Mozilla has rolled out a new $9 per month service called Mozilla Monitor Plus that automatically scrubs personal information from over 190 data broker sites. The tool builds on the free Firefox Monitor platform, expanding monitoring capabilities and proactively removing exposed details to protect user privacy. Subscribers will also receive data breach alerts under the new service.

An anonymous reader quotes a report from MacRumors: Apple Vision Pro owners who forget the passcode they set will need to take the device to an Apple retail location to get it reset, reports Bloomberg's Mark Gurman. There is apparently no on-device way to reset a Vision Pro passcode if it is forgotten. [...] Customers who have forgotten their Vision Pro passcodes have been told by Apple that they will need to visit a retail store for a fix or will need to ship the headset to Apple if there isn't a nearby store. Like Apple's iOS devices, the incorrect passcode cannot be entered too many times or the device will be disabled, with a waiting period before a passcode can be entered again. Removing the passcode requires erasing all content on the Vision Pro. [...]

There is an erase content setting on the Vision Pro, but there is no way to get into the reset mode using a combination of button presses. Erasing Vision Pro can only be done through the Settings app. Customers who have the $300 Developer Strap may be able to wipe the device from a Mac, but most users will not be able to get this accessory as it is limited to registered developers in the United States.

In a London court, lawyers for a group supported by the Crypto Open Patent Alliance (COPA) argued that Craig Wright's assertion of being the inventor of bitcoin is "a brazen lie," challenged by accusations of extensive document forgery to substantiate his claim. Wright's defense disputes these allegations, maintaining that he has presented definitive proof of his role in creating bitcoin. Reuters reports: Craig Wright says he is the author of a 2008 white paper, the foundational text of bitcoin and other cryptocurrencies, published in the name "Satoshi Nakamoto". He argues this means he owns the copyright in the white paper and has intellectual property rights over the bitcoin blockchain. But the Crypto Open Patent Alliance (COPA) -- whose members include Twitter founder Dorsey's payments firm Block -- is asking London's High Court to rule that Wright is not Satoshi.

The five-week hearing, at which Wright will give evidence from Tuesday, is the culmination of years of speculation about the true identity of Satoshi. Wright first publicly claimed to be Satoshi in 2016 and has since taken legal action against cryptocurrency developers and exchanges. COPA, however, says Wright has never provided any genuine proof, accusing him of repeatedly forging documents to support his claim, which Wright denies. Wright sat in court as COPA's lawyer Jonathan Hough said his claim was "a brazen lie, an elaborate false narrative supported by forgery on an industrial scale." Hough said that "there are elements of Dr Wright's conduct that stray into farce," citing his alleged use of ChatGPT to produce forgeries.

But he added: "Dr Wright's conduct is also deadly serious. On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals." Wright's lawyer Anthony Grabiner, however, argued in court filings that he has produced "clear evidence demonstrating his authorship of the white paper and creation of bitcoin." Grabiner added that it was "striking" that no one else had publicly claimed to be Satoshi. "If Dr Wright were not Satoshi, the real Satoshi would have been expected to come forward to counter the claim," he said.

An anonymous reader shares a report: An underground website called OnlyFake is claiming to use "neural networks" to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds. In our own tests, OnlyFake created a highly convincing California driver's license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes. 404 Media then used another fake ID generated by this site to successfully step through the identity verification process on OKX. OKX is a cryptocurrency exchange that has recently appeared in multiple court records because of its use by criminals.

Rather than painstakingly crafting a fake ID by hand -- a highly skilled criminal profession that can take years to master -- or waiting for a purchased one to arrive in the mail with the risk of interception, OnlyFake lets essentially anyone generate fake IDs in minutes that may seem real enough to bypass various online verification systems. Or at least fool some people. "The era of rendering documents using Photoshop is coming to an end," an announcement posted to OnlyFake's Telegram account reads. As well as "neural networks," the service claims to use "generators" which create up to 20,000 documents a day. The service's owner, who goes by the moniker John Wick, told 404 Media that hundreds of documents can be generated at once using data from an Excel table.

Slashdot reader Press2ToContinue shared this report from WION: : The Hong Kong branch of a multinational company has lost $25.6 million after a scammer used deepfake technology to pose as the firm's chief financial officer (CFO) in a video conference call and ordered money transfers, according to the police, in what is being highlighted as first of its kind cases in the city.

The transaction was ordered during a meeting where it was found that everyone present on the video call except the victim were deepfakes of real people, said the Hong Kong police, on Friday (Feb 2)...

Scammers in this case used deepfake technology to turn publicly available video and other footage of staff members into convincing meeting participants.

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?
Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?

An anonymous Slashdot reader shared this report from the San Francisco Chronicle's senior political writer: The next House member representing Silicon Valley wants to change a key piece of federal law that shields internet companies like X, Facebook and Snapchat from lawsuits over content their users post. That protection is considered the lifeblood of social media.

The top eight Democratic candidates vying to succeed Democratic Rep. Anna Eshoo in her very blue district agree that something has to change with Section 230 of the Communications Decency Act, which was created in 1996, back when lawmakers shied away from doing anything that could limit the growth of the industry. Their unanimity is a sign that Eshoo's successor won't be a tool for the hometown industry. At least not on this issue. The challenge is what to do next. Whoever is elected, their actions as the voice of Silicon Valley will carry outsize weight in Congress. They can lead the charge to actually do something to clean up the bile on social media...

The good news is that they will have bipartisan support to address the bile and disinformation online. The bad news is that finding the right solution will still be hard.

An anonymous reader shared this report from USA Today: A nationwide analysis by USA TODAY shows local governments are banning green energy faster than they're building it.

At least 15% of counties in the U.S. have effectively halted new utility-scale wind, solar, or both, USA TODAY found. These limits come through outright bans, moratoriums, construction impediments and other conditions that make green energy difficult to build... In the past decade, about 180 counties got their first commercial wind-power project. But in the same period, more than twice as many blocked wind development. And while solar power has found more broad acceptance, 2023 was the first year to see almost as many individual counties block new solar projects as the ones adding their first project.

The result: Some of the nation's areas with the best sources of wind and solar power have now been boxed out. Because large-scale solar and wind projects typically are built outside city limits, USA TODAY's analysis focuses on restrictions by the county-level governments that have jurisdiction. In a few cases, such as Connecticut, Tennessee and Vermont, entire states have implemented near-statewide restrictions. While 15% of America's counties might sound like a small portion, the trend has significant consequences, says Jeff Danielson, a former four-term Iowa state senator now with the Clean Grid Alliance. "It's 15% of the most highly productive areas to develop wind and solar," he said. "Our overall goals are going to be difficult to achieve if the answer is 'No' in county after county...."

[T]he number of new wind projects opening annually peaked in the early 2010s, according to inventory data from the U.S. Energy Information Administration, and has slowed since then. Wind power is expected to grow 11% by 2025 from last year's levels. In the past 10 years, 183 counties saw their first wind project come online. However, USA TODAY's analysis found that in the same period, nearly 375 counties have essentially blocked new wind development. That's almost as many as the 508 counties — out of 3,144 total in the U.S. — currently home to an operational wind turbine....

Of the 116 counties implementing bans or impediments to utility-scale solar plants, half did so in 2023 alone. This surge in obstacles is unprecedented since green-energy technology gained broad acceptance...
The article points out that counties sometimes also limit the size of solar farms — making them impractical to build. "Other jurisdictions create shadow bans of sorts. Projects might not technically be banned, but officials simply reject all green energy plans on a case-by-case basis..."

"USA TODAY's findings were supported by research published in late January by the Department of Energy's Lawrence Berkeley National Laboratory. Energy developers reported one third of the wind and solar siting applications they had submitted in the past five years were canceled, while about half were delayed for six months or more. Zoning issues and community opposition were two of the top reasons."

The article also quotes an Ohio farmer who complained that "You live in the country, and you want to be away from all the hustle and bustle. I kind of look at it as if they're sticking a warehouse or a factory here." Last September, his county's commissioners banned all new large-scale wind and solar projects.

The non-profit Linux Foundation Energy hopes to develop energy-sector solutions (including standards, specifications, and software) supporting rapid decarbonization by collaborating with industry stakeholders.

And now they're involved in a new partnership with America's Joint Office of Energy — which facilitates collaboration between the federal Department of Energy and its Department of Transportation. The partnership's goal? To "build open-source software tools to support communications between EV charging infrastructure and other systems."

The Buildout reports: The partnership and effort — known as "Project EVerest" — is part of the administration's full-court press to improve the charging experience for EV owners as the industry's nationwide buildout hits full stride. "Project EVerest will be a game changer for reliability and interoperability for EV charging," Gabe Klein, executive director of the administration's Joint Office of Energy and Transportation, said yesterday in a post on social media....

Administration officials said that a key driver of the move to institute broad standards for software is to move beyond an era of unreliable and disparate EV charging services throughout the U.S. Dr. K. Shankari, a principal software architect at the Joint Office of Energy and Transportation, said that local and state governments now working to build out EV charging infrastructure could include a requirement that bidding contractors adhere to Project EVerest standards. That, in turn, could have a profound impact on providers of EV charging stations and services by requiring them to adapt to open source standards or lose the opportunity to bid on public projects. Charging availability and reliability are consistently mentioned as key turnoffs for potential EV buyers who want the infrastructure to be ready, easy, and consistent to use before making the move away from gas cars.

Specifically, the new project will aim to create what's known as an open source reference implementation for EV charging infrastructure — a set of standards that will be open to developers who are building applications and back-end software... And, because the software will be available for any company, organization, or developer to use, it will allow the creation of new EV infrastructure software at all levels without software writers having to start from scratch. "LF Energy exists to build the shared technology investment that the entire industry can build on top of," said Alex Thompson of LF Energy during the web conference. "You don't want to be re-inventing the wheel."
The tools will help communication between charging stations (and adjacent chargers), as well as vehicles and batteries, user interfaces and mobile devices, and even backend payment systems or power grids. An announcement from the Joint Office of Energy and Transportation says this software stack "will reduce instances of incompatibility resulting from proprietary systems, ultimately making charging more reliable for EV drivers." "The Joint Office is paving the way for innovation by partnering with an open-source foundation to address the needs of industry and consumers with technical tools that support reliable, safe and interoperable EV charging," said Sarah Hipel, Standards and Reliability Program Manager at the Joint Office.... With this collaborative development model, EVerest will speed up the adoption of EVs and decarbonization of transportation in the United States by accelerating charger development and deployment, increase customizability, and ensure high levels of security for the nation's growing network.
Linux Foundation Energy adds that reliable charging "is key to ensuring that anyone can confidently choose to ride or drive electric," predicting it will increase customizability for different use cases while offering long-term maintainability, avoiding vendor-lock in, and ensuring high levels of security. This is a pioneering example of the federal government collaborating to deploy code into an open source project...

"The EVerest project has been demonstrated in pilots around the world to make EV charging far more reliable and reduces the friction and frustration EV drivers have experienced when a charger fails to work or is not continually maintained," said LF Energy Executive Director Alex Thornton. "We look forward to partnering with the Joint Office to create a robust firmware stack that will stand the test of time, and be maintained by an active and growing global community to ensure the nation's charging infrastructure meets the needs of a growing fleet of electric vehicles today and into the future."
Thanks to Slashdot reader ElectricVs for sharing the article.

An anonymous reader quotes a report from ProPublica: Over the last decade, police departments across the U.S. have spent millions of dollars equipping their officers with body-worn cameras that record what happens as they go about their work. Everything from traffic stops to welfare checks to responses to active shooters is now documented on video. The cameras were pitched by national and local law enforcement authorities as a tool for building public trust between police and their communities in the wake of police killings of civilians like Michael Brown, an 18 year old black teenager killed in Ferguson, Missouri in 2014. Video has the potential not only to get to the truth when someone is injured or killed by police, but also to allow systematic reviews of officer behavior to prevent deaths by flagging troublesome officers for supervisors or helping identify real-world examples of effective and destructive behaviors to use for training. But a series of ProPublica stories has shown that a decade on, those promises of transparency and accountability have not been realized.

One challenge: The sheer amount of video captured using body-worn cameras means few agencies have the resources to fully examine it. Most of what is recorded is simply stored away, never seen by anyone. Axon, the nation's largest provider of police cameras and of cloud storage for the video they capture, has a database of footage that has grown from around 6 terabytes in 2016 to more than 100 petabytes today. That's enough to hold more than 5,000 years of high definition video, or 25 million copies of last year's blockbuster movie "Barbie." "In any community, body-worn camera footage is the largest source of data on police-community interactions. Almost nothing is done with it," said Jonathan Wender, a former police officer who heads Polis Solutions, one of a growing group of companies and researchers offering analytic tools powered by artificial intelligence to help tackle that data problem.

The Paterson, New Jersey, police department has made such an analytic tool a major part of its plan to overhaul its force. In March 2023, the state's attorney general took over the department after police shot and killed Najee Seabrooks, a community activist experiencing a mental health crisis who had called 911 for help. The killing sparked protests and calls for a federal investigation of the department. The attorney general appointed Isa Abbassi, formerly the New York Police Department's chief of strategic initiatives, to develop a plan for how to win back public trust. "Changes in Paterson are led through the use of technology," Abbassi said at a press conference announcing his reform plan in September, "Perhaps one of the most exciting technology announcements today is a real game changer when it comes to police accountability and professionalism." The department, Abassi said, had contracted with Truleo, a Chicago-based software company that examines audio from bodycam videos to identify problematic officers and patterns of behavior.

For around $50,000 a year, Truleo's software allows supervisors to select from a set of specific behaviors to flag, such as when officers interrupt civilians, use profanity, use force or mute their cameras. The flags are based on data Truleo has collected on which officer behaviors result in violent escalation. Among the conclusions from Truleo's research: Officers need to explain what they are doing. "There are certain officers who don't introduce themselves, they interrupt people, and they don't give explanations. They just do a lot of command, command, command, command, command," said Anthony Tassone, Truleo's co-founder. "That officer's headed down the wrong path." For Paterson police, Truleo allows the department to "review 100% of body worn camera footage to identify risky behaviors and increase professionalism," according to its strategic overhaul plan. The software, the department said in its plan, will detect events like uses of force, pursuits, frisks and non-compliance incidents and allow supervisors to screen for both "professional and unprofessional officer language." There are around 30 police departments currently use Truleo, according to the company.

Christopher J. Schneider, a professor at Canada's Brandon University who studies the impact of emerging technology on social perceptions of police, is skeptical the AI tools will fix the problems in policing because the findings might be kept from the public just like many internal investigations. "Because it's confidential," he said, "the public are not going to know which officers are bad or have been disciplined or not been disciplined."

An anonymous reader quotes a report from Wired: A California teenager prosecutors say is responsible for hundreds of swatting attacks around the United States was exposed after law enforcement pieced together a digital trail left on some of the internet's largest platforms, according to court records released this week. Alan Winston Filion, a 17-year-old from Lancaster, California, faces four felony charges in Florida's Seminole County related to swatting, or fake threats called into the police to provoke a forceful response, according to Florida state prosecutors. Police arrested Filion on January 18, and he was extradited to Seminole County this week.

Filion's arrest, first reported by WIRED on January 26, marks the culmination of a multi-agency manhunt for the person police claim is responsible for swatting attacks on high schools, historically black colleges and universities, mosques, and federal agents, and for threats to bomb the Pentagon, members of the United States Senate, and the US Supreme Court. Ultimately, a YouTube channel, Discord chats, and usernames related to The Lord of the Rings helped lead authorities to Filion's doorstep.

Florida prosecutors charged Filion with four felony counts, including three related to allegedly making false reports to law enforcement and one for unlawful use of a two-way radio for "facilitating or furthering an act of terrorism" that authorities say targeted people based on race, religion, or other protected classes. While prosecutors alleged that Filion "is responsible for hundreds of swatting and bomb threat incidents throughout the United States," the charges Filion faces relate to a single May 12, 2023, swatting attack against the Masjid Al Hayy Mosque in Sanford, Florida. [...] At 2 pm EST on Wednesday, Filion shuffled into a Seminole County courtroom and stood quietly as the judge read the charges against him. He is currently being held without bond.

When FTX filed for bankruptcy in November 2022, the defunct cryptocurrency exchange suffered a hack that resulted in more than $380 million in crypto stolen from FTX's virtual wallets. It turns out that FTX was hit with a SIM-swapping scam orchestrated by ringleader Robert Powell. Powell, along with Carter Rohn and Emily Hernandez, have been indicted and are due to appear in Chicago federal court later Friday for a detention hearing. CNBC reports: The three defendants are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in more than 15 states. The indictment says the trio shared the personal identifying information of more than 50 victims, created fake identification documents in the victims' names, impersonated them and then accessed their victims' "online, financial and social media accounts for the purpose of stealing money and data."

The scheme relied on duping phone companies into swapping the Subscriber Identity Module of cell phone subscribers into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims' accounts, giving them access to the money in those accounts. The indictment does not identify FTX by name as the main victim of the conspiracy, but the details of the hack described in that charging document align with the details publicly known about the theft from FTX, which was collapsing at the time of the attack.

Joshua Schulte, a former CIA software engineer, was sentenced to 40 years in prison on Thursday for carrying out the largest theft of classified information in the agency's history and possessing child pornography. The Guardian reports: The 40-year sentence by US district judge Jesse Furman was for "crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography," federal prosecutors said in a statement. The judge did not impose a life sentence as sought by prosecutors. Joshua Schulte was convicted in July 2022 on four counts each of espionage and computer hacking and one count of lying to FBI agents, after giving classified materials to the whistleblowing agency WikiLeaks in the so-called Vault 7 leak. Last August, a judge mostly upheld the conviction.

WikiLeaks in March 2017 began publishing the materials, which concerned how the CIA surveilled foreign governments, alleged extremists and others by compromising their electronics and computer networks. Prosecutors characterized Schulte's actions as "the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information" in US history. Prosecutors also said Schulte received thousands of images and videos of child sexual abuse, and that they found the material in Schulte's New York apartment, in an encrypted container beneath three layers of password protection, during the CIA leaks investigation.

"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike," said FBI Director Christopher Wray in a prepared testimony before the House Select Committee on the Chinese Communist Party. NBC News reports: Wray also argued that "there has been far too little public focus" that Chinese hackers are targeting critical infrastructure in the U.S. such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems, according to the prepared remarks. "And the risk that poses to every American requires our attention -- now," his prepared testimony said.

As Wray testified, the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure. The DOJ said the hackers, known to the private sector as "Volt Typhoon," used privately owned small routers that were infected with "KV botnet" malware to conceal further Chinese hacking activities against U.S. and foreign victims. Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S. [...]

At Wednesday's hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, Easterly added that she was confident that voting systems and other election infrastructure are well-defended. "To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that's been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016," Easterly said in her testimony.

Wray emphasized in the remarks that the "cyber onslaught" of Chinese hackers "goes way beyond prepositioning for future conflict," saying in the prepared remarks that every day the hackers are "actively attacking" U.S. economic security, engaging in "wholesale theft of our innovation, and our personal and corporate data." "And they don't just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents," the excerpts said.

An anonymous reader quotes a report from Reuters: Italy's data protection authority has told OpenAI that its artificial intelligence chatbot application ChatGPT breaches data protection rules, the watchdog said on Monday, as it presses ahead with an investigation started last year. The authority, known as Garante, is one of the European Union's most proactive in assessing AI platform compliance with the bloc's data privacy regime. Last year, it banned ChatGPT over alleged breaches of European Union (EU) privacy rules. The service was reactivated after OpenAI addressed issues concerning, amongst other things, the right of users to decline to consent to the use of personal data to train algorithms. At the time, the regulator said it would continue its investigations. It has since concluded that elements indicate one or more potential data privacy violations, it said in a statement without providing further detail. The Garante on Monday said Microsoft-backed OpenAI has 30 days to present defense arguments, adding that its investigation would take into account work done by a European task force comprising national privacy watchdogs.

An anonymous reader quotes a report from TorrentFreak: With help from the FBI, German police managed to secure nearly 50,000 bitcoin (USD $2 billion) from the operators of the defunct movie streaming portal, Movie2k. [...] Movie2K was another pirate site that showed an early interest in bitcoin. In its heyday, the site was the dominant pirate streaming portal in German-speaking countries. It generated a healthy revenue stream, part of it held in bitcoin. The operator of the site never got to spend most of it though. The site surprisingly shut down in the spring of 2013. Many suspected that legal troubles had plagued the site, something confirmed years later when Dresden police announced several arrests.

It was rare to see new activity in an already-dated dossier, but the biggest surprise followed later when the police announced that $29.7m in bitcoin had been secured from the site's operators. This 'seizure' was one of the largest of its kind but the authorities estimated that the operators had more bitcoin stashed away, much more. Today, new information released by Dresden police shows that the assumption was correct.

Following an investigation carried out by the Dresden General Prosecutor's Office, the Saxony State Criminal Police, and the local tax authority (INES), nearly 50,000 bitcoin were 'provisionally' secured earlier this month. The haul is worth more than $2 billion at today's exchange rate. Never before has this much bitcoin been secured by German authorities; it's also one of the largest crypto hauls worldwide. "The Bitcoins were seized after the accused voluntarily transferred them to official wallets provided by the [Federal Criminal Police Office]. This means that a final decision has not yet been made about the utilization of the Bitcoins," police write.

Dan Goodin, reporting for ArsTechnica: ChatGPT is leaking private conversations that include login credentials and other personal details of unrelated users, screenshots submitted by an Ars reader on Monday indicated. Two of the seven screenshots the reader submitted stood out in particular. Both contained multiple pairs of usernames and passwords that appeared to be connected to a support system used by employees of a pharmacy prescription drug portal. An employee using the AI chatbot seemed to be troubleshooting problems they encountered while using the portal.

"THIS is so f-ing insane, horrible, horrible, horrible, i cannot believe how poorly this was built in the first place, and the obstruction that is being put in front of me that prevents it from getting better," the user wrote. "I would fire [redacted name of software] just for this absurdity if it was my choice. This is wrong." Besides the candid language and the credentials, the leaked conversation includes the name of the app the employee is troubleshooting and the store number where the problem occurred. The entire conversation goes well beyond what's shown in the redacted screenshot above. A link Ars reader Chase Whiteside included showed the chat conversation in its entirety. The URL disclosed additional credential pairs. The results appeared Monday morning shortly after reader Whiteside had used ChatGPT for an unrelated query.

In an announcement earlier today, Prime Minister Rishi Sunak said single-use vapes will be banned in Britain, with certain flavors restricted and regulations put in place around their packaging and displays. The New York Times reports: Mr. Sunak said that the ban, which is part of legislation that still has to be approved by Parliament, was intended to halt "one of the most worrying trends at the moment," before it becomes "endemic." "The long-term impacts of vaping are unknown and the nicotine within them can be highly addictive, so while vaping can be a useful tool to help smokers quit, marketing vapes to children is not acceptable," he said in a statement. Andrea Leadsom, Britain's health minister, said the measures were intended to make sure that vapes were aimed at adults who were quitting smoking, rather than children.

"Nicotine is highly addictive -- and so it is completely unacceptable that children are getting their hands on these products, many of which are undeniably designed to appeal to young people," she said in a statement. [...] While it is not illegal for people under 18 to smoke or vape in Britain, it is illegal for those products to be sold to them. By banning disposable vapes, and restricting the flavors and packaging of refillable vapes, the government hopes to make it far less likely that young people will experiment with e-cigarettes.

With the increasing adoption of e-bikes and drones for efficient, eco-friendly delivery services, New York is proposing the Department of Sustainable Delivery to regulate these services, focusing on safety, data sharing, and operational permits to ease congested lanes. Fast Company reports: The first step of the new department will be a task force made up of tech, transportation, labor, and government representatives. There are currently some city regulations around delivery operations, but they're fragmented; the Department of Consumer and Worker Protection, for example, has addressed delivery worker rights (and recently announced a new minimum pay rate for app-based food delivery workers), while the Department of Transportation focuses on commercial delivery, and has taken steps to address delivery cargo bikes. "We don't have a place where every company that wants to dispatch in volume and move freight [and goods] around in the city on a micro level comes through and has to show that they're going to meet certain requirements," [New York City Deputy Mayor of Operations Meera Joshi] says.

Managers of truck delivery fleets often track their driver's performance and behavior with tools like GPS; through the new department, micromobility app companies may be required to share their GPS delivery data with the city. That data might reveal more about how long delivery riders are working, or how heavy cargo bikes' loads are, which could lead to new regulations. Joshi also points to e-bike fires and rising e-bike rider deaths as red flags that signal the need for more oversight and legislation, which could prevent future tragedies. More information about where and when these deliveries are happening could also help the city adapt its infrastructure to this growing market. "As more and more of the city is feeling the effects of the commercialization of bike lanes, we certainly do have to rethink how wide our bike lanes are, what they are there to accommodate, does there need to be some separation between motorized and nonmotorized [bikes]?" Joshi says. "But these things need to be informed." The city is already making some such updates. Last summer, it upgraded a stretch of 10th Avenue to include a 10-foot-wide bike lane, to better allow regular cyclists and delivery e-bikes to coexist

Tech advancements often move faster than the government, resulting in a game of legislative catch up for cities. Joshi says New York City is thinking about micromobility in this way because "we've seen this movie before," referring to tech disruption, "and we'd like a different ending." While Joshi knows that companies may bristle at the increased oversight, she says being proactive about these issues and taking steps to address them will likely help the firms and their public perception long-term. And not addressing micromobility challenges now could also impede larger climate progress. "If we are not able to show that we have a comprehensive framework, show that we're able to manage what we have today and prepare for the unknown, we could have people, saying 'it was better when [delivery] was in trucks,'" Joshi says, "and that would actually be probably the worst thing for the environment."

Japan is aiming to phase out floppy disks and CD-ROMs, which until now were forms of physical media required for submitting some official documents to the government. Engadget reports: Back in 2022, Minister of Digital Affairs Taro Kono urged various branches of the government to stop requiring businesses to submit information on outdated forms of physical media. The Ministry of Economy, Trade and Industry (METI) is one of the first to make the switch. "Under the current law, there are many provisions stipulating the use of specific recording media such as floppy disks regarding application and notification methods," METI said last week, according to The Register. After this calendar year, METI will no longer require businesses to submit data on floppy disks under 34 ordinances. The same goes for CD-ROMs when it comes to an unspecified number of procedures. There's still quite some way to go before businesses can stop using either format entirely, however.

Kono's staff identified some 1,900 protocols across several government departments that still require the likes of floppy disks, CD-ROMs and even MiniDiscs. The physical media requirements even applied to key industries such as utility suppliers, mining operations and aircraft and weapons manufacturers. There are a couple of main reasons why there's a push to stop using floppy disks, as SoraNews24 points out. One major factor is that floppy disks can be hard to come by. Sony, the last major manufacturer, stopped selling them in 2011. Another is that some data types just won't fit on a floppy disk. A single photo can easily be larger than the format's 1.4MB storage capacity.