Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising." The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant. Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure." But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives. Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..." Thanks to long-time Slashdot reader sinij for sharing the news.

Read more of this story at Slashdot.

Unanimous AI's founder Louis Rosenberg predicts a "wave" of new superhuman abilities is coming soon that we experience profoundly "as self-embodied skills that we carry around with us throughout our lives"... "[B]y 2030, a majority of us will live our lives with context-aware AI agents bringing digital superpowers into our daily experiences." They will be unleashed by context-aware AI agents that are loaded into body-worn devices that see what we see, hear what we hear, experience what we experience, and provide us with enhanced abilities to perceive and interpret our world... The majority of these superpowers will be delivered through AI-powered glasses with cameras and microphones that act as their eyes and ears, but there will be other form factors for people who just don't like eyewear... [For example, earbuds with built in cameras] We will whisper to these intelligent devices, and they will whisper back, giving us recommendations, guidance, spatial reminders, directional cues, haptic nudges, and other verbal and perceptual content that will coach us through our days like an omniscient alter ego... When you spot that store across the street, you simply whisper to yourself, "I wonder when it opens?" and a voice will instantly ring back into your ears, "10:30 a.m...." By 2030, we will not need to whisper to the AI agents traveling with us through our lives. Instead, you will be able to simply mouth the words, and the AI will know what you are saying by reading your lips and detecting activation signals from your muscles. I am confident that "mouthing" will be deployed because it's more private, more resilient to noisy spaces, and most importantly, it will feel more personal, internal, and self-embodied. By 2035, you may not even need to mouth the words. That's because the AI will learn to interpret the signals in our muscles with such subtlety and precision — we will simply need to think about mouthing the words to convey our intent... When you grab a box of cereal in a store and are curious about the carbs, or wonder whether it's cheaper at Walmart, the answers will just ring in your ears or appear visually. It will even give you superhuman abilities to assess the emotions on other people's faces, predict their moods, goals, or intentions, coaching you during real-time conversations to make you more compelling, appealing, or persuasive... I don't make these claims lightly. I have been focused on technologies that augment our reality and expand human abilities for over 30 years and I can say without question that the mobile computing market is about to run in this direction in a very big way. Instead of Augmented Reality, how about Augmented Mentality? The article notes Meta has already added context-aware AI to its Ray-Ban glasses and suggests that within five years Meta might try "selling us superpowers we can't resist". And Google's new AI-powered operating system Android XR hopes to augment our world with seamless context-aware content. But think about where this is going. "[E]ach of us could find ourselves in a new reality where technologies controlled by third parties can selectively alter what we see and hear, while AI-powered voices whisper in our ears with targeted advice and guidance." And yet " by 2030 the superpowers that these devices give us won't feel optional. After all, not having them could put us at a social and cognitive disadvantage." Thanks to Slashdot reader ZipNada for sharing the news.

Read more of this story at Slashdot.

"JPMorgan Chase shut down comments on an internal webpage announcing the bank's return-to-office policy," reports the Wall Street Journal, "after dozens of them criticized the move and at least one suggested that affected employees should unionize, according to people familiar with the matter." The bank's senior executives announced in an internal memo Friday that JPMorgan Chase would require all of its roughly 300,000 employees to work full time from the office starting in March, with only a limited number of exceptions. More than half of the bank's full-time workers, including senior managers and those with client-facing roles such as branch workers, have already been working full time from offices. The move primarily impacts back-office roles such as call-center workers who had still been able to work remotely two days a week... Many employees shared concerns such as increased commuting costs, child-care challenges and the impact on work-life balance. One person suggested that they should consider unionizing to fight for a hybrid-work schedule, the people familiar with the matter said. Soon after, the bank disabled comments on the article... The bank's executives said when announcing the move that affected employees would receive a 30-day notice before they are expected to return to the office full time. They also said there will be a limited number of teams that can work remotely or on a hybrid basis if their "work can be easily and clearly measured." The bank's executives said yesterday a limited number of teams can still work remotely (full or part-time) — but only if their work "can be easily and clearly measured," according to the article. But they also announced how they'd implement the new policy. Affected employees will receive a 30-day notice before being expected to return to the office full time. Thanks to long-time Slashdot reader AsylumWraith for sharing the news.

Read more of this story at Slashdot.

"Nuclear you can trust," reads the web page promoting "The Egg, an at home nuclear reactor." Yes, Enron.com is now announcing "a micro-nuclear reactor made to power your home." (A quick reminder from CNN in December. "A company that makes T-shirts bought the Enron trademark and appears to be trying to sell some merch on behalf of the guy behind the satirical conspiracy theory "Birds Aren't Real....") Does that explain how we got a product reveal for "the world's first micro-nuclear reactor for residential suburban use"? (Made possible "by the Enron mining division, which has been sourcing the proprietary Enronium ore...") Enron's new 28-year-old CEO Connor Gaydos insists they're "making the world a better place, one egg at a time." The Houston Chronicle delves into the details: Supposedly a micro-nuclear reactor capable of powering a home for up to 10 years, the Enron Egg would be a significant leap forward for both energy technology and humanity's understanding of nuclear physics — if, of course, such a thing were actually feasible. "With our current understanding of physics, this will never be possible," said Derek Haas, an associate professor and nuclear and radiation engineering researcher at the University of Texas at Austin. "We can make a nuclear reactor go critical at about the size of the egg that I saw on the pictures. But we can't capture that energy and turn it into useful electric heat, and shield the radiation that comes off of the reactor." [Haas adds later that nuclear reactors require federal licenses to operate, which take two to nine years to procure and "typically require several hundred pages of documentation to be allowed to build it, and then another thousand pages of safety documents to be allowed to turn it on."] The outlandish claims Enron has made in the weeks since its brand revival have left many to speculate that the move is part of some large-scale joke similar to Birds Aren't Real — a gag conspiracy movement that Connor Gaydos, Enron's 28-year-old CEO, published a book on alongside co-author and movement founder Peter McIndoe. In an exclusive interview with the Houston Chronicle, Gaydos asked that people look past the limitations — be they in the form of regulations or physics — and embrace the impossible.... Several since-deleted blurbs — both on the company's website and on social media — have alluded to Enron potentially expanding into the world of cryptocurrency. Gaydos said he hasn't ruled it out, but the company currently does not have any plans in the works to debut an Enron-themed coin. "I think in a lot of ways, everything feels like a crypto scam now, but thankfully, we are a completely real company," Gaydos said. When announcing the Egg, Gaydos stressed Enron was now revolutionizing not just the power industry, but also two others — the freedom industry, and the independence industry. And Gaydos reminded his audience that their home micro-nuclear was "safe for the whole family." "Preorder now," adds the Egg's web page at Enron.com. "Sign up for our email newsletter and be the first to know when we launch..."

Read more of this story at Slashdot.

Richard Stallman founded the Free Software Foundation as a nonprofit in 1985 with four other directors (including MIT computer science professor Gerald Jay Sussman). Sussman remains on the Board of directors, along with EFF co-founder John Gilmore and five others. Friday the eight directors published a new article explaining how their goal and principles are protected by the nonprofit's governance structure: An obvious option, used by many organizations, was to let supporters sign up as members and have the members' votes control everything about the organization. We rejected that approach because it would have made the organization vulnerable to being taken over by people who disagreed with its mission... [A]ctivist organizations should be steady in their mission. Already in 1985, we could see that many of the people who appreciated the GNU Project's work (developing useful GNU software packages) did not support our goal and values. To look at software issues in terms of freedom was radical and many were reluctant to consider it... So we chose a structure whereby the FSF's governing body would appoint new people to itself... [T]he FSF voting members consist of all the present board members and some past board members. We have found that having some former board members remain as voting members helps stabilize the base of FSF governance. The divergence between our values and those of most users was expressed differently after 1998, when the term "open source" was coined. It referred to a class of programs which were free/libre or pretty close, but it stood for the same old values of convenience and success, not the goal of freedom for the users of those programs. For them, "scratching your own itch" replaced liberating the community around us. People could become supporters of "open source" without any change in their ideas of right and wrong... It would have been almost inevitable for supporters of "open source" to join the FSF, then vote to convert it into an "open source" organization, if its structure allowed such a course. Fortunately, we had made sure it did not. So we were able to continue spreading the idea that software freedom is a freedom that everyone needs and everyone is entitled to, just like freedom of speech. In recent years, several influential "open source" organizations have come to be dominated by large companies. Large companies are accustomed to seeking indirect political power, and astroturf campaigns are one of their usual methods. It would be easy for companies to pay thousands of people to join the FSF if by doing so they could alter its goals and values. Once again, our defensive structure has protected us... A recent source of disagreement with the free software movement's philosophy comes from those who would like to make software licenses forbid the use of programs for various practices they consider harmful. Such license restrictions would not achieve the goal of ending those practices and each restriction would split the free software community. Use restrictions are inimical to the free software community; whatever we think of the practices they try to forbid, we must oppose making software licenses restrict them. Software developers should not have the power to control what jobs people do with their computers by attaching license restrictions. And when some acts that can be done by using computing call for systematic prohibition, we must not allow companies that offer software or online services to decide which ones. Such restrictions, when they are necessary, must be laws, adopted democratically by legislatures... What new political disagreements will exist in the free software community ten, twenty or thirty years from now? People may try to disconnect the FSF from its values for reasons we have not anticipated, but we can be confident that our structure will give us a base for standing firm. We recently asked our associate members to help us evaluate the current members of the FSF board of directors through a process that will help us preserve the basic structure that protects the FSF from pressure to change its values. A year ago we used this process to select new board members, and it worked very well. Sincerely, The Free Software Foundation Board of Directors

Read more of this story at Slashdot.

WordPress co-creator (and Automattic CEO) Matt Mullenweg "has deactivated the accounts of several WordPress.org community members," reports TechCrunch, "some of whom have been spearheading a push to create a new fork of the open source WordPress project." Joost de Valk — creator of WordPress-focused SEO tool Yoast (and former marketing and communications' lead for the WordPress Foundation) — last month published his "vision for a new WordPress era," alluding to a potential fork in the form of "federated and independent repositories." Karim Marucchi, CEO of enterprise web consulting firm Crowd Favorite, echoed these thoughts in a separate blog post. WP Engine indicated it was on standby to lend a corporate hand. Mullenweg, for his part, has publicly supported the notion of a new WordPress fork. But when Automattic slashed its contributions to Wordpress.org, things heated up: This spurred de Valk to take to X.com on Friday to indicate that he was willing to lead on the next release of WordPress, with Marucchi adding that his "team stands ready." Collectively, de Valk and Marucchi contribute around 10 hours per week to various aspects of the WordPress open source project. However, in a sarcasm-laden blog post published this morning, Mullenweg said that to give their independent effort the "push it needs to get off the ground," he was deactivating their WordPress.org accounts. "I strongly encourage anyone who wants to try different leadership models or align with WP Engine to join up with their new effort," Mullenweg wrote. At the same time, Mullenweg also revealed he was deactivating the accounts of three other people, with little explanation given: Sé Reed, Heather Burns, and Morten Rand-Hendriksen. Reed, it's worth noting, is president and CEO of a newly established non-profit called the WP Community Collective, which is setting out to serve as a "neutral home for collaboration, contribution, and resources" around WordPress and the broader open source ecosystem. Burns, a former contributor to the WordPress project, took to X this morning to express surprise at her deactivation, noting that she hadn't been involved in the project since 2020... It's worth noting that deactivating a WordPress.org account prevents affected users from contributing through that channel, be it to the core project or any other plugins or themes they may be involved with. Rand-Hendriksen posted on BlueSky: So why is he targeting Heather and me? Because we started talking about the need for proper governance, accountability, conflict of interest policies, and other things back in 2017. We both left the project in 2019, and apparently he still holds a grudge. And while Mullenweg headlined his blog post "Joost/Karim Fork," Rand-Hendriksen wrote on BlueSky "there is no fork in the works as far as I know. He made that up, as he has done before. Heather and I have no involvement with any of this so I don't know why he grouped the five of us together like this. It smells like attempted harassment." Later Rand-Hendriksen claimed "this is not the first time he's accused critics of forking WordPress" and that he's "convinced any fork will fail... I think he thinks saying someone is forking WordPress is an epic burn that discredits them in the eyes of the community."

Read more of this story at Slashdot.

Friday America's consumer watchdog agency "proposed a rule to give virtual video game currencies protections similar to those of real-world bank accounts..." reports the Washington Post, "so players can receive refunds or compensation for unauthorized transactions, similar to how banks are required to respond to claims of fraudulent activity." The Consumer Financial Protection Bureau is seeking public input on a rule interpretation to clarify which rights are protected and available to video game consumers under the Electronic Fund Transfer Act. It would hold video game companies subject to violations of federal consumer financial law if they fail to address financial issues reported by customers. The public comment period lasts from Friday through March 31. In particular, the independent federal agency wants to hear from gamers about the types of transactions they make, any issues with in-game currencies, and stories about how companies helped or denied help. The effort is in response to complaints to the bureau and the Federal Trade Commission about unauthorized transactions, scams, hacking attempts and account theft, outlined in an April bureau report that covered banking in video games and virtual worlds. The complaints said consumers "received limited recourse from gaming companies." Companies may ban or lock accounts or shut down a service, according to the report, but they don't generally guarantee refunds to people who lost property... The April report says the bureau and FTC received numerous complaints from players who contacted their banks regarding unauthorized charges on Roblox. "These complaints note that while they received refunds through their financial institutions, Roblox then terminated or locked their account," the report says.

Read more of this story at Slashdot.

As the ecological disaster continues, CNN reports the Palisades Fire near Malibu, California has burned at least 22,660 acres, left 100,000 peope under evacuation orders, left at least 11 people dead and "destroyed thousands of homes and other structures." From the last reports it was only 11% contained, and "flames are now spreading east in the Mandeville Canyon area, approaching Interstate 405, one of LA's busiest freeways." But the Atlantic's assistant editor wrote Friday that "I have received 11 alerts. As far as I can tell, they were all sent in error." My home is not in a mandatory evacuation zone or even a warning zone. It is, or is supposed to be, safe. Yet my family's phones keep blaring with evacuation notices, as they move in and out of service.... Earlier today, Kevin McGowan, the director of Los Angeles County's emergency-management office, acknowledged at a press conference that officials knew alerts like these had gone out, acknowledged some of them were wrong, and still had no idea why, or how to keep it from happening again. The office did not immediately respond to a request for comment, but shortly after this article was published, the office released a statement offering a preliminary assessment that the false alerts were sent "due to issues with telecommunications systems, likely due to the fires' impacts on cellular towers" and announcing that the county's emergency notifications would switch to being managed through California's state alert system... The fifth, sixth, and seventh evacuation warnings came through at around 6 a.m. — on my phone. At the same time a Los Angeles-area couple "spent two hours watching a live stream of flames closing in on their home," reports the Washington Post, and at one point "saw firefighters come through the house and extinguish flames in the backyard." At around 4:30 p.m. Eastern time on Tuesday, the camera feeds gave out and the updates from their security system stopped. About four hours later, [Zibby] Owens's husband got an alert on his cellphone that the indoor sprinkler system had gone off and the fire alarm had been activated. They do not know the current status of their home, Owens said on Tuesday. Real estate agent Shana Tavangarian Soboroff said in a phone interview Thursday that one set of clients had followed their Pacific Palisades home's ordeal this week in a foreboding play-by-play of text alerts from an ADT security system. The system first detected smoke, then motion, next that doors had been opened, and finally fire alerts before the system lost communication. Their home's destruction was later confirmed when someone returned to the neighborhood and recorded video, Tavangarian Soboroff said. Soboroff also lost her home in the fire, the article adds. Burned to the ground are "the places where people raised their kids," Zibby Owens wrote in this update posted Friday. But "even if my one home, or 'structure' as newscasters call it, happens to be mostly OK, I've still lost something I loved more than anything. We've all lost it... [M]y heart and soul are aching across the country as I sit alone in my office and try to make sense of the devastation." [I]t isn't about our house. It's about our life. Our feelings. Our community. Our memories. Our beloved stores, restaurants, streets, sidewalks, neighbors. It's about the homes where we sat at friends' kitchen tables and played Uno, celebrated their birthdays, and truly connected. It's all gone... [E]very single person I know and so many I don't who live in the Palisades have lost everything. Not just one or two friends. Everyone. And then I saw video footage of our beloved village. The yogurt shop and Beach Street? Gone. Paliskates, our kids' favorite store? Gone. Burned to the ground. Gelson's grocery store, where we just recently picked up the New York Post and groceries for the break? Gone... The. Whole. Town. How? How is it possible? How could everyone have lost everything? Schools, homes, power, cell service, cars, everything. All their belongings... All the schools, gone. It's unthinkable.... I've worked in the local library and watched the July 4 parade from streets that are now smoldering embers... It is an unspeakable loss. "Everyone I know in the Palisades has lost all of their possessions," the author writes, publishing what appear to be text messages from friends. "It's gone." "We lost everything." "Nothing left." "We lost it."

Read more of this story at Slashdot.

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..." Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony. "While the ceremony criticized these products, YouTube was displaying ads for them..." Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.) One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post. The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year." TP-Link won the award for the worst in security.

Read more of this story at Slashdot.

An anonymous reader shared this report from CNN: New intelligence has led two US intelligence agencies to conclude that it's possible a small number of mysterious health ailments colloquially termed as Havana Syndrome impacting spies, soldiers and diplomats around the world may have been caused by a "novel weapon" wielded by a foreign actor, according to intelligence officials and a new unclassified summary report released on Friday. However, the two agencies are in the minority and the broader intelligence community assessment remains that it is very unlikely that the symptoms were caused by a foreign actor, according to the unclassified report summary issued Friday — even as an official with the Office of the Director of National Intelligence [ODNI] emphasized that analysts cannot "rule out" the possibility in some small number of cases. The subtle, technocratic shift in the assessment over the cause of Havana Syndrome has reignited a bitter debate that has split US officials, Capitol Hill and victims over the likelihood that the bizarre injuries were caused by a weapon or a host of disparate, natural causes. Sometime in the last two years, the US received new intelligence that indicated a foreign nation's directed energy research programs had been "making progress," according to the official. That led one unnamed intelligence agency to assess that there was a "roughly even chance" that a foreign country has used some kind of novel weapon against a small group of victims, causing the symptoms that the government officially calls "anomalous health incidents" — headaches, vertigo and even, in some cases, signs of traumatic brain injury. A second intelligence agency assessed a "roughly even" chance that a foreign actor possessed such a weapon but is unlikely to have deployed it against US personnel... But both judgments were made with low confidence, according to the ODNI official. And critically, possessing a capability is not the same as proof that it has been used. The article notes that U.S. intelligence and administration officials "do not doubt that the injuries are real and deserving of government compensation." But one official in the Office of the Director of National Intelligence told CNN "The intelligence does not link a foreign actor to these events. Indeed, it points away from their involvement." And they added that all U.S. Intelligence Community components "agree that years of Intelligence Community collection, targeting and analytic efforts have not surfaced compelling intelligence reporting that ties a foreign actor to any specific event reported" as a possible anomalous health incident. CNN adds that "the official said some evidence directly contradicts the notion that a foreign government was involved." The White House emphasized that research to determine the causes of the incidents is ongoing... On Friday, officials emphasized that the intelligence community is now supporting lab work on whether radio frequencies can cause "bioeffects" in line with what victims have reported. The latest findings from limited studies have shown mixed results, while previously most results had shown no effects, officials said. A panel of experts assembled by the intelligence community that studied a smaller set of incidents previously found that the symptoms might be explained by "pulsed electromagnetic or acoustic energy," as opposed to environmental or medical conditions. "There was unanimous judgment by the panel that the most plausible explanation for a subset of cases was exposure to directed energy," a second senior administration official said. But complicating matters for victims and analysts is the fact that not all of those reporting Anomalous Health Incidents have the same set of symptoms — and the vast majority of cases have been explained by other causes, officials have previously said...

Read more of this story at Slashdot.

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content. Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content." The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored... The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.

Read more of this story at Slashdot.

"What if they ban TikTok and people keep using it anyway?" asks the New York Times, saying a pending ban in America "is vague on how it would be enforced" Some experts say that even if TikTok is actually banned this month or soon, there may be so many legal and technical loopholes that millions of Americans could find ways to keep TikTok'ing. The law is "Swiss cheese with lots of holes in it," said Glenn Gerstell, a former top lawyer at the National Security Agency and a senior adviser at the Center for Strategic and International Studies, a policy research organization. "There are obviously ways around it...." When other countries ban apps, the government typically orders internet providers and mobile carriers to block web traffic to and from the blocked website or app. That's probably not how a ban on TikTok in the United States would work. Two lawyers who reviewed the law said the text as written doesn't appear to order internet and mobile carriers to stop people from using TikTok. There may not be unanimity on this point. Some lawyers who spoke to Bloomberg News said internet providers would be in legal hot water if they let their customers continue to use a banned TikTok. Alan Rozenshtein, a University of Minnesota associate law professor, said he suspected internet providers aren't obligated to stop TikTok use "because Congress wanted to allow the most dedicated TikTok users to be able to access the app, so as to limit the First Amendment infringement." The law also doesn't order Americans to stop using TikTok if it's banned or to delete the app from our phones.... Odds are that if the Supreme Court declares the TikTok law constitutional and if a ban goes into effect, blacklisting the app from the Apple and Google app stores will be enough to stop most people from using TikTok... If a ban goes into effect and Apple and Google block TikTok from pushing updates to the app on your phone, it may become buggy or broken over time. But no one is quite sure how long it would take for the TikTok app to become unusable or compromised in this situation. Users could just sideload the app after downloading it outside a phone's official app store, the article points out. (More than 10 million people sideloaded Fortnite within six weeks of its removal from Apple and Google's app stores.) And there's also the option of just using a VPN — or watching TikTok's web site. (I've never understood why all apps haven't already been replaced with phone-optimized web sites...)

Read more of this story at Slashdot.

"Millions of computers are heading towards a security crisis as Microsoft plans to end support for Windows 10 on October 14, 2025," writes BetaNews: 32 million devices — roughly 65 percent of household computers in Germany — are still running the aging operating system. In the DACH region, including Austria and Switzerland, over 35 million systems rely on Windows 10, leaving millions of users exposed to potential cyberattacks once updates stop. By contrast, only about 33 percent of German devices have transitioned to Windows 11, and over a million are still running even older systems like Windows 8, 7, or XP. Thorsten Urbanski, an IT security expert at ESET, is sounding the alarm. "It's five minutes to midnight to prevent a security fiasco in 2025. We strongly urge users not to wait until October. Upgrade to Windows 11 now or choose an alternative operating system if your device cannot support the latest version. Otherwise, users are exposing themselves to significant security risks, including dangerous cyberattacks and data breaches...." Urbanski also points out that the current situation is worse than when Windows 7 support ended in 2020. By late 2019, over 70 percent of users had already switched to Windows 10, while only about 20 percent remained on Windows 7. Today, the transition to Windows 11 is far slower, creating a dangerous environment. "Cybercriminals know these numbers well and are waiting for the end-of-support date. Once that hits, vulnerabilities will be exploited en masse." "Those unable to move to Windows 11 are being advised to consider Linux as a secure alternative, especially for older hardware." Thanks to Slashdot reader BrianFagioli for sharing the news.

Read more of this story at Slashdot.

As America begins a six-day state funeral for former president Jimmy Carter, Microsoft co-founder/philanthropist Bill Gates shared "my fondest memory" this week. "He and Rosalynn were among my first and most inspiring role models in global health." They played a pretty profound role in the early days of the Gates Foundation. I'm especially grateful that they introduced us to Dr. Bill Foege, who once helped eradicate smallpox and was a key advisor for our global health work. Jimmy and Rosalynn were also good friends to my dad. One of my favorite photographs of all time shows Jimmy Carter, Nelson Mandela, and my dad in South Africa holding babies at a medical clinic. I remember my dad coming back from that trip with a whole new appreciation for Jimmy's passion for helping people with HIV. At the time, then-President Thabo Mbeki was refusing to let people with HIV get treatment, and my dad watched Jimmy almost get into a fist fight with Mbeki over the issue. As Jimmy said in a 2012 conversation at the Gates Foundation hosted by my dad, "He was claiming there was no relationship between HIV and AIDS and that the medicines that we were sending in, the antiretroviral medicines, were a white person's plot to help kill black babies." At a time when a quarter of all people in South Africa were HIV positive, Jimmy just couldn't accept Mbeki's obstructionism. Ars Technica reported it was also Jimmy Carter who saved America's space shuttle program. And Carter installed solar panels on the roof of the White House (which "were later removed by his successor, Ronald Reagan," according to Boiling Point, an environmental newsletter from the Los Angeles Times): He tried and largely failed to block construction of more than a dozen expensive, environmentally destructive water infrastructure projects such as dams, canals and reservoirs. He also tried to reduce U.S. dependence on foreign oil, implementing the first vehicle fuel-efficiency standards and tasking researchers with bringing down the cost of solar panels — an effort he predicted could be "a small part of one of the greatest and most exciting adventures ever undertaken by the American people...." And although he was largely thinking about how to free Americans from geopolitical crises that could wreak havoc on oil supplies and gasoline prices, he also had heat-trapping greenhouse gases in mind... The final report from the White House Council on Environmental Quality warned that fossil fuel combustion could cause "widespread and pervasive changes in global climatic, economic, social, and agricultural patterns." It advised that to avoid such risks, we should limit global temperature increases to 2 degrees Celsius above preindustrial levels — the goal eventually agreed to by nearly 200 nations, 35 years later. Even if Carter's actions were targeted more at reducing oil imports than at cutting planet-warming pollution — he was willing to increase domestic coal production if it meant less dependence on foreign crude — the political battles he fought, particularly those he lost, have lessons for those of us who care about the climate today. The historian Kai Bird, for instance, notes that after struggling to pass a tax on gas-guzzling cars, Carter wrote in his diary, "The influence of the oil and gas industry is unbelievable, and it's impossible to arouse the public to protect themselves." Indeed, oil and gas companies still wield huge influence. SUVs are more popular than ever. The newsletter argues the story of Carter's life can be an inspiration, since Carter saw a lot of changes in his 100 years. "We need to see more changes to survive. May we all be as lucky as Carter was."

Read more of this story at Slashdot.

This week New York Times technology columnist Kevin Roose published his annual "Good Tech" awards to "shine the spotlight on a few tech projects that I think contributed positively to humanity." And high on the list is "Andres Freund, and every open-source software maintainer saving us from doom." The most fun column I wrote this past year was about a Microsoft database engineer, Andres Freund, who got some odd errors while doing routine maintenance on an obscure open-source software package called xz Utils. While investigating, Freund inadvertently discovered a huge security vulnerability in the Linux operating system, which could have allowed a hacker to take control of hundreds of millions of computers and bring the world to its knees. It turns out that much of our digital infrastructure rests on similar acts of nerdy heroism. After writing about Freund's discovery, I received tips about other near disasters involving open-source software projects, many of which were averted by sharp-eyed volunteers catching bugs and fixing critical code just in time to foil the bad guys. I could not write about them all, but this award is to say: I see you, open-source maintainers, and I thank you for your service. Roose also acknowledges the NASA engineers who kept Voyager 1 transmitting back to earth from interstellar space — and Bluesky, "for making my social media feeds interesting again." Roose also notes it was a big year for AI. There's a shout-out to Epoch AI, a small nonprofit research group in Spain, "for giving us reliable data on the AI boom." ("The firm maintains public databases of AI models and AI hardware, and publishes research on AI trends, including an influential report last year about whether AI models can continue to grow at their current pace. Epoch AI concluded they most likely could until 2030.") And there's also a shout-out to groups "pushing AI forward" and positive uses "to improve health care, identify new drugs and treatments for debilitating diseases and accelerate important scientific research." The nonprofit Arc Institute released Evo, an AI model that "can predict and generate genomic sequences, using technology similar to the kind that allows systems like ChatGPT to predict the next words in a sequence." A Harvard University lab led by Dr. Jeffrey Lichtman teamed with researchers from Google for "the most detailed map of a human brain sample ever created. The team used AI to map more than 150 million synapses in a tiny sample of brain tissue at nanometer-level resolution..." Researchers at Stanford and McMaster universities developed SyntheMol, "a generative AI model that can design new antibiotics from scratch."

Read more of this story at Slashdot.

A U.S. Appeals Court ruled this week that net neutrality couldn't be reinstated by America's Federal Communications Commission. But "Despite the dismantling of the FCC's efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact," notes the Los Angeles Times: This week's decision by the 6th U.S. Circuit Court of Appeals, striking down the FCC's open internet rules, has little bearing on state laws enacted during the years-long tug-of-war over the government's power to regulate internet service providers, telecommunications experts said. In fact, some suggested that the Cincinnati-based 6th Circuit's decision — along with other rulings and the U.S. Supreme Court's posture on a separate New York case — has effectively fortified state regulators' efforts to fill the gap. "Absent an act of Congress, the FCC has virtually no role in broadband any more," Ernesto Falcon, a program manager for the California Public Utilities Commission, said in an interview. "The result of this decision is that states like California, New York and others will have to govern and regulate broadband carriers on our own." California has one of the nation's strongest laws on net neutrality, the principle that internet traffic must be treated equally to ensure a free and open network. Former Gov. Jerry Brown signed the measure into law in 2018, months after federal regulators in President elect-Donald Trump's first administration repealed the net neutrality rules put in place under President Obama. Colorado, Oregon and other states also adopted their own standards. The Golden State's law has already survived legal challenges. It also prompted changes in the way internet service providers offered plans and services. "California's net neutrality law, which is seen as the gold standard by consumer advocates, carries national impact," Falcon said.... "The state's authority and role in broadband access has grown dramatically now," Falcon said. California's net neutrality rules prohibit "throttling" data speeds, according to the article.

Read more of this story at Slashdot.

It "felt like a Disneyland ride," reports CBS News. A man took a Waymo takes to the airport — only to discover the car "wouldn't stop driving around a parking lot in circles." And because the car was in motion, he also couldn't get out. Still stuck in the car, Michael Johns — a tech-industry worker — then phoned Waymo for help. ("Has this been hacked? What's going on? I feel like I'm in the movies. Is somebody playing a joke on me?") But he also filmed the incident... "Why is this thing going in a circle? I'm getting dizzy," Johns said in a video posted on social media that has since gone viral, garnering more than two million views and interactions.... The Waymo representative was finally able to get the car under control after a few minutes, allowing him to get to the airport just in time to catch his flight back to LA. He says that the lack of empathy from the representative who attempted to help him, on top of the point that he's unsure if he was talking to a human or AI, are major concerns. "Where's the empathy? Where's the human connection to this?" Johns said while speaking with CBS News Los Angeles. "It's just, again, a case of today's digital world. A half-baked product and nobody meeting the customer, the consumers, in the middle." Johns, who ironically works in the tech industry himself, says he would love to see services like Waymo succeed, but he has no plans to hop in for a ride until he's sure that the kinks have been fixed. In the meantime, he's still waiting for someone from Waymo to contact him in regards to his concerns, which hasn't yet happened despite how much attention his video has attracted since last week. "My Monday was fine till i got into one of Waymo 's 'humanless' cars," he posted on LinkedIn . "I get in, buckle up ( safety first) and the saga begins.... [T]he car just went around in circles, eight circles at that..." A Waymo spokesperson admitted they'd added about five minutes to his travel time, but then "said the software glitch had since been resolved," reports the Los Angeles Times, "and that Johns was not charged for the ride." One final irony? According to his LinkedIn profile, Johns is a CES Innovations Awards judge.

Read more of this story at Slashdot.

"It's fair to say that by 1995, OS/2 was dead software walking," remembers a new article from the Register (which begins with a 1995 Usenet post from Gordon Letwin, Microsoft's lead architect on the OS/2 project). But the real question is why this Microsoft-IBM collaboration on a DOS-replacing operating system ultimately lost out to Windows...? If OS/2 1.0 had been an 80386 OS, and had been able to multitask DOS apps, we think it would have been a big hit.... OS/2's initial 1980s versions were 16-bit products, at IBM's insistence. That is when the war was lost. That is when OS/2 flopped. Because its initial versions were even more crippled than the Deskpro 386... Because OS/2 1.x flopped, Microsoft launched a product that fixed the key weakness of OS/2 1.x. That product was Windows 3, which worked perfectly acceptably on 286 machines, but if you ran the same installed copy on a 32-bit 386 PC, it worked better. Windows 3.0 could use the more sophisticated hardware of a 386 to give better multitasking of the market-dominating DOS apps... IBM's poor planning shaped the PC industry of the 1990s more than Microsoft's successes. Windows 3.0 wasn't great, but it was good enough. It reversed people's perception of Windows after the failures of Windows 1 and Windows 2. Windows 3 achieved what OS/2 had intended to do. It transformed IBM PC compatibles from single-tasking text-only computers into graphical computers, with poor but just about usable multitasking... Soon after Windows 3.0 turned out to be a hit, OS/2 NT was rebranded as Windows NT. Even the most ardent Linux enthusiast must c\oncede that Windows NT did quite well over three decades. Back in 1995, the Register's author says they'd moved from OS/2 to Windows 95 "while it was still in beta. "The UI was far superior, more hardware worked, and Doom ran much better."

Read more of this story at Slashdot.

"In many instances, there's a catch: flexible work but at lower pay..." writes Fortune. "Remote workers are accepting lower salaries in order to achieve remote status. Some are taking as much as 5% to 15% less pay to do so, while other employers are reversing the strategy to entice workers to come to the office at higher salaries..." Today, nearly half of managers anticipate challenges in meeting candidates' compensation expectations. And when the gap between salary expectation and an offer is too great, many employers are negotiating remote and hybrid work to get candidates to sign on the dotted line, according to Robert Half's recently published 2025 U.S. Hiring Outlook. Some candidates accept 5% to 15% less pay in exchange for getting to work from home, Theresa L. Fesinstine, founder of human resources advisory peoplepower.ai, told Fortune. "There's this unspoken exchange rate between flexibility and comp, and for some candidates, it's worth a significant trade-off," said Fesinstine, who has more than two decades of leadership experience in HR. This is especially true "for those who value work-life balance or are saving on commute costs." There are inherent risks in offering job candidates lower salaries, even if it means getting the chance to work from home. Amy Spurling, founder and CEO of employee benefits reimbursement platform Compt, told Fortune she expects to see a second Great Resignation this year after hiring freezes, benefits cuts, and forced RTO policies in 2023 and 2024. "If you're trying to lowball remote workers, you're about to face a harsh reality," Spurling said. "2025 is going to be a 'find out' year for companies that thought they could use remote work or other 'perks' to replace competitive compensation and genuine employee support." To wit, a 2024 report by PwC forecasts another resignation period with a 28% increase in the number of people who plan to change jobs, compared to 19% during the Great Resignation of 2022... What's more, Fesinstine argues, remote work "isn't a perk anymore, but rather a standard operating model." So attempting to describe remote work as a benefit doesn't sit well with job candidates... On the other hand, Michael Steinitz, senior executive director of professional talent solutions at Robert Half, told Fortune their research shows 76% of job candidates are willing to work fully in-office — in exchange for a higher salary. "Among those employees, the average raise they would request is about 23%, he said."

Read more of this story at Slashdot.

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders. What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home." As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security. In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined. American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive. The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched." And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks. The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...

Read more of this story at Slashdot.