavily redacted documents that show that the FBI had signed an NDA with the vendor, and that the job hadn’t been opened to a competitive tendering process.

In short, we don’t know much more than we did before: the vendor is still a secret, we don’t know how they got in to the device and we don’t know how much it cost the FBI. We do, however, know a bit more about how the FBI chose the vendor.

Mayer to step down from Yahoo board

Marissa Mayer, Yahoo’s CEO, is to step down from the board as part of the break-up of the internet giant following its agreed sale to Verizon.

Meanwhile, the part of Yahoo that isn’t being sold to Verizon will be given a new name: “Altaba”. Verizon, however, has said that the Yahoo brand name will live on when the sale of the search engine and web portal is completed.

The agreed price for that deal is $4.83bn, but in the wake of the giant data breaches that hugely damaged confidence in the brand, there has been twitchiness about whether Verizon will indeed pay that price – or even complete the deal.

It’s generally agreed that Mayer’s tenure at Yahoo has not been a roaring success: joining from Google in 2012, she was CEO when the two data breaches happened, in 2013 and 2014. She also presided over the $1.1bn acquisition of Tumblr, the blogging platform, which contributed to the $4.4bn loss reported at the start of last year.

It’s not clear if there’s going to be a role for Meyer at Verizon once she’s stepped down from the board, but if not, she’s reportedly in line for a $55m payout. Which is not a bad payday for presiding over two of the biggest security breaches ever.

Catch up with all of today’s stories on Naked Security