Privacy

New Spying Claims Emerge in Silicon Valley Corporate Espionage Scandal (ft.com) 14

A bitter fight over alleged corporate espionage involving two of Silicon Valley's hottest startups took a new twist on Tuesday, after $12 billion HR software company Deel claimed arch-rival Rippling had directed one of its employees to "pilfer" the company's assets by posing as a customer. From a report: The latest claim comes after Rippling alleged earlier this year that a staff member had been spying on behalf of Deel. The employee locked themselves into a bathroom and smashed their phone with an axe when confronted with allegations, according to their own testimony.

In new legal filings seen by the Financial Times, Deel has countered by arguing that: "Rippling has been actively engaged in a carefully co-ordinated espionage campaign, through which it infiltrated Deel's customer platform by fraudulent means and pilfered the company's most valuable proprietary assets."

The Courts

Apple's Attempt To Pause App Store Antitrust Order Fails (9to5mac.com) 21

Apple's emergency request to pause a court order forcing it to ease App Store restrictions was denied by the U.S. 9th Circuit Court of Appeals, allowing new compliance rules to take effect while Apple continues to appeal. 9to5Mac reports: Apple had asked the appeals court to halt enforcement of a recent ruling by U.S. District Judge Yvonne Gonzalez Rogers, who found Apple in contempt this April for effectively dodging her original injunction. Convoluted, right? Exactly. The judge observed several violations, including Apple's imposition of a 27% fee on out-of-app transactions and overall attempts to continue making it unappealing for developers to direct users to external payment options.

As Reuters noted: "In its emergency appeal, Apple said the ruling blocked the company from "exercising control over core aspects of its business operations' and forced it to give away free access to its services." In rejecting Apple's motion, the court is letting those new compliance requirements stand while the company appeals the decision. Apple had hoped to halt the enforcement until the decision was final, which would grant the company the right to roll back the changes it was recently compelled to implement.
In a statement provided to 9to5Mac, Apple said: "We are disappointed with the decision not to stay the district court's order, and we'll continue to argue our case during the appeals process. As we've said before, we strongly disagree with the district court's opinion. Our goal is to ensure the App Store remains an incredible opportunity for developers and a safe and trusted experience for our users."
Privacy

Apple Gave Governments Data On Thousands of Push Notifications (404media.co) 13

An anonymous reader quotes a report from 404 Media: Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target's specific device or in some cases include unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, Israel demanded data related to nearly 700 push notifications as part of a single request. The data for the first time puts a concrete figure on how many requests governments around the world are making, and sometimes receiving, for push notification data from Apple.

The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, "the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification." The published data relates to blocks of six month periods, starting in July 2022 to June 2024. Andre Meister from German media outlet Netzpolitik posted a link to the transparency data to Mastodon on Tuesday.
Along with the data Apple published the following description: "Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device's push token, such as name, physical address and email address."
The Courts

OpenAI Slams Court Order To Save All ChatGPT Logs, Including Deleted Chats (arstechnica.com) 103

An anonymous reader quotes a report from Ars Technica: OpenAI is now fighting a court order (PDF) to preserve all ChatGPT user logs—including deleted chats and sensitive chats logged through its API business offering -- after news organizations suing over copyright claims accused the AI company of destroying evidence. "Before OpenAI had an opportunity to respond to those unfounded accusations, the court ordered OpenAI to 'preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court (in essence, the output log data that OpenAI has been destroying)," OpenAI explained in a court filing (PDF) demanding oral arguments in a bid to block the controversial order.

In the filing, OpenAI alleged that the court rushed the order based only on a hunch raised by The New York Times and other news plaintiffs. And now, without "any just cause," OpenAI argued, the order "continues to prevent OpenAI from respecting its users' privacy decisions." That risk extended to users of ChatGPT Free, Plus, and Pro, as well as users of OpenAI's application programming interface (API), OpenAI said. The court order came after news organizations expressed concern that people using ChatGPT to skirt paywalls "might be more likely to 'delete all [their] searches' to cover their tracks," OpenAI explained. Evidence to support that claim, news plaintiffs argued, was missing from the record because so far, OpenAI had only shared samples of chat logs that users had agreed that the company could retain. Sharing the news plaintiffs' concerns, the judge, Ona Wang, ultimately agreed that OpenAI likely would never stop deleting that alleged evidence absent a court order, granting news plaintiffs' request to preserve all chats.

OpenAI argued the May 13 order was premature and should be vacated, until, "at a minimum," news organizations can establish a substantial need for OpenAI to preserve all chat logs. They warned that the privacy of hundreds of millions of ChatGPT users globally is at risk every day that the "sweeping, unprecedented" order continues to be enforced. "As a result, OpenAI is forced to jettison its commitment to allow users to control when and how their ChatGPT conversation data is used, and whether it is retained," OpenAI argued. Meanwhile, there is no evidence beyond speculation yet supporting claims that "OpenAI had intentionally deleted data," OpenAI alleged. And supposedly there is not "a single piece of evidence supporting" claims that copyright-infringing ChatGPT users are more likely to delete their chats. "OpenAI did not 'destroy' any data, and certainly did not delete any data in response to litigation events," OpenAI argued. "The Order appears to have incorrectly assumed the contrary."
One tech worker on LinkedIn suggested the order created "a serious breach of contract for every company that uses OpenAI," while privacy advocates on X warned, "every single AI service 'powered by' OpenAI should be concerned."

Also on LinkedIn, a consultant rushed to warn clients to be "extra careful" sharing sensitive data "with ChatGPT or through OpenAI's API for now," warning, "your outputs could eventually be read by others, even if you opted out of training data sharing or used 'temporary chat'!"
The Courts

Reddit Sues AI Startup Anthropic For Breach of Contract, 'Unfair Competition' (cnbc.com) 44

Reddit is suing AI startup Anthropic for what it's calling a breach of contract and for engaging in "unlawful and unfair business acts" by using the social media company's platform and data without authority. From a report: The lawsuit, filed in San Francisco on Wednesday, claims that Anthropic has been training its models on the personal data of Reddit users without obtaining their consent. Reddit alleges that it has been harmed by the unauthorized commercial use of its content.

The company opened the complaint by calling Anthropic a "late-blooming" AI company that "bills itself as the white knight of the AI industry." Reddit follows by saying, "It is anything but."

Crime

Romanian National Pleads Guilty To 'Swatting' Over 75 Public Officials (nypost.com) 31

Longtime Slashdot reader schwit1 shares a report: A Romanian national pleaded guilty on Monday to charges related to his role in a "swatting" ring that targeted dozens of public officials, including a former US president. Going by the aliases "Plank," "Jonah" and "Cypher," 26-year-old Thomasz Szabo took part in a years-long conspiracy to place bogus 911 calls, claiming emergencies were taking place at the homes of top government officials, and make bomb threats against government buildings and houses of worship, according to the Justice Department.

Szabo and a co-conspirator, 21-year-old Serbian national Nemanja Radovanovic, allegedly targeted about 100 people, including members of Congress, governors, cabinet-level executive branch officials and state officials. Szabo, who was extradited from Romania last November, pleaded guilty to one count of conspiracy and one count of making bomb threats. He is slated to be sentenced in a Washington, DC, federal court in October. [...] Charges against Radovanovic are still pending.

Privacy

Meta and Yandex Are De-Anonymizing Android Users' Web Browsing Identifiers (github.io) 77

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs.
This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.
Transportation

Ford Mustang Eleanor From Gone In 60 Seconds Can't Be Copyrighted (caranddriver.com) 33

The Ninth Circuit has ruled that the 1967 Ford Mustang fastback nicknamed "Eleanor" in Gone in 60 Seconds is a film prop rather than a protectable character. The panel said the car fails all three Towle test prongs, so it cannot receive standalone copyright protection. sinij writes: The ruling states that the Mustang doesn't pass tests that would qualify it as a character. In the past, studio aggressively went after builders for any Mustang that even remotely approximated Eleanor, making it a hassle to restomod classic Mustangs.
Mars

Trump Wants $1 Billion For Private-Sector-Led Mars Exploration 183

President Trump's 2026 budget proposes over $1 billion for Mars exploration through a new Commercial Mars Payload Services Program, while simultaneously slashing NASA's overall budget by 25%. Phys.Org reports: Under the proposal, NASA would award contracts to companies developing spacesuits, communications systems and a human-rated landing vehicle to foster exploration of the Red Planet. Trump's proposed $18.8 billion NASA budget would cut the agency's funding by about 25% from the year before, with big hits to its science portfolio. The fleshed-out request on Friday builds upon a condensed budget proposal released earlier this month.

"We must continue to be responsible stewards of taxpayer dollars," NASA Acting Administrator Janet Petro wrote in a letter included in the request. "That means making strategic decisions -- including scaling back or discontinuing ineffective efforts." The new Mars scheme is modeled after NASA's Commercial Lunar Payload Services program that has benefited Intuitive Machines LLC, Firefly Aerospace Inc. and Astrobotic Technology Inc., though it has achieved mixed results. According to the budget, the contract to land on Mars would build upon existing lander contracts.
America's Next NASA Administrator Will Not Be Former SpaceX Astronaut Jared Isaacman
Security

Coinbase Breach Linked To Customer Data Leak In India (reuters.com) 10

Coinbase reportedly knew as early as January about a customer data breach linked to its outsourcing partner TaskUs, where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost up to $400 million. Reuters reports: Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were.

TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.

Google

Google Settles Shareholder Lawsuit, Sill Spend $500 Million On Being Less Evil (arstechnica.com) 22

An anonymous reader quotes a report from Ars Technica: It has become a common refrain during Google's antitrust saga: What happened to "don't be evil?" Google's unofficial motto has haunted it as it has grown ever larger, but a shareholder lawsuit sought to rein in some of the company's excesses. And it might be working. The plaintiffs in the case have reached a settlement with Google parent company Alphabet, which will spend a boatload of cash on "comprehensive" reforms. The goal is to steer Google away from the kind of anticompetitive practices that got it in hot water.

Under the terms of the settlement, obtained by Bloomberg Law, Alphabet will spend $500 million over the next 10 years on systematic reforms. The company will have to form a board-level committee devoted to overseeing the company's regulatory compliance and antitrust risk, a rarity for US firms. This group will report directly to CEO Sundar Pichai. There will also be reforms at other levels of the company that allow employees to identify potential legal pitfalls before they affect the company. Google has also agreed to preserve communications. Google's propensity to use auto-deleting chats drew condemnation from several judges overseeing its antitrust cases. The agreement still needs approval from US District Judge Rita Lin in San Francisco, but that's mainly a formality at this point. Naturally, Alphabet does not admit to any wrongdoing under the terms of the settlement, but it may have to pay tens of millions in legal fees on top of the promised $500 million investment.

Privacy

North Korean Smartphones Automatically Capture Screenshots Every 5 Minutes For State Surveillance 74

A smartphone smuggled out of North Korea automatically captures screenshots every five minutes and stores them in a hidden folder inaccessible to users, according to analysis by the BBC. Authorities can later review these images to monitor citizen activity on the device. The phone, obtained by Seoul-based media outlet Daily NK, resembles a Huawei or Honor device but runs state-approved software designed for surveillance and control. The device also automatically censors text, replacing "South Korea" with "puppet state" and Korean terms of endearment with "comrade."
The Internet

ISP Settles With Record Labels That Demanded Mass Termination of Internet Users (arstechnica.com) 24

An anonymous reader shares a report: Internet service provider Frontier Communications agreed to settle a lawsuit filed by major record labels that demanded mass disconnections of broadband users accused of piracy. Universal, Sony, and Warner sued Frontier in 2021. In a notice of settlement filed last week in US District Court for the Southern District of New York, the parties agreed to dismiss the case with prejudice, with each side to pay its own fees and costs.

The record labels and Frontier simultaneously announced a settlement of similar claims in a Bankruptcy Court case in the same district. Frontier also settled with movie companies in April of this year, just before a trial was scheduled to begin. (Frontier exited bankruptcy in 2021.) [...] Regardless of what is in the agreement, the question of whether ISPs should have to crack down more harshly on users accused of piracy could be decided by the US Supreme Court.

Government

Brazil Tests Letting Citizens Earn Money From Data in Their Digital Footprint (restofworld.org) 15

With over 200 million people, Brazil is the world's fifth-largest country by population. Now it's testing a program that will allow Brazilians "to manage, own, and profit from their digital footprint," according to RestOfWorld.org — "the first such nationwide initiative in the world."

The government says it's partnering with California-based data valuation/monetization firm DrumWave to create "data savings account" to "transform data into economic assets, with potential for monetization and participation in the benefits generated by investing in technologies such as AI LLMs." But all based on "conscious and authorized use of personal information." RestOfWorld reports: Today, "people get nothing from the data they share," Brittany Kaiser, co-founder of the Own Your Data Foundation and board adviser for DrumWave, told Rest of World. "Brazil has decided its citizens should have ownership rights over their data...." After a user accepts a company's offer on their data, payment is cashed in the data wallet, and can be immediately moved to a bank account. The project will be "a correction in the historical imbalance of the digital economy," said Kaiser. Through data monetization, the personal data that companies aggregate, classify, and filter to inform many aspects of their operations will become an asset for those providing the data...

Brazil's project stands out because it brings the private sector and the government together, "so it has a better chance of catching on," said Kaiser. In 2023, Brazil's Congress drafted a bill that classifies data as personal property. The country's current data protection law classifies data as a personal, inalienable right. The new legislation gives people full rights over their personal data — especially data created "through use and access of online platforms, apps, marketplaces, sites and devices of any kind connected to the web." The bill seeks to ensure companies offer their clients benefits and financial rewards, including payment as "compensation for the collecting, processing or sharing of data." It has garnered bipartisan support, and is currently being evaluated in Congress...

If approved, the bill will allow companies to collect data more quickly and precisely, while giving users more clarity over how their data will be used, according to Antonielle Freitas, data protection officer at Viseu Advogados, a law firm that specializes in digital and consumer laws. As data collection becomes centralized through regulated data brokers, the government can benefit by paying the public to gather anonymized, large-scale data, Freitas told Rest of World. These databases are the basis for more personalized public services, especially in sectors such as health care, urban transportation, public security, and education, she said.

This first pilot program involves "a small group of Brazilians who will use data wallets for payroll loans," according to the article — although Pedro Bastos, a researcher at Data Privacy Brazil, sees downsides. "Once you treat data as an economic asset, you are subverting the logic behind the protection of personal data," he told RestOfWorld. The data ecosystem "will no longer be defined by who can create more trust and integrity in their relationships, but instead, it will be defined by who's the richest."

Thanks to Slashdot reader applique for sharing the news.
Government

Russian Nuclear Site Blueprints Exposed In Public Procurement Database (cybernews.com) 23

Journalists from Der Spiegel and Danwatch were able to use proxy servers in Belarus, Kazakhstan, and Russia to circumvent network restrictions and access documents about Russia's nuclear weapon sites, reports Cybernews.com.

"Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database." Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them. According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world's most secret construction sites. "It even contains floor plans and infrastructure details for nuclear weapons silos," the report reads.
Some details from the Amsterdam-based Moscow Times: Among the leaked materials are construction plans, security system diagrams and details of wall signage inside the facilities, with messages like "Stop! Turn around! Forbidden zone!," "The Military Oath" and "Rules for shoe care." Details extend to power grids, IT systems, alarm configurations, sensor placements and reinforced structures designed to withstand external threats...

"Material like this is the ultimate intelligence," said Philip Ingram, a former colonel in the British Army's intelligence corps. "If you can understand how the electricity is conducted or where the water comes from, and you can see how the different things are connected in the systems, then you can identify strengths and weaknesses and find a weak point to attack."

Apparently Russian defense officials were making public procurement notices for their construction projects — and then attaching sensitive documents to those public notices...

Slashdot Top Deals