A series of arrests that began in late August and continued into last week has sparked concerns that a relatively rare 'Scene' crackdown targeting the top of the so-called 'Piracy Pyramid' may be underway in the Nordic region. TorrentFreak reports: In a statement last week, Denmark's National Unit for Special Crime (NSK) announced that as part of a long-running investigation, a man was arrested on November 22 and then charged with copyright infringement offenses. NSK said its officers searched the home of a 47-year-old man in South Zealand (Sydsjaelland) and seized IT equipment in connection with illegal file-sharing and "copyright infringement of a particularly serious nature." "The case is about an organized network that has illegally shared extremely large quantities of films and TV series via file sharing services," said NSK Police Commissioner Anders-Emil Nohr Kelbaek. While noting that NSK had no further information to offer at this time, Kelbaek said he was pleased that NSK had arrested another suspect believed to have played a 'significant role' in the unnamed network.

Last week's arrest was only the latest in a series of arrests carried out as part of the same long-running NSK investigation into the illegal distribution of movies and TV shows. In late August, NSK arrested four people on suspicion of sharing "extremely large quantities" of movies and TV shows. NSK raided addresses in South-West Jutland, North Zealand and Bornholmand. A 43-year old was arrested at the last location, but it's claimed he lives elsewhere. In common with last week's arrest, all were charged on suspicion of "particularly serious" copyright infringement offenses. In an almost identical statement to that issued last week, Commissioner Anders-Emil Nohr Kelbaek said the case was about "an organized network that shares extremely large amounts of data, presumably in the form of films and series."

TorrentFreak sources report concerns that last week's arrest may be linked to Scene groups. Terminology used by NSK doesn't instantly rule that out and does seem to suggest something potentially more significant than other arrests over the past few years. According to NSK, the August arrests took place on August 28, 2023. Using information in Scene release databases we looked for Danish Scene groups and/or groups that were releasing Denmark-focused content before that date but then made no releases afterward; while that wouldn't provide conclusive proof that a group had been targeted, the method has proven useful in the past. While activity late August suggests nothing especially out of the ordinary, activity since the arrest last week stands in contrast. TF is informed that some groups may have gone dark simply out of an abundance of caution. It's also possible that the groups have nothing to release. Furthermore, there are many other global groups with no obvious links to Danish content or Denmark that also stopped releasing on November 21. The reasons for this are unknown but holidays in the United States may play a role.

Many Plex users were alarmed when they got a "week in review" email last week that showed them what they and their friends had watched on the popular media server software. From a report: Some users are saying that their friends' softcore porn habits are being revealed to them with the feature, while others are horrified by the potentially invasive nature feature more broadly. Plex is a hybrid streaming service/self-hosted media server. In addition to offering content that Plex itself has licensed, the service allows users to essentially roll their own streaming service by making locally downloaded files available to stream over the internet to devices the server admin owns. You can also "friend" people on Plex and give them access to your own server.

A new feature, called "Discover Together," expands social aspects of Plex and introduces an "Activity" tab: "See what your friends have watched, rated, added to their Watchlist, or shared with you," Plex notes. It also shares this activity in a "week in review" email that it sent to Plex users and people who have access to their servers.

Fast Company published some thoughts about porch piracy from Rohan Shah, the cofounder of the shipment-insurance platform Extend: In New York City, where as many as 90,000 packages are stolen every day, the Department of Transportation has launched a pilot program, LockerNYC, in which consumers can collect their online purchases at various storefront or sidewalk locations. Amazon Locker has 900 locations across the U.S. and recently launched Amazon Key, allowing consumers to throw privacy to the wind and give delivery persons access to their homes and cars. Amazon also has pick up kiosks at Whole Foods and Kohl's and The U.S. Postal Service has set up after-hours pick-up locations in many states.

All of that said, for consumers who simply wanted convenient, free two-day shipping, the time spent driving and waiting in line for a package doesn't seem like the best fix, nor a differentiated digital experience. AI to the rescue... This year, the fastest path to progress is simply reinventing shipping protection for the digital era and AI can do that at scale, for pennies on the dollar... My company, Extend, for example, leverages AI to process 98% of shipping claims in 90 seconds, with a replacement product shipped to the customer the same day... The new approach is a type of no-fault insurance, which the consumer purchases at checkout for around 2% of the purchase price. For a $200 pair of shoes, the cost to protect against shipping issues would be just $4.

"Government-funded investment accounts for children could be on the horizon," writes CNBC, "and if tech investor Brad Gerstner has his way, corporate America will match the funds..." Gerstner been working with lawmakers to promote a legislative program known as Invest America that would create an investing account seeded with $1,000 for each child that's born in the U.S., but it's still too early in the process to publicly name supporters. He's aiming, however, to have legislation passed before the next presidential election. At the same time, he's working with corporate America to encourage businesses to offer matching funds to help employees further their savings.

"The vision is simple — that corporations would include an Invest America match of $1,000 into the Invest America account of children of their employees," Gerstner, founder and chief executive of Altimeter Capital, said in an email. "We have talked with companies ranging from Zillow to Dell to Uber and, subject to details, the response has been overwhelmingly positive," he said. Rich Barton, co-founder and chief executive of Zillow, said it's a "no-brainer" for his company to fully support and match the type of program Gerstner is proposing. "A 401(k)-style investment account from birth seems like a great way to tackle the growing divide around financial literacy and wealth," he said in an email. "It is a small investment to help parents achieve more peace of mind."

Representatives for Microsoft CEO Satya Nadella, Michael Dell and Uber CEO Dara Khosrowshahi, other companies Gerstner cited in a recent CNBC interview as being receptive to his pitch, did not respond to email requests for comment...

Certainly, there can be tangible — and intangible — benefits to companies that participated in a matching program. For instance, the government would have to provide tax incentives to companies that would presumably function similarly to how deductions are handled for 401(k) contributions, said Jeffrey Sharp, executive vice president at HUB International, a global insurance broker that provides employee benefits, and other products and services. Someone with $1,000 in her account at birth could expect a balance of about $107,000 by age 67, provided the portfolio grew at an annualized rate of 7%, according to CNBC Make It's compounding interest calculator. With a company match, a $2,000 investment could grow to around $215,000, under the same conditions. The outcome could be even more beneficial if parents contribute additional funds.
The article also hedges that companies "would have to consider the advisability of paying for this type of benefit that not all employees could take advantage of. They might decide, for instance, they'd be better off upping their 401(k) match so more employees could benefit."

But "I think we have a historic moment right now to get everybody into the game of capitalism," Gerstner says in an interview, noting it would cost just $3.7 billion to fund 50 million accounts -- "less than 1/100th of 1% of the national budget" -- and that he hopes to see the legislation introduced next year "in the spring."

America's long-standing Advanced Research Projects Agency (or ARPA) developed the foundational technologies for the internet.

This week its energy division announced $42 million for projects enabling a "more secure and reliable" energy grid, "allowing it to utilize more solar, wind, and other clean energy." But specifically, they funded 15 projects across 11 states to improve the reliability, resiliency, and flexibility of the grid "through the next-generation semiconductor technologies." Streamlining the coordinated operation of electricity supply and demand will improve operational efficiency, prevent unforeseen outages, allow faster recovery, minimize the impacts of natural disasters and climate-change fueled extreme weather events, and redcude grid operating costs and carbon intensity.
Some highlights:

• The Georgia Institute of Technology will develop a novel semiconductor switching device to improve grid control, resilience, and reliability.
• Michigan's Great Lakes Crystal Technologies (will develop a diamond semiconductor transistor to support the control infrastructure needed for an energy grid with more distributed generation sources and more variable loads
• Lawrence Livermore National Laboratory will develop an optically-controlled semiconductor transistor to enable future grid control systems to accommodate higher voltage and current than state-of-the-art devices.
• California's Opcondys will develop a light-controlled grid protection device to suppress destructive, sudden transient surges on the grid caused by lightning or electromagnetic pulses.
• Albuquerque's Sandia National Laboratories will develop novel a solid-state surge arrester protecting the grid from very fast electromagnetic pulses that threaten grid reliability and performance.

America's Secretary of Energy said the new investment "will support project teams across the country as they develop the innovative technologies we need to strengthen our grid security and bring reliable clean electricity to more families and businesses — all while combatting the climate crisis."

An anonymous reader shared this report from the Los Angeles Times: AI that can generate text, images and other content could help improve state programs but also poses risks, according to a report released by the governor's office on Tuesday. Generative AI could help quickly translate government materials into multiple languages, analyze tax claims to detect fraud, summarize public comments and answer questions about state services. Still, deploying the technology, the analysis warned, also comes with concerns around data privacy, misinformation, equity and bias. "When used ethically and transparently, GenAI has the potential to dramatically improve service delivery outcomes and increase access to and utilization of government programs," the report stated...

AI advancements could benefit California's economy. The state is home to 35 of the world's 50 top AI companies and data from Pitchfork says the GenAI market could reach $42.6 billion in 2023, the report said. Some of the risks outlined in the report include spreading false information, giving consumers dangerous medical advice and enabling the creation of harmful chemicals and nuclear weapons. Data breaches, privacy and bias are also top concerns along with whether AI will take away jobs. "Given these risks, the use of GenAI technology should always be evaluated to determine if this tool is necessary and beneficial to solve a problem compared to the status quo," the report said.

The New York Times reports: Meta has received more than 1.1 million reports of users under the age of 13 on its Instagram platform since early 2019 yet it "disabled only a fraction" of those accounts, according to a newly unsealed legal complaint against the company brought by the attorneys general of 33 states.

Instead, the social media giant "routinely continued to collect" children's personal information, like their locations and email addresses, without parental permission, in violation of a federal children's privacy law, according to the court filing. Meta could face hundreds of millions of dollars, or more, in civil penalties should the states prove the allegations. "Within the company, Meta's actual knowledge that millions of Instagram users are under the age of 13 is an open secret that is routinely documented, rigorously analyzed and confirmed," the complaint said, "and zealously protected from disclosure to the public...."

It also accused Meta executives of publicly stating in congressional testimony that the company's age-checking process was effective and that the company removed underage accounts when it learned of them — even as the executives knew there were millions of underage users on Instagram... The lawsuit argues that Meta elected not to build systems to effectively detect and exclude such underage users because it viewed children as a crucial demographic — the next generation of users — that the company needed to capture to assure continued growth.
More from the Wall Street Journal: An internal 2020 Meta presentation shows that the company sought to engineer its products to capitalize on the parts of youth psychology that render teens "predisposed to impulse, peer pressure, and potentially harmful risky behavior," the filings show... "Teens are insatiable when it comes to 'feel good' dopamine effects," the Meta presentation shows, according to the unredacted filing, describing the company's existing product as already well-suited to providing the sort of stimuli that trigger the potent neurotransmitter. "And every time one of our teen users finds something unexpected their brains deliver them a dopamine hit...."

"In December 2017, an Instagram employee indicated that Meta had a method to ascertain young users' ages but advised that 'you probably don't want to open this pandora's box' regarding age verification improvements," the states say in the suit. Some senior executives raised the possibility that cracking down on underage usage could hurt Meta's business... The states say Meta made little progress on automated detection systems or adequately staffing the team that reviewed user reports of underage activity. "Meta at times has a backlog of 2-2.5 million under-13 accounts awaiting action," according to the complaint...

The unredacted material also includes allegations that Meta Chief Executive Mark Zuckerberg instructed his subordinates to give priority to boosting its platforms' usage above the well being of users... Zuckerberg also repeatedly dismissed warnings from senior company officials that its flagship social-media platforms were harming young users, according to unsealed allegations in a lawsuit filed by Massachusetts earlier this month...

The complaint cites numerous other executives making public claims that were allegedly contradicted by internal documents. While Meta's head of global safety, Antigone Davis, told Congress that the company didn't consider profitability when designing products for teens, a 2018 internal email stated that product teams should keep in mind that "The lifetime value of a 13 y/o teen is roughly $270" when making product decisions.

TorrentFreak: File-sharing and hosting giant Uloz has announced a radical change to its business model. The Czech site has been under fire for some time and was recently branded a 'notorious market' by the MPA. However, Uloz says that an imminent ban on file-sharing in favor of a private, cloud-based storage model, is due to the strict conditions imposed by the EU's Digital Services Act.

New submitter Kiddo 9000 writes: Dbrand, a company known best for making cases for phones, game consoles, and laptops, has filed a lawsuit against case manufacturer CASETiFY over their "Inside Out" case lineup. Dbrand alleges that CASETiFY copied the designs from their Teardown skins and put them on their own products without permission. In a video published by JerryRigEverything, several easter eggs placed in the Teardown skins were found in the CASETiFY designs, alongside numerous tweaks and layout changes, and even Dbrand's logo.

Lenovo has filed a lawsuit against Asus, claiming that the company's laptops infringe on four of their patents. "Lenovo is seeking damages and for Asus to stop selling Zenbook laptops and other allegedly infringing products in the U.S.," reports Ars Technica. From the report: The lawsuit [PDF] centers on four patents. The first, entitled "Methods and apparatus for transmitting in resource blocks" was issued in 2021 and relates to minimizing the delay experienced during an uplink package transmission by reducing the number of steps for a wireless device to upload data. Lenovo's lawsuit, which uses Asus' Zenbook Pro 14 OLED (UX6404) as an example of an allegedly infringing product, also claims Asus is selling laptops that violate the wireless wake-on-LAN power management patent issued to Lenovo in 2010.

Another patent Lenovo is suing over was issued in 2010 and entitled "Touchpad diagonal scrolling." It allows users to "initiate a diagonal scroll at any location on a touchpad by using two fingers," the lawsuit says. Finally, Lenovo is upset about Asus' purported infringing of its "Dual shaft hinge with angle timing shaft mechanism" patent rewarded in 2014. Lenovo describes it as a hinge block enabling 2-in-1 laptops to go from clamshell mode to tablet mode. For this accused patent infringement, Lenovo's lawsuit points to Asus' Zenbook Flip 14 UX461, which Asus advertises as having a 360-degree "ErgoLift" hinge that "lifts and tilts the keyboard into the perfect typing position when the display is rotated into laptop mode."

As noted by The Register today, in a letter to the ITC dated November 15 [PDF], Lenovo said it wants Asus to "cease and desist from marketing, advertising, distributing, offering for sale, selling, or otherwise transferring, including the movement or shipment of inventory" products that infringe upon the four patents in question. In a further dig, Lenovo added that a limited exclusion order wouldn't harm US consumers or competition, due to Asus' smaller market share. According to the IDC, Asus represented about 7.1 percent of the PC market (which includes laptops and desktops) in Q3 2023. Lenovo led at 23.5 percent.

Dan Robinson reports via The Register: Nvidia is facing legal action in the U.S. for theft of trade secrets from a German automotive company, which alleges its ex-employee made an epic blunder of showing something he shouldn't have when minimizing a Powerpoint slide at a joint Microsoft Teams meeting both companies were attending. The automotive firm, Valeo Schalter und Sensoren, claims the flashing of its source code for the assisted parking app on the call is evidence to support its accusations that the ex-staffer stole the IP before leaving to join Nvidia. The two tech companies were both on the call as they were each suppliers on contract for a parking and driving assistance project with a major automotive OEM that was not named in the suit. Under the terms of the contract with the OEM, the suit states, engineers from both Valeo and Nvidia had to schedule collaboration meetings so that "Nvidia employees could ask Valeo employees questions about Valeo's ultrasonic hardware and data associated with the hardware."

The complaint [PDF], filed by Valeo in the US District Court for Northern California, goes on to allege misappropriation of trade secrets by Nvidia, through which the company claims the GPU-maker attempted to take a shortcut into the automotive marketplace by using its stolen software. Nvidia is a relative newcomer to the automotive market, introducing its Nvidia Drive platform at the CES trade show in 2015. Valeo says that it only discovered the theft during a conference call on March 8, 2022 between its engineers and those of Nvidia to collaborate on work for an automotive OEM, a customer of both companies. Valeo develops automotive hardware such as cameras and sensors, in addition to software to processes the data from the hardware. The court filing states that Valeo previously provided the OEM in question with both hardware and software for its autonomous vehicle technology, but in this instance, it asked Valeo to provide ultrasonic hardware only. For the software side, the OEM instead chose Nvidia. One of the Nvidia engineers on the call, named as Mohammad Moniruzzaman, was a former employee of Valeo, and during the call, made using Microsoft's Teams software, he shared his screen in order to give a presentation containing questions for the Valeo participants.

Yet also visible on his screen after the presentation finished - or so the complaint alleges - was a window of source code, which the Valeo participants recognized as belonging to their company. According to the filing, one of the Valeo engineers succeeded in capturing a screenshot as evidence. According to Valeo, the source code file names that were allegedly visible in the screenshot were identical to those used in its source code, and it also claims the source code appeared to be identical to proprietary code maintained in Valeo's repositories. The company says in the suit that it then conducted a comprehensive internal forensic IT audit, and alleges it discovered that Moniruzzaman had copied four repositories containing the code for Valeo's parking and driving assistance software, prior to leaving the company in May 2021. [...] The claim is that Valeo's source code and documentation has been used in the development of Nvidia's software, and this provided the GPU giant and its engineers with a shortcut in the development of its parking assistance code, saving Nvidia perhaps hundreds of millions of dollars in development costs.

According to the court filing, Nvidia said it removed Moniruzzaman's additions to its code. However, those additions underwent "a peer review process of 10-30 iterations of feedback loops" before the code was fully merged into Nvidia's database. Valeo contends that this process of extensive edits by others means it is not realistic that Nvidia could have fully remove Moniruzzaman's contributions. Valeo claims it has suffered competitive harm as a result of Nvidia's action and as a result is seeking damages, to be determined at trial, as well as an injunction prohibiting Nvidia or its employees from using or disclosing Valeo's trade secrets. A date for jury trial has yet to be announced.

Connor Jones reports via The Register: The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked. The third parties both provided relocation services for public sector workers and the government is currently analyzing a "significant volume of data" which could date back to 1999. No formal conclusions have yet been made about the number of workers impacted due to the large-scale task of analyzing the relevant data. However, the servers impacted by the breach held data related to current and former Canadian government staff, members of the Canadian armed forces, and Royal Canadian Mounted Police workers -- aka Mounties.

"At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies," a government statement read. Those who think they may be affected are advised to update any login details that may be similar to those used to access BGRS or Sirva's systems. Enabling MFA across all accounts that are used for online transactions is also advised, as is the manual monitoring of personal accounts for any potential malicious activity. Work is currently being carried out to identify and address any vulnerabilities that may have led to the incident, according to the statement.

An anonymous reader quotes a report from 404 Media: Matteo Franceschetti, the CEO of Eight Sleep, which makes the $2,295 smart mattress topper "The Pod" tweeted: "Breaking news: The OpenAI drama is real. We checked our data and last night, SF saw a spike in low-quality sleep. There was a 27 percent increase in people getting under 5 hours of sleep. We need to fix this. Source: @eightsleep data." Franceschetti's tweet reminds us that The Pod is essentially a mattress with both a privacy policy and a terms of service, and that the data Eight Sleep collects about its users can and is used to further its business goals. It's also a reminder that many apps, smart devices, and apps for smart devices collect a huge amount of user data that they can then directly monetize or deploy for marketing or Twitter virality purposes whenever they feel like it.

The Pod does "intelligent cooling and heating for any bed," and learns and adjusts the temperature of the bed based on your sleep habits, tracks your sleep and vital signs while you sleep, and gives you a "Sleep Fitness Score" based on your quality, routine, and time of sleep. As someone who often does not sleep well, The Pod is a compelling product that I cannot currently afford. Quickly, to get it out of the way: Eight Sleep's data does not and cannot actually show that "San Francisco" had a spike in low-quality sleep. What it shows is that people in San Francisco who have purchased a $2,295 smart mattress topper and have not successfully opted out of Eight Sleep's analytics -- a group that surely overindexes on tech workers -- slept less Sunday night.

The top of Eight Sleep's terms of service states "At Eight Sleep we pledge to respect your privacy and to keep your data safe. We only collect data that helps us improve our products and services." Both Eight Sleep's privacy policy and terms of service then go on to note that the company collects a huge amount of data that can be used for a wide variety of purposes, including marketing, retargeting, and scientific studies. It can also, apparently, be used by the CEO for commenting on the day's tech news. Specifically, the company notes that "data about your sleep activity is transferred from your Device to our servers" every time the Pod's app syncs with the Pod. Certain features on the device also require location data "including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs." This data is then used to give users personalized sleep recommendations, but they are also "used in research to understand and improve the Eight Device and Eight Service," "to enforce the Eight Terms of Service," and, critically, "de-identified data that does not identify you may be used to inform the health and scientific community about trends; for marketing and promotional use; or for sale to interested audiences." The terms of service add that it "may share or sell" this data.

Winston Cho writes via The Hollywood Reporter: A federal judge has dismissed most of Sarah Silverman's lawsuit against Meta over the unauthorized use of authors' copyrighted books to train its generative artificial intelligence model, marking the second ruling from a court siding with AI firms on novel intellectual property questions presented in the legal battle. U.S. District Judge Vince Chhabria on Monday offered a full-throated denial of one of the authors' core theories that Meta's AI system is itself an infringing derivative work made possible only by information extracted from copyrighted material. "This is nonsensical," he wrote in the order. "There is no way to understand the LLaMA models themselves as a recasting or adaptation of any of the plaintiffs' books."

Another of Silverman's arguments that every result produced by Meta's AI tools constitutes copyright infringement was dismissed because she didn't offer evidence that any of the outputs "could be understood as recasting, transforming, or adapting the plaintiffs' books." Chhabria gave her lawyers a chance to replead the claim, along with five others that weren't allowed to advance. Notably, Meta didn't move to dismiss the allegation that the copying of books for purposes of training its AI model rises to the level of copyright infringement. In July, Silverman and two authors filed a class action lawsuit against Meta and OpenAI for allegedly using their content without permission to train AI language models.

Using fake names, sham LinkedIn profiles, counterfeit work papers and mock interview scripts, North Korean IT workers seeking employment in Western tech companies are deploying sophisticated subterfuge to get hired. From a report: Landing a job outside North Korea to secretly earn hard currency for the isolated country demands highly-developed strategies to convince Western hiring managers, according to documents reviewed by Reuters, an interview with a former North Korean IT worker and cybersecurity researchers. North Korea has dispatched thousands of IT workers overseas, an effort that has accelerated in the last four years, to bring in millions to finance Pyongyang's nuclear missile programme, according to the United States, South Korea, and the United Nations.

"People are free to express ideas and opinions," reads one interview script used by North Korean software developers that offers suggestions for how to describe a "good corporate culture" when asked. Expressing one's thoughts freely could be met with imprisonment in North Korea. The scripts totalling 30 pages, were unearthed by researchers at Palo Alto Networks, a U.S. cybersecurity firm which discovered a cache of internal documents online that detail the workings of North Korea's remote IT workforce. The documents contain dozens of fraudulent resumes, online profiles, interview notes, and forged identities that North Korean workers used to apply for jobs in software development.

Sunbird, the app that brings iMessage to Android, has temporarily shut down the service over "security concerns." From a report: In a notice to users, Sunbird says it has "decided to pause Sunbird usage for now" while it investigates reports that its messages aren't actually end-to-end encrypted. Sunbird launched in 2022 as a messaging app that attempts to put the blue versus green bubble battle to rest. It has only been available to those who sign up for its waitlist, touting numerous privacy features, like end-to-end encryption, no message data collection, and no ads.

Last week, Sunbird partnered with Nothing, the phone brand owned by OnePlus co-founder Carl Pei, on the launch of Nothing Chats. The Sunbird-powered messaging service is supposed to let owners of the Phone 2 send texts via iMessage, but it was pulled from the Google Play Store just one day after its launch. At the time, Nothing said it had to fix "several bugs" within the app. However, its removal from the Play Store came around the same time a post from Texts.blog revealed that messages sent via Sunbird may not be end-to-end encrypted.

An anonymous reader quotes a report from Wired: A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program's legality. According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans' calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs' departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T's infrastructure -- a maze of routers and switches that crisscross the United States. In a letter to US attorney general Merrick Garland on Sunday, Wyden wrote that he had "serious concerns about the legality" of the DAS program, adding that "troubling information" he'd received "would justifiably outrage many Americans and other members of Congress." That information, which Wyden says the DOJ confidentially provided to him, is considered "sensitive but unclassified" by the US government, meaning that while it poses no risk to national security, federal officials, like Wyden, are forbidden from disclosing it to the public, according to the senator's letter. AT&T spokesperson Kim Hart Jonson said only that the company is required by law to comply with a lawful subpoena. However, "there is no law requiring AT&T to store decades' worth of Americans' call records for law enforcement purposes," notes Wired. "Documents reviewed by WIRED show that AT&T officials have attended law enforcement conferences in Texas as recently as 2018 to train police officials on how best to utilize AT&T's voluntary, albeit revenue-generating, assistance."

"The collection of call record data under DAS is not wiretapping, which on US soil requires a warrant based on probable cause. Call records stored by AT&T do not include recordings of any conversations. Instead, the records include a range of identifying information, such as the caller and recipient's names, phone numbers, and the dates and times they placed calls, for six months or more at a time." It's unclear exactly how far back the call records accessible under DAS go, although a slide deck released under the Freedom of Information Act in 2014 states that they can be queried for up to 10 years.

Firefox 120 will be available tomorrow, bringing support for the Global Privacy Control "Sec-GPC" request header to indicate whether a user consents to a website or service selling or sharing their personal information with third parties. It's also enabling the WebAssembly GC extension by default, opening up new languages like Dart and Kotlin to run in the browser. Phoronix's Michael Larabel highlights some of the other features included in this release: - Ubuntu Linux users now have the ability to import data from Chromium when both are installed as Snap packages. - Picture-in-Picture mode now supports corner snapping on Windows and Linux.
- Support for the light-dark() CSS color function that allows setting of colors for both light and dark without needing to use the prefers-color-scheme media feature. This allows conveniently specifying the preferred light color theme value followed by the dark color theme value.
- CSS support for the lh and rlh line height units.

An anonymous reader quotes a report from Reuters: Apple has been sued by Venmo and Cash App customers in a proposed class action claiming the iPhone maker abused its market power to curb competition for mobile peer-to-peer payments, causing consumers to pay "rapidly inflating prices." Four consumers in New York, Hawaii, South Carolina and Georgia filed the lawsuit (PDF) on Friday in San Jose, California, federal court. They alleged Apple violated U.S. antitrust law through its agreements with PayPal's Venmo and Block's Cash App.

Apple's agreements limit "feature competition" within peer-to-peer payment apps, including prohibiting existing or new platforms from using "decentralized cryptocurrency technology," the complaint said. The lawsuit seeks an injunction that could force Apple to divest or segregate its Apple Cash business.

An anonymous reader quotes a report from SecurityWeek: Moving to clamp down on the growing scourge of SIM-swapping and port-out fraud, the Federal Communications Commission (FCC) has unveiled new rules mandating telcos to give consumers greater control of their mobile phone accounts. Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The FCC has also revised its customer proprietary network information and local number portability rules, making it more challenging for scammers to access sensitive subscriber information.

The new protective measures (PDF) are meant to address SIM-swapping and port-out attacks widely documented in cybercriminal attacks against businesses and consumers. The attack technique is used to hijack mobile accounts, change and steal passwords, bypass MFA roadblocks and raid bank accounts. Studies have found that major mobile carriers in the US are vulnerable to SIM-swapping with the Federal Bureau of Investigation (FBI) receiving thousands of consumer complaints every year.