Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...] The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app. Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

Read more of this story at Slashdot.

Abner Li reports via 9to5Google: Since the launch of Health Connect in 2022, Google has been winding down the Google Fit developer APIs. Earlier this week, the company fully detailed how the "Google Fit APIs have been deprecated and will be supported until June 30, 2025." Fitness and exercise apps that previously used Google Fit have until the June 2025 deadline to switch to Health Connect, with Google broadly referring to it as the "Android Health platform." Google's migration guide for developers lists what they're supposed to switch to on Android phones and Wear OS. However, there is no replacement for the Goals API that lets Google Fit users set "how many steps and heart points they want to aim for each day." Google says it will "share more details about what's next for Android Health" at I/O later this month. As of this API shutdown announcement, Google has said nothing about the Google Fit apps on Android, Wear OS, and iOS. They still work to track activity and house your full archive. [...] At this point, it's clear that Google Fit is not the future. On the Pixel Watch, Fitbit is the default, while Samsung and other Wear OS manufacturers have their own health tracking solutions. If Google were to announce a deprecation of the Fit app, having it coincide with the June 2025 developer deadline makes sense.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: Pokemon Go players are creating a headache for members of the open source map tool OpenStreetMaps by adding fake beaches where they don't exist in hopes of more easily catching Wigletts, a Pokemon that only spawns on beaches. OpenStreetMaps is a free, open source map tool much like Google or Apple maps, but is maintained by a self-governing community of volunteers where anyone is welcome to contribute. An April 27 thread in the OpenStreetMap community forum first spotted the issue, flagging two users in Italy who began marking beaches in all sorts of locations where they don't actually exist. The OpenStreetMap user who noticed the fictitious beaches immediately connected the dots: Pokemon Go, the mega popular mobile game where players catch Pokemon and can engage in different activities depending on their geolocation, introduced different "biomes" like beach, city, forest, and mountains. Each of these have a different look, and critically, some specific Pokemon will only spawn at specific biomes. Wiglett, for example, only spawns at beaches. Some video game sites quickly noticed that Pokemon Go's beaches were appearing in real world locations like golf courses, sports fields, and other places that are not real beaches. Pokemon Go uses OpenStreetMap for its map data, and is how the game knows players are near certain points of interest. The OpenStreetMap user created a filter of OpenStreetMap that surfaced instances where "new mappers" added beaches to the map, revealing a number of clearly fake submissions. [...] It's not clear how often Pokemon Go updates the game with data from OpenStreetMaps, but in theory the people who are manipulating the data would have easier access to the beach biome the next time it does. The OpenStreetMap thread goes on to identify one repeat offender who added dozens of fake beaches. Some are near bodies of water, like lakes, rivers, or docks, and others are landlocked schools, parking lots, and random strips of land. If there was any doubt that some of these changes are being made by Pokemon Go players, the same repeat offender also marked the map with his handle, as well as a poke ball.

Read more of this story at Slashdot.

Jack Dorsey is no longer on the board of Bluesky, the Twitter alternative he helped start. The announcement comes shortly after Dorsey unfollowed all but three accounts on X and referred to Elon Musk's platform as "freedom technology." The Verge reports: In two posts today, Bluesky thanked Dorsey while confirming his departure and adding that it's searching for a new board member "who shares our commitment to building a social network that puts people in control of their experience." [...] Neither Bluesky nor Dorsey himself seem to have said how or why he left the board. For now, two board members remain: CEO, Jay Graeber, and Jabber / XMPP inventor Jeremie Miller. Dorsey originally backed Bluesky in 2019 as a project to develop an open-source social media standard that he wanted Twitter to move to. He later joined its board of directors when it split from Twitter in 2022.

Read more of this story at Slashdot.

The Rabbit R1 is one of the first standalone AI companion devices to hit the market, offering the ability to translate languages, identify objects in your environment, and order DoorDash, among other things. It's been in the news last week for its all around poor reviews that cite poor battery life, painfully slow responses, and missing features (sound familiar?). Now, it's been confirmed that the Rabbit R1 is powered by an Android app that can run on existing Android phones. Android Authority reports: What ended up souring a lot of people's opinions on the product was the revelation -- in an Android Authority original report -- that the R1 is basically an Android app in a box. Many consumers who believed that the product would be better suited as a mobile app felt validated after our report, but there was one stickler in it that we needed to address: how we got the R1 launcher up and running on an Android phone. See, in our preliminary report, we mentioned that the Rabbit R1's launcher app is intended to be preinstalled in the firmware and be granted several privileged, system-level permissions. While that statement is still true, we should've clarified that the R1 launcher doesn't actually need those permissions. In fact, none of the system-level permissions that the R1 launcher requests are at all necessary for the app to perform its core functionality. To prove this, we got the Rabbit R1 launcher up and running again on a stock, unrooted Android device (a Xiaomi 13T Pro), thanks to help from a team of reverse engineers including ChromMob, EmilyLShepherd, marceld505, thel3l, and uwukko. We were able to go through the entire setup process as if our device was an actual Rabbit R1. Afterwards, we were able to talk to ChatGPT, use the Vision function to identify objects, play music from Spotify, and even record voice notes. As demonstrated in our hands-on video at the top of this article, all of the existing core functionality that the Rabbit R1 offers would work as an Android or even iOS app. The only functions that wouldn't work are unrelated to the product's core functionality and are things your phone can already do, such as powering off or rebooting the device, toggling Bluetooth, connecting to a cellular or Wi-Fi network, or setting a screen lock. During our research, Android Authority was also able to obtain a copy of the Rabbit R1's firmware. Our analysis reveals that Rabbit did not make significant modifications to the BSP (Board Support Package) provided by MediaTek. The R1, in fact, still ships with all the standard apps included in AOSP, as well as the many apps provided by MediaTek. This is despite the fact that none of these apps are needed nor ever shown to the user, obviously. Rabbit only made a few changes to the AOSP build that MediaTek provided them, such as adding the aforementioned R1 launcher app, adding a fork of the open-source "AnySoftKeyboard" app with a custom theme, adding an OTA updater app, and adding a custom boot animation. [...] Yes, it's true that all the R1 launcher does is act as a local client to the cloud services offered by Rabbit, which is what truly handles the core functionality. It's also true that there's nothing wrong or unusual with companies using AOSP for their own hardware. But the fact of the matter is that Rabbit does little to justify its use of custom hardware except by making the R1 have an eye-catching design.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: CoreWeave, the GPU infrastructure provider that began life as a cryptocurrency mining operation, this week raised $1.1 billion in new funding from investors, including Coatue, Fidelity and Altimeter Capital. The round brings its valuation to $19 billion post-money and its total raised to $5 billion in debt and equity -- a remarkable figure for a company that's less than 10 years old. It's not just CoreWeave. Lambda Labs, which also offers an array of cloud-hosted GPU instances, in early April secured a "special purpose financing vehicle" of up to $500 million, months after closing a $320 million Series C round. The nonprofit Voltage Park, backed by crypto billionaire Jed McCaleb, last October announced that it's investing $500 million in GPU-backed data centers. And Together AI, a cloud GPU host that also conducts generative AI research, in March landed $106 million in a Salesforce-led round. So why all the enthusiasm for -- and cash pouring into -- the alternative cloud space? The answer, as you might expect, is generative AI. As the generative AI boom times continue, so does the demand for the hardware to run and train generative AI models at scale. GPUs, architecturally, are the logical choice for training, fine-tuning and running models because they contain thousands of cores that can work in parallel to perform the linear algebra equations that make up generative models. But installing GPUs is expensive. So most devs and organizations turn to the cloud instead. Incumbents in the cloud computing space -- Amazon Web Services (AWS), Google Cloud and Microsoft Azure -- offer no shortage of GPU and specialty hardware instances optimized for generative AI workloads. But for at least some models and projects, alternative clouds can end up being cheaper -- and delivering better availability. On CoreWeave, renting an Nvidia A100 40GB -- one popular choice for model training and inferencing -- costs $2.39 per hour, which works out to $1,200 per month. On Azure, the same GPU costs $3.40 per hour, or $2,482 per month; on Google Cloud, it's $3.67 per hour, or $2,682 per month. Given generative AI workloads are usually performed on clusters of GPUs, the cost deltas quickly grow. "Companies like CoreWeave participate in a market we call specialty 'GPU as a service' cloud providers," Sid Nag, VP of cloud services and technologies at Gartner, told TechCrunch. "Given the high demand for GPUs, they offers an alternate to the hyperscalers, where they've taken Nvidia GPUs and provided another route to market and access to those GPUs." Nag points out that even some Big Tech firms have begun to lean on alternative cloud providers as they run up against compute capacity challenges. Microsoft signed a multi-billion-dollar deal with CoreWeave last June to help provide enough power to train OpenAI's generative AI models. "Nvidia, the furnisher of the bulk of CoreWeave's chips, sees this as a desirable trend, perhaps for leverage reasons; it's said to have given some alternative cloud providers preferential access to its GPUs," reports TechCrunch.

Read more of this story at Slashdot.

OpenAI and the developer platform Stack Overflow have announced a partnership that could potentially improve the performance of AI models and bring more technical information into ChatGPT. From a report: OpenAI will have access to Stack Overflow's API and will receive feedback from the developer community to improve the performance of AI models. OpenAI, in turn, will give Stack Overflow attribution -- aka link to its contents -- in ChatGPT. Users of the chatbot will see more information from Stack Overflow's knowledge archive if they ask ChatGPT coding or technical questions. The companies write in the press release that this will "foster deeper engagement with content." Stack Overflow will use OpenAI's large language models to expand its Overflow AI, the generative AI application it announced last year. Further reading: Stack Overflow Cuts 28% Workforce as the AI Coding Boom Continues (October 2023).

Read more of this story at Slashdot.

An anonymous reader shares an essay: Software designers refer to "the good enough principle." It means, simply put, that sometimes you should prioritise functionality over perfection. As a relentless imperfectionist, I'm inclined to embrace this idea. I gave this newsletter its name to encourage myself to post rough versions of my pieces rather than not to write them at all. When it comes to parenting, I'm a Winnicottian: I believe you shouldn't try to be the perfect mum or dad because there's no such thing. At work and in life, it's often true that the optimal strategy is not to strive for the optimal result, but to aim for what works and hope for the best. The good enough can be a staging post to the perfect. The iPhone's camera was a "good enough" substitute for a compact camera. It did the job, but it wasn't as good as a Kodak or a Fuji. Until it was. Technological innovation often works like this, but the improvement curve isn't always as steep as with the smartphone camera. Sometimes we allow ourselves to get stuck with a product which is good enough to displace the competition, without fulfilling the same range of needs. The psychological and social ramifications can be profound. Let's say you're a student and you use ChatGPT to write your essays for you. Give it the right prompts and it will produce pieces that are good enough to get the grade you need. That seems like a win: it saves you time and effort, presuming your tutors don't notice or don't care. Maybe you get through the whole of university this way. But be wary of this equilibrium. Over the longer term, you will be stunting the growth of your own mind. The struggle of turning inchoate thought into readable sentences and paragraphs is a powerful exercise for the brain. It's how you get better at thinking. It is thinking.

Read more of this story at Slashdot.

Shell sold millions of carbon credits tied to CO2 removal that never took place [non-paywalled link] to Canada's largest oil sands companies, raising new doubts about a technology seen as crucial to mitigating greenhouse gas emissions. FT: As part of a subsidy scheme to boost the industry, the Alberta provincial government allowed Shell to register and sell carbon credits equivalent to twice the volume of emissions avoided by its Quest carbon capture facility between 2015 and 2021, the province's registry shows. The subsidy was reduced and then ended in 2022. As a result of the scheme, Shell was able to register 5.7mn credits that had no equivalent CO2 reductions, selling these to top oil sands producers and some of its own subsidiaries. Credits are typically equivalent to one tonne of CO2. Some of the largest buyers of the credits were Chevron, Canadian Natural Resources, ConocoPhillips, Imperial Oil and Suncor Energy. Keith Stewart, a senior energy strategist with Greenpeace Canada, criticised these "phantom credits." Stewart added: "Selling emissions credits for reductions that never happened ... literally makes climate change worse." Shell said carbon capture played "an important role in helping to decarbonise industry and sectors where emissions cannot be avoided" and that realising its potential "requires creating market incentives now." Alberta's environment ministry said the crediting support scheme had not resulted in "additional emissions" by industrial polluters.

Read more of this story at Slashdot.

A council has provoked the wrath of residents and linguists alike after announcing it would ban apostrophes on street signs to avoid problems with computer systems. From a report: North Yorkshire council is ditching the punctuation point after careful consideration, saying it can affect geographical databases. The council said all new street signs would be produced without one, regardless of whether they were used in the past. Some residents expressed reservations about removing the apostrophes, and said it risked "everything going downhill." They urged the authority to retain them. Sam, a postal worker in Harrogate, a spa town in North Yorkshire, told the BBC that signs missing an apostrophe -- such as the nearby St Mary's Walk sign that had been erected in the town without it -- infuriated her. "I walk past the sign every day and it riles my blood to see inappropriate grammar or punctuation," she said. Though the updated St Mary's sign had no apostrophe, someone had graffitied an apostrophe back on to the sign with a marker pen, which the former teacher said was "brilliant." She suggested the council was providing a bad example to children who spend a long time learning the basics of grammar only to see it not being used correctly on street signs. Dr Ellie Rye, a lecturer in English language and linguistics at the University of York, said apostrophes were a relatively new invention in our writing and, often, context allows people to understand their meaning. "If I say I live on St Mary's Walk, we're expecting a street name or an address of some kind." She said the change would matter to people who spend a long time teaching how we write English but that it was "less important in [verbal] communication."

Read more of this story at Slashdot.

Google is streamlining the process of setting up two-factor authentication (2FA). From a report: Instead of entering your phone number first to enable 2FA, you can now add a "second step method" to your account such as an authenticator app or a hardware security key to get things set up. This should make it safer to turn on 2FA, as it lets you avoid using less secure SMS verification. You can choose to enter a time-based one-time passcode through apps like Google Authenticator, or you can follow the steps to link a hardware security key.

Read more of this story at Slashdot.

A new breed of audiobook is taking over digital bookshelves -- ones narrated not by professional voice actors, but by artificial intelligence voices. It's an AI audiobook revolution that has been turbo-charged by Amazon. From a report: Since announcing a beta tool last year allowing self-published authors to generate AI "virtual voice" narrations for their ebooks, over 40,000 AI-narrated titles have flooded onto Audible, Amazon's audiobook platform. The eye-popping stat, revealed in a recent Bloomberg report, has many authors celebrating but is also raising red flags for human narrators. For indie writers wanting to crack the lucrative audiobook market without paying hefty professional voiceover fees, Amazon's free virtual narration tool is a game-changer. One blogger cited in the report claimed converting an ebook to audio using the AI narration took just 52 minutes, bypassing the expensive studio recording route. Others have mixed reactions. Last month, an author named George Steffanos launched an audiobook version of his existing book, posting that while he prefers human-generated works to those generated by AI, "the modest sales of my work were never going to support paying anyone for all those hours of narration."

Read more of this story at Slashdot.

Poor countries must demonstrate clearer accounting and transparency to back up their calls for trillions of dollars of climate finance, the president of global climate negotiations has said. From a report: Mukhtar Babayev, the ecology minister of Azerbaijan, who will lead the Cop29 UN climate summit in November, urged governments in developing countries to draw up reports showing their progress on cutting greenhouse gas emissions, and their spending on the climate crisis. "It's very important to build this correct, good and honest trust between the parties," he said in an interview in Baku, the capital of Azerbaijan. "It's a very, very important step, the creation of a transparency mechanism between the countries." At Cop29 in Baku, countries will be expected to come up with a new global goal on supplying climate finance to poorer countries, to help them cut their greenhouse gas emissions and adapt to the impacts of extreme weather. Some governments from the global south are calling for the sums to reach more than $1tn a year. These pledges are expected to be subject to bitter wrangling at Cop29, as rich countries are unlikely to agree to provide anything like such sums from their taxpayers but the role of other sources of finance -- such as the private sector -- is still in question.

Read more of this story at Slashdot.

An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang, which they had seized earlier this year, teasing new revelations about the group. From a report: On Sunday, what was once LockBit's official darknet site reappeared online with new posts that suggest the authorities are planning to release new information about the hackers in the next 24 hours, as of this writing. The posts have titles such as "Who is LockBitSupp?," "What have we learnt," "More LB hackers exposed," and "What have we been doing?" In February, a law enforcement coalition that included the U.K.'s National Crime Agency, the U.S. Federal Bureau of Investigation, as well as forces from Germany, Finland, France, Japan and others announced that they had infiltrated LockBit's official site. The coalition seized the site and replaced information on it with their own press release and other information in a clear attempt to troll and warn the hackers that the authorities were on to them.

Read more of this story at Slashdot.

PlayStation has reversed course on the Helldivers 2 PSN account requirement, walking back the unpopular policy after a weekend long backlash that included tens of thousands of negative reviews, some of which spread to Sony's other Steam games. From a report: "Helldivers fans -- we've heard your feedback on the Helldivers 2 account linking update. The May 6 update, which would have required Steam and PlayStation Network account linking for new players and for current players beginning May 30, will not be moving forward," PlayStation wrote on its official account. "We're still learning what is best for PC players and your feedback has been invaluable. Thanks again for your continued support of Helldivers 2 and we'll keep you updated on future plans." PlayStation's decision means that Helldivers 2 players on Steam won't have to link a PSN account in order to play. The unpopular policy, which would have seen new players confronted with a mandatory login beginning this week, resulted in Helldivers 2 being delisted in around 177 countries.

Read more of this story at Slashdot.

For the first time since it invested more than $10 billion into OpenAI in exchange for the rights to reuse the startup's AI models, Microsoft is training a new, in-house AI model large enough to compete with state-of-the-art models from Google, Anthropic and OpenAI itself. The Information: The new model, internally referred to as MAI-1, is being overseen by Mustafa Suleyman, the ex-Google AI leader who most recently served as CEO of the AI startup Inflection before Microsoft hired the majority of the startup's staff and paid $650 million for the rights to its intellectual property in March. But this is a Microsoft model, not one carried over from Inflection, although it may build on training data and other tech from the startup. It is separate from the Pi models that Inflection previously released, according to two Microsoft employees with knowledge of the effort. MAI-1 will be far larger than any of the smaller, open source models that Microsoft has previously trained, meaning it will require more computing power and training data and will therefore be more expensive, according to the people. MAI-1 will have roughly 500 billion parameters, or settings that can be adjusted to determine what models learn during training. By comparison, OpenAI's GPT-4 has more than 1 trillion parameters, while smaller open source models released by firms like Meta Platforms and Mistral have 70 billion parameters. That means Microsoft is now pursuing a dual trajectory of sorts in AI, aiming to develop both "small language models" that are inexpensive to build into apps and that could run on mobile devices, alongside larger, state-of-the-art AI models.

Read more of this story at Slashdot.

More than 90% of stablecoin transaction volumes aren't coming from genuine users, according to a new metric co-developed by Visa, suggesting such crypto tokens may be far away from becoming a commonly used means of payment. Bloomberg: The dashboard from Visa and Allium Labs is designed to strip out transactions initiated by bots and large-scale traders to isolate those made by real people. Out of about $2.2 trillion in total transactions in April, just $149 billion originated from "organic payments activity," according to Visa. Visa's finding challenges stablecoin proponents' argument that the tokens, pegged to an asset like the dollar, are poised to revolutionize the $150 trillion payments industry. PayPal and Stripe are among the fintech giants making inroads into stablecoins, with Stripe co-founder John Collison in April citing "technical improvements" for being bullish on the tokens. [...] Visa itself, which handled more than $12 trillion worth of transactions last year, is among companies that could stand to lose out should stablecoins become a generally accepted means of payment.

Read more of this story at Slashdot.

Wednesday Rest of World noticed an overlooked tech story in Argentina: Olga de León looked confused as she walked out of a nightclub on the edge of Buenos Aires on a recent Tuesday afternoon. She had just had her iris scanned. "No one told me what they'll do with my eye," de León, 57, told Rest of World. "But I did this out of need." De León, who lives off the $95 pension she receives from the state, had been desperate for money. Persuaded by her nephew, she agreed to have one of her irises scanned by Worldcoin, Sam Altman's blockchain project. In exchange, she received nearly $50 worth of WLD, the company's cryptocurrency. De León is one of about half a million Argentines who have handed their biometric data over to Worldcoin. Beaten down by the country's 288% inflation rate and growing unemployment, they have flocked to Worldcoin Orb verification hubs, eager to get the sign-up crypto bonus offered by the company. A network of intermediaries — who earn a commission from every iris scan — has lured many into signing up for the practice in Argentina, where data privacy laws remain weak. But as the popularity of Worldcoin skyrockets in the country, experts have sounded the alarm about the dangers of giving away biometric data. Two provinces are now pushing for legal investigations. "Seeing that [iris scans have] been banned in European countries, shouldn't we be trying to stop it, too?" Javier Smaldone, a software consultant and digital security expert, told Rest of World. Last month Worldcoin's web site announced that more than 10 million people in 160 countries had created a World ID and compatible wallet (performing 75 million transactions) — and that 5,195,475 people had also verified their World ID using Worldcoin's iris-scanning Orb. But the article notes a big drop in the number of countries even allowing Worldcoin's iris-scanning — from 25 to just eight. While in less than a year Worldcoin opened nearly 60 centers across Argentina...

Read more of this story at Slashdot.

An anonymous reader shared this report from Mint: Elon Musk-owned social media platform X (formerly Twitter) has launched a new Grok AI-powered feature called 'Stories', which allows users to read summaries of a trending post on the social media platform. The feature is currently only available to X Premium subscribers on the iOS and web versions, and hasn't found its way to the Android application just yet... instead of reading the whole post, they'll have Grok AI summarise it to get the gist of those big news stories. However, since Grok, like other AI chatbots on the market, is prone to hallucination (making things up), X provides a warning at the end of these stories that says: "Grok can make mistakes, verify its outputs." "Access to xAI's chatbot Grok is meant to be a selling point to push users to buy premium subscriptions," reports TechCrunch: A snarky and "rebellious" AI, Grok's differentiator from other AI chatbots like ChatGPT is its exclusive and real-time access to X data. A post published to X on Friday by tech journalist Alex Kantrowitz lays out Elon Musk's further plan for AI-powered news on X, based on an email conversation with the X owner. Kantrowitz says that conversations on X will make up the core of Grok's summaries. Grok won't look at the article text, in other words, even if that's what people are discussing on the platform. The article notes that some AI companies have been striking expensive licensing deals with news publishers. But in X's case, "it's able to get at the news by way of the conversation around it — and without having to partner to access the news content itself."

Read more of this story at Slashdot.