An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

schwit1 writes: Robert F. Kennedy Jr. won a preliminary injunction against the White House and other federal defendants in his suit alleging government censorship of his statements against vaccines on social media. The injunction, however, will be stayed until the US Supreme Court rules in a related case brought by Missouri and Louisiana. An injunction is warranted because Kennedy showed he is likely to succeed on the merits of his claims, Judge Terry A. Doughty of the US District Court for the Western District of Louisiana said Wednesday.

The White House defendants, the Surgeon General defendants, the Centers for Disease Control and Prevention defendants, the Federal Bureau of Investigation defendants, and the Cybersecurity & Infrastructure Security Agency defendants likely violated the Free Speech Clause of the First Amendment, Doughty said. Kennedy's class action complaint, brought with health care professional Connie Sampognaro and Kennedy's nonprofit, Children's Health Defense, alleges that the federal government, beginning in early 2020, began a campaign to induce Facebook, Google (YouTube), and X, formerly known as Twitter, to censor constitutionally protected speech.

Specifically, Kennedy said, the government suppressed "facts and opinions about the COVID vaccines that might lead people to become 'hesitant' about COVID vaccine mandates." Kennedy has sufficiently shown that these defendants "jointly participated in the actions of the social media" platforms by '"insinuating' themselves into the social-media companies' private affairs and blurring the line between public and private action," Doughty said.

An anonymous reader quotes a report from CBC.ca: Air Canada has been ordered to pay compensation to a grieving grandchild who claimed they were misled into purchasing full-price flight tickets by an ill-informed chatbot. In an argument that appeared to flabbergast a small claims adjudicator in British Columbia, the airline attempted to distance itself from its own chatbot's bad advice by claiming the online tool was "a separate legal entity that is responsible for its own actions."

"This is a remarkable submission," Civil Resolution Tribunal (CRT) member Christopher Rivers wrote. "While a chatbot has an interactive component, it is still just a part of Air Canada's website. It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot." In a decision released this week, Rivers ordered Air Canada to pay Jake Moffatt $812 to cover the difference between the airline's bereavement rates and the $1,630.36 they paid for full-price tickets to and from Toronto bought after their grandmother died.

samleecole shares a report from 404 Media: A trove of leaked emails shows how administrators of one of the most prestigious awards in science fiction censored themselves because the awards ceremony was being held in China. Earlier this month, the Hugo Awards came under fire with accusations of censorship when several authors were excluded from the awards, including Neil Gaiman, R. F. Kuang, Xiran Jay Zhao, and Paul Weimer. These authors' works had earned enough votes to make them finalists, but were deemed "ineligible" for reasons not disclosed by Hugo administrators. The Hugo Awards are one of the largest and most important science fiction awards. [...]

The emails, which show the process of compiling spreadsheets of the top 10 works in each category and checking them for "sensitive political nature" to see if they were "an issue in China," were obtained by fan writer Chris M. Barkley and author Jason Sanford, and published on fandom news site File 770 and Sanford's Patreon, where they uploaded the full PDF of the emails. They were provided to them by Hugo Awards administrator Diane Lacey. Lacey confirmed in an email to 404 Media that she was the source of the emails. "In addition to the regular technical review, as we are happening in China and the *laws* we operate under are different...we need to highlight anything of a sensitive political nature in the work," Dave McCarty, head of the 2023 awards jury, directed administrators in an email. "It's not necessary to read everything, but if the work focuses on China, taiwan, tibet, or other topics that may be an issue *in* China...that needs to be highlighted so that we can determine if it is safe to put it on the ballot of if the law will require us to make an administrative decision about it."

The email replies to this directive show administrators combing through authors' social media presences and public travel histories, including from before they were nominated for the 2023 awards, and their writing and bodies of work beyond just what they were nominated for. Among dozens of other posts and writings, they note Weimer's negative comments about the Chinese government in a Patreon post and misspell Zhao's name and work (calling their novel Iron Widow "The Iron Giant"). About author Naseem Jamnia, an administrator allegedly wrote, "Author openly describes themselves as queer, nonbinary, trans, (And again, good for them), and frequently writes about gender, particularly non-binary. The cited work also relies on these themes. I include them because I don't know how that will play in China. (I suspect less than well.)"

"As far as our investigation is concerned there was no reason to exclude the works of Kuang, Gaiman, Weimer or Xiran Jay Zhao, save for being viewed as being undesirable in the view of the Hugo Award admins which had the effect of being the proxies Chinese government," Sanford and Barkley wrote. In conjunction with the email trove, Sanford and Barkley also released an apology letter from Lacey, in which she explains some of her role in the awards vetting process and also blames McCarty for his role in the debacle. McCarty, along with board chair Kevin Standlee, resigned earlier this month.

An anonymous reader quotes a report from Ars Technica: On Thursday, AMC notified subscribers of a proposed $8.3 million settlement that provides awards to an estimated 6 million subscribers of its six streaming services: AMC+, Shudder, Acorn TV, ALLBLK, SundanceNow, and HIDIVE. The settlement comes in response to allegations that AMC illegally shared subscribers' viewing history with tech companies like Google, Facebook, and X (aka Twitter) in violation of the Video Privacy Protection Act (VPPA). Passed in 1988, the VPPA prohibits AMC and other video service providers from sharing "information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider." It was originally passed to protect individuals' right to private viewing habits, after a journalist published the mostly unrevealing video rental history of a judge, Robert Bork, who had been nominated to the Supreme Court by Ronald Reagan.

The so-called "Bork Tapes" revealed little -- other than that the judge frequently rented spy thrillers and British costume dramas -- but lawmakers recognized that speech could be chilled by monitoring anyone's viewing habits. While the law was born in the era of Blockbuster Video, subscribers suing AMC wrote in their amended complaint (PDF) that "the importance of legislation like the VPPA in the modern era of datamining is more pronounced than ever before." According to subscribers suing, AMC allegedly installed tracking technologies -- including the Meta Pixel, the X Tracking Pixel, and Google Tracking Technology -- on its website, allowing their personally identifying information to be connected with their viewing history. [...]

If it's approved, AMC has agreed to "suspend, remove, or modify operation of the Meta Pixel and other Third-Party Tracking Technologies so that use of such technologies on AMC Services will not result in AMC's disclosure to the third-party technology companies of the specific video content requested or obtained by a specific individual." All registered users of AMC services who "requested or obtained video content on at least one of the six AMC services" between January 18, 2021, and January 10, 2024, are currently eligible to submit claims under the proposed settlement. The deadline to submit is April 9. In addition to distributing the $8.3 million settlement fund among class members, subscribers will also receive a free one-week digital subscription.

"A lot of that AI chatbots that you spend days talking to push hard on getting more and more private information from you," writes longtime Slashdot reader michelcultivo, sharing a report from Gizmodo.

"To be perfectly blunt, AI girlfriends and boyfriends are not your friends," says Misha Rykov, a Mozilla Researcher from the company's *Privacy Not Included project. "Although they are marketed as something that will enhance your mental health and well-being, they specialize in delivering dependency, loneliness, and toxicity, all while prying as much data as possible from you." Gizmodo reports: Mozilla dug into 11 different AI romance chatbots, including popular apps such as Replika, Chai, Romantic AI, EVA AI Chat Bot & Soulmate, and CrushOn.AI. Every single one earned the Privacy Not Included label, putting these chatbots among the worst categories of products Mozilla has ever reviewed. You've heard stories about data problems before, but according to Mozilla, AI girlfriends violate your privacy in "disturbing new ways." For example, CrushOn.AI collects details including information about sexual health, use of medication, and gender-affirming care. 90% of the apps may sell or share user data for targeted ads and other purposes, and more than half won't let you delete the data they collect. Security was also a problem. Only one app, Genesia AI Friend & Partner, met Mozilla's minimum security standards.

One of the more striking findings came when Mozilla counted the trackers in these apps, little bits of code that collect data and share them with other companies for advertising and other purposes. Mozilla found the AI girlfriend apps used an average of 2,663 trackers per minute, though that number was driven up by Romantic AI, which called a whopping 24,354 trackers in just one minute of using the app. The privacy mess is even more troubling because the apps actively encourage you to share details that are far more personal than the kind of thing you might enter into a typical app. EVA AI Chat Bot & Soulmate pushes users to "share all your secrets and desires," and specifically asks for photos and voice recordings. It's worth noting that EVA was the only chatbot that didn't get dinged for how it uses that data, though the app did have security issues. [...]

New York City Mayor Eric Adams announced a lawsuit against four of the nation's largest social media companies, accusing them of fueling a "national youth mental health crisis." From a report: The lawsuit was filed to hold TikTok, Instagram, Facebook, Snapchat, and YouTube Accountable for their damaging influence on the mental health of children, Adams said. The lawsuit, filed in California Superior Court, alleged the companies intentionally designed their platforms to purposefully manipulate and addict children and teens to social media applications. The lawsuit pointed to the use of algorithms to generate feeds that keep users on the platforms longer and encourage compulsive use.

"Over the past decade, we have seen just how addictive and overwhelming the online world can be, exposing our children to a non-stop stream of harmful content and fueling our national youth mental health crisis," Adams said. "Our city is built on innovation and technology, but many social media platforms end up endangering our children's mental health, promoting addiction, and encouraging unsafe behavior." The lawsuit accused the social media companies of manipulating users by making them feel compelled to respond to one positive action with another positive action.

"These platforms take advantage of reciprocity by, for example, automatically telling the sender when their message was seen or sending notifications when a message was delivered, encouraging teens to return to the platform again and again and perpetuating online engagement and immediate responses," the lawsuit said. The city is joining hundreds of school districts across the nation in filing litigation to force the tech companies to change their behavior and recover the costs of addressing the public health threat.

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency -- the DOD's military intelligence agency -- said, "numerous email messages were inadvertently exposed to the Internet by a service provider," between February 3 and February 20, 2023. TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet. The cloud email server, hosted on Microsoft's cloud for government customers, was accessible from the internet without a password, likely due to a misconfiguration.

The DOD is sending breach notification letters to around 20,600 individuals whose information was affected. "As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure. DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing," said DOD spokesperson Cdr. Tim Gorman in an email to TechCrunch.

Amazon faces a class-action lawsuit accusing the company of false advertising and deceptive practices because Prime Video now serves commercials by default. Variety reports: "For years, people purchased and renewed their Amazon Prime subscriptions believing that they would include ad-free streaming," the lawsuit says. "But last month, Amazon changed the deal. To stream movies and TV shows without ads, Amazon customers must now pay an additional $2.99 per month ... This is not fair, because these subscribers already paid for the ad-free version; these subscribers should not have to pay an additional $2.99/month for something that they already paid for."

The case was filed on behalf of Wilbert Napoleon, a resident of Eastvale, Calif., who says he's a Prime member. "Plaintiff brings this case for himself and for other Amazon Prime customers," the suit said. The complain alleged that Amazon violates Washington State and California state consumer protection laws that prohibit unfair competition and deceptive business acts and practices. Amazon's conduct, as alleged, "was immoral, unethical, oppressive, unscrupulous and substantially injurious to consumers,â according to the lawsuit. The suit seeks unspecific monetary damages, including punitive damages, as well as an injunction to block Amazon's alleged deceptive conduct.

The suit was filed Feb. 9, after Amazon starting on Jan. 29 began running ads in Prime Video content in major markets including the United States unless users opt to pay extra ($2.99/month in the U.S.) to have an ad-free experience. Some analysts have forecast Prime Video ads generating more than $3 billion in revenue in 2024.

The US Patent and Trademark Office (USPTO) asserts that only humans can be recognized as inventors on patent applications, not artificial intelligence systems, although the use of AI in the invention process is permitted and must be disclosed. The Verge reports: The agency published (PDF) its latest guidance following a series of "listening" tours to gather public feedback. It states that while AI systems and other "non-natural persons" can't be listed as inventors in patent applications, "the use of an AI system by a natural person does not preclude a natural person from qualifying as an inventor." People seeking patents must disclose if they used AI in the invention process, just as the USPTO asks all applicants to list all material information necessary to make a decision.

However, to be able to register a patent, the person using the AI must've contributed significantly to the invention's conception. A person simply asking an AI system to create something and overseeing it, the report says, does not make them an inventor. The office says that a person who simply presents the problem to an AI system or "recognizes and appreciates" its output as a good invention can't claim credit for that patent.

"However, a significant contribution could be shown by the way the person constructs the prompt in view of a specific problem to elicit a particular solution from the AI system," the USPTO says. The office also says that "maintaining 'intellectual domination' over an AI system does not, on its own, make a person an inventor" -- so simply overseeing or owning an AI that creates things doesn't mean you can file a patent for them.

An anonymous reader quotes a report from Ars Technica: The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court's decision could potentially disrupt the European Commission's proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users' messages. This ruling came after Russia's intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users' encrypted messages to deter "terrorism-related activities" in 2017, ECHR's ruling said. [...] In the end, the ECHR concluded that the Telegram user's rights had been violated, partly due to privacy advocates and international reports that corroborated Telegram's position that complying with the FSB's disclosure order would force changes impacting all its users.

The "confidentiality of communications is an essential element of the right to respect for private life and correspondence," the ECHR's ruling said. Thus, requiring messages to be decrypted by law enforcement "cannot be regarded as necessary in a democratic society." [...] "Weakening encryption by creating backdoors would apparently make it technically possible to perform routine, general, and indiscriminate surveillance of personal electronic communications," the ECHR's ruling said. "Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users' electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field."

Martin Husovec, a law professor who helped to draft EISI's testimony, told Ars that EISI is "obviously pleased that the Court has recognized the value of encryption and agreed with us that state-imposed weakening of encryption is a form of indiscriminate surveillance because it affects everyone's privacy." [...] EISI's Husovec told Ars that ECHR's ruling is "indeed very important," because "it clearly signals to the EU legislature that weakening encryption is a huge problem and that the states must explore alternatives." If the Court of Justice of the European Union endorses this ruling, which Husovec said is likely, the consequences for the EU's legislation proposing scanning messages to stop illegal content like CSAM from spreading "could be significant," Husovec told Ars. During negotiations this spring, lawmakers may have to make "major concessions" to ensure the proposed rule isn't invalidated in light of the ECHR ruling, Husovec told Ars. Europol and the European Union Agency for Cybersecurity (ENISA) said in a statement: "Solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well, which makes an easy solution impossible."

After climbing the charts of Apple's App Store, the trendy Kimi app, with its collection of bootlegged movies, has disappeared. From a report: Pretending to be a spot-the-difference vision-testing game, the widely downloaded app ranked above Netflix, Hulu, and Amazon Prime Video in Apple's charts this week for free entertainment apps before it was removed. Without having to pay for anything or log in to any kind of account, iPhone owners could previously use Kimi to browse a wide selection of bootlegs for popular movies and TV shows. Many of the movies up for Best Picture at this year's Oscars were on Kimi, at varying levels of quality.

Poor Things was included in a grainy, pixelated state, but a high-quality version of Killers of the Flower Moon was on Kimi to stream, although an intrusive ad for online casinos was splashed across the top. That definitely isn't the viewing experience Martin Scorsese imagined for audiences. Not just limited to movies, viewers were also able to access episodes of currently airing TV shows, like RuPaul's Drag Race, through the Kimi app. Who was behind this piracy app? It remains a mystery. The developer was listed as "Marcus Evans" in the app store before Kimi was taken down, and this was the only app listed under that name, likely a pseudonym.

Mark Tyson reports via Tom's Hardware: A serial burglar in Edina, Minnesota is suspected of using a Wi-Fi jammer to knock out connected security cameras before stealing and making off with the victim's prized possessions. [...] Edina police suspect that nine burglaries in the last six months have been undertaken with Wi-Fi jammer(s) deployed to ensure incriminating video evidence wasnâ(TM)t available to investigators. The modus operandi of the thief or thieves is thought to be something like this:

- Homes in affluent areas are found - Burglars carefully watch the homes - The burglars avoid confrontation, so appear to wait until homes are empty - Seizing the opportunity of an empty home, the burglars will deploy Wi-Fi jammer(s) - "Safes, jewelry, and other high-end designer items," are usually taken

A security expert interviewed by the source publication, KARE11, explained that the jammers simply confused wireless devices rather than blocking signals. They usually work by overloading wireless traffic âoeso that real traffic cannot get through,â the news site was told. [...] Worryingly, Wi-Fi jamming is almost a trivial activity for potential thieves in 2024. KARE11 notes that it could buy jammers online very easily and cheaply, with prices ranging from $40 to $1,000. Jammers are not legal to use in the U.S. but they are very easy to buy online.

OpenAI must face a claim that it violated California unfair competition law by using copyrighted books from comedian Sarah Silverman and other authors to train ChatGPT without permission. From a report: But US District Judge Araceli Martinez-Olguin on Monday also dismissed a number of Silverman and her coplaintiffs' other legal claims, including allegations of vicarious copyright infringement, violations of the Digital Millennium Copyright Act, negligence, and unjust enrichment. The judge gave the authors the opportunity to amend their proposed class action by March 13 to fix the defects in the complaint.

The core of the lawsuit remains alive, as OpenAI's motion to dismiss, filed last summer, didn't address Silverman's claim of direct copyright infringement for copying millions of books across the internet without permission. Courts haven't yet determined whether using copyrighted work to train AI models falls under copyright law's fair use doctrine, shielding the companies from liability. Although Martinez-Olguin allowed the unfair competition claim to advance, she said the claim could be preempted by the federal Copyright Act, which prohibits state law claims that allege the same violation as a copyright claim.

When it comes to defeating patent trolls with crowd-sourced prior art, Cloudflare is now two-for-two after winning its latest case against Sable Networks. The Register: Sable Networks, which owns patents originally given to defunct "flow-based router" company Caspian Networks, sued Cloudflare and five other companies in 2021 alleging a whole host of violations of four patents now owned by Sable. A lot has changed since the case was filed in the US District Court for the Western District of Texas, leading to a jury verdict last week that found Cloudflare not only didn't infringe on the single patent that made it to trial, but that the final patent claim at issue was invalid as well. It took the jury just two hours to return the result, Cloudflare said.

"Since Sable first sued us, we've invalidated significant parts of three Sable patents, hamstringing their ability to bring lawsuits against other companies," Cloudflare's in-house counsel boasted on Monday. Cloudflare said that it managed to whittle the case down from four patents and "approximately 100 claims" to a single claim on one patent -- number 7,012,919 -- over the past three years. This is thanks in part to the assistance of outside investigators on Project Jengo, a scheme first launched in 2017 to get help digging up prior-art patents when Cloudflare sued by another patent troll, Blackbird Technologies. More: Cloudflare blog.

A class-action lawsuit alleges (PDF) that Amazon manipulates its platform through a biased algorithm to favor the "Buy Box" for items that generate higher fees for Amazon, often leading consumers to overpay for products that could be obtained cheaper and just as quickly from other sellers on the platform. Ars Technica reports: The lawsuit claims that a biased algorithm drives Amazon's "Buy Box," which appears on an item's page and prompts shoppers to "Buy Now" or "Add to Cart." According to customers suing, nearly 98 percent of Amazon sales are of items featured in the Buy Box, because customers allegedly "reasonably" believe that featured items offer the best deal on the platform.

"But they are often wrong," the complaint said, claiming that instead, Amazon features items from its own retailers and sellers that participate in Fulfillment By Amazon (FBA), both of which pay Amazon higher fees and gain secret perks like appearing in the Buy Box. "The result is that consumers routinely overpay for items that are available at lower prices from other sellers on Amazonâ"not because consumers don't care about price, or because they're making informed purchasing decisions, but because Amazon has chosen to display the offers for which it will earn the highest fees," the complaint said.

Authorities in the US and the European Union have investigated Amazon's allegedly anticompetitive Buy Box algorithm, confirming that it's "favored FBA sellers since at least 2016," the complaint said. In 2021, Amazon was fined more than $1 billion by the Italian Competition Authority over these unfair practices, and in 2022, the European Commission ordered Amazon to "apply equal treatment to all sellers when deciding what to feature in the Buy Box." These investigations served as the first public notice that Amazon's Buy Box couldn't be trusted, customers suing said. Amazon claimed that the algorithm was fixed in 2020, but so far, Amazon does not appear to have addressed all concerns over its Buy Box algorithm. As of 2023, European regulators have continued pushing Amazon "to take further action to remedy its Buy Box bias in their respective jurisdictions," the customers' complaint said.

A registered sex offender has become the first person in England and Wales to be convicted of cyber-flashing. The BBC reports: Nicholas Hawkes, 39, of Basildon, Essex, sent unsolicited photos of his erect penis to a 15-year-old girl and a woman on Friday. The woman took screenshots of the image on WhatsApp and reported Hawkes to Essex Police the same day. Hawkes admitted two charges when he appeared before magistrates in Southend earlier. He is the first person to be convicted of the new offense of cyber-flashing, which was brought in under the Online Safety Act and came into effect on January 31.

After pleading guilty to two counts of sending a photograph or film of genitals to cause alarm, distress, or humiliation, he was remanded in custody until March 11, when he will be sentenced at Basildon Crown Court. Hawkes is a registered sex offender until November 2033 after he was convicted and given a community order for sexual activity with a child under 16 and exposure last year at Basildon Crown Court, the CPS said. He will also be sentenced for breaching the order when he is sentenced in March.

An anonymous reader quotes a report from The Verge: The US government has committed $42 million to further the development of the 5G Open RAN (O-RAN) standard that would allow wireless providers to mix and match cellular hardware and software, opening up a bigger market for third-party equipment that's cheaper and interoperable. The National Telecommunications and Information Administration (NTIA) grant would establish a Dallas O-RAN testing center to prove the standard's viability as a way to head off Huawei's steady cruise toward a global cellular network hardware monopoly.

Verizon global network and technology president Joe Russo promoted the funding as a way to achieve "faster innovation in an open environment." To achieve the standard's goals, AT&T vice president of RAN technology Robert Soni says that AT&T and Verizon have formed the Acceleration of Compatibility and Commercialization for Open RAN Deployments Consortium (ACCoRD), which includes a grab bag of wireless technology companies like Ericsson, Nokia, Samsung, Dell, Intel, Broadcom, and Rakuten. Japanese wireless carrier Rakuten formed as the first O-RAN network in 2020. The company's then CEO, Tareq Amin, told The Verge's Nilay Patel in 2022 that Open RAN would enable low-cost network build-outs using smaller equipment rather than massive towers -- which has long been part of the promise of 5G.

But O-RAN is about more than that; establishing interoperability means companies like Verizon and AT&T wouldn't be forced to buy all of their hardware from a single company to create a functional network. For the rest of us, that means faster build-outs and "more agile networks," according to Rakuten. In the US, Dish has been working on its own O-RAN network, under the name Project Genesis. The 5G network was creaky and unreliable when former Verge staffer Mitchell Clarke tried it out in Las Vegas in 2022, but the company said in June last year that it had made its goal of covering 70 percent of the US population. Dish has struggled to become the next big cell provider in the US, though -- leading satellite communications company EchoStar, which spun off from Dish in 2008, to purchase the company in January. The Washington Post writes that O-RAN "is Washington's anointed champion to try to unseat the Chinese tech giant Huawei Technologies" as the world's biggest supplier of cellular infrastructure gear.

According to the Post, Biden has emphasized the importance of O-RAN in conversations with international leaders over the past few years. Additionally, it notes that Congress along with the NTIA have dedicated approximately $2 billion to support the development of this standard.

An anonymous reader shares a report: The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers' private information to the open web. Oklahoma-based WinStar bills itself as the "world's biggest casino" by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga. The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser. Dexiga took the database offline after TechCrunch alerted the company to the security lapse. Anurag Sen, a good-faith security researcher who has a knack for discovering inadvertently exposed sensitive data on the internet, found the database containing personal information, but it was initially unclear who the database belonged to. Sen said the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

A lawsuit involving the now-defunct Google+ social media site "has been settled for $350 million," reports CPO magazine, "after a lengthy appeals process played out..."

"[T]he total pool after attorney and legal fees are deducted is likely to be well over $200 million." [The lawsuit] dates all the way back to 2018, when Google internally discovered that the Google+ API was being abused to access the private data of about half a million of the social media service's users. Google opted not to publicly declare the breach, as they were not legally compelled to.

News of it came via the Wall Street Journal in late 2018. Google shareholders contend that the company kept the issue under wraps due to the Cambridge Analytica scandal that Facebook was experiencing at the time, believing that they would suffer a similar negative PR blow. This was supported by an internal company memo that became public.

As the news of the exploitable software glitch gradually came out, Google shareholders took a hit as the company collectively lost tens of billions of dollars in market value. The lead plaintiff in the case is Rhode Island Treasurer James Diossa, who was responsible for overseeing a state pension fund that held stock in Google parent company Alphabet.

Google+ was shuttered in 2019 after an eight-year run due in part to repeated technical issues with unauthorized API access (as well as low user engagement).
"If the settlement is approved by the 9th Circuit judge, the proceeds will be available to Google shareholders who held stock at any time from April 23, 2018, to April 30, 2019...

"A separate class-action privacy lawsuit involving users who had private data exposed during the incident was settled in 2018 for $7.5 million, leading to very low payments for each of the claimants."