Signal President Meredith Whittaker warned at SXSW that agentic AI poses significant privacy and security risks, as these AI agents require extensive access to users' personal data, likely processing it unencrypted in the cloud. TechCrunch reports: "So we can just put our brain in a jar because the thing is doing that and we don't have to touch it, right?," Whittaker mused. Then she explained the type of access the AI agent would need to perform these tasks, including access to our web browser and a way to drive it as well as access to our credit card information to pay for tickets, our calendar, and messaging app to send the text to your friends. "It would need to be able to drive that [process] across our entire system with something that looks like root permission, accessing every single one of those databases -- probably in the clear, because there's no model to do that encrypted," Whittaker warned.

"And if we're talking about a sufficiently powerful ... AI model that's powering that, there's no way that's happening on device," she continued. "That's almost certainly being sent to a cloud server where it's being processed and sent back. So there's a profound issue with security and privacy that is haunting this hype around agents, and that is ultimately threatening to break the blood-brain barrier between the application layer and the OS layer by conjoining all of these separate services [and] muddying their data," Whittaker concluded.

If a messaging app like Signal were to integrate with AI agents, it would undermine the privacy of your messages, she said. The agent has to access the app to text your friends and also pull data back to summarize those texts. Her comments followed remarks she made earlier during the panel on how the AI industry had been built on a surveillance model with mass data collection. She said that the "bigger is better AI paradigm" -- meaning the more data, the better -- had potential consequences that she didn't think were good. With agentic AI, Whittaker warned we'd further undermine privacy and security in the name of a "magic genie bot that's going to take care of the exigencies of life," she concluded. You can watch the full speech on YouTube.

An anonymous reader quotes a report from Ars Technica: A 37-year-old Tennessee man was arrested Thursday, accused of stealing Blu-rays and DVDs from a manufacturing and distribution company used by major movie studios and sharing them online before the movies' scheduled release dates. According to a US Department of Justice press release, Steven Hale worked at the DVD company and allegedly stole "numerous 'pre-release' DVDs and Blu-rays" between February 2021 and March 2022. He then allegedly "ripped" the movies, "bypassing encryption that prevents unauthorized copying" and shared copies widely online. He also supposedly sold the actual stolen discs on e-commerce sites, the DOJ alleged.

Hale has been charged with "two counts of criminal copyright infringement and one count of interstate transportation of stolen goods," the DOJ said. He faces a maximum sentence of five years for the former, and 10 years for the latter. Among blockbuster movies that Hale is accused of stealing are Dune, F9: The Fast Saga, Venom: Let There Be Carnage, Godzilla v. Kong, and, perhaps most notably, Spider-Man: No Way Home. The DOJ claimed that "copies of Spider-Man: No Way Home were downloaded tens of millions of times, with an estimated loss to the copyright owner of tens of millions of dollars."

President Trump has signed an executive order to establish a strategic reserve of cryptocurrencies by using tokens already owned by the government. Reuters reports: A "Strategic Bitcoin Reserve" will be capitalized with bitcoin owned by the federal government that was seized as part of criminal or civil asset forfeiture proceedings, the White House crypto czar, billionaire David Sacks, said in a post on social media platform X. The order kept open the possibility of the government buying bitcoin in future. The U.S. commerce and treasury secretaries "are authorized to develop budget-neutral strategies for acquiring additional bitcoin, provided that those strategies impose no incremental costs on American taxpayers," a factsheet on the White House website said. "This is the most underwhelming and disappointing outcome we could have expected for this week," Charles Edwards, founder of bitcoin-focused hedge fund Capriole Investments, wrote in a post on X. "No active buying means this is just a fancy title for Bitcoin holdings that already existed with the Govt. This is a pig in lipstick."

An anonymous reader quotes a report from Ars Technica: On Thursday, music labels sought to add nearly 500 more sound recordings to a lawsuit accusing the Internet Archive (IA) of mass copyright infringement through its Great 78 Project, which seeks to digitize all 3 million three-minute recordings published on 78 revolutions-per-minute (RPM) records from about 1898 to the 1950s. If the labels' proposed second amended complaint is accepted by the court, damages sought in the case -- which some already feared could financially ruin IA and shut it down for good -- could increase to almost $700 million. (Initially, the labels sought about $400 million in damages.) IA did not respond to Ars' request for comment, but the filing noted that IA has not consented to music labels' motion to amend their complaint. [...]

Some sound recording archivists and historians also continue to defend the Great 78 Project as a critical digitization effort at a time when quality of physical 78 RPM records is degrading and the records themselves are becoming obsolete, with very few libraries even maintaining equipment to play back the limited collections that are available in physical archives. They push back on labels' claims that commercially available Spotify streams are comparable to the Great 78 Project's digitized recordings, insisting that sound history can be lost when obscure recordings are controlled by rights holders who don't make them commercially available. [...] David Seubert, who manages sound collections at the University of California, Santa Barbara library, told Ars that he frequently used the project as an archive and not just to listen to the recordings.

For Seubert, the videos that IA records of the 78 RPM albums capture more than audio of a certain era. Researchers like him want to look at the label, check out the copyright information, and note the catalogue numbers, he said. "It has all this information there," Seubert said. "I don't even necessarily need to hear it," he continued, adding, "just seeing the physicality of it, it's like, 'Okay, now I know more about this record.'" [...] Nathan Georgitis, the executive director of the Association for Recorded Sound Collections (ARSC), told Ars that you just don't see 78 RPM records out in the world anymore. Even in record stores selling used vinyl, these recordings will be hidden "in a few boxes under the table behind the tablecloth," Georgitis suggested. And in "many" cases, "the problem for libraries and archives is that those recordings aren't necessarily commercially available for re-release."

That "means that those recordings, those artists, the repertoire, the recorded sound history in itself -- meaning the labels, the producers, the printings -- all of that history kind of gets obscured from view," Georgitis said. Currently, libraries trying to preserve this history must control access to audio collections, Georgitis said. He sees IA's work with the Great 78 Project as a legitimate archive in that, unlike a streaming service, where content may be inconsistently available, IA's "mission is to preserve and provide access to content over time." "That 'over time' part is really the key function, I think, that distinguishes an archive from maybe a streaming service in a way," Georgitis said. "The Internet Archive is not hurting the revenue of the recording industry at all," Seubert suggested. "It has no impact on their revenue." Instead, he suspects that labels' lawsuit is "somehow vindictive," because the labels perhaps "don't like the Internet Archive's way of pushing the envelope on copyright and fair use."

"There are people who, like the founder of the Internet Archive, want to push that envelope, and the media conglomerates want to push back in the other direction," Seubert said.

An anonymous reader quotes a report from The Verge: DuckDuckGo has big plans for embedding AI into its search engine. The privacy-focused company just announced that its AI-generated answers, which appear for certain queries on its search engine, have exited beta and now source information from across the web -- not just Wikipedia. It will soon integrate web search within its AI chatbot, which has also exited beta. DuckDuckGo first launched AI-assisted answers -- originally called DuckAssist -- in 2023. The feature is billed as a less obnoxious version of tools like Google's AI Overviews, designed to offer more concise responses and let you adjust how often you see them, including turning the responses off entirely. If you have DuckDuckGo's AI-generated answers set to "often," you'll still only see them around 20 percent of the time, though the company plans on increasing the frequency eventually.

Some of DuckDuckGo's AI-assisted answers bring up a box for follow-up questions, redirecting you to a conversation with its Duck.ai chatbot. As is the case with its AI-assisted answers, you don't need an account to use Duck.ai, and it comes with the same emphasis on privacy. It lets you toggle between GPT-4o mini, o3-mini, Llama 3.3, Mistral Small 3, and Claude 3 Haiku, with the advantage being that you can interact with each model anonymously by hiding your IP address. DuckDuckGo also has agreements with the AI company behind each model to ensure your data isn't used for training.

Duck.ai also rolled out a feature called Recent Chats, which stores your previous conversations locally on your device rather than on DuckDuckGo's servers. Though Duck.ai is also leaving beta, that doesn't mean the flow of new features will stop. In the next few weeks, Duck.ai will add support for web search, which should enhance its ability to respond to questions. The company is also working on adding voice interaction on iPhone and Android, along with the ability to upload images and ask questions about them. ... [W]hile Duck.ai will always remain free, the company is considering including access to more advanced AI models with its $9.99 per month subscription.

The U.S. Citizenship and Immigration Services (USCIS) is proposing to expand mandatory social media screening, currently required only for new arrivals, to include all non-citizens already residing in the U.S. who apply for immigration benefits. The Register reports: Back in 2019, the Department of Homeland Security, which runs USCIS, decided anyone looking to enter the US on a work visa or similar had to hand over their social media handles to the authorities so that they could be looked over for wrongdoing and subversion. In fact, this goes back to 2014, at least, to one degree or another, and has been standard procedure for years for foreigners, particularly those coming in on a visa. [...]

On January 20 this year, President Trump signed an executive order calling for much tougher vetting of foreign aliens, and in response, USCIS has proposed rules saying those already in the country who are going through some process with the agency -- such as applying for permanent residency or citizenship -- will have their social media scanned for subversion. That means if you came to America before foreigners' internet presence was screened as it now is, and you're now seeking some kind of immigration benefit, at this rate you'll be subject to the same scanning as those entering the Land of the Free today. The proposed changes have a 60-day comment period for the public to suggest amendments. The last day to send them in is May 5.

An anonymous reader quotes a report from Reuters: The U.S. House Judiciary Committee subpoenaed Alphabet on Thursday seeking its communications with former President Joe Biden's administration about content moderation policies. House Judiciary Committee Chairman Jim Jordan, a Republican, also asked the YouTube parent company for similar communications with companies and groups outside government, according to a copy of the subpoena seen by Reuters. The subpoena seeks communications about limits or bans on content about President Donald Trump, Tesla CEO and close Trump ally Elon Musk, the virus that causes COVID-19 and a host of other conservative discussion topics. "Alphabet, to our knowledge, has not similarly disavowed the Biden-Harris Administration's attempts to censor speech," Jordan said in a letter.

Meanwhile, Google spokesperson Jose Castaneda said the company will "continue to show the committee how we enforce our policies independently, rooted in our commitment to free expression."

1Password has introduced a 'nearby items' feature, allowing users to tag credentials with physical locations so the relevant information automatically surfaces when users are near those locations. Engadget reports: Location information can be added to any new or existing item in a 1Password vault. The app has also been updated with a map view for setting and viewing the locations of your items. In the blog post announcing the feature, the company cited examples such as door codes for a workplace, health records at a doctor's office, WiFi access at the gym and rewards membership information for local shops as potential uses for location data.

Privacy and security are paramount for a password manager, and 1Password confirmed that a user's location coordinates are only used locally and do not leave the device. Nearby items is available to 1Password customers starting today.

An anonymous reader quotes a report from Ars Technica: The Trump administration is eliminating a preference for fiber Internet in a $42.45 billion broadband deployment program, a change that is expected to reduce spending on the most advanced wired networks while directing more money to Starlink and other non-fiber Internet service providers. One report suggests Starlink could obtain $10 billion to $20 billion under the new rules. Secretary of Commerce Howard Lutnick criticized the Biden administration's handling of the Broadband Equity, Access, and Deployment (BEAD) program in a statement yesterday. Lutnick said that "because of the prior Administration's woke mandates, favoritism towards certain technologies, and burdensome regulations, the program has not connected a single person to the Internet and is in dire need of a readjustment."

The BEAD program was authorized by Congress in November 2021, and the US was finalizing plans to distribute funding before Trump's inauguration. The National Telecommunications and Information Administration (NTIA), part of the Commerce Department, developed rules for the program in the Biden era and approved initial funding plans submitted by every state and territory. The program has been on hold since the change in administration, with Senator Ted Cruz (R-Texas) and other Republicans seeking rule changes. In addition to demanding an end to the fiber preference, Cruz wants to kill a requirement that ISPs receiving network-construction subsidies provide cheap broadband to people with low incomes. Cruz also criticized "unionized workforce and DEI labor requirements; climate change assessments; excessive per-location costs; and other central planning mandates."

Lutnick's statement yesterday confirmed that the Trump administration will end the fiber preference and replace it with a "tech-neutral" set of rules, and explore additional changes. He said: "Under my leadership, the Commerce Department has launched a rigorous review of the BEAD program. The Department is ripping out the Biden Administration's pointless requirements. It is revamping the BEAD program to take a tech-neutral approach that is rigorously driven by outcomes, so states can provide Internet access for the lowest cost. Additionally, the Department is exploring ways to cut government red tape that slows down infrastructure construction. We will work with states and territories to quickly get rid of the delays and the waste. Thereafter we will move quickly to implementation in order to get households connected." Lutnick said the department's goal is to "deliver high-speed Internet access... efficiently and effectively at the lowest cost to taxpayers."

India's income tax department will gain powers to access citizens' social media accounts, emails and other digital spaces beginning April 2026 under the new income tax bill, in a significant expansion of its search and seizure authority.

The legislation, which has raised privacy concerns among legal experts, allows tax officers to "gain access by overriding the access code" to computer systems and "virtual digital spaces" if they suspect tax evasion.

The bill broadly defines virtual digital spaces to include email servers, social media accounts, online investment accounts, banking platforms, and cloud servers.

"The expansion raises significant concerns regarding constitutional validity, potential state overreach, and practical enforcement," Sonam Chandwani, Managing Partner at KS Legal and Associates, told Indian newspaper Economic Times.

Nintendo has trumpeted its latest legal success in the company's ongoing fight against pirated games as "significant" not only for itself, "but for the entire games industry." From a report: The Mario maker today confirmed it had won a final victory over French file-sharing company Dstorage, which operates the website 1fichier.com, following years of legal wrangling and repeated appeals. Nintendo's victory means European file-sharing companies must now remove illegal copies of games when asked to do so, or be held accountable and cough up potentially sizable fines as punishment.

In 2021, the Judicial Court of Paris ordered Dstorage pay Nintendo $1 million in damages after it was found to be hosting pirate games. Dstorage launched an appeal, which then failed in 2023, and was ordered to pay Nintendo further costs. But the case didn't end there. Dstorage finally took the matter to the highest French judiciary court, where it argued that a specific court order was required before it needed to remove content from its hosting services. This bid has also now failed, ending the long-running matter for good.

An anonymous reader quotes a report from 404 Media: After a group of attorneys were caught using AI to cite cases that didn't actually exist in court documents last month, another lawyer was told to pay $15,000 for his own AI hallucinations that showed up in several briefs. Attorney Rafael Ramirez, who represented a company called HoosierVac in an ongoing case where the Mid Central Operating Engineers Health and Welfare Fund claims the company is failing to allow the union a full audit of its books and records, filed a brief in October 2024 that cited a case the judge wasn't able to locate. Ramirez "acknowledge[d] that the referenced citation was in error," withdrew the citation, and "apologized to the court and opposing counsel for the confusion," according to Judge Mark Dinsmore, U.S. Magistrate Judge for the Southern District of Indiana. But that wasn't the end of it. An "exhaustive review" of Ramirez's other filings in the case showed that he'd included made-up cases in two other briefs, too. [...]

In January, as part of a separate case against a hoverboard manufacturer and Walmart seeking damages for an allegedly faulty lithium battery, attorneys filed court documents that cited a series of cases that don't exist. In February, U.S. District Judge Kelly demanded they explain why they shouldn't be sanctioned for referencing eight non-existent cases. The attorneys contritely admitted to using AI to generate the cases without catching the errors, and called it a "cautionary tale" for the rest of the legal world. Last week, Judge Rankin issued sanctions on those attorneys, according to new records, including revoking one of the attorneys' pro hac vice admission (a legal term meaning a lawyer can temporarily practice in a jurisdiction where they're not licensed) and removed him from the case, and the three other attorneys on the case were fined between $1,000 and $3,000 each. The judge in the Ramirez case said that he "does not aim to suggest that AI is inherently bad or that its use by lawyers should be forbidden." In fact, he noted that he's a vocal advocate for the use of technology in the legal profession.

"Nevertheless, much like a chain saw or other useful [but] potentially dangerous tools, one must understand the tools they are using and use those tools with caution," he wrote. "It should go without saying that any use of artificial intelligence must be consistent with counsel's ethical and professional obligations. In other words, the use of artificial intelligence must be accompanied by the application of actual intelligence in its execution."

CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.

Despite a January announcement that America would explore the idea of a national digital asset stockpile, the exact cryptocurrecies weren't specified. Today on social media the president posted that it would include bitcoin, ether, XRP, Solana's SOL token and Cardano's ADA, reports CNBC — prompting a Sunday rally in cryptocurrencies trading. XRP surged 33% after the announcement while the token tied to Solana jumped 22%. Cardano's coin soared more than 60%. Bitcoin rose 10% to $94,425.29, after dipping to a three-month low under $80,000 on Friday. Ether, which has suffered some of the biggest losses in crypto year-to-date, gained 12%... This is the first time Trump has specified his support for a crypto "reserve" versus a "stockpile." While the former assumes actively buying crypto in regular installments, a stockpile would simply not sell any of the crypto currently held by the U.S. government.
"The total cryptocurrency market has risen about 10%," reports Reuters, "or more than $300 billion, in the hours since Trump's announcement, according to CoinGecko, a cryptocurrency data and analysis company."

"A U.S. Crypto Reserve will elevate this critical industry..." the president posted, promising to "make sure the U.S. is the Crypto Capital of the World," reports The Hill: His announcement comes just after the White House announced it would be welcoming cryptocurrency industry professionals on March 7 in a first-of-its-kind summit... It's unclear what exactly Trump's crypto reserve would look like, and while he previously dismissed crypto as a scam, he's embraced the industry throughout his most recent campaign.

A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News.

Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... The package is designed to log into Deezer, harvest track metadata, request full-length streaming URLs, and download complete audio files in clear violation of Deezer's API terms... [I]t orchestrates a distributed piracy operation by leveraging both user-supplied and hardcoded Deezer credentials to create sessions with Deezer's API. This approach enables full access to track metadata and the decryption tokens required to generate full-length track URLs.

Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation. In doing so, automslc exposes critical track details — including Deezer IDs, International Standard Recording Codes, track titles, and internal tokens like MD5_ORIGIN (a hash used in generating decryption URLs) — which, when collected en masse, can be used to reassemble full track URLs and facilitate unauthorized downloads...

Even if a user pays for access to the service, the content is licensed, not owned. The automslc package circumvents licensing restrictions by enabling downloads and potential redistribution, which is outside the bounds of fair use...
"The malicious package was initially published in 2019, and its popularity (over 100,000 downloads) indicates wide distribution..."

NBC News reports that Utah could make history as America's first state to ban fluoride in public water systems — even though major medical associations supporting water fluoridation: If signed into law [by the governor], HB0081 would prevent any individual or political subdivision from adding fluoride "to water in or intended for public water systems..." A report published recently in JAMA Pediatrics found a statistically significant association between higher fluoride exposure and lower children's IQ scores — but the researchers did not suggest that fluoride should be removed from drinking water. According to the report's authors, most of the 74 studies they reviewed were low-quality and done in countries other than the United States, such as China, where fluoride levels tend to be much higher, the researchers noted.

An Australian study published last year found no link between early childhood exposure to fluoride and negative cognitive neurodevelopment. Researchers actually found a slightly higher IQ in kids who consistently drank fluoridated water. The levels in Australia are consistent with U.S. recommendations.

Major public health groups, including the American Academy of Pediatrics, the American Dental Association and the CDC — which says drinking fluoridated water keeps teeth strong and reduces cavities — support adding fluoride to water.
The article notes that since 2010 over 150 U.S. towns or counties have voted to keep fluoride out of public water systems or to stop adding it to their water (according to the anti-fluoride group "Fluoride Action Network"). But this week the American Dental Association (representing 159,000 members) urged Utah's governor not to become " the only state to end this preventive health practice that has been in place for over three quarters of a century."

Thanks to Slashdot reader fjo3 for sharing the news.

"We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla explained Wednesday in a clarification a recent Terms of Use update. "Without it, we couldn't use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

But Friday they went further, and revised those new Terms of Use "to more clearly reflect the limited scope of how Mozilla interacts with user data," according to a Mozilla blog post. More details from the Verge: The particular language that drew criticism was:

"When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox."

That language has been removed. Now, the language in the terms says:

"You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content...."

Friday's post additionally provides some context about why the company has "stepped away from making blanket claims that 'We never sell your data.'" Mozilla says that "in some places, the LEGAL definition of 'sale of data' is broad and evolving," and that "the competing interpretations of do-not-sell requirements does leave many businesses uncertain about their exact obligations and whether or not they're considered to be 'selling data.'" Mozilla says that "there are a number of places where we collect and share some data with our partners" so that Firefox can be "commercially viable," but it adds that it spells those out in its privacy notice and works to strip data of potentially identifying information or share it in aggregate.

Apple is facing a class action lawsuit alleging it misled consumers by falsely claiming certain Apple Watches were carbon neutral, as the carbon offset projects it relied on did not effectively reduce greenhouse gas emissions. The Verge reports: Apple said in 2023 that "select case and band combinations" of its Apple Watch Series 9, Apple Watch Ultra 2, and Apple Watch SE would be the company's first carbon neutral devices. The suit was filed on behalf of anyone who bought those watches. It alleges that the products were not really carbon neutral because they relied on faulty offset projects that didn't actually reduce the company's greenhouse gas pollution. [...]

The company's carbon neutral claims were false, and the seven plaintiffs would not have purchased the Apple Watches or paid as much for them had they known that, the lawsuit alleges. "Apple's false advertising may lead [consumers] to choose its products over genuinely sustainable alternatives," the complaint (PDF) filed in a California federal court on Wednesday says.

Apple is standing by its assertions. "We are proud of our carbon neutral products, which are the result of industry-leading innovation in clean energy and low-carbon design," Apple spokesperson Sean Redding said in an email. Redding says the company reduced Apple Watch emissions by more than 75 percent. The company focused on cutting pollution from materials, electricity, and transportation used to make the watches, in part by getting more of its suppliers to switch to clean energy. To deal with the remaining pollution, Redding says Apple invests in "nature-based projects to remove hundreds of thousands of metric tons of carbon from the air." That's where the new lawsuit finds problems.

To offset their emissions, many companies buy carbon credits from forestry projects that represent tons of planet-heating carbon dioxide that trees and soil naturally trap. Apple primarily purchased credits from the Chyulu Hills project in Kenya and the Guinan Project in China, the suit says. It alleges that neither of the projects met a basic standard for carbon offsets, which is that they capture additional CO2 that would not otherwise have been sequestered had Apple not paid to support the project.

The Ninth Circuit Court of Appeals is set to review a California district court's ruling in Neo4j v. PureThink, which upheld Neo4j's right to modify the GNU AGPLv3 with additional binding terms. If the appellate court affirms this decision, it could set a precedent allowing licensors to impose unremovable restrictions on open-source software, potentially undermining the enforceability of GPL-based licenses and threatening the integrity of the open-source ecosystem. The Register reports: The GNU AGPLv3 is a free and open source software (FOSS) license largely based on the GNU GPLv3, both of which are published by the Free Software Foundation (FSF). Neo4j provided database software under the AGPLv3, then tweaked the license, leading to legal battles over forks of the software. The AGPLv3 includes language that says any added restrictions or requirements are removable, meaning someone could just file off Neo4j's changes to the usage and distribution license, reverting it back to the standard AGPLv3, which the biz has argued and successfully fought against in that California district court.

Now the matter, the validity of that modified FOSS license, is before an appeals court in the USA. "I don't think the community realizes that if the Ninth Circuit upholds the lower court's ruling, it won't just kill GPLv3," PureThink's John Mark Suhy told The Register. "It will create a dangerous legal precedent that could be used to undermine all open-source licenses, allowing licensors to impose unexpected restrictions and fundamentally eroding the trust that makes open source possible."

Perhaps equally concerning is the fact that Suhy, founder and CTO of PureThink and iGov (the two firms sued by Neo4j), and presently CTO of IT consultancy Greystones Group, is defending GPL licenses on his own, pro se, without the help of the FSF, founded by Richard Stallman, creator of the GNU General Public License. "I'm actually doing everything pro se because I used up all my savings to fight it in the lower court," said Suhy. "I'm surprised the Free Software Foundation didn't care too much about it. They always had an excuse about not having the money for it. Luckily the Software Freedom Conservancy came in and helped out there."

UPDATE (3/1/2025): "We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla explained Wednesday in a clarification a recent Terms of Use update. "Without it, we couldn't use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

But Friday they went further, and revised those new Terms of Use "to more clearly reflect the limited scope of how Mozilla interacts with user data," according to a Mozilla blog post. ("You give Mozilla the rights necessary to operate Firefox... This does not give Mozilla any ownership in that content.")

Slashdot's original post below...

New submitter SharkByte writes: Mozilla just updated its Terms of Use and Privacy Policy for Firefox with a very disturbing "You Give Mozilla Certain Rights and Permissions" clause:

H/T to reader agristin as well, who also wrote about this.