We’re still feeling the ripple effect from the Ashley Madison hack this week. Not only is its parent company, Avid Life Media, offering a $500K CDN reward for info on the hackers, and not only are the lawsuits rolling in, but on Friday CEO Noel Bidermen stepped down. The world’s biggest online drug marketplace Agora is on hiatus following suspicious activity that its moderators think was intended to deanonymize the site. The UN’s newly appointed privacy chief described the UK’s digital surveillance as worse than 1984. Meanwhile, a U.S. appellate court ruled that the Federal Trade Commission can regulate and fine companies for getting hacked, so long as they engaged in unfair or deceptive business practices, such as publishing a privacy policy and failing to make good on it.

But there’s more. Each week we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted, and stay safe out there!

Militarized Drones Are Now Legal In North Dakota

Police in North Dakota can now legally fly militarized drones armed with tasers, tear gas, rubber bullets, pepper spray, or sound cannons, thanks to the passage of House Bill 1328. The bill was originally meant to require police officers to obtain a search warrant in order to use the drones for criminal evidence, and would have banned the use of all weapons on drones (not just the lethal ones), but then a lobbyist made some changes. A compliance committee is supposed to track and review police use of drones and keep it in check, but the group has no legal authority—and its members aren’t exactly unbiased. “Of the committee’s 18 members, six are from UND, which has a vested interest in promoting drone use. Three are members of local government, including the city planner and an assistant state’s attorney. And the rest are either current or former members of law enforcement and emergency services,” the Daily Beast’s Justin Glawe writes.

Was China Behind The DDoS Attack on GitHub?

Just months after recovering from a prolonged distributed denial of service (DDoS) attack linked to the Great Firewall of China, GitHub was hit with another DDoS attack this past Tuesday. Although the code repository hasn’t shared any details, some observers think China may shoulder the blame this time, too. That’s because Shadowsocks, a tool that Chinese hackers created to circumvent China’s censorship, apparently shut down and removed its code due to government pressure—and a similar circumvention tool, GoAgent, mysteriously removed its code from GitHub as well. It’s possible that China is targeting GitHub since Shadowsocks’ code repositories have been forked.

Oakland Cops Impose A Six-Month Retention Policy on License Plate Data Because of a Full Hard Drive

The Oakland Police Department began imposing a 6-month data retention limit on its license plate reader use, following a feature published by Ars Technica in late March. However, police claim this decision has nothing to do with the article, but was actually because their 80GB drive was full and their computer kept crashing—oh, and they didn’t have the budget to buy an additional server. (Color me skeptical.) They also noticed that investigators don’t look for data beyond six months—just like privacy advocates have been saying all along.

Busted: Researcher Catches AT&T Injecting Ads On HTTP Traffic Through Free Airport Wi-Fi Hotspot

When computer scientist Jonathan Mayer logged into an AT&T Wi-Fi hotspot at Washington Dulles International Airport last week, he noticed ads for a jewelry store—and for AT&T itself—while visiting Stanford University’s website. He saw extra ads on federal government sites and other news sites as well. Poking around a bit, he found that AT&T’s Wi-Fi hotspot was injecting ads into HTTP traffic. In addition to the annoyance of additional ads, the ads introduce security and breakage risks. AT&T stated the ad injection program was just a trial being tested in two airports for a limited time, and that the trial has ended… but probably best to start using HTTPS Everywhere, just in case.

Baltimore Police Secretly Tracked Cellphones to Solve Routine Crimes

Baltimore police have been secretly using stingrays to track suspects of routine crimes, according to a police surveillance log obtained by USA Today which it matched with court files. The phone trackers, which pose as cell towers, can intercept data from hundreds of phones simultaneously. But in many cases, police hid the fact that they were using them from suspects, their lawyers, and even prosecutors and judges. It’s actually against the law to hide the use of electronic surveillance from defense attorneys in the state of Maryland. Public defenders point out—rightfully—that keeping this information secret “robbed them of opportunities to argue in court that the surveillance is illegal.”

India Shuts Off Mobile Internet For 63 Million People

In the aftermath of a protest in Gujarat where police officers and community members clashed, the government has turned off mobile internet services and messenger apps like WhatsApp throughout state. A police officer cited “concerns of rumour-mongering and crowd mobilization through WhatsApp.”To stop this so-called “rumour-mongering, India has effectively cut off access to everything from some medical services to news reports.