An anonymous reader quotes a report : Washington is joining a growing list of states trying to tear down barriers for consumers who want to repair their electronics rather than buy new ones. Gov. Bob Ferguson last week signed the state's new "Right to Repair" policy, House Bill 1483, into law. It was a yearslong effort to get the law approved. "This is a win for every person in Washington state," said the bill's prime sponsor, Rep. Mia Gregerson, D-SeaTac.

In 2021, the Federal Trade Commission reported that consumers with broken electronics don't have much choice but to replace them because repairs require specialized tools, unique parts and inaccessible proprietary software. And those restrictions, the FTC found, disproportionately burden communities of color and low-income communities. Some companies engage in a practice called "parts pairing" that can make replacing parts of a device impossible. Washington's new law would largely outlaw this tactic.

Starting Jan. 1, 2026, the law will require manufacturers to make tools, parts and documentation needed for diagnostics and maintenance available to independent repair businesses. The requirement applies to digital electronics, like computers, cellphones and appliances, sold in Washington after July 1, 2021. Manufacturers won't be able to use parts that inhibit repairs. The state attorney general's office could enforce violations of the new law under the Consumer Protection Act.

Texas Governor Greg Abbott signed an online child safety bill, bucking a lobbying push from big tech companies that included a personal phone call from from Apple CEO Tim Cook. From a report: The measure requires app stores to verify users' ages and secure parental approval before minors can download most apps or make in-app purchases. The bill drew fire from app store operators such as Google and Apple, which has argued that the legislation threatens the privacy of all users.

The bill was a big enough priority for Apple that Cook called Abbott to emphasize the company's opposition to it, said a person familiar with their discussion, which was first reported by the Wall Street Journal.

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. From a report: "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

"In the 1970s, the USSR used nuclear devices to try to send water from Siberia's rivers flowing south, instead of its natural route north..." remembers the BBC. [T]he Soviet Union simultaneously fired three nuclear devices buried 127m (417ft) underground. The yield of each device was 15 kilotonnes (about the same as the atomic bomb dropped on Hiroshima in 1945). The experiment, codenamed "Taiga", was part of a two-decade long Soviet programme of carrying out peaceful nuclear explosions (PNEs).

In this case, the blasts were supposed to help excavate a massive canal to connect the basin of the Pechora River with that of the Kama, a tributary of the Volga. Such a link would have allowed Soviet scientists to siphon off some of the water destined for the Pechora, and send it southward through the Volga. It would have diverted a significant flow of water destined for the Arctic Ocean to go instead to the hot, heavily populated regions of Central Asia and southern Russia. This was just one of a planned series of gargantuan "river reversals" that were designed to alter the direction of Russia's great Eurasian waterways...

Years later, Leonid Volkov, a scientist involved in preparing the Taiga explosions, recalled the moment of detonation. "The final countdown began: ...3, 2, 1, 0... then fountains of soil and water shot upward," he wrote. "It was an impressive sight." Despite Soviet efforts to minimise the fallout by using a low-fission explosive, which produce fewer atomic fragments, the blasts were detected as far away as the United States and Sweden, whose governments lodged formal complaints, accusing Moscow of violating the Limited Test Ban Treaty...

Ultimately, the nuclear explosions that created Nuclear Lake, one of the few physical traces left of river reversal, were deemed a failure because the crater was not big enough. Although similar PNE canal excavation tests were planned, they were never carried out. In 2024, the leader of a scientific expedition to the lake announced radiation levels were normal.
"Perhaps the final nail in the coffin was the Chernobyl nuclear disaster in 1986, which not only consumed a huge amount of money, but pushed environmental concerns up the political agenda," the article notes.

"Four months after the Number Four Reactor at the Chernobyl Nuclear Power Plant exploded, Soviet Premier Mikhail Gorbachev cancelled the river reversal project."

And a Russian blogger who travelled to Nuclear Lake in the summer of 2024 told the BBC that nearly 50 years later, there were some places where the radiation was still significantly elevated.

"In large, companies failed to self-regulate," writes long-time Slashdot reader BrendaEM: They have not been respected the individual's right to privacy. In software and web interfaces, companies have buried their privacy setting so deep that they cannot be found in a reasonable amount of time, or an unreasonable amount of steps are needed to attempt to retain data. These companies have taken away the individual's right to privacy --by default.

Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?

And do we need opt-out-by-defaut privacy laws?

Longtime Slashdot reader sinij shares a press release from the White House, outlining a series of executive orders that overhaul the Nuclear Regulatory Commission and speed up deployment of new nuclear power reactions in the U.S.. From a report: The NRC is a 50-year-old, independent agency that regulates the nation's fleet of nuclear reactors. Trump's orders call for a "total and complete reform" of the agency, a senior White House official told reporters in a briefing. Under the new rules, the commission will be forced to decide on nuclear reactor licenses within 18 months. Trump said Friday the orders focus on small, advanced reactors that are viewed by many in the industry as the future. But the president also said his administration supports building large plants. "We're also talking about the big plants -- the very, very big, the biggest," Trump said. "We're going to be doing them also."

When asked whether NRC reform will result in staff reductions, the White House official said "there will be turnover and changes in roles." "Total reduction in staff is undetermined at this point, but the executive orders do call for a substantial reorganization" of the agency, the official said. The orders, however, will not remove or replace any of the five commissioners who lead the body, according to the White House. Any reduction in staff at the NRC would come at time when the commission faces a heavy workload. The agency is currently reviewing whether two mothballed nuclear plants, Palisades in Michigan and Three Mile Island in Pennsylvania, should restart operations, a historic and unprecedented process. [...]

Trump's orders also create a regulatory framework for the Departments of Energy and Defense to build nuclear reactors on federal land, the administration official said. "This allows for safe and reliable nuclear energy to power and operate critical defense facilities and AI data centers," the official told reporters. The NRC will not have a direct role, as the departments will use separate authorities under their control to authorize reactor construction for national security purposes, the official said. The president's orders also aim to jump start the mining of uranium in the U.S. and expand domestic uranium enrichment capacity, the official said. Trump's actions also aim to speed up reactor testing at the Department of Energy's national laboratories.

The U.S. unsealed charges against 16 individuals behind DanaBot, a malware-as-a-service platform responsible for over $50 million in global losses. "The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware," reports KrebsOnSecurity. From the report: Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and $4,000 a month for access to the information stealer platform. The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million. The ringleaders of the DanaBot conspiracy are named as Aleksandr Stepanov, 39, a.k.a. "JimmBee," and Artem Aleksandrovich Kalinkin, 34, a.k.a. "Onix," both of Novosibirsk, Russia. Kalinkin is an IT engineer for the Russian state-owned energy giant Gazprom. His Facebook profile name is "Maffiozi."

According to the FBI, there were at least two major versions of DanaBot; the first was sold between 2018 and June 2020, when the malware stopped being offered on Russian cybercrime forums. The government alleges that the second version of DanaBot -- emerging in January 2021 -- was provided to co-conspirators for use in targeting military, diplomatic and non-governmental organization computers in several countries, including the United States, Belarus, the United Kingdom, Germany, and Russia. The indictment says the FBI in 2022 seized servers used by the DanaBot authors to control their malware, as well as the servers that stored stolen victim data. The government said the server data also show numerous instances in which the DanaBot defendants infected their own PCs, resulting in their credential data being uploaded to stolen data repositories that were seized by the feds.

"In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the criminal complaint reads. "In other cases, the infections seemed to be inadvertent -- one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." A statement from the DOJ says that as part of today's operation, agents with the Defense Criminal Investigative Service (DCIS) seized the DanaBot control servers, including dozens of virtual servers hosted in the United States. The government says it is now working with industry partners to notify DanaBot victims and help remediate infections. The statement credits a number of security firms with providing assistance to the government, including ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Team CYRMU, and ZScaler.

An anonymous reader quotes a report from Ars Technica: Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

"What makes this campaign particularly concerning is the diversity of attack vectors -- from subtle data corruption to aggressive system shutdowns and file deletion," Pandya wrote. "The packages were designed to target different parts of the JavaScript ecosystem with varied tactics." [...] Some of the payloads were limited to detonate only on specific dates in 2023, but in some cases a phase that was scheduled to begin in July of that year was given no termination date. Pandya said that means the threat remains persistent, although in an email he also wrote: "Since all activation dates have passed (June 2023-August 2024), any developer following normal package usage today would immediately trigger destructive payloads including system shutdowns, file deletion, and JavaScript prototype corruption." The list of malicious packages included js-bomb, js-hood, vite-plugin-bomb-extend, vite-plugin-bomb, vite-plugin-react-extend, vite-plugin-vue-extend, vue-plugin-bomb, and quill-image-downloader.

The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. From a report: The new proposal was announced by the chairman of the State Duma, Vyacheslav Volodin, who presented it as a measure to tackle migrant crimes. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," stated Volodin.

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location, fingerprint, face photograph, real-time geo-location monitoring.

BrianFagioli writes: Signal has officially had enough, folks. You see, the privacy-first messaging app is going on the offensive, declaring war on Microsoft's invasive Recall feature by enabling a new "Screen security" setting by default on Windows 11. This move is designed to block Microsoft's AI-powered screenshot tool from capturing your private chats.

If you aren't aware, Recall was first unveiled a year ago as part of Microsoft's Copilot+ PC push. The feature quietly took screenshots of everything happening on your computer, every few seconds, storing them in a searchable timeline. Microsoft claimed it would help users "remember" what they've done. Critics called it creepy. Security experts called it dangerous. The backlash was so fierce that Microsoft pulled the feature before launch.

But now, in a move nobody asked for, Recall is sadly back. And thankfully, Signal isn't waiting around this time. The team has activated a Windows 11-specific DRM flag that completely blacks out Signal's chat window when a screenshot is attempted. If you've ever tried to screen grab a streaming movie, you'll know the result: nothing but black.

Three teenagers nearly escaped prosecution for a 2020 house fire that killed five people until Denver police discovered a novel investigative technique: requesting Google search histories for specific terms. Kevin Bui, Gavin Seymour, and Dillon Siebert had burned down a house in Green Valley Ranch, mistakenly targeting innocent Senegalese immigrants after Bui used Apple's Find My feature to track his stolen phone to the wrong address.

The August 2020 arson killed a family of five, including a toddler and infant. For months, detectives Neil Baker and Ernest Sandoval had no viable leads despite security footage showing three masked figures. Traditional methods -- cell tower data, geofence warrants, and hundreds of tips -- yielded nothing concrete. The breakthrough came when another detective suggested Google might have records of anyone searching the address beforehand.

Police obtained a reverse keyword search warrant requesting all users who had searched variations of "5312 Truckee Street" in the 15 days before the fire. Google provided 61 matching devices. Cross-referencing with earlier cell tower data revealed the three suspects, who had collectively searched the address dozens of times, including floor plans on Zillow.

The SEC on Wednesday said it has charged cryptocurrency startup Unicoin and three of its top executives for false and misleading statements that raised more than $100 million from thousands of investors. "We allege that Unicoin and its executives exploited thousands of investors with fictitious promises that its tokens, when issued, would be backed by real-world assets including an international portfolio of valuable real estate holdings," said Mark Cave, Associate Director in the SEC's Division of Enforcement. "But as we allege, the real estate assets were worth a mere fraction of what the company claimed, and the majority of the company's sales of rights certificates were illusory. Unicoin's most senior executives are alleged to have perpetuated the fraud, and today's action seeks accountability for their conduct." From the release: The SEC alleges that Unicoin broadly marketed rights certificates to the public through extensive promotional efforts, including advertisements in major airports, on thousands of New York City taxis, and on television and social media. Among other things, Unicoin and its executives are alleged to have convinced more than 5,000 investors to purchase rights certificates through false and misleading statements that portrayed them as investments in safe, stable, and profitable "next generation" crypto assets, including claims that:

- Unicoin tokens underlying the rights certificates were "asset-backed" by billions of dollars of real estate and equity interests in pre-IPO companies, when Unicoin's assets were never worth more than a small fraction of that amount;
- the company had sold more than $3 billion in rights certificates, when it raised no more than $110 million; and
- the rights certificates and Unicoin tokens were "SEC-registered" or "U.S. registered" when they were not.

According to the SEC's complaint, Unicoin and Konanykhin also violated the federal securities laws by engaging in unregistered offers and sales of rights certificates. Konanykhin offered and sold over 37.9 million of his rights certificates to offer better pricing and target investors the company had prohibited from participating in the offering to avoid jeopardizing its exemption to registration requirements, as alleged.

Quebec Culture Minister Mathieu Lacombe has introduced Bill 109, which would require streaming platforms like Netflix and Spotify to feature and prioritize French-language content. CBC.ca reports: Bill 109 has been in the works for over a year. It marks the first time that Quebec would set a "visibility quota" for French-language content on major streaming platforms such as Netflix, Disney and Spotify. [...] The legislation, titled An Act to affirm the cultural sovereignty of Quebec and to enact the Act respecting the discoverability of French-language cultural content in the digital environment, would apply to every digital platform that offers a service for watching videos or listening to music and audiobooks online. Those include Canadian platforms such as Illico, Crave and Tou.tv. It would amend the Quebec Charter of Human Rights and Freedoms to enshrine "the right to discoverability of and access to original French-language cultural content."

If the bill is adopted, streaming platforms and television manufacturers would be forced to present interfaces for screening online videos in French by default. Those interfaces would need to provide access to platforms that offer original French-language cultural content based on the government's pending criteria. Financial penalties would be imposed on companies that don't follow the rules. If the business models of some companies prevent them from keeping to the letter of the proposed law, companies would be allowed to enter into an agreement with the Quebec government to set out "substitute measures" to fulfil Bill 109 obligations differently. "We don't want to exempt them. We're telling them, 'let's negotiate substitute measures,'" Lacombe told reporters.

An anonymous reader quotes a report from The Guardian: Hacked AI-powered chatbots threaten to make dangerous knowledge readily available by churning out illicit information the programs absorb during training, researchers say. [...] In a report on the threat, the researchers conclude that it is easy to trick most AI-driven chatbots into generating harmful and illegal information, showing that the risk is "immediate, tangible and deeply concerning." "What was once restricted to state actors or organised crime groups may soon be in the hands of anyone with a laptop or even a mobile phone," the authors warn.

The research, led by Prof Lior Rokach and Dr Michael Fire at Ben Gurion University of the Negev in Israel, identified a growing threat from "dark LLMs", AI models that are either deliberately designed without safety controls or modified through jailbreaks. Some are openly advertised online as having "no ethical guardrails" and being willing to assist with illegal activities such as cybercrime and fraud. [...] To demonstrate the problem, the researchers developed a universal jailbreak that compromised multiple leading chatbots, enabling them to answer questions that should normally be refused. Once compromised, the LLMs consistently generated responses to almost any query, the report states.

"It was shocking to see what this system of knowledge consists of," Fire said. Examples included how to hack computer networks or make drugs, and step-by-step instructions for other criminal activities. "What sets this threat apart from previous technological risks is its unprecedented combination of accessibility, scalability and adaptability," Rokach added. The researchers contacted leading providers of LLMs to alert them to the universal jailbreak but said the response was "underwhelming." Several companies failed to respond, while others said jailbreak attacks fell outside the scope of bounty programs, which reward ethical hackers for flagging software vulnerabilities.

A Massachusetts man has agreed to plead guilty to hacking into one of the top education tech companies in the United States and stealing tens of millions of schoolchildren's personal information for profit. From a report: Matthew Lane, 19, of Worcester County, Massachusetts, signed a plea agreement related to charges connected to a major hack on an educational technology company last year, as well as another company, according to court documents published Tuesday.

While the documents refer to the education company only as "Victim-2" and the U.S. attorney's office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children's sensitive data to date.

According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee's stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.

An anonymous reader quotes a report from Decrypt: The founder of online news publication TechCrunch has claimed that Coinbase's recent data breach "will lead to people dying," amid a wave of kidnap attempts targeting high-net-worth crypto holders. TechCrunch founder and venture capitalist Michael Arrington added that this should be a point of reflection for regulators to re-think the importance of know-your-customer (KYC), a process that requires users to confirm their identity to a platform. He also called for prison time for executives that fail to "adequately protect" customer information.

"This hack -- which includes home addresses and account balances -- will lead to people dying. It probably has already," he tweeted. "The human cost, denominated in misery, is much larger than the $400 million or so they think it will actually cost the company to reimburse people." [...] He believes that people are in immediate physical danger following the breach, which exposed data including names, addresses, phone numbers, emails, government-ID images, and more.

Arrington believes that in the wake of these attacks, crypto companies that handle user data need to be much more careful than they currently are. "Combining these KYC laws with corporate profit maximization and lax laws on penalties for hacks like these means these issues will continue to happen," he tweeted. "Both governments and corporations need to step up to stop this. As I said, the cost can only be measured in human suffering." Former Coinbase chief technology officer Balaji Srinivasan pushed back on Arrington's position that executives should be punished, arguing that regulators are forcing KYC onto unwilling companies. "When enough people die, the laws may change," Arrington hit back.

French authorities have denied Telegram founder Pavel Durov's request to travel to the U.S. for "negotiations with investment funds." From a report: The Paris prosecutor's office told POLITICO that it rendered its decision on May 12 "on the grounds that such a trip abroad did not appear imperative or justified."

Durov was arrested in August 2024 at a French airport and has been under strict legal control since last September, when he was indicted on six charges related to illicit activity on the messaging app he operates. He is forbidden to leave France without authorization -- which he obtained to travel to Dubai from March 15 to April 7, the prosecutor's office said. Russian-born Durov is a citizen, among other countries, of France and the United Arab Emirates.

Regeneron Pharmaceuticals is acquiring most of 23andMe's assets for $256 million. The sale includes 23andMe's Personal Genome Service, Total Health and Research Services business lines. What's not included is 23andMe's telehealth unit, Lemonaid Health, which the company acquired for around $400 million in 2021. It'll be shut down, but all staffers will remain employed. CNBC reports: The deal is still subject to approval by the U.S. Bankruptcy Court for the Eastern District of Missouri. Pending approval, it's expected to close in the third quarter of this year, according to the release. In its bankruptcy proceedings, 23andMe required all bidders to comply with its privacy policies, and a court-appointed, independent "Consumer Privacy Ombudsman" will assess the deal, the companies said.

Several lawmakers and officials, including the Federal Trade Commission, had expressed concerns about the safety of consumers' genetic data through 23andMe's sale process. The privacy ombudsman will present a report on the acquisition to the court by June 10. "We are pleased to have reached a transaction that maximizes the value of the business and enables the mission of 23andMe to live on, while maintaining critical protections around customer privacy, choice and consent with respect to their genetic data," Mark Jensen, 23andMe's board chair, said in a statement. "At its peak, 23andMe was valued at around $6 billion," notes the report.

New submitter optical_phiber writes: In March 2025, the New South Wales (NSW) Department of Education discovered that Microsoft Teams had begun collecting students' voice and facial biometric data without their prior knowledge. This occurred after Microsoft enabled a Teams feature called 'voice and face enrollment' by default, which creates biometric profiles to enhance meeting experiences and transcriptions via its CoPilot AI tool.

The NSW department learned of the data collection a month after it began and promptly disabled the feature and deleted the data within 24 hours. However, the department did not disclose how many individuals were affected or whether they were notified. Despite Microsoft's policy of retaining data only while the user is enrolled and deleting it within 90 days of account deletion, privacy experts have raised serious concerns. Rys Farthing of Reset Tech Australia criticized the unnecessary collection of children's data, warning of the long-term risks and calling for stronger protections.