The Courts

Apple Loses Bid To Dismiss US Smartphone Monopoly Case (reuters.com) 47

Apple must face the U.S. Department of Justice's lawsuit accusing the iPhone maker of unlawfully dominating the U.S. smartphone market, a judge ruled on Monday. From a report: U.S. District Judge Julien Neals in Newark, New Jersey, denied Apple's motion to dismiss the lawsuit accusing the company of using restrictions on third-party app and device developers to keep users from switching to competitors and unlawfully dominate the market.

The decision would allow the case to go forward in what could be a years-long fight for Apple against enforcers' attempt to lower what they say are barriers to competition with Apple's iPhone.

Canada

In Last-Minute Move, Canada Rescinds Digital Services Tax, Restarts Negotiations (newsweek.com) 132

"Canada and the United States have resumed trade negotiations," reports Newsweek, "after Canadian Prime Minister Mark Carney agreed to rescind the country's digital services tax on U.S. technology companies." The development follows President Donald Trump's announcement on Friday that he was suspending all trade talks with Canada "effective immediately" over the tax policy... Canada's quick reversal signals the high stakes involved in maintaining trade relationships with the United States, particularly given the countries' deeply integrated economies.

Carney's office confirmed on Sunday that both leaders have agreed to restart negotiations after Canada committed to abandoning the 3 percent levy targeting major U.S. tech giants including Amazon, Google, Meta, Uber, and Airbnb. The tax was scheduled to take effect Monday and would have applied retroactively, creating an estimated $2 billion bill for American companies. The conflict escalated rapidly after Canada's Finance Department confirmed Friday that companies would still be required to make their first digital tax payments Monday, despite ongoing negotiations. The tax targeted revenue generated from Canadian users rather than corporate profits, making it particularly burdensome for technology companies operating internationally...

Canada's decision to rescind the tax came "in anticipation" of reaching a broader trade agreement, according to government officials. With negotiations resuming, both countries will likely focus on addressing broader trade issues beyond the digital services tax.

Electronic Frontier Foundation

After 45 Years, 74-Year-Old Spreadsheet Legend/EFF Cofounder Mitch Kapor Gets His MIT Degree (bostonglobe.com) 35

Mitch Kapor dropped out of MIT's business school in 1979 — and had soon cofounded the pioneering spreadsheet company Lotus. He also cofounded the EFF, was the founding chair of the Mozilla Foundation, and is now a billionaire (and an VC investor at Kapor Capital).

45 years later, when the 74-year-old was invited to give a guest lecture at MIT's business school last year by an old friend (professor Bill Aulet), he'd teased the billionaire that "there's only one problem, Mitch, I see here you haven't graduated from MIT."

The Boston Globe tells the story... After graduating from Yale in 1971 and bouncing around for almost a decade as "a lost and wandering soul," working as a disc jockey, a Transcendental Meditation teacher, and a mental health counselor, Kapor said he became entranced by the possibilities of the new Apple II personal computer. He started writing programs to solve statistics problems and analyze data, which caught the attention of Boston-area software entrepreneurs Dan Bricklin and Bob Frankston, who co-created VisiCalc, one of the first spreadsheet programs. They introduced Kapor to their California-based software publisher, Personal Software.

Midway through Kapor's 12-month master's program, the publisher offered him the then-princely sum of about $20,000 if he'd adapt his stats programs to work with VisiCalc. To finish the project, he took a leave from MIT, but then he decided to leave for good to take a full-time job at Personal. Comparing his decision to those of other famed tech founder dropouts, like Bill Gates, Kapor said he felt the startup world was calling to him. "It was just so irresistible," he said. "It felt like I could not let another moment go by without taking advantage of this opportunity or the window would close...."

When Aulet made his joke on the phone call with his old friend in 2024, Kapor had largely retired from investing and realized that he wanted to complete his degree. "I don't know what prompted me, but it started a conversation" with MIT about the logistics of finally graduating, Kapor said. By the time Kapor gave the lecture in March, Aulet had discovered Kapor was only a few courses short. MIT does not give honorary degrees, but school officials allow students to make up for missing classes with an independent study and a written thesis. Kapor decided to write a paper on the roots and development of his investing strategy. "It's timely, it's highly relevant, and I have things to say," he said.

One 77-page thesis later, Kapor, donning a cap and gown, finally received his master's degree in May, at a ceremony in the Hyatt Regency Hotel in Cambridge, not far from where he founded Lotus.

Security

New NSA/CISA Report Again Urges the Use of Memory-Safe Programming Language (theregister.com) 66

An anonymous reader shared this report from the tech news site The Register: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week published guidance urging software developers to adopt memory-safe programming languages. "The importance of memory safety cannot be overstated," the inter-agency report says...

The CISA/NSA report revisits the rationale for greater memory safety and the government's calls to adopt memory-safe languages (MSLs) while also acknowledging the reality that not every agency can change horses mid-stream. "A balanced approach acknowledges that MSLs are not a panacea and that transitioning involves significant challenges, particularly for organizations with large existing codebases or mission-critical systems," the report says. "However, several benefits, such as increased reliability, reduced attack surface, and decreased long-term costs, make a strong case for MSL adoption."

The report cites how Google by 2024 managed to reduce memory safety vulnerabilities in Android to 24 percent of the total. It goes on to provide an overview of the various benefits of adopting MSLs and discusses adoption challenges. And it urges the tech industry to promote memory safety by, for example, advertising jobs that require MSL expertise.

It also cites various government projects to accelerate the transition to MSLs, such as the Defense Advanced Research Projects Agency (DARPA) Translating All C to Rust (TRACTOR) program, which aspires to develop an automated method to translate C code to Rust. A recent effort along these lines, dubbed Omniglot, has been proposed by researchers at Princeton, UC Berkeley, and UC San Diego. It provides a safe way for unsafe libraries to communicate with Rust code through a Foreign Function Interface....

"Memory vulnerabilities pose serious risks to national security and critical infrastructure," the report concludes. "MSLs offer the most comprehensive mitigation against this pervasive and dangerous class of vulnerability."

"Adopting memory-safe languages can accelerate modern software development and enhance security by eliminating these vulnerabilities at their root," the report concludes, calling the idea "an investment in a secure software future."

"By defining memory safety roadmaps and leading the adoption of best practices, organizations can significantly improve software resilience and help ensure a safer digital landscape."
Crime

Sinaloa Cartel Used Phone Data and Surveillance Cameras To Find and Kill FBI Informants in 2018, DOJ Says (aol.com) 35

Designated as a foreign terrorist group by multiple countries, Mexico's Sinaloa drug cartel fiercely defends its transnational organized crime syndicate.

"A hacker working for the Sinaloa drug cartel was able to obtain an FBI official's phone records," reports Reuters, "and use Mexico City's surveillance cameras to help track and kill the agency's informants in 2018, the U.S. Justice Department said in a report issued on Thursday." The incident was disclosed in a Justice Department Inspector General's audit of the FBI's efforts to mitigate the effects of "ubiquitous technical surveillance," a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data... The report said the hacker identified an FBI assistant legal attaché at the U.S. Embassy in Mexico City and was able to use the attaché's phone number "to obtain calls made and received, as well as geolocation data."

The report said the hacker also "used Mexico City's camera system to follow the (FBI official) through the city and identify people the (official) met with." The report said "the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses."

Canada

Canada Orders Chinese Firm Hikvision To Cease Canadian Operations Over National Security Concerns (reuters.com) 41

The Canadian government has ordered Chinese surveillance camera manufacturer Hikvision to cease operations in Canada over national security concerns, Industry Minister Melanie Joly said late on Friday. From a report: Hikvision, also known as Hangzhou Hikvision Digital Technology Co, has faced numerous sanctions and restrictions by Canada's neighbor, the United States, over the past five and a half years for the firm's dealings and the use of its equipment in China's Xinjiang region, where rights groups have documented abuses against the Uyghur population and other Muslim communities.

"The government has determined that Hikvision Canada's continued operations in Canada would be injurious to Canada's national security," Joly said on X, adding that the decision was taken after a multi-step review of information provided by Canada's security and intelligence community."

Privacy

Facebook Is Asking To Use Meta AI On Photos In Your Camera Roll You Haven't Yet Shared (techcrunch.com) 19

Facebook is prompting users to opt into a feature that uploads photos from their camera roll -- even those not shared on the platform -- to Meta's servers for AI-driven suggestions like collages and stylized edits. While Meta claims the content is private and not used for ads, opting in allows the company to analyze facial features and retain personal data under its broad AI terms, raising privacy concerns. TechCrunch reports: The feature is being suggested to Facebook users when they're creating a new Story on the social networking app. Here, a screen pops up and asks if the user will opt into "cloud processing" to allow creative suggestions. As the pop-up message explains, by clicking "Allow," you'll let Facebook generate new ideas from your camera roll, like collages, recaps, AI restylings, or photo themes. To work, Facebook says it will upload media from your camera roll to its cloud (meaning its servers) on an "ongoing basis," based on information like time, location, or themes.

The message also notes that only you can see the suggestions, and the media isn't used for ad targeting. However, by tapping "Allow," you are agreeing to Meta's AI Terms. This allows your media and facial features to be analyzed by AI, it says. The company will additionally use the date and presence of people or objects in your photos to craft its creative ideas. [...] According to Meta's AI Terms around image processing, "once shared, you agree that Meta will analyze those images, including facial features, using AI. This processing allows us to offer innovative new features, including the ability to summarize image contents, modify images, and generate new content based on the image," the text states.

The same AI terms also give Meta's AIs the right to "retain and use" any personal information you've shared in order to personalize its AI outputs. The company notes that it can review your interactions with its AIs, including conversations, and those reviews may be conducted by humans. The terms don't define what Meta considers personal information, beyond saying it includes "information you submit as Prompts, Feedback, or other Content." We have to wonder whether the photos you've shared for "cloud processing" also count here.

Printer

Brother Printer Bug In 689 Models Exposes Millions To Hacking (securityweek.com) 54

An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities.

The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process."

Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication.
Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.
United States

US Senators Push For American Version of EU's Digital Markets Act (appleinsider.com) 40

U.S. lawmakers have reintroduced the bipartisan Open App Markets Act, aiming to curb Apple and Google's control over mobile app stores by promoting competition, supporting third-party marketplaces and sideloading, and safeguarding developer rights. AppleInsider reports: The Open App Markets Act seeks to do a number of things, including:
- Protect developers' rights to tell consumers about lower prices and offer competitive pricing;
- Protect sideloading of apps;
- Promote competition by opening the market to third-party app stores, startup apps, and alternative payment systems;
- Make it possible for developers to offer new experiences that take advantage of consumer device features;
- Give consumers greater control over their devices;
- Prevent app stores from disadvantaging developers; and
- Establish safeguards to preserve consumer privacy, security, and safety.

This isn't the first time we've seen this bill, either. In 2021, Senators Blumenthal, Klobuchar, and Blackburn had attempted to put forth the original version of the Open App Markets Act.However, the initial bill never made it to the floor for an office vote. Thanks to last-minute efforts by lobbying groups and appearances from chief executives, the bill eventually stalled out.

While the two bills are largely similar, the revised version introduces several key differences. Notably, the new version includes new carve-outs aimed at protecting intellectual property and addressing potential national security concerns.There's also a new clause that would prohibit punitive actions against developers for enabling remote access to other apps. The clause addition harkens back to the debacle between Apple and most game streaming services -- though in 2024, Apple loosened its App Store guidelines to allow cloud gaming and emulation.

There are a few new platform-protective clauses added, too. For instance, it would significantly lower the burden of proof for either Apple or Google to block platform access to a third-party app.Additionally, it reinforces the fact that companies like Apple or Google will not need to provide support or refunds for third-party apps installed outside of first-party app marketplaces.
The full bill can be found here.
The Internet

Psylo Browser Obscures Digital Fingerprints By Giving Every Tab Its Own IP Address (theregister.com) 20

Psylo, a new privacy-focused iOS browser by Mysk, aims to defeat digital fingerprinting by isolating each browser tab with its own IP address, unique fingerprinting defenses, and proxy-based encryption. "Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs," Tommy Mysk told The Register. "It's not only about separate storage and cookies. Psylo goes beyond that."

"This is why we call tabs 'silos.' It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website." From the report: The company claims Psylo therefore offers better privacy than a VPN because the virtual networks mask the user's IP address but generally don't alter the data used for fingerprinting. Psylo, for example, will adjust the browser's time zone and browser language to match the geolocation of each proxy, resulting in more entropy that means fingerprints created by gathering data from silos will appear to be different.

The Mysk devs' post states that some privacy-focused browsers like Brave also implement anti-fingerprinting measures like canvas randomization, but those are more effective on the desktop macOS app due to Apple's iOS restrictions. They claim that they were able to achieve better results on iOS by using a client-side JavaScript solution. Mysk designed Psylo to minimize the information available to its maker. It doesn't log personally identifiable information or browsing data that the curious could use to identify the user, the company claims, noting that it also doesn't have customer payment information, which is handled by Apple. There are no user accounts, only randomized identifiers to indicate active subscriptions. According to Tommy Mysk, the only subscriber data kept is bandwidth usage, which is necessary to prevent abuse.

"We aggregate bandwidth usage based on a randomly generated ID that is created when a subscription is made," Mysk said. "The randomly generated ID is associated with the Apple subscription transaction. Apple doesn't share the identity of users making App Store purchases with developers." Asked whether Apple could identify users, Mysk said, "Theoretically and given a court order, Apple can figure out the randomly generated ID of the user in question. If we were to hand out the data associated with the randomly generated ID, it would only be the bandwidth usage of that user in the current month, and two months in the past. Older data is automatically deleted. "We don't associate any identifiable information with the randomly generated ID. We don't store IP addresses at all in every component of our system. We don't store websites visited by our users at all."
The browser is only available on iOS and iPadOS, but Mysk says an Android version could be developed if there's enough interest. It costs $9.99 per month or $99 per year in the U.S.
Crime

How Foreign Scammers Use U.S. Banks to Fleece Americans (propublica.org) 32

U.S. banks have failed to prevent mass-scale money laundering in the face of approximately $44 billion per year in pig-butchering scams conducted by Asian crime syndicates, according to a ProPublica investigation.

Chinese-language Telegram channels openly advertise rental of U.S. bank accounts to scammers who use them to move victims' cash into cryptocurrency. Bank of America allowed hundreds of unverified customers to open accounts, prosecutors alleged, including 176 customers who claimed the same small home as their address.

Major financial institutions whose accounts pig-butchering scammers have exploited include Bank of America, Chase, Citibank, HSBC and Wells Fargo. The scams typically involve fake cryptocurrency trading platforms that convince victims to wire money to seemingly legitimate business accounts. Banks are reluctant to share account information with each other even after identifying suspicious activity, and "no real standards" exist for what banks must do to detect fraud or money laundering.
Australia

Australia Regulator and YouTube Spar Over Under-16s Social Media Ban 26

Australia's eSafety Commissioner has urged the government to deny YouTube an exemption from upcoming child safety regulations, citing research showing it exposes more children to harmful content than any other platform. YouTube pushed back, calling the commissioner's stance inconsistent with government data and parental feedback. "The quarrel adds an element of uncertainty to the December rollout of a law being watched by governments and tech leaders around the world as Australia seeks to become the first country to fine social media firms if they fail to block users aged under 16," reports Reuters. From the report: The centre-left Labor government of Anthony Albanese has previously said it would give YouTube a waiver, citing the platform's use for education and health. Other social media companies such as Meta's Facebook and Instagram, Snapchat, and TikTok have argued such an exemption would be unfair. eSafety Commissioner Julie Inman Grant said she wrote to the government last week to say there should be no exemptions when the law takes effect. She added that the regulator's research found 37% of children aged 10 to 15 reported seeing harmful content on YouTube -- the most of any social media site. [...]

YouTube, in a blog post, accused Inman Grant of giving inconsistent and contradictory advice, which discounted the government's own research which found 69% of parents considered the video platform suitable for people under 15. "The eSafety commissioner chose to ignore this data, the decision of the Australian Government and other clear evidence from teachers and parents that YouTube is suitable for younger users," wrote Rachel Lord, YouTube's public policy manager for Australia and New Zealand.

Inman Grant, asked about surveys supporting a YouTube exemption, said she was more concerned "about the safety of children and that's always going to surpass any concerns I have about politics or being liked or bringing the public onside". A spokesperson for Communications Minister Anika Wells said the minister was considering the online regulator's advice and her "top priority is making sure the draft rules fulfil the objective of the Act and protect children from the harms of social media."
Government

Health Secretary Wants Every American To Be Sporting a Wearable Within Four Years (gizmodo.com) 371

Health and Human Services Secretary Robert F. Kennedy Jr. announced a major federal campaign to promote wearable health tech, aiming for every American to adopt a device within four years as part of a broader effort to "Make America Healthy Again." Gizmodo reports: RFK Jr. announced the initiative Tuesday afternoon during a House Energy and Commerce Health Subcommittee meeting to discuss the HHS' budget request for the upcoming fiscal year. In response to a question from representative Troy Balderson (R-Ohio) about wearables, Kennedy revealed that HHS will soon conduct one of the agency's largest ever advertising campaigns to promote their use. He added that in his ideal future, every American will be donning a wearable within the next four years. "It's a key part of our mission to Make America Healthy Again," RFK Jr. stated in an X post following the question.
Patents

WD Escapes Half a Billion in Patent Damages as Judge Trims Award To $1 (theregister.com) 11

Western Digital has succeeded in having the sum it owed from a patent infringement case reduced from $553 million down to just $1 in post-trial motions, when the judge found the plaintiff's claims had shifted during the course of the litigation. From a report: The storage biz was held by a California jury to have infringed on data encryption patents owned by SPEX Technologies Inc in October, relating to several of its self-encrypting hard drive products.

WD was initially told to pay $316 million in damages, but District Judge James Selna ruled the company owed a further $237 million in interest charges earlier this year, bringing the total to more than half a billion dollars. In February, WD was given a week to file a bond or stump up the entire damages payment.
Selna granted Western Digital's post-trial motion to reduce damages, writing that "SPEX's damages theory changed as certain evidence and theories became unavailable" and there was "insufficient evidence from which the Court could determine a reasonable royalty."
AI

Anthropic Bags Key 'Fair Use' Win For AI Platforms, But Faces Trial Over Damages For Millions of Pirated Works (aifray.com) 92

A federal judge has ruled that Anthropic's use of copyrighted books to train its Claude AI models constitutes fair use, but rejected the startup's defense for downloading millions of pirated books to build a permanent digital library.

U.S. District Judge William Alsup granted partial summary judgment to Anthropic in the copyright lawsuit filed by authors Andrea Bartz, Charles Graeber, and Kirk Wallace Johnson. The court found that training large language models on copyrighted works was "exceedingly transformative" under Section 107 of the Copyright Act. Anthropic downloaded over seven million books from pirate sites, according to court documents. The startup also purchased millions of print books, destroyed the bindings, scanned every page, and stored them digitally.

Both sets of books were used to train various versions of Claude, which generates over $1 billion in annual revenue. While the judge approved using books for AI training purposes, he ruled that downloading pirated copies to create what Anthropic called a "central library of all the books in the world" was not protected fair use. The case will proceed to trial on damages related to the pirated library copies.

Slashdot Top Deals