Bloomberg thinks they've identified the source of the advanced chips in Huawei's newest smartphone, citing to "people familiar with the matter". In a suggestion that export restrictions on Europe's most valuable tech company may have come too late to stem China's advances in chipmaking, ASML's so-called immersion deep ultraviolet machines were used in combination with tools from other companies to make the Huawei Technologies Co. chip, the people said, asking not to be identified discussing information that's not public. ASML declined to comment.

There is no suggestion that their sales violated export restrictions... ASML has never been able to sell its EUV machines to China because of export restrictions. But less advanced DUV models can be retooled with deposition and etching gear to produce 7-nanometer and possibly even more advanced chips, according to industry analysts. The process is much more expensive than using EUV, making it very difficult to scale production in a competitive market environment. In China, however, the government is willing to shoulder a significant portion of chipmaking costs.

Chinese companies have been legally stockpiling DUV gear for years — especially after the U.S. introduced its initial export controls last year before getting Japan and the Netherlands on board... According to an investor presentation published by the company last week, ASML experienced a jump in business from China this year as chipmakers there boosted orders ahead of the export controls taking full effect in 2024. China accounted for 46% of ASML's sales in the third quarter, compared with 24% in the previous quarter and 8% in the three months ending in March.
Another article from Bloomberg includes this prediction: The U.S. won't be able to stop Huawei and SMIC from making progress in chip technology, Burn J. Lin, a former Taiwan Semiconductor Manufacturing Co. vice president, told Bloomberg News. Semiconductor Manufacturing International Corp should be able to advance to the next generation at 5 nanometers with machines from ASML Holding NV that it already operates, said Lin, who at TSMC championed the lithography technology that transformed chipmaking.
The end result is that Huawei's profit "more than doubled during the quarter it revealed its biggest achievement in chip technology," the article reports, "adding to signs the Chinese tech leader is steadying a business rocked by US sanctions." The Shenzhen company reported a 118% surge in net profit to 26.4 billion yuan ($3.6 billion) in the September quarter, and a slight rise in sales to 145.7 billion yuan, according to Bloomberg News calculations from nine-month results released Friday. Those numbers included initial sales of the vastly popular Mate 60 Pro, which began shipping in late August... The gadget sold out almost instantly, spurring expectations it could rejuvenate Huawei's fortunes and potentially cut into Apple Inc.'s lead in China, given signs of a disappointing debut for the iPhone 15...

A resurgent Huawei would pose problems not just for Apple but also local brands from Xiaomi Corp. to Oppo and Vivo, all of which are fighting for sales in a shrinking market.

An anonymous reader shared this report from Ars Technica: Following the passage of California's repair bill that Apple supported, requiring seven years of parts, specialty tools, and repair manual availability, Apple announced Tuesday that it would back a similar bill on a federal level. It would also make its parts, tools, and repair documentation available to both non-affiliated repair shops and individual customers, "at fair and reasonable prices."

"We intend to honor California's new repair provisions across the United States," said Brian Naumann, Apple's vice president for service and operation management, at a White House event Tuesday...

"I think most OEMs [Original Equipment Manufacturers] will realize they can save themselves a lot of trouble by making parts, tools, and other requirements of state laws already in NY, MN, CA, and CO available nationally," wrote Gay Gordon-Byrne, executive director of The Repair Association, to Ars... Gordon-Byrne noted that firms like HP, Google, Samsung, and Lenovo have pledged to comply with repair rules on a national level. The US Public Interest Research Group (PIRG) communicated a similarly hopeful note in its response to Tuesday's event, noting that "Apple makes a lot of products, and its conduct definitely influences other manufacturers." At the same time, numerous obstacles to repair access remain in place through copyright law — "Which we hope will be high on an agenda in the IP subcommittee this session," Gordon-Byrne wrote.
Besides strong support from President Biden, there's also strong support from America's Federal Trade Commission, reports TechCrunch: FTC chair Lina Khan commented on the pushback many corporations have given such legislation. Device and automotive manufacturers have argued that putting such choice in the hands of consumers opens them up to additional security risks. "We hear some manufacturers defend repair restrictions, claiming that they're needed for safety or security reasons," said Khan. "The FTC has found that all too often these claims are backed by limited evidence. Accordingly, the FTC has committed itself to using all of our enforcement and policy tools to fight for people's right to repair their own products."
A cautionary note from Ars Technica: Elizabeth Chamberlain, director of sustainability for iFixit, a parts vendor and repair advocate, suggested that Apple's pledge to extend California's law on a national level is "a strategic move." "Apple likely hopes that they will be able to negotiate out the parts of the Minnesota bill they don't like," Chamberlain wrote in an email, pointing specifically to the "fair and reasonable" parts provisioning measure that could preclude Apple's tendency toward pairing parts to individual devices. "[I]t's vital to get bulletproof parts pairing prohibitions passed in other states in 2024," Chamberlain wrote. "Independent repair and refurbishment depend on parts harvesting."
The Washington Post reports that currently repair shop owners and parts vendors "have had to find ways to reassure their customers they haven't made a mistake by choosing an independent fix." If the digital identifier tied to a replacement part doesn't match the one the phone expects to see, you'll start seeing those warnings and issues. "Only Apple pairs parts in an intrusive way where you get these messages pop up," said Jonathan Strange, owner of two XiRepair gadget repair shops in Montgomery, Alabama. To ward off those unnerving messages and restore full functionality, repair technicians are required to go through a "system configuration" process that authenticates the part after making the fix. Some small operations, like Strange's XiRepair shops, can do that in-store because they've gone through a process to become a certified Apple Independent Repair Providers. But that process can't happen at all in shops that haven't gone through that certification, or if more affordable parts like third-party replacements were used.
The Post also shares this reaction from Aaron Perzanowski, a repair researcher and law professor at the University of Michigan.

"The fact that companies want to use technology to essentially undo the notion of interchangeable parts is something we ought to find deeply disturbing."

Brandon Vigliarolo reports via The Register: After over seven years of legal battles, a group of former HP employees who claim the venerable firm discriminated against older staff when culling jobs has won a $18 million settlement. Hewlett Packard's offshoots, HP and Hewlett Packard Enterprise (HPE) have agreed to cough up just over a day's combined profits for the last quarter to settle a class-action case brought by employees who were over 40 and got laid off when the company split in 2015. The group sued HP and HPE in 2016 claiming both the new entities and the old Hewlett Packard had unfairly targeted older employees for layoffs as far back as 2012.

Two classes were designated in the lawsuit -- 146 former staff accusing HP and HPE of age discrimination on US Age Discrimination in Employment Act (ADEA) grounds, and 212 accusing their former employer of the same based on California state labor laws. The settlement notice [PDF], which was filed in the US District Court for the Northern District of California in late September and preliminarily approved by a judge on Thursday, doesn't include any admission of guilt on HP or HPE's part -- quite the opposite, in fact. "Throughout the litigation, each Defendant has denied, and continues to deny, the allegations described above," lawyers for the plaintiffs wrote in the settlement notice. Nonetheless, the settlement notice was filed without opposition from HP and HPE. [...]

Judge Edward Davila determined the settlement was "fair, adequate and reasonable" yesterday, and will issue a final order later, a draft [PDF] of which was also filed with the court in September. If approved without changes, each of the 358 plaintiffs in the California case stand to earn $50,279 in gross individual recovery. Net of attorney's fees, costs and expenses, however, that total shrinks to a "minimum of $15,000," court filings indicate.

Apple is in violation of a patent that belongs to medical technology company Masimo, says the International Trade Commission (ITC). Android Authority reports: The commission upheld a previous ruling by a US judge who ruled in Masimo's favor. The patent in question is for light-based pulse oximetry technology or blood oxygen tracking on Apple Watches. While ITC's latest ruling confirms Apple's infringement and can potentially stop the company from bringing Apple Watches to the US, it will not come into effect immediately. The decision now faces a Presidential review and could be followed by possible appeals by Apple.

The Biden administration will have 60 days to veto the import ban on Apple Watches. However, as Reuters notes, US Presidents have rarely vetoed bans in the past. It's unclear which models of the Apple Watch could be affected by the ban if it comes into effect. However, Masimo's complaint alleged that the Apple Watch 6, the first one to feature blood oxygen tracking, violated its patent. "Masimo has wrongly attempted to use the ITC to keep a potentially lifesaving product from millions of U.S. consumers while making way for their own watch that copies Apple," an Apple spokesperson told Reuters. "While today's decision has no immediate impact on sales of Apple Watch, we believe it should be reversed, and will continue our efforts to appeal."

Meanwhile, Masimo CEO Joe Kiani said the ITC's ruling "sends a powerful message that even the world's largest company is not above the law."

An anonymous reader quotes a report from TorrentFreak: As far as we know, Brazil-based file-sharing forum FileWarez.com first appeared in August 2004, its domain name having been registered the previous month. The default language was naturally Portuguese and according to this image from the Wayback Machine, potential members needed a basic grip of the language to sign up. After all, Google Translate wouldn't exist for another two years. At some point in the years that followed, FileWarez shifted to a Netherlands .NL domain supported by filewarez.no-ip.biz, which may suggest a site regularly on the move. In 2008, unspecified problems saw the .NL domain dumped in favor of a new one. Riding out problems, various issues, and bouts of downtime, FileWarez.tv stayed in place for the next 15.5 years. Then two weeks ago, after establishing itself as Brazil's oldest file-sharing forum, FileWarez suddenly vanished.

In a press release Wednesday, global music industry group IFPI announced that "prominent illegal file-sharing forum, FileWarez," was shut down following co-ordinated action by record companies, anti-piracy body APDIF, and local cybercrime unit, Cyber Gaeco. "IFPI, the organization that represents the recorded music industry worldwide, alongside its Brazilian national group Pro-Musica, have welcomed the successful action against FileWarez.tv -- one of the most prominent illegal file sharing sites in Brazil -- by the Brazilian special cybercrime unit of prosecutor's office of Sao Paulo, Cyber Gaeco," the announcement reads. "FileWarez was the most established illegal filesharing forum in Brazil, dedicated to sharing illegal music content. While active, the site had more than 118,000 registered users with at least 24,000 monthly active users."

An anonymous reader quotes a report from Ars Technica: Sam Bankman-Fried took the stand in his criminal trial today in an attempt to avoid decades in prison for alleged fraud at cryptocurrency exchange FTX and its affiliate Alameda Research. [...] Some of the alleged fraud relates to how Alameda borrowed money from FTX. In testimony today, "Bankman-Fried said he believed that under FTX's terms of service, sister firm Alameda was allowed in many circumstances to borrow funds from the exchange," the WSJ wrote. Bankman-Fried reportedly said the terms of service were written by FTX lawyers and that he only "skimmed" certain parts. "I read parts in depth. Parts I skimmed over," Bankman-Fried reportedly said after [U.S. District Judge Lewis Kaplan] asked if he read the entire terms of service document.

Sassoon asked Bankman-Fried if he had "any conversations with lawyers about Alameda spending customer money that was deposited into FTX bank accounts," according to Bloomberg's live coverage. "I don't recall any conversations that were contemporaneous and phrased that way," Bankman-Fried answered. "I had so many conversations with lawyers later when we were trying to reconcile things in November 2022," Bankman-Fried also said. "There were conversations around Alameda being used as a payment processor, a payment agent for FTX. I frankly don't recall conversations with lawyers or otherwise about the usage of the funds or the North Dimension accounts." North Dimension was an Alameda subsidiary. The Securities and Exchange Commission has alleged that "Bankman-Fried directed FTX to have customers send funds to North Dimension in an effort to hide the fact that the funds were being sent to an account controlled by Alameda." [...]

In an overview of the alleged crimes, the indictment said Bankman-Fried "misappropriated and embezzled FTX customer deposits and used billions of dollars in stolen funds... to enrich himself; to support the operations of FTX; to fund speculative venture investments; to help fund over a hundred million dollars in campaign contributions to Democrats and Republicans to seek to influence cryptocurrency regulation; and to pay for Alameda's operating costs." He was also accused of making "false and fraudulent statements and representations to FTX's investors and Alameda's lenders." SBF's legal team decided that he would take the stand in his own defense -- a risky decision by legal observers as he will have to face cross-examination from federal prosecutors. In a rather unusual move, Judge Kaplan sent the jury home for a day to conduct a hearing on whether certain parts of Bankman-Fried's testimony are admissible.

During his testimony, Bankman-Fried discussed various aspects of the case, including FTX's terms of service, loans from Alameda to him and other executives, a hack into FTX, and his use of the encrypted messaging service Signal. Live paywall-free updates of the trial are available here.

"Illegal dumping is way too common, and often leads to no consequences," writes Slashdot reader Tony Isaac. "In some urban neighborhoods, people dump entire truckloads of waste in ditches along the streets. Maybe authorities have found a way to make a dent in this problem." Houston Chronicle reports: The Texas Game Wardens were recently able to track down and arrest a litterbug allegedly behind an illegal dumping of over 200 pounds of construction materials using a barcode left at the scene of the crime, according to a news release from the Texas Parks and Wildlife Department (TPWD). The pile of trash, which included sheetrock, housing trim, two-by-fours and various plastic items, was reportedly dumped along a bridge and creek on private land instead of being properly disposed of.

However, hidden among the garbage was also a box containing a barcode that would help identify the person behind the heap. A Smith County Game Warden used the barcode to track down the materials to a local store, and ultimately the owner of the credit card that was used for the purchase, TPWD said. The game warden interviewed the home owner who had reportedly just finished remodeling his home. "The homeowner explained that he paid someone familiar to the family who offered to haul off their used material and trash for a minimum fee," Texas Games Wardens said in a statement. "Unfortunately, the suspect kept the money and dumped the trash onto private property."

Working with the game warden, Smith County Sheriff's Office environmental deputies eventually arrested the suspect on charges of felony commercial dumping. At the time of the arrest, the suspect's truck was reportedly found loaded with even more building materials and trash, TPWD said. The state agency did not identify the suspect or disclose when or where they were arrested.

Dan Goodin reports via Ars Technica: Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. [...]

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a "private Wi-Fi address" that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. "From the get-go, this feature was useless because of this bug," he said. "We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode."

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID. To the casual observer, the feature appeared to work as advertised. The "source" listed in the request was the private Wi-Fi address. Digging in a little further, however, it became clear that the real, permanent MAC was still broadcast to all other connected devices, just in a different field of the request. Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.

"Privacy advocate Alexander Hanff has filed a complaint with the Irish Data Protection Commission (DPC) challenging YouTube's use of JavaScript code to detect the presence of ad blocking extensions in the browsers of website visitors," writes long-time Slashdot reader Dotnaught. "He claims that under Europe's ePrivacy Directive, YouTube needs to ask permission to run its detection script because it's not technically necessary. If the DPC agrees, it would be a major win for user privacy." The Register reports: Asked how he hopes the Irish DPC will respond, Hanff replied via email, "I would expect the DPC to investigate and issue an enforcement notice to YouTube requiring them to cease and desist these activities without first obtaining consent (as per [Europe's General Data Protection Regulation (GDPR)] standard) for the deployment of their -spyware- detection scripts; and further to order YouTube to unban any accounts which have been banned as a result of these detections and to delete any personal data processed unlawfully (see Article 5(1) of GDPR) since they first started to deploy their -spyware- detection scripts."

Hanff's use of strikethrough formatting to acknowledges the legal difficulty of using the term "spyware" to refer to YouTube's ad block detection code. The security industry's standard defamation defense terminology for such stuff is PUPs, or potentially unwanted programs. Hanff, who reports having a Masters in Law focused on data and privacy protection, added that the ePrivacy Directive is lex specialis to GPDR. That means where laws overlap, the specific one takes precedence over the more general one. Thus, he argues, personal data collected without consent is unlawful under Article 5(1) of GDPR and cannot be lawfully processed for any purpose.

With regard to YouTube's assertion that using an ad blocker violates the site's Terms of Service, Hanff argued, "Any terms and conditions which restrict the legal rights and freedoms of an EU citizen (and the point of Article 5(3) of the ePrivacy Directive is specifically to protect the fundamental right to Privacy under Article 7 of the Charter of Fundamental Rights of the European Union) are void under EU law." Therefore, in essence, "Any such terms which restrict the rights of EU persons to limit access to their terminal equipment would, as a result, be void and unenforceable," he added.

iFixit has started selling genuine replacement parts for Microsoft Surface devices. From a report: The company now offers SSDs, batteries, screens, kickstands, and a whole bunch of other parts for 15 Surface products. Some of the devices on that list include the Surface Pro 9, Surface Laptop 5, Surface Go 4, Surface Studio 2 Plus, and others. You can check out the entire list of supported products and parts in this post on Microsoft's website. In addition to supplying replacement parts, iFixit also offers disassembly videos and guides for each product, as well as toolkits that include things like an opening tool, tweezers, drivers, and more.

An anonymous reader shares a report: The UK's Online Safety Bill, a wide-ranging piece of legislation that aims to make the country "the safest place in the world to be online" received royal assent today and became law. The bill has been years in the making and attempts to introduce new obligations for how tech firms should design, operate, and moderate their platforms. Specific harms the bill aims to address include underage access to online pornography, "anonymous trolls," scam ads, the nonconsensual sharing of intimate deepfakes, and the spread of child sexual abuse material and terrorism-related content.

Although it's now law, online platforms will not need to immediately comply with all of their duties under the bill, which is now known as the Online Safety Act. UK telecoms regulator Ofcom, which is in charge of enforcing the rules, plans to publish its codes of practice in three phases. The first covers how platforms will have to respond to illegal content like terrorism and child sexual abuse material, and a consultation with proposals on how to handle these duties is due to be published on November 9th.

Balaji Srinivasan, former CTO of Coinbase and author of the Network State, has announced his first Network State Conference. This is a conference for people interested in founding, funding, and finding new communities.
Topics include startup societies, network states, digital nomadism, competitive government, legalizing innovation, and building alternatives. Speakers include Glenn Greenwald, Vitalik Buterin, Anatoly Yakovenko, Garry Tan, the Winklevosses, and Tyler Cowen. See presentations by startup society founders around the world, invest in them, and search for the community that fits you.

With this and Joseon, the first legally recognized cyber state, the network state movement is beginning to get interesting.

Another anonymous reader quotes from the Joseon Official X Account's reply to Balaji's announcement:

Joseon, the first legally recognized cyber nation state, will be there.
Interestingly, Joseon dons the same grey checkmark that is for governments on its X account.

An anonymous reader quotes a report from the New York Times: The Biden administration has proposed to ban all uses of trichloroethylene, an industrial solvent used in glues, other adhesives, spot removers and metal cleaners, saying exposure to even small amounts can cause cancer, damage to the central nervous system and other health effects. The proposed ban is the latest twist in a yearslong debate over whether to regulate trichloroethylene, commonly referred to as TCE. In its final weeks, the Obama administration tried to ban some uses of the chemical, only to have the Trump administration place it on an Environmental Protection Agency list for long-term consideration, a move that essentially suspended any action. Monday's proposal goes further than the Obama-era plan by prohibiting all uses of TCE.

Under the E.P.A. proposal, most uses of TCE, including those in processing commercial and consumer products, would be prohibited within one year. For other uses the agency categorized as "limited," such as use in electric vehicle batteries and the manufacturing of certain refrigerants, there would be a longer transition period and more stringent worker protections. The administration said that safer alternatives exist for most uses of TCE as a solvent. In a final evaluation this year, the E.P.A. said the chemical posed an "unreasonable risk to human health." Short-term exposure could affect a developing fetus, and high concentrations can irritate the respiratory system, the agency said. Prolonged exposure has been associated with effects in the liver, kidneys, immune system and central nervous system, it said. "This is extremely important," said Maria Doa, senior director for chemicals policy at the Environmental Defense Fund, a nonprofit advocacy organization. She said TCE "causes so many different harms at such low levels" that banning it would have widespread impacts. "It's a long time coming," she said.

PimEyes, a search engine that relies on facial recognition to help people scan billions of images to find photos of themselves on the internet, announced that it has banned searches of minors as part of the company's "no harm policy." The New York Times reports: PimEyes, a subscription-based service that uses facial recognition technology to find online photos of a person, has a database of nearly three billion faces and enables about 118,000 searches per day, according to [PimEyes CEO Giorgi Gobronidze]. The service is advertised as a way for people to search for their own face to find any unknown photos on the internet, but there are no technical measures in place to ensure that users are searching only for themselves. Parents have used PimEyes to find photos of their children on the internet that they had not known about. But the service could also be used nefariously by a stranger. It had previously banned more than 200 accounts for inappropriate searches of children's faces, Mr. Gobronidze said.

"Images of children might be used by the individuals with twisted moral compass and values, such as pedophiles, child predators," Mr. Gobronidze said. PimEyes will still allow searches of minors' faces by human rights organizations that work on children's rights issues, he added. Mr. Gobronidze said that blocking searches of children's faces had been on "the road map" since he acquired the site in 2021, but the protection was fully deployed only this month after the publication of a New York Times article on A.I.-based threats to children. Still, the block isn't airtight. PimEyes is using age detection A.I. to identify photos of minors. Mr. Gobronidze said that it worked well for children under the age of 14 but that it had "accuracy issues" with teenagers.

It also may be unable to identify children as such if they're not photographed from a certain angle. To test the blocking system, The Times uploaded a photo of Mary-Kate and Ashley Olsen from their days as child stars to PimEyes. It blocked the search for the twin who was looking straight at the camera, but the search went through for the other, who is photographed in profile. The search turned up dozens of other photos of the twin as a child, with links to where they appeared online. Mr. Gobronidze said PimEyes was still perfecting its detection system.

An anonymous reader quotes a report from 404 Media: Immigration and Customs Enforcement (ICE) has used a system called Giant Oak Search Technology (GOST) to help the agency scrutinize social media posts, determine if they are "derogatory" to the U.S., and then use that information as part of immigration enforcement, according to a new cache of documents reviewed by 404 Media. The documents peel back the curtain on a powerful system, both in a technological and a policy sense -- how information is processed and used to decide who is allowed to remain in the country and who is not.

GOST's catchphrase included in one document is "We see the people behind the data." A GOST user guide included in the documents says GOST is "capable of providing behavioral based internet search capabilities." Screenshots show analysts can search the system with identifiers such as name, address, email address, and country of citizenship. After a search, GOST provides a "ranking" from zero to 100 on what it thinks is relevant to the user's specific mission. The documents further explain that an applicant's "potentially derogatory social media can be reviewed within the interface." After clicking on a specific person, analysts can review images collected from social media or elsewhere, and give them a "thumbs up" or "thumbs down." Analysts can also then review the target's social media profiles themselves too, and their "social graph," potentially showing who the system believes they are connected to.

DHS has used GOST since 2014, according to a page of the user guide. In turn, ICE has paid Giant Oak Inc., the company behind the system, in excess of $10 million since 2017, according to public procurement records. A Giant Oak and DHS contract ended in August 2022, according to the records. Records also show Customs and Border Protection (CBP), the Drug Enforcement Administration (DEA), the State Department, the Air Force, and the Bureau of the Fiscal Service which is part of the U.S. Treasury have all paid for Giant Oak services over the last nearly ten years. The FOIA documents specifically discuss Giant Oak's use as part of an earlier 2016 pilot called the "HSI [Homeland Security Investigations] PATRIOT Social Media Pilot Program." For this, the program would "target potential overstay violators from particular visa issuance Posts located in countries of concern." "The government should not be using algorithms to scrutinize our social media posts and decide which of us is 'risky.' And agencies certainly shouldn't be buying this kind of black box technology in secret without any accountability. DHS needs to explain to the public how its systems determine whether someone is a 'risk' or not, and what happens to the people whose online posts are flagged by its algorithms," Patrick Toomey, Deputy Director of the ACLU's National Security Project, told 404 Media in an email. The documents come from a Freedom of Information Act (FOIA) lawsuit brought by both the ACLU and the ACLU of Northern California. Toomey from the ACLU then shared the documents with 404 Media.

Mac computer and iPhone maker Apple on Tuesday will announce plans to make parts, tools and documentation needed to repair its products available to independent repair shops and consumers nationwide, at fair and reasonable prices, the White House said. From a report: National Economic Council Director Lael Brainard made the announcement in remarks prepared for a White House event later Tuesday focused on the so-called "right to repair," calling on Congress to pass legislation requiring such action across the country.

The event is part of U.S. President Joe Biden's push to promote competition and crack down on so-called junk fees and other actions that increase prices for consumers. The latest effort is aimed at giving consumers more control over fixing what they own, from tractors to smart phones. Brainard said California, Colorado, New York and Minnesota had already passed right to repair laws, and 30 other states had introduced similar legislation.

China is increasing its lead over the US in AI patent filings, underscoring the Asian nation's determination to shape and influence a technology that could have broad implications for the world's richest economies. From a report: Chinese institutions applied for 29,853 AI-related patents in 2022, climbing from 29,000 the year prior, according to data that the World Intellectual Property Organization provided to Bloomberg News. That's almost 80% more than US filings, which shrank 5.5%. Overall, China accounted for more than 40% of global AI applications over the past year, the data from the United Nations-affiliated agency showed. Japan and South Korea rounded out the 2022 leaders, with a combined 16,700 applications. The numbers illustrate how Beijing has pushed Chinese companies and agencies to gain an edge in areas such as chipmaking, space exploration and military sciences. More recently, President Xi Jinping has ordered the nation to accelerate fundamental research in response to US efforts to curtail its access to advanced technologies. That's triggered a flood of investment by Chinese companies in AI and quantum computing.

Lawrence Abrams reports via BleepingComputer: 1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati. "On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing."

On Friday, Okta disclosed that threat actors breached its support case management system using stolen credentials. As part of these support cases, Okta routinely asks customers to upload HTTP Archive (HAR) files to troubleshoot customer problems. However, these HAR files contain sensitive data, including authentication cookies and session tokens that can be used to impersonate a valid Okta customer. Okta first learned of the breach from BeyondTrust, who shared forensics data with Okta, showing that their support organization was compromised. However, it took Okta over two weeks to confirm the breach.

One 80-year-old retired teacher in Los Angeles lost $69,000 in bitcoin to scammers. And 46,000 people lost over $1 billion to crypto scams since 2021 (according to America's Federal Trade Commission).

Now the Los Angeles Times reports California's new moves against scammers using bitcoin ATMs, with a bill one representative says "is about ensuring that people who have been frauded in our communities don't continue to watch our state step aside when we know that these are real problems that are happening." Starting in January, California will limit cryptocurrency ATM transactions to $1,000 per day per person under Senate Bill 401, which Gov. Gavin Newsom signed into law. Some bitcoin ATM machines advertise limits as high as $50,000... Victims of bitcoin ATM scams say limiting the transactions will give people more time to figure out they're being tricked and prevent them from using large amounts of cash to buy cryptocurrency.

But crypto ATM operators say the new laws will harm their industry and the small businesses they pay to rent space for the machines. There are more than 3,200 bitcoin ATMs in California, according to Coin ATM Radar, a site that tracks the machines' locations. "This bill fails to adequately address how to crack down on fraud, and instead takes a punitive path focused on a specific technology that will shudder the industry and hurt consumers, while doing nothing to stop bad actors," said Charles Belle, executive director of the Blockchain Advocacy Coalition...

Law enforcement has cracked down on unlicensed crypto ATMs, but it can be tough for consumers to tell how serious the industry is about addressing the concerns. In 2020, a Yorba Linda man pleaded guilty to charges of operating unlicensed bitcoin ATMs and failing to maintain an anti-money-laundering program even though he knew criminals were using the funds. The illegal business, known as Herocoin, allowed people to buy and sell bitcoin in transactions of up to $25,000 and charged a fee of up to 25%.
So there's also provisions in the law against exorbitant fees: The new law also bars bitcoin ATM operators from collecting fees higher than $5 or 15% of the transaction, whichever is greater, starting in 2025. Legislative staff members visited a crypto kiosk in Sacramento and found markups as high as 33% on some digital assets when they compared the prices at which cryptocurrency is bought and sold. Typically, a crypto ATM charges fees between 12% and 25% over the value of the digital asset, according to a legislative analysis...

Another law would by July 2025 require digital financial asset businesses to obtain a license from the California Department of Financial Protection and Innovation.

"In 2023, the state of our digital privacy is: Very Creepy." That's the verdict from Mozilla's first-ever "Annual Consumer Creep-o-Meter," which attempts to set benchmarks for digital privacy and identify trends: Since 2017, Mozilla has published 15 editions of *Privacy Not Included, our consumer tech buyers guide. We've reviewed over 500 gadgets, apps, cars, and more, assessing their security features, what data they collect, and who they share that data with. In 2023, we compared our most recent findings with those of the past five years. It quickly became clear that products and companies are collecting more personal data than ever before — and then using that information in shady ways...

Products are getting more secure, but also a lot less private. More companies are meeting Mozilla's Minimum Security Standards like using encryption and providing automatic software updates. That's good news. But at the same time, companies are collecting and sharing users' personal data like never before. And that's bad news. Many companies now view their hardware or software as a means to an end: collecting that coveted personal data for targeted advertising and training AI. For example: The mental health app BetterHelp shares your data with advertisers, social media platforms, and sister companies. The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.

An increasing number of products can't be used offline. In the past, the privacy conscious could always buy a connected device but turn off connectivity, making it "dumb." That's no longer an option in many cases. The number of connected devices that require apps and can't be used offline are increasing. This trend, coupled with the first, means it's harder and harder to keep your data private.
Privacy policies also need improvement. "Legalese, ambiguity, and policies that sprawl across multiple documents and URLs are the status quo. And it's getting worse, not better. Companies use these policies as a shield, not an actual resource for consumers." They note that Toyota has more than 10 privacy policy documents, and that it would actually take five hours to read all the privacy documents the Meta Quest Pro VR headset.

In the end they advise opting out of data collection when possible, enabling security features, and "If you're not comfortable with a product's privacy, don't buy it. And, speak up. Over the years, we've seen companies respond to consumer demand for privacy, like when Apple reformed app tracking and Zoom made end-to-end encryption a free feature."

You can also take a quiz that calculates your own privacy footprint (based on whether you're using consumer tech products like the Apple Watch, Nintendo Switch, Nook, or Telegram). Mozilla's privacy advocates award the highest marks to privacy-protecting products like Signal, Sonos' SL Speakers, and the Pocketbook eReader (an alternative to Amazon's Kindle. (Although 100% of the cars reviewed by Mozilla "failed to meet our privacy and security standards.")

The graphics on the site help make its point. As you move your mouse across the page, the cartoon eyes follow its movement...