An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US.

Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures.

By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

fjo3 shares a report from the Associated Press: The Trump administration announced it is launching a new program that will allow Americans to share personal health data and medical records across health systems and apps run by private tech companies, promising that will make it easier to access health records and monitor wellness. More than 60 companies, including major tech companies like Google, Amazon and Apple as well as health care giants like UnitedHealth Group and CVS Health, have agreed to share patient data in the system. The initiative will focus on diabetes and weight management, conversational artificial intelligence that helps patients, and digital tools such as QR codes and apps that register patients for check-ins or track medications.

Officials at the Centers for Medicare and Medicaid Services, who will be in charge of maintaining the system, have said patients will need to opt in for the sharing of their medical records and data, which will be kept secure. Those officials said patients will benefit from a system that lets them quickly call up their own records without the hallmark difficulties, such as requiring the use of fax machines to share documents, that have prevented them from doing so in the past.

Popular weight loss and fitness subscription service Noom, which has signed onto the initiative, will be able to pull medical records after the system's expected launch early next year. That might include labs or medical tests that the app could use to develop an AI-driven analysis of what might help users lose weight, CEO Geoff Cook told The Associated Press. Apps and health systems will also have access to their competitors' information, too. Noom would be able to access a person's data from Apple Health, for example. "Right now you have a lot of siloed data," Cook said.

An anonymous reader quotes a report from TorrentFreak: Efforts to introduce pirate site blocking to the United States continue with the introduction of the "Block BEARD" bill (PDF) in the Senate. The bipartisan proposal, backed by Senators Tillis, Coons, Blackburn, and Schiff, aims to create a new legal mechanism to combat foreign piracy websites. Block BEARD is similar to the previously introduced House bill "FADPA", but doesn't directly mention DNS resolvers. [...] The site-blocking proposal seeks to amend U.S. copyright law, enabling rightsholders to request federal courts to designate online locations as a "foreign digital piracy site". If that succeeds, courts can subsequently order U.S. service providers to block access to these sites.

Pirate site designation would be dependent on rightsholders showing that they are harmed by a site's activities, that reasonable efforts had been made to notify the site's operator, and that a reasonable investigation confirms the operator is not located within the United States. Additionally, rightsholders must show that the site is primarily designed for piracy, has limited commercial purpose, or is intentionally marketed by its operator to promote copyright-infringing activities. If the court classifies a website as a foreign pirate site, rightsholders can go back to court to request a blocking order. At this stage, the court will determine whether it is technically and practically feasible for ISPs to block the site, and consider any potential harm to the public interest. The granted orders would stay in place for a year with the option to extend if necessary. If blocked sites switch to new locations, the court can also amend blocking orders to include new IP addresses and domain names.

The Block BEARD bill broadly applies to service providers as defined in section 512(k)(1)(A) of the DMCA. This is a broad definition that applies to residential ISPs, but also to search engines, social media platforms, and DNS resolvers. Service providers with fewer than 50,000 subscribers are explicitly excluded, and the same applies to venues such as coffee shops, libraries, and universities that offer internet access to visitors. Unlike the FADPA bill introduced by Representative Lofgren earlier this year, the Senate bill does not specifically mention DNS resolvers. Block BEARD does not mention VPNs, but its broad definition of "service provider" could be interpreted to include them. The proposal states that providers have the option to contest their inclusion in a blocking order. Once an order is issued, they would have the freedom to choose their own blocking techniques. There are no transparency requirements mentioned in the bill, so if and how the public is informed is unclear.

An anonymous reader quotes a report from Ars Technica: E-commerce giants everywhere felt the sting Wednesday when President Donald Trump announced that the US will be "suspending duty-free de minimis treatment for low-value shipments" worth $800 or less from anywhere in the world. Americans will likely soon feel the crunch, with one recent study estimating that the cost of eliminating the trade loophole overall to US consumers could fall between $10.9 billion and $13 billion while "disproportionately" hurting "lower-income and minority consumers" who buy a higher percentage of cheap imports.

Price hikes will likely come this fall, as the trade loophole will be closed starting on August 29, with Amazon emerging as perhaps the biggest question mark for US consumers wondering how hard their wallets may be hit by the major trade policy change ahead of the holiday shopping season. In February, Trump temporarily ended the de minimis exemption for all imports from China, prompting China-based retailers Temu and Shein to raise their prices.

Sony has filed a lawsuit in California court against Tencent, alleging the Chinese company's upcoming game Light of Motiram constitutes a "slavish clone" of Sony's Horizon series.

The complaint details extensive similarities between the games, from post-apocalyptic robot dinosaur settings to red-haired female protagonists. Tencent had approached Sony for licensing deals in 2024, which Sony rejected twice.

An anonymous reader quotes a report from Reuters: Australia said on Wednesday it will add YouTube to sites covered by its world-first ban on social media for teenagers, reversing an earlier decision to exempt the Alphabet-owned video-sharing site and potentially setting up a legal challenge. The decision came after the internet regulator urged the government last month to overturn the YouTube carve-out, citing a survey that found 37% of minors reported harmful content on the site, the worst showing for a social media platform.

"I'm calling time on it," Prime Minister Anthony Albanese said in a statement highlighting that Australian children were being negatively affected by online platforms, and reminding social media of their social responsibility. "I want Australian parents to know that we have their backs." The decision broadens the ban set to take effect in December. YouTube says it is used by nearly three-quarters of Australians aged 13 to 15, and should not be classified as social media because its main activity is hosting videos. "Our position remains clear: YouTube is a video sharing platform with a library of free, high-quality content, increasingly viewed on TV screens. It's not social media," a YouTube spokesperson said by email.

Earlier this month, Hewlett-Packard Enterprise settled its antitrust case with the U.S. Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks" for $14 billion. According to Axios, the deal was heavily influenced by national security concerns and a desire to bolster American competition against China's Huawei. The outlet reports that the U.S. intelligence community "intervened to persuade the Justice Department that allowing the merger to proceed was essential to helping U.S. business compete with China's Huawei Technologies, among other national-security issues." From the report: "In light of significant national security concerns, a settlement ... serves the interests of the United States by strengthening domestic capabilities and is critical to countering Huawei and China." The official said blocking the deal would have "hindered American companies and empowered" Chinese competitors. A Justice Department spokesman added that DOJ "works very closely with our partners in the IC [intelligence community] and always considers their views when deciding how best to proceed with a case."

The merger was back in the news this week with reports that two senior enforcers in the DOJ's antitrust division were fired Monday amid infighting over the department's settlement greenlighting HPE's $14 billion acquisition of Juniper. Attorney General Pam Bondi had conversations with top intelligence officials that convinced her there was a strong national interest in not driving allies to Chinese technology, a senior administration official tells us.

An anonymous reader quotes a report from Polygon: In the wake of storefronts like Steam and itch.io curbing the sale of adult games, irate fans have started an organized campaign against the payment processors that they believe are responsible for the crackdown. While the movement is still in its early stages, people are mobilizing with an eye toward overwhelming communication lines at companies like Visa and Mastercard in a way that will make the concern impossible to ignore. On social media sites like Reddit and Bluesky, people are urging one another to get into contact with Visa and Mastercard through emails and phone calls. Visa and Mastercard have become the targets of interest because the affected storefronts both say that their decisions around adult games were motivated by the danger of losing the ability to use major payment processors while selling games. These payment processors have their own rules regarding usage, but they are vaguely defined. But losing infrastructure like this could impact audiences well beyond those who care about sex games, spokespeople for Valve and itch.io said.

In a now-deleted post on the Steam subreddit with over 17,000 upvotes, commenters say that customer service representatives for both payment processors seem to already be aware of the problem. Sometimes, the representatives will say that they've gotten multiple calls on the subject of adult game censorship, but that they can't really do anything about it. The folks applying pressure know that someone at a call center has limited power in a scenario like this one; typically, agents are equipped to handle standard customer issues like payment fraud or credit card loss. But the point isn't to enact change through a specific phone call: It's to cause enough disruption that the ruckus theoretically starts costing payment processors money.

"Emails can be ignored, but a very very long queue making it near impossible for other clients to get in will help a lot as well," reads the top comment on the Reddit thread. In that same thread, people say that they're hanging onto the call even if the operator says that they'll experience multi-hour wait times presumably caused by similar calls gunking up the lines. Beyond the stubbornness factor, the tactic is motivated by the knowledge that most customer service systems will put people who opt for call-backs in a lower priority queue, as anyone who opts in likely doesn't have an emergency going on. "Do both," one commenter suggests. "Get the call back, to gum up the call back queue. Then call in again and wait to gum up the live queue." People are also using email to voice their concerns directly to the executives at both Visa and Mastercard, payment processors that activist group Collective Shout called out by name in their open letter requesting that adult games get pulled. Emails are also getting sent to customer service.

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.

It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]

This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

Proton VPN reported a 1,400 percent hourly increase in signups over its baseline Friday — the day the UK's age verification law went into effect. For UK users, "apps with explicit content must now verify visitors' ages via methods such as facial recognition and banking info," notes Mashable: Proton VPN previously documented a 1,000 percent surge in new subscribers in June after Pornhub left France, its second-biggest market, amid the enactment of an age verification law there... A Proton VPN spokesperson told Mashable that it saw an increase in new subscribers right away at midnight Friday, then again at 9 a.m. BST. The company anticipates further surges over the weekend, they added. "This clearly shows that adults are concerned about the impact universal age verification laws will have on their privacy," the spokesperson said... Search interest for the term "Proton VPN" also saw a seven-day spike in the UK around 2 a.m. BST Friday, according to a Google Trends chart.
The Financial Times notes that VPN apps "made up half of the top 10 most popular free apps on the UK's App Store for iOS this weekend, according to Apple's rankings." Proton VPN leapfrogged ChatGPT to become the top free app in the UK, according to Apple's daily App Store charts, with similar services from developers Super Unlimited and Nord Security also rising over the weekend... Data from Google Trends also shows a significant increase in search queries for VPNs in the UK this weekend, with up to 10 times more people looking for VPNs at peak times...

"This is what happens when people who haven't got a clue about technology pass legislation," Anthony Rose, a UK-based tech entrepreneur who helped to create BBC iPlayer, the corporation's streaming service, said in a social media post. Rose said it took "less than five minutes to install a VPN" and that British people had become familiar with using them to access the iPlayer outside the UK. "That's the beauty of VPNs. You can be anywhere you like, and anytime a government comes up with stupid legislation like this, you just turn on your VPN and outwit them," he added...

Online platforms found in breach of the new UK rules face penalties of up to £18mn or 10 percent of global turnover, whichever is greater... However, opposition to the new rules has grown in recent days. A petition submitted through the UK parliament website demanding that the Online Safety Act be repealed has attracted more than 270,000 signatures, with the vast majority submitted in the past week. Ministers must respond to a petition, and parliament has to consider its topic for a debate, if signatures surpass 100,000.
X, Reddit and TikTok have also "introduced new 'age assurance' systems and controls for UK users," according to the article. But Mashable summarizes the situation succinctly.

"Initial research shows that VPNs make age verification laws in the U.S. and abroad tricky to enforce in practice."

In 1995's online world, AOL existed mostly beside the internet as a "walled, manicured garden," remembers Fast Company.

Then along came AOHell "the first of what would become thousands of programs designed by young hackers to turn the system upside down" — built by a high school dropout calling himself "Da Chronic" who says he used "a computer that I couldn't even afford" using "a pirated copy of Microsoft Visual Basic." [D]istributed throughout the teen chatrooms, the program combined a pile of tricks and pranks into a slick little control panel that sat above AOL's windows and gave even newbies an arsenal of teenage superpowers. There was a punter to kick people out of chatrooms, scrollers to flood chats with ASCII art, a chat impersonator, an email and instant message bomber, a mass mailer for sharing warez (and later mp3s), and even an "Artificial Intelligence Bot" [which performed automated if-then responses]. Crucially, AOHell could also help users gain "free" access to AOL. The program came with a program for generating fake credit card numbers (which could fool AOL's sign up process), and, by January 1995, a feature for stealing other users' passwords or credit cards. With messages masquerading as alerts from AOL customer service reps, the tool could convince unsuspecting users to hand over their secrets...

Of course, Da Chronic — actually a 17-year-old high school dropout from North Carolina named Koceilah Rekouche — had other reasons, too. Rekouche wanted to hack AOL because he loved being online with his friends, who were a refuge from a difficult life at home, and he couldn't afford the hourly fee. Plus, it was a thrill to cause havoc and break AOL's weak systems and use them exactly how they weren't meant to be, and he didn't want to keep that to himself. Other hackers "hated the fact that I was distributing this thing, putting it into the team chat room, and bringing in all these noobs and lamers and destroying the community," Rekouche told me recently by phone...

Rekouche also couldn't have imagined what else his program would mean: a free, freewheeling creative outlet for thousands of lonely, disaffected kids like him, and an inspiration for a generation of programmers and technologists. By the time he left AOL in late 1995, his program had spawned a whole cottage industry of teenage script kiddies and hackers, and fueled a subculture where legions of young programmers and artists got their start breaking and making things, using pirated software that otherwise would have been out of reach... In 2014, [AOL CEO Steve] Case himself acknowledged on Reddit that "the hacking of AOL was a real challenge for us," but that "some of the hackers have gone on to do more productive things."

When he first met Mark Zuckerberg, he said, the Facebook founder confessed to Case that "he learned how to program by hacking [AOL]."
"I can't imagine somebody doing that on Facebook today," Da Chronic says in a new interview with Fast Company. "They'll kick you off if you create a Google extension that helps you in the slightest bit on Facebook, or an extension that keeps your privacy or does a little cool thing here and there. That's totally not allowed."

AOHell's creators had called their password-stealing techniques "phishing" — and the name stuck. (AOL was working with federal law enforcement to find him, according to a leaked internal email, but "I didn't even see that until years later.") Enrolled in college, he decided to write a technical academic paper about his program. "I do believe it caught the attention of Homeland Security, but I think they realized pretty quickly that I was not a threat."

He's got an interesting perspective today, noting with today's AI tool's it's theoretically possible to "craft dynamic phishing emails... when I see these AI coding tools I think, this might be like today's Visual Basic. They take out a lot of the grunt work."

What's the moral of the story? "I didn't have any qualifications or anything like that," Da Chronic says. "So you don't know who your adversary is going to be, who's going to understand psychology in some nuanced way, who's going to understand how to put some technological pieces together, using AI, and build some really wild shit."

The "Chief People Officer" of dataops company Astronomer resigned this week from her position after apparently being caught on that "Kiss Cam" at a Coldplay concert with the company's CEO, reports the BBC. That CEO has also resigned, with Astronomer appointing their original co-founder and chief product officer as the new interim CEO.

UPDATE (7/26): In an unexpected twist, Astronomer put out a new video Friday night starring... Gwyneth Paltrow.

Actress/businesswoman Paltrow "was married to Coldplay's frontman Chris Martin for 13 years," reports CBS News. In the video posted Friday, Paltrow says she was hired by Astronomer as a "very temporary" spokesperson.

"Astronomer has gotten a lot of questions over the last few days," Paltrow begins, "and they wanted me to answer the most common ones..."

As the question "OMG! What the actual f" begins appearing on the screen, Paltrow responds "Yes, Astronomer is the best place to run Apache Airflow, unifying the experience of running data, ML, and AI pipelines at scale. We've been thrilled so many people have a newfound interest in data workflow automation." (Paltrow also mentions the company's upcoming Beyond Analytics dataops conference in September.)

Astronomer is still grappling with unintended fame after the "Kiss Cam" incident. ("Either they're having an affair or they're just very shy," Coldplay's lead singer had said during the viral video, in which the startled couple hurries to hide off-camera). The incident raised privacy concerns, as it turns out both people in the video were in fact married to someone else, though the singer did earlier warn the crowd "we're going to use our cameras and put some of you on the big screen," according to CNN. The New York Post notes the woman's now-deleted LinkedIn account showed that she has also served as an "advisory board member" at her husband's company since September of 2020. The Post cites a source close to the situation who says the woman's husband "was in Asia for a few weeks," returning to America right as the video went viral. Kristin and Andrew Cabot married sometime after her previous divorce was finalized in 2022. The source said there had been little indication of any trouble in paradise before the Coldplay concert video went viral. "The family is now saying they have been having marriage troubles for several months and were discussing separating..."
The video had racked up 127 million videos by yesterday, notes Newsweek, adding that the U.K. tabloid the Daily Mail apparently took photos outside the woman's house, reporting that she does not appear to be wearing a wedding ring.

An anonymous reader quotes a report from the Associated Press: A federal judge reprimanded lawyers with a high-priced firm defending Alabama's prison system for using ChatGPT to write court filings with "completely made up" case citations. U.S. District Judge Anna Manasco publicly reprimanded three lawyers with Butler Snow, the law firm hired to defend Alabama and other jurisdictions in lawsuits against their prison systems. The order sanctioned William R. Lunsford, the head of the firm division that handles prison litigation, along with Matthew B. Reeves and William J. Cranford. "Fabricating legal authority is serious misconduct that demands a serious sanction," Manasco wrote in the Wednesday sanctions order.

Manasco removed the three from participating in the case where the false citations were filed and directed them to share the sanctions order with clients, opposing lawyers and judges in all of their other cases. She also referred the matter to the Alabama State Bar for possible disciplinary action. [...] "In simpler terms, the citations were completely made up," Manasco wrote. She added that using the citations without verifying their accuracy was "recklessness in the extreme." The filings in question were made in a lawsuit filed by an inmate who was stabbed on multiple occasions at the William E. Donaldson Correctional Facility in Jefferson County. The lawsuit alleges that prison officials are failing to keep inmates safe.

An anonymous reader quotes a report from 404 Media: Users from 4chan claim to have discovered an exposed database hosted on Google's mobile app development platform, Firebase, belonging to the newly popular women's dating safety app Tea. Users say they are rifling through peoples' personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago. Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.

"Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket," a post on 4chan providing details of the vulnerability reads. "DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!" The thread says the issue was an exposed database that allowed anyone to access the material. [...] "The images in the bucket are raw and uncensored," the user wrote. Multiple users have created scripts to automate the process of collecting peoples' personal information from the exposed database, according to other posts in the thread and copies of the scripts. In its terms of use, Tea says "When you first create a Tea account, we ask that you register by creating a username and including your location, birth date, photo and ID photo."

After publication of this article, Tea confirmed the breach in an email to 404 Media. The company said on Friday it "identified unauthorized access to one of our systems and immediately launched a full investigation to assess the scope and impact." The company says the breach impacted data from more than two years ago, and included 72,000 images (13,000 selfies and photo IDs, and 59,000 images from app posts and direct messages). "This data was originally stored in compliance with law enforcement requirements related to cyber-bullying prevention," the email continued. "We have engaged third-party cybersecurity experts and are working around the clock to secure our systems. At this time, there is no evidence to suggest that current or additional user data was affected. Protecting our users' privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform and prevent further exposure."

The Internet Archive has received federal depository library status from California Sen. Alex Padilla, joining a network of over 1,100 libraries that archive government documents and make them accessible to the public. Padilla made the designation in a letter to the Government Publishing Office, which oversees the program.

The San Francisco-based nonprofit organization already operates Democracy's Library, a free online compendium of government research and publications launched in 2022. Founder Brewster Kahle said the new designation makes it easier to work with other federal depository libraries and provides more reliable access to government materials for digitization and distribution.

Under federal law, members of Congress can designate up to two qualified libraries for federal depository status.

An Argentine captured naked in his yard by a Google Street View camera has been awarded compensation by a court after his bare behind was splashed over the internet for all to see. From a report: The policeman had sought payment from the internet giant for harm to his dignity, arguing he was behind a 6 1/2-foot wall when a Google camera captured him in the buff, from behind, in small-town Argentina in 2017. His house number and street name were also laid bare, broadcast on Argentine TV covering the story, and shared widely on social media.

The man claimed the invasion exposed him to ridicule at work and among his neighbors. Another court last year dismissed the man's claim for damages, ruling he only had himself to blame for "walking around in inappropriate conditions in the garden of his home." Google, for its part, claimed the perimeter wall was not high enough.

A federal court has denied requests by Ryan Rothholz to dismiss or transfer an Activision lawsuit targeting his alleged Call of Duty cheating software operation. Rothholz, who operated under the online handle "Lerggy," submitted motions in June and earlier this month seeking to dismiss the case or move it to the Southern District of New York, but both were rejected due to filing errors.

The May lawsuit alleges Rothholz created "Lergware" hacking software that enabled players to cheat by kicking opponents offline, then rebranded to develop "GameHook" after receiving a cease and desist letter in June 2023. Court filings say he sold a "master key" for $350 that facilitated cheating across multiple games. The hacks "are parasitic in nature," the complaint said, alleging violations of the game's terms of service, copyright law and the Computer Fraud and Abuse Act.

A 21-year-old student who designed and distributed online kits linked to $175 million worth of fraud has been jailed for seven years. From a report: Ollie Holman created phishing kits that mimicked government, bank and charity websites so that criminals could harvest victims' personal information to defraud them. In one case a kit was used to mimic a charity's donation webpage so when someone tried to give money, their card details were taken and used by criminals.

Holman, of Eastcote in north-west London, created and supplied 1,052 phishing kits that targeted 69 organisations across 24 countries. He also offered tutorials in how to use the kits and built up a network of almost 700 connections. The fake websites supplied in the kits had features that allowed information such as login and bank details to be stored. It is estimated Holman received $405,000 from selling the kits between 2021 and 2023. The kits were distributed through the encrypted messaging service Telegram.

An anonymous reader quotes a report from Ars Technica: Donald Trump vowed to save TikTok before taking office, claiming only he could make a deal to keep the app operational in the US despite national security concerns. But then, he put Vice President JD Vance in charge of the deal, and after months of negotiations, the US still doesn't seem to have found terms for a sale that the Chinese government is willing to approve. Now, Trump Commerce Secretary Howard Lutnick has confirmed that if China won't approve the latest version of the deal -- which could result in a buggy version of TikTok made just for the US -- the administration is willing to shut down TikTok. And soon.

On Thursday, Lutnick told CNBC that TikTok would stop operating in the US if China and TikTok owner ByteDance won't sell the app to buyers that Trump lined up, along with control over TikTok's algorithm. Under the deal Trump is now pushing, "China can have a little piece or ByteDance, the current owner, can keep a little piece," Lutnick said. "But basically, Americans will have control. Americans will own the technology, and Americans will control the algorithm." However, ByteDance's board has long maintained that the US can alleviate its national security fears -- that China may be using the popular app to manipulate and spy on Americans -- without forcing a sale. In January, a ByteDance board member, Bill Ford, told World Economic Forum attendees that a non-sale option "could involve a change of control locally to ensure" TikTok "complies with US legislation" without selling off the app or its algorithm.

At this point, Lutnick suggested that the US is unwilling to bend on the requirement that the US control the recommendation algorithm, which is viewed as the secret sauce that makes the app so popular globally. ByteDance may be unwilling to sell the algorithm partly because then it would be sharing its core intellectual property with competitors in the US. Earlier this month, Trump had claimed that he wasn't "confident" that China would approve the deal, even though he thought it was "good for China." Analysts have suggested that China views TikTok as a bargaining chip in its tariff negotiations with Trump, which continue to not go smoothly, and it may be OK with the deal but unwilling to release the bargaining chip without receiving key concessions from the US. For now, the US and China are enjoying a 90-day truce that could end in August, about a month before the deadline Trump set to sell TikTok in mid-September.

Massive mobile device tracking data has exposed the interconnected network of Myanmar's expanding scam centers, revealing how trafficked workers circulate between compounds despite February crackdowns. Analysis of 4.9 million location records from 11,930 mobile devices between January 2024 and May 2025 showed five devices visited all three major compounds -- Yatai New City, Apolo Park, and Yulong Bay Park -- plus the raided KK Park and Huanya Park facilities.

Workers are forced into romance scams, deceiving victims into believing they're in romantic relationships before extracting money. A South Asian man held six months at KK Park worked 16 hours daily conducting these online deceptions while enduring beatings and electric shocks for poor performance. Nikkei's investigation combined satellite imagery analysis, social media posts from Chinese platform Douyin, and open-source intelligence techniques to document continued construction at eight of 16 suspected sites. Myanmar authorities deported over 66,000 foreign nationals involved in these online fraud operations between October 2023 and June 2025.