×
Privacy

Security Flaw In a Popular Smart Helmet Allowed Silent Location Tracking (techcrunch.com) 3

An anonymous reader quotes a report from TechCrunch: The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet's in-built speaker and microphone, and share their real-time location in a friend's group using Livall's smartphone apps. Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, said Livall's smartphone apps had a simple flaw allowing easy access to any group's audio chats and location data. Munro says the two apps, one for skiers and one for bike riders, collectively have about a million users.

At the heart of the bug, Munro found that anyone using Livall's apps for group audio chat and sharing their location must be part of the same friends group, which could be accessed using only that group's six-digit numeric code. "That 6-digit group code simply isn't random enough," Munro said in a blog post describing the flaw. "We could brute force all group IDs in a matter of minutes." In doing so, anyone could access any of the 1 million possible permutations of group chat codes.

"As soon as one entered a valid group code, one joined the group automatically," said Munro, adding that this happened without alerting other group members. "It was therefore trivial to silently join any group, giving us access to any users' location and the ability to listen in to any group audio communications," said Munro. "The only way a rogue group user could be detected was if the legitimate user went to check on the members of that group." [...] In an email, Livall's R&D director Richard Yi explained that the company improved the randomness of group codes by also adding letters, and including alerts for new members joining groups. Yi also said the app now allows the shared location to be turned off at the user level.

Piracy

Reddit Doesn't Have To Share IP-Addresses of Piracy Commenters, Court Rules (torrentfreak.com) 22

An anonymous reader quotes a report from TorrentFreak: Reddit is not required to share the IP-address of six users who made piracy-related comments on the website. The company successfully protested the third attempt of a group of filmmakers, which planned to use the requested logs as evidence in their lawsuit against Internet provider Frontier. Instead of focusing on anonymous Redditors, filmmakers can go after the ISP's subscribers directly. [...] Early last year, the film companies subpoenaed Reddit for the first time, requesting the personal details of several users. Reddit refused to cooperate, defending their users' right to anonymous speech, and found a California federal court in agreement. In a second attempt a few weeks later, several film companies sent a similar subpoena to Reddit. This time, the request was more targeted, as all comments specifically referred to the ISP being sued; Grande Communications. Reddit still refused to comply, however, stressing that its users' First Amendment rights would still be at stake. After hearing both parties, Magistrate Judge Laurel Beeler sided with Reddit once again.

While the denial was another setback for the film companies and their attorney, they had no plans to abandon this route to evidence quite so easily. Last month, they were back in court with a similar but tweaked request, this time related to a lawsuit targeting Internet provider Frontier Communications. Broadly speaking, the third case was comparable to the others. The film companies, including Voltage Holdings and Screen Media Ventures, wanted to use comments made by six Redditors to show that the ISP didn't take proper action against repeat infringers, or that 'lax' enforcement acted as a draw to potential pirates. Contrary to the earlier requests, the film companies were no longer looking for any names or email addresses, only the applicable IP address logs. This would allow the commenters to remain anonymous because an 'IP-address is not a person', their attorney argued. Reddit, again, refused to hand over information, arguing it would violate users' right to anonymous speech. The fact that it would only have to reveal IP-addresses wouldn't change that, Reddit argued.

After both sides had the chance to present their arguments, the matter landed on the desk of U.S. Magistrate Judge Thomas Hixson of the California federal court. After reviewing the paperwork, Judge Hixson denied the motion to compel. [...] Of importance in this decision is the so-called '2TheMart.com' standard, which was also applied in the earlier two cases. From that perspective, the court sees no reason to reach a different conclusion. [...] "While the Court is unaware of any cases in the Ninth Circuit in which a court has declined to apply a First Amendment unmasking standard for IP addresses, other courts have recognized that IP addresses are essential to unmasking because an 'IP address cannot be made up in the same way that a poster may provide a false name and address.'" "For this reason, the Court finds no reason to believe provision of an IP address is not unmasking subject to First Amendment scrutiny," Judge Hixson writes. "In sum, the Court finds Movants cannot meet the 2TheMart standard because the evidence they seek can be obtained from other sources, including from Frontier in the normal course of discovery." If the rightsholders are unable to obtain the desired evidence from Frontier, they could always try again, of course. If anything, the film companies have shown that aren't prepared to give up easily.

Apple

Apple Is Lobbying Against Right To Repair Six Months After Supporting Right To Repair (404media.co) 27

An Apple executive lobbied against a strong right-to-repair bill in Oregon Thursday, which is the first time the company has had an employee actively outline its stance on right to repair at an open hearing. 404 Media: Apple's position in Oregon shows that despite supporting a weaker right to repair law in California, it still intends to control its own repair ecosystem. It also sets up a highly interesting fight in the state because Google has come out in favor of the same legislation Apple is opposing. "It is our belief that the bill's current language around parts pairing will undermine the security, safety, and privacy of Oregonians by forcing device manufacturers to allow the use of parts of unknown origin in consumer devices," John Perry, Apple's principal secure repair architect, told the legislature. This is a quick about-face for the company, which after years of lobbying against right to repair, began to lobby for it in California last fall. The difference now is that Oregon's bill includes a critical provision that Google says it can easily comply with but that is core for Apple to maintain its dominance over the repair market.
Businesses

Amazon Steers Consumers To Higher-Priced Items, Lawsuit Claims (reuters.com) 50

Amazon has been sued in a proposed U.S. class action that accuses the online retailer of violating consumer protection law by steering shoppers to higher-priced items to earn extra fees. Filed this week in the Seattle federal court, the complaint cites the recent FTC antitrust case against Amazon. It alleges Amazon's algorithm for its "Buy Box" often shows higher-priced options over faster, cheaper alternatives. The suit says shoppers click Amazon's "Buy Now" button nearly 98% of the time, falsely believing its choices offer the best deal. Amazon created the algorithm to benefit third-party sellers that pay "hefty fees" for its Fulfillment By Amazon services, the suit alleges.
Privacy

London Underground Is Testing Real-Time AI Surveillance Tools To Spot Crime (wired.com) 31

Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. From the report: The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares. From October 2022 until the end of September 2023, Transport for London (TfL), which operates the city's Tube and bus network, tested 11 algorithms to monitor people passing through Willesden Green Tube station, in the northwest of the city. The proof of concept trial is the first time the transport body has combined AI and live video footage to generate alerts that are sent to frontline staff. More than 44,000 alerts were issued during the test, with 19,000 being delivered to station staff in real time.

Documents sent to WIRED in response to a Freedom of Information Act request detail how TfL used a wide range of computer vision algorithms to track people's behavior while they were at the station. It is the first time the full details of the trial have been reported, and it follows TfL saying, in December, that it will expand its use of AI to detect fare dodging to more stations across the British capital. In the trial at Willesden Green -- a station that had 25,000 visitors per day before the Covid-19 pandemic -- the AI system was set up to detect potential safety incidents to allow staff to help people in need, but it also targeted criminal and antisocial behavior. Three documents provided to WIRED detail how AI models were used to detect wheelchairs, prams, vaping, people accessing unauthorized areas, or putting themselves in danger by getting close to the edge of the train platforms.

The Courts

Jury Awards Climate Scientist $1 Million In Defamation Lawsuit (apnews.com) 153

"The jury took little time to determine that Michael Mann had been defamed by conservative writers who likened him to a pedophile," writes longtime Slashdot reader BishopBerkeley in a follow-up to Wednesday's story. "He has received a $1 million judgment against the writers. This was likely because scrutiny of his data showed no malfeasance or misuse of data, but the 'conservative' writers' accusations continued, nevertheless." The Associated Press reports: Mann's research was investigated after his and other scientists' emails were leaked in 2009 in an incident that brought further scrutiny of the "hockey stick" graph, with skeptics claiming Mann manipulated data. Investigations by Penn State and others found no misuse of data by Mann, but his work continued to draw attacks, particularly from conservatives. "Mann could be said to be the Jerry Sandusky of climate science, except for instead of molesting children, he has molested and tortured data," Simberg wrote. Another writer, Mark Steyn, later referenced Simberg's article in his own piece in National Review, calling Mann's research "fraudulent."

The jury in Superior Court of the District of Columbia awarded Mann $1 in compensatory damages from each writer; it also awarded punitive damages of $1,000 from Simberg and $1 million from Steyn. It announced its verdict after four weeks of trial and one day of deliberations. During the trial, Steyn represented himself, but said through his manager Melissa Howes that he would be appealing the $1 million award in punitive damages, saying it would have to face "due process scrutiny."

The Internet

Pakistan Cuts Off Phone and Internet Services On Election Day (techcrunch.com) 36

An anonymous reader quotes a report from TechCrunch: Pakistan has temporarily suspended mobile phone network and internet services across the country to combat any "possible threats," a top ministry said, as the South Asian nation commences its national election. In a statement, Pakistan's interior ministry said the move was prompted by recent incidents of terrorism in the country. The internet was accessible through wired broadband connections, local journalists posted on X earlier Thursday. But NetBlocks, an independent service that tracks outages, said later that Pakistan had started to block internet services as well. The polls have opened in the nation and will close at 5 p.m. The interior ministry didn't say when it will switch back on the mobile services.
Communications

Thieves Steal 200ft Tower From Alabama Radio Station (theguardian.com) 142

A radio station in Alabama has been forced to temporarily shut down after thieves stole a 200ft radio tower. The Guardian reports: WJLX, a station in Jasper, Alabama, was ordered to go off air by the Federal Communications Commission (FCC) after thieves took the station's AM tower last week, the Guardian first learned. "In all my years of being in the business, around the business, everything like that, I have never seen anything like this," WJLX's general manager, Brett Elmore, told the Guardian. "You don't hear of a 200ft tower being stolen," he added.

Elmore said the theft was first discovered last week by a landscaping crew that regularly manages the area nearby the tower, WBRC reported. "They called me and said the tower was gone. And I said, 'What do you mean, the tower is gone?'" Elmore said. The radio tower was previously located in a wooded area, behind a local poultry plant. Elmore said that thieves had cut the tower's wires and somehow removed it. Thieves also stole the station's AM transmitter from a nearby building.

For the small radio station, the theft has had a significant impact. Elmore said the station's property was not insured. Replacing the tower could cost the station anywhere between $100,000 to $150,000, which is "more money than we have," Elmore said. The FCC also notified WJLX on Thursday morning that the station would have to go off the air because of the theft. While WJLX still has its FM transmitter and tower, it is not allowed to operate its FM transmitter while the AM station is off the air.
"I had a guy from Virginia call yesterday and say, 'You know, I think a helicopter grabbed [the tower],'" Elmore said. He's hoping that surveillance video from the nearby poultry plant or witnesses nearby can help figure out who stole the station's tower.
Security

The Viral Smart Toothbrush Botnet Story Is Not Real (404media.co) 52

On Tuesday, The Independent, Tom's Hardware, and many other tech outlets reported on a story about how three million smart toothbrushes were used in a DDoS attack. The only problem? It "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes." From the report: The original article, called "The toothbrushes are attacking," starts with the following passage: "She's at home in the bathroom, but she's part of a large-scale cyber attack. The electric toothbrush is programmed with Java, and criminals have unnoticed installed malware on it - like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage is caused. This example, which seems like a Hollywood scenario, actually happened. It shows how versatile digital attacks have become." [...]

The "3 million hacked smart toothbrushes" story has now been viral for more than 24 hours and literally no new information about it has emerged despite widespread skepticism from people in the security industry and its virality. The two Fortinet executives cited in the original report did not respond to an email and LinkedIn message seeking clarification, and neither did Fortinet's PR team. The author of the Aargauer Zeitung story also did not respond to a request for more information. I called Fortinet's headquarters, asked to speak to the PR contact listed on the press release about its earnings, which was published after the toothbrush news began to go viral, and was promptly disconnected. The company has continued to tweet about other, unrelated things. They have not responded to BleepingComputer either, nor the many security researchers who are asking for further proof that this actually happened. While we don't know how this happened, Fortinet has been talking specifically about the dangers of internet-connected toothbrushes for years, and has been using it as an example in researcher talks.
In a statement to 404 Media, Fortinet said "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred."
Earth

EPA Tightens Rules On Some Air Pollution For the First Time In Over a Decade 59

The U.S. Environmental Protection Agency (EPA) today unveiled new, stricter limits for PM2.5 (particulate smaller than 2.5 micrometers in diameter), commonly referred to as soot. As NPR notes, these particles are are "one of the deadliest types of air pollution." From the report: The agency lowered the allowable limit for annual PM2.5 levels from 12 micrograms per cubic meter to 9. That's a "significant reduction," says Regan Patterson, an air pollution expert at the University of California, Los Angeles. "The science is clear," says EPA Administrator Michal Regan. "Soot pollution is one of the most dangerous forms of air pollution and is linked to a range of serious and potentially deadly illnesses, including asthma and heart attacks."

The new standard represents the first tightening of the rules since 2012, but states will have several years to reach the new limits. The EPA left the daily limits on PM2.5 pollution unchanged, at 35 micrograms per cubic meter, saying the same efforts that will reduce pollution under the revised annual standard will drive down short-term pollution exposures as well. Decades of research have demonstrated that tiny particles are dangerous to people's health at nearly any concentration. The sources vary: fossil fuel combustion, agriculture, and industrial processes all add to the load, as does wildfire smoke and dust.

In aggregate, the tiny particles drive millions of premature deaths worldwide each year. The EPA estimates that the new, tighter standards will prevent about 4,500 premature deaths a year by 2032 in the U.S. and prevent about 800,000 asthma-related emergency visits. It estimates the lower pollution exposures could reduce healthcare costs by about $46 billion by that time.
The Courts

Judge Rules Against Users Suing Google and Apple Over 'Annoying' Search Results (arstechnica.com) 22

An anonymous reader quotes a report from Ars Technica: While the world awaits closing arguments later this year in the US government's antitrust case over Google's search dominance, a California judge has dismissed a lawsuit from 26 Google users who claimed that Google's default search agreement with Apple violates antitrust law and has ruined everyone's search results. Users had argued (PDF) that Google struck a deal making its search engine the default on Apple's Safari web browser specifically to keep Apple from competing in the general search market. These payments to Apple, users alleged, have "stunted innovation" and "deprived" users of "quality, service, and privacy that they otherwise would have enjoyed but for Google's anticompetitive conduct." They also allege that it created a world where users have fewer choices, enabling Google to prefer its own advertisers, which users said caused an "annoying and damaging distortion" of search results.

In an order (PDF) granting the tech companies' motion to dismiss, US District Judge Rita Lin said that users did not present enough evidence to support claims for relief. Lin dismissed some claims with prejudice but gave leave to amend others, allowing users another chance to keep their case -- now twice-dismissed -- at least partially alive. Under Lin's order, users will not be able to amend claims that Google and Apple executives allegedly sealed the default search deal on the condition that Apple would not create its own general search engine through "private, secret, and clandestine personal meetings." Because plaintiffs showed no evidence pinpointing exactly when Apple allegedly agreed to stay out of the general search market, these meetings, Lin reasoned, could just as easily indicate "rational, legal business behavior," rather than an "illegal conspiracy."

Users attempted to argue that Google and Apple intentionally hid these facts from the public, but Lin wrote that their "conclusory and vague allegations that defendants 'secretly conducted meetings' and 'engaged in conduct to obfuscate internal communications' are plainly insufficient." Sharing bystander photos documenting Google's Sundar Pichai and Apple's Tim Cook meeting at a restaurant with a manila folder tucked under Pichai's elbow did not help users' case. Lin was also not moved by users demonstrating that Google has a history of destroying evidence, because "they put forth no specific factual allegations that defendants did so in this case." However, users will have 30 days to amend currently "inadequately" alleged claims that "Google's exclusive default agreement, under which Apple set Google as the default search engine for its Safari web browser, foreclosed competition in the general search services market in the United States," Lin wrote. If users miss that deadline, the case will be tossed with no opportunities to further amend claims.

EU

EU Proposes Criminalizing AI-Generated Child Sexual Abuse and Deepfakes 101

An anonymous reader quotes a report from TechCrunch: AI-generated imagery and other forms of deepfakes depicting child sexual abuse (CSA) could be criminalized in the European Union under plans to update existing legislation to keep pace with technology developments, the Commission announced today. It's also proposing to create a new criminal offense of livestreaming child sexual abuse. The possession and exchange of "pedophile manuals" would also be criminalized under the plan -- which is part of a wider package of measures the EU says is intended to boost prevention of CSA, including by increasing awareness of online risks and to make it easier for victims to report crimes and obtain support (including granting them a right to financial compensation). The proposal to update the EU's current rules in this area, which date back to 2011, also includes changes around mandatory reporting of offenses.

Back in May 2022, the Commission presented a separate piece of CSA-related draft legislation, aiming to establish a framework that could make it obligatory for digital services to use automated technologies to detect and report existing or new child sexual abuse material (CSAM) circulating on their platforms, and identify and report grooming activity targeting kids. The CSAM-scanning plan has proven to be highly controversial -- and it continues to split lawmakers in the parliament and the Council, as well as kicking up suspicions over the Commission's links with child safety tech lobbyists and raising other awkward questions for the EU's executive, over a legally questionable foray into microtargeted ads to promote the proposal. The Commission's decision to prioritize the targeting of digital messaging platforms to tackle CSA has attracted a lot of criticism that the bloc's lawmakers are focusing in the wrong area for combatting a complex societal problem -- which may have generated some pressure for it to come with follow-on proposals. (Not that the Commission is saying that, of course; it describes today's package as "complementary" to its earlier CSAM-scanning proposal.)
"Fast evolving technologies are creating new possibilities for child sexual abuse online, and raises challenges for law enforcement to investigate this extremely serious and wide spread crime," said Ylva Johansson, commissioner for home affairs, in a statement. "A strong criminal law is essential and today we are taking a key step to ensure that we have effective legal tools to rescue children and bring perpetrators to justice. We are delivering on our commitments made in the EU Strategy for a more effective fight against Child sexual abuse presented in July 2020."

The final shape of the proposals will be determined by the EU's co-legislators in the Parliament and Council. "If/when there's agreement on how to amend the current directive on combating CSA, it would enter into force 20 days after its publication in the Official Journal of the EU," adds TechCrunch.
The Courts

A Famous Climate Scientist Is In Court With Big Stakes For Attacks On Science (npr.org) 272

Julia Simon reports via NPR: In a D.C. courtroom, a trial is wrapping up this week with big stakes for climate science. One of the world's most prominent climate scientists is suing a right-wing author and a policy analyst for defamation. The case comes at a time when attacks on scientists are proliferating, says Peter Hotez, professor of Pediatrics and Molecular Virology at Baylor College of Medicine. Even as misinformation about scientists and their work keeps growing, Hotez says scientists haven't yet found a good way to respond. "The reason we're sort of fumbling at this is it's unprecedented. And there is no roadmap," he says. The climate scientist at the center of this trial is Michael Mann. The professor of earth and environmental science at the University of Pennsylvania gained prominence for helping make one of the most accessible, consequential graphs in the history of climate science. First published in the late 1990s, the graph shows thousands of years of relatively stable global temperatures. Then, when humans start burning lots of coal and oil, it shows a spike upward. Mann's graph looks like a hockey stick lying on its side, with the blade sticking straight up. The so-called "hockey stick graph" was successful in helping the public understand the urgency of global warming, and that made it a target, says Kert Davies, director of special investigations at the Center for Climate Integrity, a climate accountability nonprofit. "Because it became such a powerful image, it was under attack from the beginning," he says.

The attacks came from groups that reject climate science, some funded by the fossil fuel industry. In the midst of these types of attacks -- including the hacking of Mann's and other scientists' emails by unknown hackers -- Penn State, where Mann was then working, opened an investigation into his research. Penn State, as well as the National Science Foundation, found no evidence of scientific misconduct. But a policy analyst and an author wrote that they were not convinced. The trial in D.C. Superior Court involves posts from right-wing author Mark Steyn and policy analyst Rand Simberg. In an online post, Simberg compared Mann to former Penn State football coach Jerry Sandusky, a convicted child sex abuser. Simberg wrote that Mann was the "Sandusky of climate science," writing that Mann "molested and tortured data (PDF)." Steyn called Mann's research fraudulent. Mann sued the two men for defamation. Mann also sued the publishers of the posts, National Review and the Competitive Enterprise Institute, but in 2021, the court ruled they couldn't be held liable.

In court, Mann has argued that he lost funding and research opportunities. Steyn said in court that if Penn State's president, Graham Spanier, covered up child sexual assault, why wouldn't he cover up for Mann's science. The science in question used ice cores and tree rings to estimate Earth's past temperatures. "If Graham Spanier is prepared to cover up child rape, week in, week out, year in, year out, why would he be the least bit squeamish about covering up a bit of hanky panky with the tree rings and the ice cores?" Steyn asked the court. Mann and Steyn declined to speak to NPR during the ongoing trial. One of Simberg's lawyers, Victoria Weatherford, said "inflammatory does not equal defamatory" and that her client is allowed to express his opinion, even if it were wrong. "No matter how offensive or distasteful or heated it is," Weatherford tells NPR, "that speech is absolutely protected under the First Amendment when it's said against a public figure, if the person saying it believed that what they said was true."

Mozilla

Mozilla Monitor Plus Scrubs Your Leaked Personal Information From the Web, For a Fee (engadget.com) 26

Mozilla has rolled out a new $9 per month service called Mozilla Monitor Plus that automatically scrubs personal information from over 190 data broker sites. The tool builds on the free Firefox Monitor platform, expanding monitoring capabilities and proactively removing exposed details to protect user privacy. Subscribers will also receive data breach alerts under the new service.
Privacy

You'll Have To Visit an Apple Store If You Forget Your Vision Pro Passcode (macrumors.com) 49

An anonymous reader quotes a report from MacRumors: Apple Vision Pro owners who forget the passcode they set will need to take the device to an Apple retail location to get it reset, reports Bloomberg's Mark Gurman. There is apparently no on-device way to reset a Vision Pro passcode if it is forgotten. [...] Customers who have forgotten their Vision Pro passcodes have been told by Apple that they will need to visit a retail store for a fix or will need to ship the headset to Apple if there isn't a nearby store. Like Apple's iOS devices, the incorrect passcode cannot be entered too many times or the device will be disabled, with a waiting period before a passcode can be entered again. Removing the passcode requires erasing all content on the Vision Pro. [...]

There is an erase content setting on the Vision Pro, but there is no way to get into the reset mode using a combination of button presses. Erasing Vision Pro can only be done through the Settings app. Customers who have the $300 Developer Strap may be able to wipe the device from a Mac, but most users will not be able to get this accessory as it is limited to registered developers in the United States.

The Courts

Self-Proclaimed Bitcoin Inventor's Claim 'a Brazen Lie,' London Court Told (reuters.com) 91

In a London court, lawyers for a group supported by the Crypto Open Patent Alliance (COPA) argued that Craig Wright's assertion of being the inventor of bitcoin is "a brazen lie," challenged by accusations of extensive document forgery to substantiate his claim. Wright's defense disputes these allegations, maintaining that he has presented definitive proof of his role in creating bitcoin. Reuters reports: Craig Wright says he is the author of a 2008 white paper, the foundational text of bitcoin and other cryptocurrencies, published in the name "Satoshi Nakamoto". He argues this means he owns the copyright in the white paper and has intellectual property rights over the bitcoin blockchain. But the Crypto Open Patent Alliance (COPA) -- whose members include Twitter founder Dorsey's payments firm Block -- is asking London's High Court to rule that Wright is not Satoshi.

The five-week hearing, at which Wright will give evidence from Tuesday, is the culmination of years of speculation about the true identity of Satoshi. Wright first publicly claimed to be Satoshi in 2016 and has since taken legal action against cryptocurrency developers and exchanges. COPA, however, says Wright has never provided any genuine proof, accusing him of repeatedly forging documents to support his claim, which Wright denies. Wright sat in court as COPA's lawyer Jonathan Hough said his claim was "a brazen lie, an elaborate false narrative supported by forgery on an industrial scale." Hough said that "there are elements of Dr Wright's conduct that stray into farce," citing his alleged use of ChatGPT to produce forgeries.

But he added: "Dr Wright's conduct is also deadly serious. On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals." Wright's lawyer Anthony Grabiner, however, argued in court filings that he has produced "clear evidence demonstrating his authorship of the white paper and creation of bitcoin." Grabiner added that it was "striking" that no one else had publicly claimed to be Satoshi. "If Dr Wright were not Satoshi, the real Satoshi would have been expected to come forward to counter the claim," he said.

AI

Inside the Underground Site Where 'Neural Networks' Churn Out Fake IDs (404media.co) 28

An anonymous reader shares a report: An underground website called OnlyFake is claiming to use "neural networks" to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds. In our own tests, OnlyFake created a highly convincing California driver's license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes. 404 Media then used another fake ID generated by this site to successfully step through the identity verification process on OKX. OKX is a cryptocurrency exchange that has recently appeared in multiple court records because of its use by criminals.

Rather than painstakingly crafting a fake ID by hand -- a highly skilled criminal profession that can take years to master -- or waiting for a purchased one to arrive in the mail with the risk of interception, OnlyFake lets essentially anyone generate fake IDs in minutes that may seem real enough to bypass various online verification systems. Or at least fool some people. "The era of rendering documents using Photoshop is coming to an end," an announcement posted to OnlyFake's Telegram account reads. As well as "neural networks," the service claims to use "generators" which create up to 20,000 documents a day. The service's owner, who goes by the moniker John Wick, told 404 Media that hundreds of documents can be generated at once using data from an Excel table.

Crime

Scammer Poses As CFO in Deepfaked Meeting On Zoom, Steals $25 Million (wionews.com) 43

Slashdot reader Press2ToContinue shared this report from WION: : The Hong Kong branch of a multinational company has lost $25.6 million after a scammer used deepfake technology to pose as the firm's chief financial officer (CFO) in a video conference call and ordered money transfers, according to the police, in what is being highlighted as first of its kind cases in the city.

The transaction was ordered during a meeting where it was found that everyone present on the video call except the victim were deepfakes of real people, said the Hong Kong police, on Friday (Feb 2)...

Scammers in this case used deepfake technology to turn publicly available video and other footage of staff members into convincing meeting participants.

Privacy

Ask Slashdot: How Can I Stop Security Firms From Harvesting My Data? 82

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?

Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?
United States

Will Silicon Valley's Next House Member Rewrite a Key Internet Law? (sfchronicle.com) 133

An anonymous Slashdot reader shared this report from the San Francisco Chronicle's senior political writer: The next House member representing Silicon Valley wants to change a key piece of federal law that shields internet companies like X, Facebook and Snapchat from lawsuits over content their users post. That protection is considered the lifeblood of social media.

The top eight Democratic candidates vying to succeed Democratic Rep. Anna Eshoo in her very blue district agree that something has to change with Section 230 of the Communications Decency Act, which was created in 1996, back when lawmakers shied away from doing anything that could limit the growth of the industry. Their unanimity is a sign that Eshoo's successor won't be a tool for the hometown industry. At least not on this issue. The challenge is what to do next. Whoever is elected, their actions as the voice of Silicon Valley will carry outsize weight in Congress. They can lead the charge to actually do something to clean up the bile on social media...

The good news is that they will have bipartisan support to address the bile and disinformation online. The bad news is that finding the right solution will still be hard.

Slashdot Top Deals