Apple has fixed a bug that could cause parts of Signal notifications to remain stored on iPhones even after messages disappeared and the app was deleted. "Affected users concerned about push notifications can update their devices to stop what Apple characterized as 'notifications marked for deletion' that 'could be unexpectedly retained on the device,'" reports Ars Technica. "According to Apple, the push notifications should never have been stored, but a 'logging issue' failed to redact data." From the report: Vulnerable users hoping to evade law enforcement surveillance often use encrypted apps like Signal to communicate sensitive information. That's why users felt blindsided when 404 Media reported that Apple was unexpectedly storing push notifications displaying parts of encrypted messages for up to a month. This occurred even after the message was set to disappear and the app itself was deleted from the device.

404 Media flagged the issue after speaking to multiple people who attended a hearing where the FBI testified that it "was able to forensically extract copies of incoming Signal messages from a defendant's iPhone, even after the app was deleted, because copies of the content were saved in the device's push notification database." The shocking revelation came in a case that 404 Media noted was "the first time authorities charged people for alleged 'Antifa' activities after President Trump designated the umbrella term a terrorist organization." "We're grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue," Signal's post said. "It takes an ecosystem to preserve the fundamental human right to private communication."

In their post, Signal confirmed that after users update their devices, "no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications."

An anonymous reader quotes a report from TechCrunch: The French government agency that handles the issuing and management of citizens' identity documents, including national IDs, passports, and immigration documents, confirmed Wednesday that it experienced a data breach. In an announcement, the Agence Nationale des Titres Securises (ANTS) said the data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens. ANTS said the investigation to determine how the breach happened and its impact is ongoing, and people whose data was affected are being notified.

ANTS, which said it detected the attack on April 15, did not specify how many people were affected by the breach. But some reporting suggests millions may have had some of their personal information stolen. According to Bleeping Computer, a hacker has advertised the stolen data on a hacking forum, claiming to have a database with 19 million records. The hacker's forum post referenced the same kind of stolen information as mentioned in ANTS' announcement and was published before ANTS publicly disclosed the breach on April 20.

An anonymous reader quotes a report from the Associated Press: New York is suing Coinbase and Gemini, two of the newest players in the prediction market industry, arguing that the companies' unregulated and unlicensed platforms are illegal gambling operations. Attorney General Letitia James' lawsuit, filed Tuesday in state court in Manhattan, seeks to bar the companies' platforms from operating in the state unless and until they obtain licenses from the state Gaming Commission.

"Gambling by another name is still gambling, and it is not exempt from regulation under our state laws and Constitution," James said in a statement. "Gemini and Coinbase's so-called prediction markets are just illegal gambling operations, exposing young people to addictive platforms that lack the necessary guardrails." Both companies began as cryptocurrency trading platforms before branching into the prediction space, which has been dominated by Kalshi and Polymarket.

[...] New York's lawsuit alleges that the Coinbase and Gemini are seeking "to avoid the legal and financial consequences" of the state's close regulation of gambling "by offering what is quintessentially wagering under the guise of offering 'event contracts' on a 'prediction market.'" By operating without licenses, the lawsuit says, Coinbase's and Gemini's prediction market businesses aren't paying the same taxes as licensed casinos and mobile sportsbooks, which are taxed by the state at a rate of approximately 51% of gross revenues. In addition, the lawsuit says, Coinbase and Gemini allow users as young as 18, while state law prohibits wagering by anyone under 21.

Ancient Slashdot reader Alain Williams shares a report from the BBC: The Trump family's World Liberty crypto venture is being sued by one of its billionaire backers over allegations of extortion. Justin Sun has accused World Liberty of an "illegal scheme" to seize his WLFI tokens, a cryptocurrency issued by the company. Sun alleges the firm, co-founded by U.S. President Donald Trump and his son Eric Trump, has "frozen" all of his tokens and stripped him of his right to vote on governance issues.

[...] Sun alleged that those running World Liberty, including another co-founder, Chase Herro, are using it as a "golden opportunity to leverage the Trump brand to profit through fraud." In his complaint, filed on Tuesday in a San Francisco federal court, Sun argues that initial promises to give token-holders the option to trade the currency in future "were false and misleading." While the tokens at large became tradeable, Sun said World Liberty has blocked him from being able to sell a single one, and is now threatening to "burn" his - deleting them entirely. WLFI said in a post on X: "Does anyone still believe @justinsuntron? Justin's favorite move is playing the victim while making baseless allegations to cover up his own misconduct. Same playbook, different target. WLFI isn't the first. We have the contracts. We have the evidence. We have the truth. See you in court pal."

Bloomberg reports that a small group of unauthorized users gained access to Anthropic's restricted Mythos model through a mix of contractor-linked access and online sleuthing. Anthropic says it is investigating and has no evidence the access extended beyond a third-party vendor environment or affected its own systems. From the report: The users relied on a mix of tactics to get into Mythos. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub. [...] To access Mythos, the group of users made an educated guess about the model's online location based on knowledge about the format Anthropic has used for other models, the person said, adding that such details were revealed in a recent data breach from Mercor, an AI training startup that works with a number of top developers.

Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic's AI models. Bloomberg is not naming the company for security reasons. The group is interested in playing around with new models, not wreaking havoc with them, the person said. The group has not run cybersecurity-related prompts on the Mythos model, the person said, preferring instead to try tasks like building simple websites in an attempt to avoid detection by Anthropic. The person said the group also has access to a slew of other unreleased Anthropic AI models.

An anonymous reader quotes a report from Ars Technica: The US military's massive $1.5 trillion budget request for the next fiscal year includes what Pentagon officials described as the largest investment in drone warfare and counter-drone technology in US history. The proposed spending on drone and autonomous warfare technologies within the FY2027 budget proposal for the US Department of Defense would surpass most countries' defense budgets and rank among the top 10 in the world for military spending, ahead of countries such as Ukraine, South Korea, and Israel.

Specifically, the Pentagon is requesting $53.6 billion to boost US production and procurement of drones, train drone operators, build out a logistics network for sustaining drone deployments, and expand counter-drone systems to defend more US military sites. The funding request is budgeted under the Defense Autonomous Warfare Group (DAWG), an organization established in late 2025 that would see a massive budget increase after receiving about $226 million in the 2026 fiscal year budget.

[...] Another $20.6 billion would help purchase one-way attack drones and drone aircraft developed through the US Air Force's Collaborative Combat Aircraft program, which is building drone prototypes capable of teaming up with human-piloted fighter jets. Part of this funding would also go toward defensive systems for countering small drones and the US Navy's Boeing MQ-25 drone designed to perform midair refueling of carrier-borne fighter aircraft to extend their strike ranges. Such drone-related spending even rivals the entire budget of the US Marine Corps. But the Pentagon has not said that it is creating a dedicated drone branch of the US military similar to the standalone Space Force.

Pentagon officials emphasized that most of the money would go toward procuring drone and autonomous warfare technologies that already exist, and is largely separate from additional funding that would bolster US domestic manufacturing capacity to build such weapon systems. "That $70 billion is all going into existing systems and technologies," said Hurst. "The industrial base support is entirely separate." "The evolution we've seen in the battlefield is this evolution of technologies in the timeframe of weeks, not the typical years we see with our defense production," said Lt. Gen. Steven Whitney, director of force structure, resources, and assessment for the Pentagon's Joint Chiefs of Staff, during a Pentagon press briefing. "So it's really critical we work with industry to get that capability fielded."

Federal authorities are now reviewing a string of deaths and disappearances involving scientists tied to sensitive U.S. aerospace and nuclear work, though officials have not established any confirmed link between the cases. The FBI says it "is spearheading the effort to look for connections into the missing and deceased scientists," adding that it "is working with the Department of Energy, Department of War, and with our state ... and local law enforcement partners to find answers." The Republican-led House Oversight Committee also announced an investigation into the reports. CNN reports: A nuclear physicist and MIT professor fatally shot outside his Massachusetts residence. A retired Air Force general missing from his New Mexico home. An aerospace engineer who disappeared during a hike in Los Angeles. These are among at least 10 individuals connected to sensitive US nuclear and aerospace research who have died or disappeared in recent years, prompting concerns whether they are connected and fueling speculation online about the possibility of nefarious activity. [...]

The Defense Department said only that it would respond to the committee directly, and the Department of Energy referred questions to the White House. In a post on X, NASA said it is "coordinating and cooperating with the relevant agencies" in relation to the scientists. "At this time, nothing related to NASA indicates a national security threat," NASA spokesperson Bethany Stevens said.

The cases vary widely in circumstance. Some involve unsolved homicides, while others are missing persons cases with no signs of foul play. In at least two instances, families have pointed to preexisting medical conditions or personal struggles as explanations. Authorities have not established any links between the cases. The White House said last week it is also working with federal agencies to probe any potential links between the deaths and disappearances, with President Donald Trump referring to the matter as "pretty serious stuff." "The United States has thousands of nuclear scientists and nuclear experts," said Rep. James Walkinshaw, a Democrat who also serves on the Oversight Committee. "It's not the kind of nuclear program that potentially a foreign adversary could significantly impact by targeting 10 individuals."

Further reading: The 'Missing-Scientist' Story Is Unbelievably Dumb

Florida's attorney general has launched a criminal investigation into OpenAI over allegations that the accused gunman in a shooting at Florida State University last year used ChatGPT to help plan the attack. OpenAI says the chatbot is "not responsible for this terrible crime" and only provided factual information available from public sources. NPR reports: The Republican attorney general, James Uthmeier, said at a press conference in Tampa on Tuesday that accused gunman Phoenix Ikner consulted ChatGPT for advice before the shooting, including what type of gun to use, what ammunition went with it, and what time to go to campus to encounter more people, according to an initial review of Ikner's chat logs. "My prosecutors have looked at this and they've told me, if it was a person on the other end of that screen, we would be charging them with murder," Uthmeier said. "We cannot have AI bots that are advising people on how to kill others."

Uthmeier's office is issuing subpoenas to OpenAI seeking information about its policies and internal training materials related to user threats of harm and how it cooperates with and reports crimes to law enforcement, dating back to March 2024. At the press conference, Uthmeier acknowledged the investigation is entering into uncharted territory and is uncertain about whether OpenAI has criminal liability. "We are going to look at who knew what, designed what, or should have done what," he said. "And if it is clear that individuals knew that this type of dangerous behavior might take place, that these types of unfortunate, tragic events might take place, and nevertheless still turned to profit, still allowed this business to operate, then people need to be held accountable."

[...] Ikner, 21, is facing multiple charges of murder and attempted murder for the April 2025 shooting near the student union on FSU's Tallahassee campus, where he was a student at the time. His trial is set to begin on Oct. 19. According to court filings, more than 200 AI messages have been entered into evidence in the case.

An anonymous reader quotes a report from Denver7: Maryland is poised to become the first state in the country to ban "surveillance pricing." The practice refers to companies using a shopper's personal data, such as browsing history, location, or purchasing behavior, to tailor prices to individual customers. The Protection From Predatory Pricing Act, passed this month and sent to the governor for a signature, would prohibit food retailers and third-party delivery services from using the practice. Violations would be treated as deceptive trade practices under state law, with potential fines and lawsuits. While Consumer Reports called the move "encouraging," it warned that the final version contains "loopholes" that don't fully protect consumers. Some of the exemptions noted in the report include "applying the ban only to the use of personal data to set higher prices without establishing a baseline or standard price; exempting pricing tied to loyalty or membership programs, even if prices are higher; and exempting pricing linked to subscriptions or subscription-based services."

Alex Bores, a former Palantir employee and current Democratic House candidate in New York, is proposing an "AI dividend" that would send direct payments to Americans if AI drives major job losses. "At its core, the AI Dividend is simple: if AI dramatically increases productivity and concentrates wealth, the American people have a stake in those gains," a memo on the policy reads. Axios reports: The dividend would fund direct payments to Americans. It would also be invested into workforce training and education, as well as government capacity to "govern AI safely and fund independent oversight," per the plan memo.

"You don't take out fire insurance because you expect your house to burn down -- you have insurance in case something goes awry," Bores told Axios in an interview. "Here we have, for the first time, a technology where the makers of the technology are explicitly saying that their goal is to replace all human labor." "The fact that they've put it out there means government needs to take it seriously." [...]

The proposal would be funded through:
- A token tax, described in the memo as a "modest tax on AI consumption"
- Equity participation in frontier AI firms
- Changes to the tax code that would reduce incentives to invest in AI "when it leads to less work" "If [AI companies] they can support this plan, that would show that they actually believe in what they're putting out there," Bores said. "If they're not doing it, then I think it shows that they're really putting window dressing out there."

Further reading: Palantir Posts Bond Villain Manifesto On X

"After a Supreme Court of the United States ruling in Feb. 2026, many tariffs imposed by the Trump administration were declared illegal because the president overstepped his authority," writes Slashdot reader hcs_$reboot. "As a result, the U.S. government now has to refund a massive amount of money, around $160-170+ billion, paid mainly by importers." According to the New York Times, the administration has now begun accepting refund requests, "surrendering its prized source of revenue -- plus interest." From the report: For some U.S. businesses, the highly anticipated refunds could be substantial, offering critical if belated financial relief. Tariffs are taxes on imports, so the president's trade policies have served as a great burden for companies that rely on foreign goods. Many have had to choose whether to absorb the duties, cut other costs or pass on the expenses to consumers. By Monday morning, those companies can begin to submit documentation to the government to recover what they paid in illegal tariffs.

In a sign of the demand, more than 3,000 businesses, including FedEx and Costco, have already sued the Trump administration in a bid to secure their refunds, with some cases filed even before the Supreme Court's ruling. But only the entities that officially paid the tariffs are eligible to recover that money. That means that the fuller universe of people affected by Mr. Trump's policies -- including millions of Americans who paid higher prices for the products they bought -- are not able to apply for direct relief.

The extent to which consumers realize any gain hinges on whether businesses share the proceeds, something that few have publicly committed to do. Some have started to band together in class-action lawsuits in the hopes of receiving a payout. Many business owners said they weren't sure how easy the tariff refund process would be, particularly given Mr. Trump's stated opposition to returning the money. The administration has suggested that it may be months before companies see any money. Adding to the uncertainty, the White House has declined to say if it might still try to return to court in a bid to halt some or all of the refunds. The money will mostly go to importers and companies, since they were the ones that directly paid the tariffs. While individual refunds with interest could take around 60 to 90 days to process, the overall effort will probably move much more slowly because of how large and complicated it will be.

There are also legal questions around whether companies would have to pass any of that money on to consumers. Slashdot reader AmiMoJo commented: "This is perhaps the biggest transfer of wealth in American history. Most of those companies will just pocket the refund and not pass any of it on to the consumer. If prices go down at all, they won't be back to pre-tariff levels. You paid the tariffs, but you ain't getting the refund."

Axios reports that the NSA is using Anthropic's restricted Mythos Preview model despite the Pentagon insisting the company poses a "supply chain risk." Axios reports: The government's cybersecurity needs appear to be outweighing the Pentagon's feud with Anthropic. The department moved in February to cut off Anthropic and force its vendors to follow suit. That case is ongoing. The military is now broadening its use of Anthropic's tools while simultaneously arguing in court that using those tools threatens U.S. national security.

Two sources said the NSA was using Mythos, while one said the model was also being used more widely within the department. It's unclear how the NSA is currently using Mythos, but other organizations with access to the model are using it predominantly to scan their own environments for exploitable security vulnerabilities.

Anthropic restricted access to Mythos to around 40 organizations, contending that its offensive cyber capabilities were too dangerous to allow for a wider release. Anthropic only announced 12 of those organizations. One source said the NSA was among the unnamed agencies with access. The NSA's counterparts in the U.K. have said they have access to the model through the country's AI Security Institute. Anthropic's CEO met with top U.S. officials on Friday to discuss "opportunities for collaboration," according to a White House spokesperson, "as well as shared approaches and protocols to address the challenges associated with scaling this technology."

"Nevada quietly signed an agreement earlier this year with a company that collects location data from cellphones, allowing police to track a device virtually in real time," reports the Associated Press. "All without a warrant." The software from Fog Data Science, adopted this January in Nevada through a Department of Public Safety contract, pulls information from smartphone apps in order to let state investigators identify the location of mobile devices. The state is allowed more than 250 queries a month using the tool, which allows officers to track a device's location over long stretches of time and enables them to see what Fog calls "patterns of life," according to company documents from 2022. It can help them deduce where and when people work and live, with whom they associate and what places they visit, according to privacy experts... Traditionally, police must obtain a warrant from a judge to access cellphone location information — a process that can take days or weeks. And while cellphone users may be aware that they are sharing their location through apps such as Google Maps, critics say few are aware that such information can make its way to police...

Other agencies in Nevada have been known to use technology similar to Fog. In 2013, Las Vegas Metropolitan Police Department acquired something known as a cell-site simulator that mimics cellphone towers and can sweep up signals from entire areas to track individuals, with some models capable of intercepting texts and calls. Police have not released detailed information about the technology since then.
"Police in other states have said the technology (and its low price tag) has helped expand investigatory capacity," the article adds.

But it also points out that Fog Data Science has a web page letting individuals opt out of all their data sets.

Slashdot reader Bismillah shared this report from ITNews: Research and development engineer Romain Marchand of Paris headquartered Quarkslab obtained a telematic control unit (TCU) from a salvage yard in Poland... Marchand tore down the TCU, which is based on a Qualcomm system on a chip, and extracted the Linux-based file system from the Micron multi-chip package (MCP) which contained NAND-based non-volatile storage memory. The non-volatile storage contained sensitive information, including system configuration data and more importantly, logs that revealed the vehicle's GPS positions over time.

None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What's more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis... The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker's TCU is broadly similar to what can be found in other brands.

Yesterday the U.S. Congress approved "a short-term extension" of a FISA law that allows wiretaps without a warrant for surveilling foreign targets, reports CNN — but only until April 30. Republican congressional leaders had sought an 18-month extension, but "failed to secure" the votes after "clamoring from some of their members for reforms to protect Americans' privacy." The warrantless surveillance law, known as Section 702 of the Foreign Intelligence Surveillance Act, was set to expire on Monday night. Members are hoping the additional time will allow them to come to agreement without ending authorization for the intelligence gathering program, which permits US officials to monitor phone calls and text messages from foreign targets... There was an hour of suspense in the Senate Friday morning when it appeared possible that Democratic Sen. Ron Wyden, a longtime critic of FISA 702, might block the House-passed extension. But ultimately, he said his House colleagues had assured him "this short-term extension makes reform more likely, and expiration makes reform less likely," and so he chose not to object....

House Republican leaders believed Thursday night they had struck a deal with conservative holdouts who harbor deep and longstanding concerns that a key piece of the law infringes on Americans' privacy rights. But in a pair of after-midnight votes, more than a dozen rank-and-file Republicans rejected the long-term reauthorization plan on the floor, which was the result of days of tense negotiations among leadership, lawmakers and the White House.

The law allows authorized US officials to gather phone calls and text messages of foreign targets, but they can also incidentally collect the data of Americans in the process. Senior national security officials have for years said the law is critical for thwarting terror attacks, stemming the flow of fentanyl into the US and stopping ransomware attacks on critical infrastructure. Civil liberties groups on the left and the right, meanwhile, argue the surveillance authority risks infringing on Americans' privacy.