Businesses

US Intelligence Intervened With DOJ To Push HPE-Juniper Merger (axios.com) 8

Earlier this month, Hewlett-Packard Enterprise settled its antitrust case with the U.S. Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks" for $14 billion. According to Axios, the deal was heavily influenced by national security concerns and a desire to bolster American competition against China's Huawei. The outlet reports that the U.S. intelligence community "intervened to persuade the Justice Department that allowing the merger to proceed was essential to helping U.S. business compete with China's Huawei Technologies, among other national-security issues." From the report: "In light of significant national security concerns, a settlement ... serves the interests of the United States by strengthening domestic capabilities and is critical to countering Huawei and China." The official said blocking the deal would have "hindered American companies and empowered" Chinese competitors. A Justice Department spokesman added that DOJ "works very closely with our partners in the IC [intelligence community] and always considers their views when deciding how best to proceed with a case."

The merger was back in the news this week with reports that two senior enforcers in the DOJ's antitrust division were fired Monday amid infighting over the department's settlement greenlighting HPE's $14 billion acquisition of Juniper. Attorney General Pam Bondi had conversations with top intelligence officials that convinced her there was a strong national interest in not driving allies to Chinese technology, a senior administration official tells us.

Censorship

Visa and Mastercard Are Getting Overwhelmed By Gamer Fury Over Censorship (polygon.com) 227

An anonymous reader quotes a report from Polygon: In the wake of storefronts like Steam and itch.io curbing the sale of adult games, irate fans have started an organized campaign against the payment processors that they believe are responsible for the crackdown. While the movement is still in its early stages, people are mobilizing with an eye toward overwhelming communication lines at companies like Visa and Mastercard in a way that will make the concern impossible to ignore. On social media sites like Reddit and Bluesky, people are urging one another to get into contact with Visa and Mastercard through emails and phone calls. Visa and Mastercard have become the targets of interest because the affected storefronts both say that their decisions around adult games were motivated by the danger of losing the ability to use major payment processors while selling games. These payment processors have their own rules regarding usage, but they are vaguely defined. But losing infrastructure like this could impact audiences well beyond those who care about sex games, spokespeople for Valve and itch.io said.

In a now-deleted post on the Steam subreddit with over 17,000 upvotes, commenters say that customer service representatives for both payment processors seem to already be aware of the problem. Sometimes, the representatives will say that they've gotten multiple calls on the subject of adult game censorship, but that they can't really do anything about it. The folks applying pressure know that someone at a call center has limited power in a scenario like this one; typically, agents are equipped to handle standard customer issues like payment fraud or credit card loss. But the point isn't to enact change through a specific phone call: It's to cause enough disruption that the ruckus theoretically starts costing payment processors money.

"Emails can be ignored, but a very very long queue making it near impossible for other clients to get in will help a lot as well," reads the top comment on the Reddit thread. In that same thread, people say that they're hanging onto the call even if the operator says that they'll experience multi-hour wait times presumably caused by similar calls gunking up the lines. Beyond the stubbornness factor, the tactic is motivated by the knowledge that most customer service systems will put people who opt for call-backs in a lower priority queue, as anyone who opts in likely doesn't have an emergency going on. "Do both," one commenter suggests. "Get the call back, to gum up the call back queue. Then call in again and wait to gum up the live queue." People are also using email to voice their concerns directly to the executives at both Visa and Mastercard, payment processors that activist group Collective Shout called out by name in their open letter requesting that adult games get pulled. Emails are also getting sent to customer service.

Privacy

A Second Tea Breach Reveals Users' DMs About Abortions and Cheating (404media.co) 116

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.

It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]

This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

United Kingdom

VPN Downloads Surge in UK as New Age-Verification Rules Take Effect (msn.com) 96

Proton VPN reported a 1,400 percent hourly increase in signups over its baseline Friday — the day the UK's age verification law went into effect. For UK users, "apps with explicit content must now verify visitors' ages via methods such as facial recognition and banking info," notes Mashable: Proton VPN previously documented a 1,000 percent surge in new subscribers in June after Pornhub left France, its second-biggest market, amid the enactment of an age verification law there... A Proton VPN spokesperson told Mashable that it saw an increase in new subscribers right away at midnight Friday, then again at 9 a.m. BST. The company anticipates further surges over the weekend, they added. "This clearly shows that adults are concerned about the impact universal age verification laws will have on their privacy," the spokesperson said... Search interest for the term "Proton VPN" also saw a seven-day spike in the UK around 2 a.m. BST Friday, according to a Google Trends chart.
The Financial Times notes that VPN apps "made up half of the top 10 most popular free apps on the UK's App Store for iOS this weekend, according to Apple's rankings." Proton VPN leapfrogged ChatGPT to become the top free app in the UK, according to Apple's daily App Store charts, with similar services from developers Super Unlimited and Nord Security also rising over the weekend... Data from Google Trends also shows a significant increase in search queries for VPNs in the UK this weekend, with up to 10 times more people looking for VPNs at peak times...

"This is what happens when people who haven't got a clue about technology pass legislation," Anthony Rose, a UK-based tech entrepreneur who helped to create BBC iPlayer, the corporation's streaming service, said in a social media post. Rose said it took "less than five minutes to install a VPN" and that British people had become familiar with using them to access the iPlayer outside the UK. "That's the beauty of VPNs. You can be anywhere you like, and anytime a government comes up with stupid legislation like this, you just turn on your VPN and outwit them," he added...

Online platforms found in breach of the new UK rules face penalties of up to £18mn or 10 percent of global turnover, whichever is greater... However, opposition to the new rules has grown in recent days. A petition submitted through the UK parliament website demanding that the Online Safety Act be repealed has attracted more than 270,000 signatures, with the vast majority submitted in the past week. Ministers must respond to a petition, and parliament has to consider its topic for a debate, if signatures surpass 100,000.

X, Reddit and TikTok have also "introduced new 'age assurance' systems and controls for UK users," according to the article. But Mashable summarizes the situation succinctly.

"Initial research shows that VPNs make age verification laws in the U.S. and abroad tricky to enforce in practice."
Piracy

Creator of 1995 Phishing Tool 'AOHell' On Piracy, Script Kiddies, and What He Thinks of AI (yahoo.com) 14

In 1995's online world, AOL existed mostly beside the internet as a "walled, manicured garden," remembers Fast Company.

Then along came AOHell "the first of what would become thousands of programs designed by young hackers to turn the system upside down" — built by a high school dropout calling himself "Da Chronic" who says he used "a computer that I couldn't even afford" using "a pirated copy of Microsoft Visual Basic." [D]istributed throughout the teen chatrooms, the program combined a pile of tricks and pranks into a slick little control panel that sat above AOL's windows and gave even newbies an arsenal of teenage superpowers. There was a punter to kick people out of chatrooms, scrollers to flood chats with ASCII art, a chat impersonator, an email and instant message bomber, a mass mailer for sharing warez (and later mp3s), and even an "Artificial Intelligence Bot" [which performed automated if-then responses]. Crucially, AOHell could also help users gain "free" access to AOL. The program came with a program for generating fake credit card numbers (which could fool AOL's sign up process), and, by January 1995, a feature for stealing other users' passwords or credit cards. With messages masquerading as alerts from AOL customer service reps, the tool could convince unsuspecting users to hand over their secrets...

Of course, Da Chronic — actually a 17-year-old high school dropout from North Carolina named Koceilah Rekouche — had other reasons, too. Rekouche wanted to hack AOL because he loved being online with his friends, who were a refuge from a difficult life at home, and he couldn't afford the hourly fee. Plus, it was a thrill to cause havoc and break AOL's weak systems and use them exactly how they weren't meant to be, and he didn't want to keep that to himself. Other hackers "hated the fact that I was distributing this thing, putting it into the team chat room, and bringing in all these noobs and lamers and destroying the community," Rekouche told me recently by phone...

Rekouche also couldn't have imagined what else his program would mean: a free, freewheeling creative outlet for thousands of lonely, disaffected kids like him, and an inspiration for a generation of programmers and technologists. By the time he left AOL in late 1995, his program had spawned a whole cottage industry of teenage script kiddies and hackers, and fueled a subculture where legions of young programmers and artists got their start breaking and making things, using pirated software that otherwise would have been out of reach... In 2014, [AOL CEO Steve] Case himself acknowledged on Reddit that "the hacking of AOL was a real challenge for us," but that "some of the hackers have gone on to do more productive things."

When he first met Mark Zuckerberg, he said, the Facebook founder confessed to Case that "he learned how to program by hacking [AOL]."

"I can't imagine somebody doing that on Facebook today," Da Chronic says in a new interview with Fast Company. "They'll kick you off if you create a Google extension that helps you in the slightest bit on Facebook, or an extension that keeps your privacy or does a little cool thing here and there. That's totally not allowed."

AOHell's creators had called their password-stealing techniques "phishing" — and the name stuck. (AOL was working with federal law enforcement to find him, according to a leaked internal email, but "I didn't even see that until years later.") Enrolled in college, he decided to write a technical academic paper about his program. "I do believe it caught the attention of Homeland Security, but I think they realized pretty quickly that I was not a threat."

He's got an interesting perspective today, noting with today's AI tool's it's theoretically possible to "craft dynamic phishing emails... when I see these AI coding tools I think, this might be like today's Visual Basic. They take out a lot of the grunt work."

What's the moral of the story? "I didn't have any qualifications or anything like that," Da Chronic says. "So you don't know who your adversary is going to be, who's going to understand psychology in some nuanced way, who's going to understand how to put some technological pieces together, using AI, and build some really wild shit."
Privacy

Astronomer Hires Coldplay Lead Singer's Ex-Wife as 'Temporary' Spokesperson: Gwyneth Paltrow (bbc.com) 153

The "Chief People Officer" of dataops company Astronomer resigned this week from her position after apparently being caught on that "Kiss Cam" at a Coldplay concert with the company's CEO, reports the BBC. That CEO has also resigned, with Astronomer appointing their original co-founder and chief product officer as the new interim CEO.

UPDATE (7/26): In an unexpected twist, Astronomer put out a new video Friday night starring... Gwyneth Paltrow.

Actress/businesswoman Paltrow "was married to Coldplay's frontman Chris Martin for 13 years," reports CBS News. In the video posted Friday, Paltrow says she was hired by Astronomer as a "very temporary" spokesperson.

"Astronomer has gotten a lot of questions over the last few days," Paltrow begins, "and they wanted me to answer the most common ones..."

As the question "OMG! What the actual f" begins appearing on the screen, Paltrow responds "Yes, Astronomer is the best place to run Apache Airflow, unifying the experience of running data, ML, and AI pipelines at scale. We've been thrilled so many people have a newfound interest in data workflow automation." (Paltrow also mentions the company's upcoming Beyond Analytics dataops conference in September.)

Astronomer is still grappling with unintended fame after the "Kiss Cam" incident. ("Either they're having an affair or they're just very shy," Coldplay's lead singer had said during the viral video, in which the startled couple hurries to hide off-camera). The incident raised privacy concerns, as it turns out both people in the video were in fact married to someone else, though the singer did earlier warn the crowd "we're going to use our cameras and put some of you on the big screen," according to CNN. The New York Post notes the woman's now-deleted LinkedIn account showed that she has also served as an "advisory board member" at her husband's company since September of 2020. The Post cites a source close to the situation who says the woman's husband "was in Asia for a few weeks," returning to America right as the video went viral. Kristin and Andrew Cabot married sometime after her previous divorce was finalized in 2022. The source said there had been little indication of any trouble in paradise before the Coldplay concert video went viral. "The family is now saying they have been having marriage troubles for several months and were discussing separating..."
The video had racked up 127 million videos by yesterday, notes Newsweek, adding that the U.K. tabloid the Daily Mail apparently took photos outside the woman's house, reporting that she does not appear to be wearing a wedding ring.
The Courts

Judge Sanctions Lawyers Defending Alabama's Prison System For Using Fake ChatGPT Cases In Filings (apnews.com) 45

An anonymous reader quotes a report from the Associated Press: A federal judge reprimanded lawyers with a high-priced firm defending Alabama's prison system for using ChatGPT to write court filings with "completely made up" case citations. U.S. District Judge Anna Manasco publicly reprimanded three lawyers with Butler Snow, the law firm hired to defend Alabama and other jurisdictions in lawsuits against their prison systems. The order sanctioned William R. Lunsford, the head of the firm division that handles prison litigation, along with Matthew B. Reeves and William J. Cranford. "Fabricating legal authority is serious misconduct that demands a serious sanction," Manasco wrote in the Wednesday sanctions order.

Manasco removed the three from participating in the case where the false citations were filed and directed them to share the sanctions order with clients, opposing lawyers and judges in all of their other cases. She also referred the matter to the Alabama State Bar for possible disciplinary action. [...] "In simpler terms, the citations were completely made up," Manasco wrote. She added that using the citations without verifying their accuracy was "recklessness in the extreme." The filings in question were made in a lawsuit filed by an inmate who was stabbed on multiple occasions at the William E. Donaldson Correctional Facility in Jefferson County. The lawsuit alleges that prison officials are failing to keep inmates safe.

Privacy

Women Dating Safety App 'Tea' Breached, Users' IDs Posted To 4chan (404media.co) 95

An anonymous reader quotes a report from 404 Media: Users from 4chan claim to have discovered an exposed database hosted on Google's mobile app development platform, Firebase, belonging to the newly popular women's dating safety app Tea. Users say they are rifling through peoples' personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago. Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.

"Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket," a post on 4chan providing details of the vulnerability reads. "DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!" The thread says the issue was an exposed database that allowed anyone to access the material. [...] "The images in the bucket are raw and uncensored," the user wrote. Multiple users have created scripts to automate the process of collecting peoples' personal information from the exposed database, according to other posts in the thread and copies of the scripts. In its terms of use, Tea says "When you first create a Tea account, we ask that you register by creating a username and including your location, birth date, photo and ID photo."

After publication of this article, Tea confirmed the breach in an email to 404 Media. The company said on Friday it "identified unauthorized access to one of our systems and immediately launched a full investigation to assess the scope and impact." The company says the breach impacted data from more than two years ago, and included 72,000 images (13,000 selfies and photo IDs, and 59,000 images from app posts and direct messages). "This data was originally stored in compliance with law enforcement requirements related to cyber-bullying prevention," the email continued. "We have engaged third-party cybersecurity experts and are working around the clock to secure our systems. At this time, there is no evidence to suggest that current or additional user data was affected. Protecting our users' privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform and prevent further exposure."

Government

Internet Archive Designated as a Federal Depository Library (archive.org) 10

The Internet Archive has received federal depository library status from California Sen. Alex Padilla, joining a network of over 1,100 libraries that archive government documents and make them accessible to the public. Padilla made the designation in a letter to the Government Publishing Office, which oversees the program.

The San Francisco-based nonprofit organization already operates Democracy's Library, a free online compendium of government research and publications launched in 2022. Founder Brewster Kahle said the new designation makes it easier to work with other federal depository libraries and provides more reliable access to government materials for digitization and distribution.

Under federal law, members of Congress can designate up to two qualified libraries for federal depository status.
Google

Man Awarded $12,500 After Google Street View Camera Captured Him Naked in His Yard (cbsnews.com) 60

An Argentine captured naked in his yard by a Google Street View camera has been awarded compensation by a court after his bare behind was splashed over the internet for all to see. From a report: The policeman had sought payment from the internet giant for harm to his dignity, arguing he was behind a 6 1/2-foot wall when a Google camera captured him in the buff, from behind, in small-town Argentina in 2017. His house number and street name were also laid bare, broadcast on Argentine TV covering the story, and shared widely on social media.

The man claimed the invasion exposed him to ridicule at work and among his neighbors. Another court last year dismissed the man's claim for damages, ruling he only had himself to blame for "walking around in inappropriate conditions in the garden of his home." Google, for its part, claimed the perimeter wall was not high enough.

The Courts

'Call of Duty' Maker Goes To War With 'Parasitic' Cheat Developers in LA Federal Court (msn.com) 18

A federal court has denied requests by Ryan Rothholz to dismiss or transfer an Activision lawsuit targeting his alleged Call of Duty cheating software operation. Rothholz, who operated under the online handle "Lerggy," submitted motions in June and earlier this month seeking to dismiss the case or move it to the Southern District of New York, but both were rejected due to filing errors.

The May lawsuit alleges Rothholz created "Lergware" hacking software that enabled players to cheat by kicking opponents offline, then rebranded to develop "GameHook" after receiving a cease and desist letter in June 2023. Court filings say he sold a "master key" for $350 that facilitated cheating across multiple games. The hacks "are parasitic in nature," the complaint said, alleging violations of the game's terms of service, copyright law and the Computer Fraud and Abuse Act.
United Kingdom

UK Student Jailed For Selling Phishing Kits Linked To $135M of Fraud (theguardian.com) 18

A 21-year-old student who designed and distributed online kits linked to $175 million worth of fraud has been jailed for seven years. From a report: Ollie Holman created phishing kits that mimicked government, bank and charity websites so that criminals could harvest victims' personal information to defraud them. In one case a kit was used to mimic a charity's donation webpage so when someone tried to give money, their card details were taken and used by criminals.

Holman, of Eastcote in north-west London, created and supplied 1,052 phishing kits that targeted 69 organisations across 24 countries. He also offered tutorials in how to use the kits and built up a network of almost 700 connections. The fake websites supplied in the kits had features that allowed information such as login and bank details to be stored. It is estimated Holman received $405,000 from selling the kits between 2021 and 2023. The kits were distributed through the encrypted messaging service Telegram.

Social Networks

Trump, Who Promised To Save TikTok, Threatens To Shut Down TikTok (arstechnica.com) 111

An anonymous reader quotes a report from Ars Technica: Donald Trump vowed to save TikTok before taking office, claiming only he could make a deal to keep the app operational in the US despite national security concerns. But then, he put Vice President JD Vance in charge of the deal, and after months of negotiations, the US still doesn't seem to have found terms for a sale that the Chinese government is willing to approve. Now, Trump Commerce Secretary Howard Lutnick has confirmed that if China won't approve the latest version of the deal -- which could result in a buggy version of TikTok made just for the US -- the administration is willing to shut down TikTok. And soon.

On Thursday, Lutnick told CNBC that TikTok would stop operating in the US if China and TikTok owner ByteDance won't sell the app to buyers that Trump lined up, along with control over TikTok's algorithm. Under the deal Trump is now pushing, "China can have a little piece or ByteDance, the current owner, can keep a little piece," Lutnick said. "But basically, Americans will have control. Americans will own the technology, and Americans will control the algorithm." However, ByteDance's board has long maintained that the US can alleviate its national security fears -- that China may be using the popular app to manipulate and spy on Americans -- without forcing a sale. In January, a ByteDance board member, Bill Ford, told World Economic Forum attendees that a non-sale option "could involve a change of control locally to ensure" TikTok "complies with US legislation" without selling off the app or its algorithm.

At this point, Lutnick suggested that the US is unwilling to bend on the requirement that the US control the recommendation algorithm, which is viewed as the secret sauce that makes the app so popular globally. ByteDance may be unwilling to sell the algorithm partly because then it would be sharing its core intellectual property with competitors in the US. Earlier this month, Trump had claimed that he wasn't "confident" that China would approve the deal, even though he thought it was "good for China." Analysts have suggested that China views TikTok as a bargaining chip in its tariff negotiations with Trump, which continue to not go smoothly, and it may be OK with the deal but unwilling to release the bargaining chip without receiving key concessions from the US. For now, the US and China are enjoying a 90-day truce that could end in August, about a month before the deadline Trump set to sell TikTok in mid-September.

Crime

Satellite Imagery and Phone Data Reveal Romance Scam Centers Still Expanding Despite Crackdowns 9

Massive mobile device tracking data has exposed the interconnected network of Myanmar's expanding scam centers, revealing how trafficked workers circulate between compounds despite February crackdowns. Analysis of 4.9 million location records from 11,930 mobile devices between January 2024 and May 2025 showed five devices visited all three major compounds -- Yatai New City, Apolo Park, and Yulong Bay Park -- plus the raided KK Park and Huanya Park facilities.

Workers are forced into romance scams, deceiving victims into believing they're in romantic relationships before extracting money. A South Asian man held six months at KK Park worked 16 hours daily conducting these online deceptions while enduring beatings and electric shocks for poor performance. Nikkei's investigation combined satellite imagery analysis, social media posts from Chinese platform Douyin, and open-source intelligence techniques to document continued construction at eight of 16 suspected sites. Myanmar authorities deported over 66,000 foreign nationals involved in these online fraud operations between October 2023 and June 2025.

Slashdot Top Deals