An anonymous reader quotes a report from Reuters: Indonesia has suspended TikTok's registration to provide electronic systems after it failed to hand over all data relating to the use of its live stream feature, a government official said on Friday. The suspension could in theory prevent access to TikTok, which has more than 100 million accounts based in Indonesia.

Alexander Sabar, an official at Indonesia's communications and digital ministry, said in a statement some accounts with ties to online gambling activities used TikTok's live stream feature during national protests. [...] Sabar said the government had asked the company for its traffic, streaming and monetization data. The company, owned by China's ByteDance, did not provide complete data, citing its internal procedures, Sabar said without giving further detail.

The SEC has approved the Texas Stock Exchange (TXSE), the first new fully integrated U.S. stock exchange in decades and the only one based in Texas. TXSE is set to launch trading services, as well as exchange-traded products, known as ETPs, and corporate listings, in 2026. CBS News reports: Exchange-traded products are financial instruments that follow the performance of underlying assets such as stocks, indexes or other financial benchmarks. Like stocks, ETPs are traded on public exchanges, allowing investors to buy and sell them throughout the trading day at market prices that fluctuate in real time.

TXSE was backed by wealth management giant BlackRock and market maker Citadel Securities, among other firms. The Texas company said in June 2024 that it raised a total of $120 million from more than two dozen investors. TXSE's headquarters in Dallas opened this spring, the group said.

The Cybersecurity Information Sharing Act expired on Wednesday when the federal government shut down. The law had provided legal protections since 2015 for organizations to share cyber threat intelligence with federal agencies. Without these protections, private sector companies that control most U.S. critical infrastructure face potential legal risks when sharing information about threats. Sen. Gary Peters called the lapse "an open invitation to cybercriminals and hostile actors to attack our economy and our critical infrastructure."

The intelligence sharing enabled by CISA 2015 helped expose Chinese campaigns including Volt Typhoon in 2023 and Salt Typhoon last year. Several cybersecurity firms pledged to continue sharing threat data despite the law's expiration. Halcyon and CrowdStrike confirmed they would maintain information sharing. Palo Alto Networks said it remained committed to public-private partnerships but did not specify whether it would continue sharing threat data. Multiple bipartisan reauthorization efforts failed before the shutdown. The House Homeland Security Committee had approved a 10-year extension last month.

alternative_right shares a report from the Smoking Gun: Minutes after vandalizing 17 cars in a Missouri college parking lot, a 19-year-old sophomore had a lengthy ChatGPT conversation during which he confessed to the crime, asked about the possibility of getting caught, and wondered, "is there any way they could know it was me," according to a police probable cause statement. Ryan Schaefer was arrested yesterday and charged with felony property damage for a rampage early Sunday at a Missouri State University parking lot. Investigators allege that Schaefer shattered car windows, ripped off side mirrors, dented hoods, and broke windshield wipers during the 3 AM spree.

When confronted with surveillance footage and other evidence, Schaefer said that he could see the resemblance between the suspect and himself. At that point, Schaefer reportedly consented to a search of his iPhone. A subsequent review of the device revealed location data placing Schaefer "at or near the scene of the crime," as well as a "troubling dialogue exchange this defendant seems to have had with artificial intelligence software installed on his phone," prosecutors reported. The incriminating ChatGPT conversation can be found here.

An anonymous reader quotes a report from TorrentFreak: The operator of a popular pirate sports streaming site in Argentina has gone from spending time in jail with murderers to landing a new high-profile job a month later. Alejo "Shishi" Warles, the 25-year-old operator of Al Angulo TV, was arrested on August 20 in a LaLiga-backed crackdown. After his release on bail, he was hired by professional esports team 9z Globant, a partnership involving Argentine tech unicorn Globant. [...] The team is the result of a partnership between 9z Team and Argentinian tech unicorn Globant. Somewhat ironically, Globant previously worked with LaLiga to monitor the live-streaming user experience. Warles welcomed himself to 9z Globant via the team's social media account, referring to himself as an idol, genius, and GOAT.

Lucia Quinteros, the main social media manager at the esports team, informed Entre Rios that after considering their new hire's history, they believe that he can add value to the team. "We hired Alejo, not the person who set up that project (Al Angulo TV). Of course, we evaluated what happened, but we believe that, from now on, Alejo can pursue a different career path," Quinteros said. According to Warles himself, he was hired because he's the best. Like many of his comments, this bravado should not be taken too seriously, but nevertheless sits in stark contrast to the typical pirate site operator facing criminal charges.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

In India, Bollywood stars are asking judges to protect their voice and persona in the era of AI. From a report: One famous couple's biggest target is Google's YouTube. Abhishek Bachchan and his wife Aishwarya Rai Bachchan, known for her iconic Cannes Film Festival red carpet appearances, have asked a judge to remove and prohibit creation of AI videos infringing their intellectual property rights. But in a more far-reaching request, they also want Google ordered to have safeguards to ensure such YouTube videos uploaded anyway do not train other AI platforms, legal papers reviewed by Reuters show.

A handful of Bollywood celebrities have begun asserting their "personality rights" in Indian courts over the last few years, as the country has no explicit protection for those like in many U.S. states. But the Bachchans' lawsuits are the most high-profile to date about the interplay of personality rights and the risk that misleading or deepfake YouTube videos could train other AI models. The actors argue that YouTube's content and third-party training policy is concerning as it lets users consent to sharing of a video they created to train rival AI models, risking further proliferation of misleading content online, according to near-identical filings from Abhishek and Aishwarya dated September 6, which are not public.

Charlie Javice, founder of college financial-aid startup Frank, was sentenced to over seven years in prison for defrauding JPMorgan by inflating user numbers before the bank's $175 million acquisition. CNN reports: Javice, 33, was convicted in March of duping the banking giant when it bought her company, called Frank, in the summer of 2021. She made false records that made it seem like Frank had over 4 million customers when it had fewer than 300,000. Addressing the court before she was sentenced, Javice, who was in her mid-20s when she founded the company, said she was "haunted that my failure has transformed something meaningful into something infamous." Sometimes speaking through tears, she said she "made a choice that I will spend my entire life regretting."

Judge Alvin K. Hellerstein largely dismissed arguments by Javice's lawyer, Ronald Sullivan, that he should be lenient because the negotiations that led to Frank's sale pitted "a 28-year-old versus 300 investment bankers from the largest bank in the world." Still, the judge criticized the bank, saying "they have a lot to blame themselves" for after failing to do adequate due diligence. He quickly added, though, that he was "punishing her conduct and not JPMorgan's stupidity." Javice was among a number of young tech executives who vaulted to fame with supposedly disruptive or transformative companies, only to see them collapse amid questions about whether they had engaged in puffery and fraud while dealing with investors.

An anonymous reader quotes a report from the BBC: A Chinese national has been convicted following an international fraud investigation which resulted in what's believed to be the single largest cryptocurrency seizure in the world. The Metropolitan Police says it recovered 61,000 bitcoin worth more than $6.7 billion in current prices. Zhimin Qian, also known as Yadi Zhang, pleaded guilty on Monday at Southwark Crown Court of illegally acquiring and possessing the cryptocurrency. A second person appeared in court on Tuesday to admit to their role in the scheme.

Malaysian national Seng Hok Ling, of Matlock, Derbyshire, pleaded guilty at Southwark Crown Court of entering into a money laundering arrangement on or before April 23, 2024. According to the charge, he had been dealing in cryptocurrency on Qian's behalf, "knowing or suspecting his actions would facilitate the acquisition or control of criminal property by another." Between 2014 and 2017 Qian led a large-scale scam in China which involved cheating more than 128,000 victims and storing the stolen funds in bitcoin assets, the Met said in a statement.

It said the 47-year-old's guilty plea followed a seven-year probe into a global money laundering web which began when it got a tipoff about the transfer of criminal assets. Qian had been "evading justice" for five years up to her arrest, which required a complex investigation involving multiple jurisdictions, said Detective Sergeant Isabella Grotto, who led the Met's investigation. She fled China using false documents and entered the UK, where she attempted to launder the stolen money by buying property, said the Met. "By pleading guilty today, Ms Zhang hopes to bring some comfort to investors who have waited since 2017 for compensation, and to reassure them that the significant rise in cryptocurrency values means there are more than sufficient funds available to repay their losses," said Qian's solicitor Roger Sahota, of Berkeley Square Solicitors.

"Bitcoin and other cryptocurrencies are increasingly being used by organised criminals to disguise and transfer assets, so that fraudsters may enjoy the benefits of their criminal conduct," added deputy chief Crown prosecutor, Robin Weyell. "This case, involving the largest cryptocurrency seizure in the UK, illustrates the scale of criminal proceeds available to those fraudsters."

alternative_right shares a report from 404 Media: Critics of YouTuber Ethan Klein are pushing back on subpoenas that would reveal their identities as part of an ongoing legal fight between Klein and his detractors. Klein is a popular content creator whose YouTube channel has more than 2 million subscribers. He's also involved in a labyrinthine personal and legal beef with three other content creators and the moderators of a subreddit that criticizes his work. Klein filed a legal motion to compel Discord and Reddit to reveal the identities of those moderators, a move their lawyers say would put them in harm's way and stifle free speech on the internet forever.

[...] On July 31, a judge allowed Klein's lawyers to file a subpoena with Reddit and Discord that would reveal the identities of the people running r/h3snark and an associated Discord server. On September 22, lawyers for the defendants filed a motion to quash the subpoenas. "On its face, the Action is about copyright infringement," the latest filing said. "At its heart, however, the Action is about stifling criticism and seeking retribution by unmasking individuals for perceived reputational harms TEI [Klein's production company] attributes to [John Doe moderators] unrelated to TEI's intellectual property rights." [...]

The anonymity of places like Reddit and Discord grant a layer of protection to people seeking to critique power. This case could set a dangerous precedent, the lawyers believe. "If the court allows TEI's Subpoenas, it would enable TEI to impose a considerable price on Does' use of the vehicle of anonymous speech -- including public exposure, real risks of retaliation and actual harm, and the financial and other burdens of defending the Action," the filing said. The filing added: "Very few would-be commentators are prepared to bear costs of this magnitude. So, when word gets out that the price tag of criticizing Ethan is this high -- that speech will disappear. But that is precisely what Ethan Klein wants."

Pirate sports streaming site Streameast has quietly reclaimed the Streameast.xyz domain after U.S. authorities allowed it to expire, despite having seized it under a federal warrant in 2024. TorrentFreak reports: While researching both old and newly-seized Streameast domains recently, we noticed that Streameast.xyz expired earlier this year. Apparently, it was not renewed by those who controlled it, as the seizure banner was gone. Instead, the domain appeared to have been reclaimed by the original Streameast team. While it is not listed as an official mirror site, Streameast.xyz points to content from the original site once again. And indeed, the original Streameast team confirms that the domain is theirs.

It is not clear why the U.S. authorities lost control of the domain or whether it was intentional. Other domain names covered by the same seizure warrant were renewed recently, including Streameast.io. The Streameast team might view this as a significant symbolic victory. After all, they effectively reclaimed a federally seized domain name without having to mount a legal challenge. In the grander scheme, one domain name is not going to make a massive difference. However, the U.S. government went through the trouble to obtain a federal warrant, so it's ironic to see it controlled by pirates once again.

An anonymous reader quotes a report from CBS News: A pair of e-commerce entrepreneurs who bought a number of well-known retail brands -- including RadioShack, Modell's Sporting Goods and Pier 1 Imports -- out of bankruptcy are accused of running a Ponzi scheme. The Securities and Exchange Commission on Monday accused Alex Mehr and Tai Lopez, founders of the Miami-based Retail Ecommerce Ventures (REV), of defrauding investors out of approximately $112 million. Through their holding company, Mehr and Lopez acquired distressed brick-and-mortar companies in order to turn them into successful, online-only brands. Dress Barn and Linens 'n Things were also among their acquisitions. [...]

The SEC's suit alleges that between 2020 and 2022, Mehr and Lopez, "made material misrepresentations" to hundreds of investors about the bankrupt retailers they had acquired. For example, to entice individuals to invest in their acquisitions, they said their portfolio companies were "on fire" and that "cash flow is strong." They also told prospective backers that money raised for a company would only be invested in that specific firm. That proved not to be the case, according to the SEC's lawsuit, which was filed Monday in the U.S. District Court for the Southern District of Florida.

"Contrary to these representations, while some of the REV Retailer Brands generated revenue, none generated any profits," the suit states. "Consequently, in order to pay interest, dividends and maturing note payments, Defendants resorted to using a combination of loans from outside lenders, merchant cash advances, money raised from new and existing investors, and transfers from other portfolio companies to cover obligations." The SEC alleges that at least $5.9 million of returns paid to investors were actually Ponzi-like payments funded by other investors, as opposed to companies' profits. Additionally, the federal regulatory agency claims that Mehr and Lopez allocated $16 million worth of investments for their own use, according to the filing.

The FCC mistakenly published a 163-page PDF containing detailed schematics for Apple's upcoming iPhone 16e, despite Apple explicitly requesting indefinite confidentiality to protect trade secrets. AppleInsider reports: A cover letter is also distributed alongside the schematics, addressed to the FCC and dated September 16, 2024. The letter from Apple is a request for the confidential treatment of documents that are filed with the FCC. [...] The letter from Apple requests a series of documents are withheld from public viewing "indefinitely." The justification is that they contain "confidential and proprietary trade secrets" that are not disclosed to the public post-release, due to giving competitors an "unfair advantage."

The list of documents, Apple states, includes: Block Diagrams, Electrical Schematic Diagrams, Technical Descriptions, Product Specifications, Antenna Locations, Tune-Up Procedure, and Software Security Description. Other documents, such as external and internal photographs, shots of the test setup, and the user manual, are deemed to be less damaging and have "short-term confidentiality" requirements. In those cases, Apple asks for short-term confidentiality for 180 days after the equipment authorization is granted by the FCC.

"Swiss voters have backed plans for electronic identity cards by a wafer-thin margin," reports the Guardian, "in the second nationwide vote on the issue." In a referendum on Sunday, 50.4% of voters supported an electronic ID card, while 49.6% were against, confounding pollsters who had forecast stronger support for the "yes" vote. Turnout was 49.55%, higher than expected... [V]oters rejected an earlier version of the e-ID in 2021, largely over objections to the role of private companies in the system. In response to these concerns, the Swiss state will now provide the e-ID, which will be optional and free of charge... To ensure security the e-ID is linked to a single smartphone, users will have to get a new e-ID if they change their device... An ID card containing biometric data — fingerprints — will be available from the end of next year.

Critics of the e-ID scheme raised data protection concerns and said it opened the door to mass surveillance. They also fear the voluntary scheme will become mandatory and disadvantage people without smartphones. The referendum was called after a coalition of rightwing and data-privacy parties collected more than 50,000 signatures against e-ID cards, triggering the vote.
"To further ease privacy concerns, a particular authority seeking information on a person — such as proof of age or nationality, for example — will only be able to check for those specific details," notes the BBC: Supporters of the Swiss system say it will make life much easier for everyone, allowing a range of bureaucratic procedures — from getting a telephone contract to proving you are old enough to buy a bottle of wine — to happen quickly online. Opponents of digital ID cards, who gathered enough signatures to force another referendum on the issue, argue that the measure could still undermine individual privacy. They also fear that, despite the new restrictions on how data is collected and stored, it could still be used to track people and for marketing purposes.
The BBC adds that the UK government also announced plans earlier this week to introduce its own digital ID, "which would be mandatory for employment. The proposed British digital ID would have fewer intended uses than the Swiss version, but has still raised concerns about privacy and data security."

The Guardian reports: The referendum came soon after the UK government announced plans for a digital ID card, which would sit in the digital wallets of smartphones, using state-of-the-art encryption. More than 1.6 million people have signed a petition opposing e-ID cards, which would be mandatory for people working in the UK by 2029.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

Tim Berners-Lee writes in a new article in the Guardian that "Somewhere between my original vision for web 1.0 and the rise of social media as part of web 2.0, we took the wrong path Today, I look at my invention and I am forced to ask: is the web still free today? No, not all of it. We see a handful of large platforms harvesting users' private data to share with commercial brokers or even repressive governments. We see ubiquitous algorithms that are addictive by design and damaging to our teenagers' mental health. Trading personal data for use certainly does not fit with my vision for a free web. On many platforms, we are no longer the customers, but instead have become the product. Our data, even if anonymised, is sold on to actors we never intended it to reach, who can then target us with content and advertising...

We have the technical capability to give that power back to the individual. Solid is an open-source interoperable standard that I and my team developed at MIT more than a decade ago. Apps running on Solid don't implicitly own your data — they have to request it from you and you choose whether to agree, or not. Rather than being in countless separate places on the internet in the hands of whomever it had been resold to, your data is in one place, controlled by you. Sharing your information in a smart way can also liberate it. Why is your smartwatch writing your biological data to one silo in one format? Why is your credit card writing your financial data to a second silo in a different format? Why are your YouTube comments, Reddit posts, Facebook updates and tweets all stored in different places? Why is the default expectation that you aren't supposed to be able to look at any of this stuff? You generate all this data — your actions, your choices, your body, your preferences, your decisions. You should own it. You should be empowered by it...

We're now at a new crossroads, one where we must decide if AI will be used for the betterment or to the detriment of society. How can we learn from the mistakes of the past? First of all, we must ensure policymakers do not end up playing the same decade-long game of catchup they have done over social media. The time to decide the governance model for AI was yesterday, so we must act with urgency. In 2017, I wrote a thought experiment about an AI that works for you. I called it Charlie. Charlie works for you like your doctor or your lawyer, bound by law, regulation and codes of conduct. Why can't the same frameworks be adopted for AI? We have learned from social media that power rests with the monopolies who control and harvest personal data. We can't let the same thing happen with AI.
Berners-Lee also says "we need a Cern-like not-for-profit body driving forward international AI research," arguing that if we muster the political willpower, "we have the chance to restore the web as a tool for collaboration, creativity and compassion across cultural borders.

"We can re-empower individuals, and take the web back. It's not too late."

Berners-Lee has also written a new book titled This is For Everyone.

Long-time Slashdot reader theodp says America's Patent and Trademark Office (USPTO) has granted a patent to Tableau (Salesforce's visual analytics platform) — for a patent covering "Data Processing For Visualizing Hierarchical Data": "A provided data model may include a tree specification that declares parent-child relationships between objects in the data model. In response to a query associated with objects in the data model: employing the parent-child relationships to determine a tree that includes parent objects and child objects from the objects based on the parent-child relationships; determining a root object based on the query and the tree; traversing the tree from the root object to visit the child objects in the tree; determining partial results based on characteristics of the visited child objects such that the partial results are stored in an intermediate table; and providing a response to the query that includes values based on the intermediate table and the partial results."

A set of 15 simple drawings is provided to support the legal and tech gobbledygook of the invention claims. A person can have a manager, Tableau explains in Figures 5-6 of its accompanying drawings, and that manager can also manage and be managed by other people. Not only that, Tableau illustrates in Figures 7-10 that computers can be used to count how many people report to a manager. How does this magic work, you ask? Well, you "generate [a] tree" [Fig. 13] and "traverse a tree" [Fig. 15], Tableau explains. But wait, there's more — you can also display the people who report to a manager in multi-level or nested pie charts (aka Sunburst charts), Tableau demonstrates in Fig. 11.

Interestingly, Tableau released a "pre-Beta" Sunburst chart type in late April 2023 but yanked it at the end of June 2023 (others have long-supported Sunburst charts, including Plotly). So, do you think Tableau should be awarded a patent in 2025 on a concept that has roots in circa-1921 Sunburst charts and tree algorithms taught to first-year CS students in circa-1975 Data Structures courses?

The U.S. is considering a rule requiring chipmakers to match the volume of semiconductors that their customers currently import from overseas providers through domestic production, or face tariffs. Reuters reports: President Donald Trump has doubled down on his efforts to reshore semiconductor manufacturing, offering exemptions from tariffs of roughly 100% on chips to firms that produce domestically. Companies that fail to sustain a 1:1 domestic-to-import ratio over time would face tariffs, the Journal said. U.S. Commerce Secretary Howard Lutnick floated the idea with semiconductor executives, telling them it might be necessary for economic security, the Journal said.

"America cannot be reliant on foreign imports for the semiconductor products that are essential for our national and economic security," the newspaper cited White House spokesperson Kush Desai as saying, who added that any reporting about policymaking should be treated as speculative, unless officially announced. [...] Under the proposal, a company pledging to make chips in the U.S. would receive credit for that pledged volume, allowing imports without tariffs until the plant is complete, with initial relief to help ramp capacity, according to the report.

xAI struck a deal with the U.S. General Services Administration to sell its chatbot Grok to federal agencies under the executive branch for 42 cents over 18 months, undercutting OpenAI and Anthropic's $1 offerings. TechCrunch reports: The steep discount for federal agencies includes access to xAI engineers to help integrate the technology. The price point is either part of a running joke Musk has of using variations of 420, a marijuana reference, or a nod to one of Musk's favorite books, "The Hitchhiker's Guide to the Galaxy," which references the number 42 as the answer to the meaning of life and the universe.

... In late August, internal emails obtained by Wired revealed the White House had instructed the GSA to add xAI's Grok to the approved vendor list "ASAP." The company was also one of several AI firms, including Anthropic, Google, and OpenAI, to be selected for a $200 million contract with the Pentagon. A GSA spokesperson told TechCrunch that Musk was not directly involved in negotiating the agreement.

An anonymous reader quotes a report from CNN: A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday. The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China's hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms' proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

[...] In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said. The disclosure comes after the Trump administration escalated America's trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other's positions. Mandiant analysts said the fallout from the breaches -- the task of kicking out the hackers and assessing the damage -- could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia's use of SolarWinds software to infiltrate US government agencies in 2020.

Digital ID will be mandatory in order to work in the UK, as part of plans to tackle illegal migration. From a report: Sir Keir Starmer said the new digital ID scheme would make it tougher to work in the UK illegally and offer "countless benefits" to citizens. However, opposition parties argued the proposals would not stop people crossing the Channel in small boats.

The prime minister set out his plans in a broader speech to a gathering of world leaders, in which he said it had been "too easy" for people to work illegally in the UK because the centre-left had been "squeamish" about saying things that were "clearly true."

Addressing the Global Progressive Action Conference in London - attended by politicians including Australian Prime Minister Anthony Albanese and Canadian Prime Minister Mark Carney - Sir Keir said it was time to "look ourselves in the mirror and recognise where we've allowed our parties to shy away from people's concerns."

"It is not compassionate left-wing politics to rely on labour that exploits foreign workers and undercuts fair wages," he said. "The simple fact is that every nation needs to have control over its borders. We do need to know who is in our country."

An anonymous reader quotes a report from TechCrunch: A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models. But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.

TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app's founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery. Kiam told TechCrunch later Thursday that he took down the app's servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse. The Neon app stopped functioning soon after we contacted Kiam. TechCrunch found that the app's backend services didn't properly restrict access, allowing any logged-in user to request and receive data belong to other users. This included call transcripts, raw call recordings, and sensitive metadata, including phone numbers, the date/time of calls, and their durations.

Google has asked the U.S. Supreme Court to pause a judge's order requiring major changes to its Play Store after losing an antitrust case to Epic Games. The injunction would force Google to allow rival app stores, external billing links, and broader competition -- changes Google says could harm users and developers. Epic argues they're necessary to break Google's monopoly. Reuters reports: Google said it has urged the U.S. Supreme Court to halt key parts of a judge's order that would force major changes to its app store Play, as it prepares to appeal a decision in a lawsuit brought by "Fortnite" maker Epic Games. Google called the judge's order unprecedented, and said it would cause reputational harm, safety and security risks and put the company at a competitive disadvantage if allowed to take effect, according to a filing, opens new tab provided late on Wednesday by Google, which said it had submitted it to the court. [...]

Google in its Supreme Court filing said that the changes will have enormous consequences for more than 100 million U.S. Android users and 500,000 developers. It asked the court to decide by October 17 whether to put the order on hold. Google said it plans to file its appeal to the Supreme Court by October 27, which could allow the justices to take up the case during their nine-month term that begins on October 6.

Epic in a statement said Google is relying on what it called "flawed security claims" to justify its control over Android devices. "The court's injunction should go into effect as ordered so consumers and developers can benefit from competition, choices and lower prices," Epic said. The jury, siding with Epic in the trial, found that Google illegally stifled competition. Donato subsequently issued the order directing Google to make changes to its app store.

Amazon will pay $2.5 billion to settle Federal Trade Commission allegations that it duped users into paying for Prime memberships, the regulatory agency announced Thursday. CNBC: The surprise settlement comes as Amazon and the FTC were just three days into the trial in a Seattle federal court. Opening arguments took place on Tuesday. The lawsuit, filed by the FTC in June 2023 under the Biden administration, claimed that Amazon deceived tens of millions of customers into signing up for its Prime subscription program and sabotaged their attempts to cancel it.

Three senior Amazon executives were at risk of being held individually liable if the jury sided with the FTC. Amazon will pay a $1 billion civil penalty to the FTC and will refund $1.5 billion to an estimated 35 million customers who were impacted by "unwanted Prime enrollment or deferred cancellation," the agency said.

The Japanese city of Toyoake has passed (PDF) a symbolic ordinance limiting recreational smartphone use to two hours a day, aiming to improve citizens' sleep -- especially for students after summer vacation. The Register reports: "The primary purpose of this ordinance is to ensure that all citizens receive adequate sleep," states a Council information page, which explains that many Japanese people ignore Ministry of Health, Labor and Welfare recommendations to spend six to eight hours a day dozing. An accompanying FAQ [PDF] explains that Council passed the ordinance because students who return to school after summer vacations sometimes need a nudge the re-establish an appropriate daily regime.

The ordinance also points out "Excessive phone users and their families are facing difficulties in their daily and social lives," and suggests the two-hours-a-day guidance might help. Council's documents point out that smartphones have myriad uses beyond recreation, and that the ordinance should not be taken as a suggestion to reduce overall use of the devices. Toyoake is part of the Nagoya megalopolis and is home to around 70,000 people. The town's government plans to survey residents about the ordinance, and the FAQ also mentions it wants to tackle other digital menaces, among them harmful effects of using smartphones while walking.

An anonymous reader quotes a report from The Guardian: After deflecting the US Department of Justice's attack on its illegal monopoly in online search, Google is facing another attempt to dismantle its internet empire in a trial focused on abusive tactics in digital advertising. The trial that opened Monday in an Alexandria, Virginia, federal court revolves around the harmful conduct that resulted in US district Judge Leonie Brinkema declaring parts of Google's digital advertising technology to be an illegal monopoly in April. The judge found that Google has been engaging in behavior that stifles competition to the detriment of online publishers that depend on the system for revenue.

Google and the justice department will spend the next two weeks in court presenting evidence in a "remedy" trial that will culminate in Brinkema issuing a ruling on how to restore fair market conditions. If the justice department gets its way, Brinkema will order Google to sell parts of its ad technology -- a proposal that the company's lawyers warned would "invite disruption and damage" to consumers and the internet's ecosystem. The justice department contends a breakup would be the most effective and quickest way to undercut a monopoly that has been stifling competition and innovation for years. [...]

The case, filed in 2023 under Joe Biden's administration, threatens the complex network that Google has spent the past 17 years building to power its dominant digital advertising business. Digital advertising sales account for most of the $305 billion in revenue that Google's services division generates for its corporate parent Alphabet. The company's sprawling network of display ads provide the lifeblood that keeps thousands of websites alive. Google believes it has already made enough changes to its "ad manager" system, including providing more options and pricing options, to resolve the problems Brinkema flagged in her monopoly ruling.

Longtime Slashdot reader schwit1 shares a report from ICO Bench: As of September 1, 2025, banks across Vietnam are closing accounts deemed inactive or non-compliant with new biometric rules. Authorities estimate that more than 86 million accounts out of roughly 200 million are at risk if users fail to update their identity verification.

The State Bank of Vietnam has also introduced stricter thresholds for transactions:
- Facial authentication is mandatory for online transfers above 10 million VND (about $379).
- Cumulative daily transfers over 20 million VND ($758) also require biometric approval.

The policy is part of the central bank's broader "cashless" strategy, aimed at combating fraud, identity theft, and deepfake-enabled scams. [...] While many Vietnamese citizens have updated their biometric data without issue, the measure has disproportionately affected foreign residents and expatriates who cannot easily return to local branches and dormant accounts that had been left inactive for years. schwit1 highlights a post on X from Bitcoin expert and TFTC.io founder Marty Bent: "If users don't comply by the 30th they'll lose their money. This is why we bitcoin."

YouTube's parent company, Alphabet, said it will reinstate creators previously banned for spreading COVID-19 misinformation and false election claims, citing free expression and shifting policy guidelines. The Hill reports: "Reflecting the Company's commitment to free expression, YouTube will provide an opportunity for all creators to rejoin the platform if the Company terminated their channels for repeated violations of COVID-19 and elections integrity policies that are no longer in effect," the company said in a letter to Rep. Jim Jordan (R-Ohio), chair of the House Judiciary Committee. "YouTube values conservative voices on its platform and recognizes that these creators have extensive reach and play an important role in civic discourse. The Company recognizes these creators are among those shaping today's online consumption, landing 'must-watch' interviews, giving viewers the chance to hear directly from politicians, celebrities, business leaders, and more," it added in the five-page correspondence.

Alphabet blamed the Biden administration for limiting political speech on the platform. "Senior Biden Administration officials, including White House officials, conducted repeated and sustained outreach to Alphabet and pressed the Company regarding certain user-generated content related to the COVID-19 pandemic that did not violate its policies," the letter read. "While the Company continued to develop and enforce its policies independently, Biden Administration officials continued to press the Company to remove non-violative user-generated content," it continued. Guidelines were changed after former President Biden took office and urged platforms to remove content that encouraged citizens to drink bleach to cure COVID-19, as President Trump suggested in 2020, or join insurrection efforts launched on Jan. 6, 2021, to overthrow his 2020 presidential win. But the company said the Biden administration's decisions were "unacceptable" and "wrong," while noting it would forgo future fact-checking mechanisms and instead allow users to add context notes to content.

Customs and Border Protection collected DNA from nearly 2,000 US citizens between 2020 and 2024 and sent the samples to the FBI's CODIS crime database, according to Georgetown Law's Center on Privacy & Technology analysis of newly released government data. The collection included approximately 95 minors, some as young as 14, and travelers never charged with crimes.

Congress never authorized DNA collection from citizens, children or civil detainees. DHS has contributed 2.6 million profiles to CODIS since 2020, with 97% collected under civil rather than criminal authority. The expansion followed a 2020 Justice Department rule that revoked DHS's waiver from DNA collection requirements. Former FBI director Christopher Wray testified in 2023 that monthly DNA submissions jumped from a few thousand to 92,000, creating a backlog of 650,000 unprocessed kits. Georgetown researchers project DHS could account for one-third of CODIS by 2034. The DHS Inspector General found in 2021 that the department lacked central oversight of DNA collection.

The Supreme Court has temporarily allowed President Trump to fire Rebecca Slaughter, the last Democrat on the FTC. "The court's action is technically temporary, since the justices said they will hear arguments in the case in December, but every indication is that the conservative court majority will use the case to reverse a major Supreme Court precedent that dates back almost a century," reports NPR. From the report: Congress created the FTC and lots of other agencies to be multi-member, bipartisan regulatory agencies. And the Supreme Court in 1935 upheld those statutes ruling ruled against then-President Franklin D. Roosevelt's claim that he could fire FTC commissioners at will. In a unanimous opinion at the time, the court said Congress acted within its powers in declaring that a commissioner could only be fired for misconduct -- not for a policy disagreement. But now, prodded by President Trump, the court's six-member conservative majority seems poised to remake the way independent agencies operate. And if the handwriting on the wall is as clear as it seems to be, the independent agencies won't be independent. Their membership will be subject to the will of the president.

The court's action Monday was hardly subtle. While the lower courts had ruled that the president could not fire Slaughter, under the court's 1935 precedent, the conservative Supreme Court majority allowed the president to fire her. Indeed, her name isn't even on the FTC website anymore. And the court so far has allowed Trump to fire other agency board members. In short, the justices are not playing hide-the-ball. And it's a good bet that the court will reverse the 1935 precedent, which until now had been reaffirmed multiple times. The result will be that whereas in the past, these agencies had to be bipartisan, with a minority of opposition party members, now there will be no such requirement. In short, Trump can name all the agency members. And if his successor is a Democrat, he or she can fire all the Republicans.

The U.S. General Services Administration has approved Meta's AI system Llama for use by federal agencies, declaring that it meets government security and legal standards. Reuters reports: "It's not about currying favor," [said Josh Gruenbaum, the GSA's procurement lead, when asked whether tech executives are giving the government discounts to get President Donald Trump's approval]. "It's about that recognition of how do we all lock in arms and make this country the best country it could possibly be." Federal agencies will be able to deploy the tool to speed up contract review or more quickly solve information technology hiccups, among other tasks, he said.

An anonymous reader quotes a report from CalMatters: A California attorney must pay a $10,000 fine for filing a state court appeal full of fake quotations generated by the artificial intelligence tool ChatGPT. The fine appears to be the largest issued over AI fabrications by a California court and came with a blistering opinion (PDF) stating that 21 of 23 quotes from cases cited in the attorney's opening brief were made up. It also noted that numerous out-of-state and federal courts have confronted attorneys for citing fake legal authority. "We therefore publish this opinion as a warning," it continued. "Simply stated, no brief, pleading, motion, or any other paper filed in any court should contain any citations -- whether provided by generative AI or any other source -- that the attorney responsible for submitting the pleading has not personally read and verified."

The opinion, issued 10 days ago in California's 2nd District Court of Appeal, is a clear example of why the state's legal authorities are scrambling to regulate the use of AI in the judiciary. The state's Judicial Council two weeks ago issued guidelines requiring judges and court staff to either ban generative AI or adopt a generative AI use policy by Dec. 15. Meanwhile, the California Bar Association is considering whether to strengthen its code of conduct to account for various forms of AI following a request by the California Supreme Court last month.

The Los Angeles-area attorney fined last week, Amir Mostafavi, told the court that he did not read text generated by the AI model before submitting the appeal in July 2023, months after OpenAI marketed ChatGPT as capable of passing the bar exam. A three-judge panel fined him for filing a frivolous appeal, violating court rules, citing fake cases, and wasting the court's time and the taxpayers money, according to the opinion. Mostafavi told CalMatters he wrote the appeal and then used ChatGPT to try and improve it. He said that he didn't know it would add case citations or make things up.

"On a recent assignment to test defenses, Dave Brauchler of the cybersecurity company NCC Group tricked a client's AI program-writing assistant into executing programs that forked over the company's databases and code repositories," reports the Washington Post.

"We have never been this foolish with security," Brauchler said... Demonstrations at last month's Black Hat security conference in Las Vegas included other attention-getting means of exploiting artificial intelligence. In one, an imagined attacker sent documents by email with hidden instructions aimed at ChatGPT or competitors. If a user asked for a summary or one was made automatically, the program would execute the instructions, even finding digital passwords and sending them out of the network. A similar attack on Google's Gemini didn't even need an attachment, just an email with hidden directives. The AI summary falsely told the target an account had been compromised and that they should call the attacker's number, mimicking successful phishing scams.

The threats become more concerning with the rise of agentic AI, which empowers browsers and other tools to conduct transactions and make other decisions without human oversight. Already, security company Guardio has tricked the agentic Comet browser addition from Perplexity into buying a watch from a fake online store and to follow instructions from a fake banking email...

Advanced AI programs also are beginning to be used to find previously undiscovered security flaws, the so-called zero-days that hackers highly prize and exploit to gain entry into software that is configured correctly and fully updated with security patches. Seven teams of hackers that developed autonomous "cyber reasoning systems" for a contest held last month by the Pentagon's Defense Advanced Research Projects Agency were able to find a total of 18 zero-days in 54 million lines of open source code. They worked to patch those vulnerabilities, but officials said hackers around the world are developing similar efforts to locate and exploit them. Some longtime security defenders are predicting a once-in-a-lifetime, worldwide mad dash to use the technology to find new flaws and exploit them, leaving back doors in place that they can return to at leisure.

The real nightmare scenario is when these worlds collide, and an attacker's AI finds a way in and then starts communicating with the victim's AI, working in partnership — "having the bad guy AI collaborate with the good guy AI," as SentinelOne's [threat researcher Alex] Delamotte put it. "Next year," said Adam Meyers, senior vice president at CrowdStrike, "AI will be the new insider threat."
In August more than 1,000 people lost data to a modified Nx program (downloaded hundreds of thousands of times) that used pre-installed coding tools from Google/Anthropic/etc. According to the article, the malware "instructed those programs to root out" sensitive data (including passwords or cryptocurrency wallets) and send it back to the attacker. "The more autonomy and access to production environments such tools have, the more havoc they can wreak," the article points out — including this quote from SentinelOne threat researcher Alex Delamotte.

"It's kind of unfair that we're having AI pushed on us in every single product when it introduces new risks."

In a debate on employment rights, a U.K. Parliament member brought up Meta's former director of global public policy Sarah Wynn-Williams Louise Haigh, the former Labour transport secretary, said Wynn-Williams was facing a fine of $50,000 (£37,000) every time she breached an order secured by Meta preventing her from talking disparagingly about the company... "I am sure that the whole house and the government will stand with Sarah as we pass this legislation to ensure that whistleblowers and those with the moral courage to speak out are always protected...."

Meta has emphasised that Wynn-Williams entered into the non-disparagement agreement voluntarily as part of her departure. Meta said that to date, Wynn-Williams had not been forced to make any payments under the agreement... [The ruling came after Wynn-Williams published an exposé in March about her time at Facebook titled Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism.] The ruling stated Wynn-Williams should stop promoting the book and, to the extent she could, stop further publication... Wynn-Williams has not spoken in public since appearing at the Senate hearing in April.
Wynn-Williams "remains silenced" according to her lawyer, who tells the Guardian that Meta's arbitration proceedings in the U.K. "threaten to bankrupt" the whistleblower.

Mickey Mouse's first movie Steamboat Willie entered the public domain in 2024.

Now one of America's largest personal injury firms is suing Disney, reports the Associated Press, "in an effort to get a ruling that would allow it to use Steamboat Willie in advertisements..." [The law firm said] it had reached out to Disney to make sure the entertainment company wouldn't sue them if they used images from the animated film for their TV and online ads. Disney's lawyers responded by saying they didn't offer legal advice to third parties, according to the lawsuit. Morgan & Morgan said it was filing the lawsuit to get a decision because it otherwise feared being sued by Disney for trademark infringement if it used Steamboat Willie.
"Without waiver of any of its rights, Disney will not provide such advice in response to your letter," Disney's attorneys wrote in their letter (adding "Very truly yours..."). A local newscast showed a glimpse of the letter, along with a few seconds of the ad (which ends with Minnie Mouse pulling out a cellphone to call for a lawyer...)

Attorney John Morgan tells the newscast that Disney's legal team "is playing cute, and so we're just trying to get a yes or no answer.. They wrote us back a bunch of mumbo-jumbo that made no sense, didn't answer the question. We tried it again, they didn't answer the question..." (The newscast adds that the case isn't expected to go to court for at least a year.)

The Federal Trade Commission and attorneys general from seven states filed an 84-page lawsuit Thursday in federal court in California against Live Nation Entertainment and its Ticketmaster subsidiary. The suit alleges the companies knowingly allow ticket brokers to use multiple accounts to circumvent purchase limits and acquire thousands of tickets per event for resale at higher prices.

The FTC claims this practice violates the Better Online Ticket Sales Act and generates hundreds of millions in revenue through a "triple dip" fee structure -- collecting fees on initial broker purchases, then from both brokers and consumers on secondary market sales. FTC Chairman Andrew Ferguson cited President Trump's March executive order requiring federal protection against ticketing practices. The lawsuit arrives one month after the FTC sued Maryland broker Key Investment Group over Taylor Swift tour price-gouging and follows the Department of Justice's 2024 monopoly suit against Live Nation.

Amazon violated consumer protection law by gathering Prime subscribers' billing information before disclosing the service's terms, a judge ruled on Wednesday, handing the U.S. Federal Trade Commission a partial win. From a report: The ruling by U.S. District Judge John Chun in the case accusing Amazon of deceptive practices to generate Prime subscriptions puts the company at a disadvantage at trial.

The FTC is poised to argue that the online retailer signed up tens of millions of customers for Prime without their consent, and thwarted tens of millions of cancellation bids through complex cancellation methods. The agency says those actions violated the Restore Online Shoppers Confidence Act (ROSCA).

At a Senate hearing, grieving parents testified that companion chatbots from major tech companies encouraged their children toward self-harm, suicide, and violence. One mom even claimed that Character.AI tried to "silence" her by forcing her into arbitration. Ars Technica reports: At the Senate Judiciary Committee's Subcommittee on Crime and Counterterrorism hearing, one mom, identified as "Jane Doe," shared her son's story for the first time publicly after suing Character.AI. She explained that she had four kids, including a son with autism who wasn't allowed on social media but found C.AI's app -- which was previously marketed to kids under 12 and let them talk to bots branded as celebrities, like Billie Eilish -- and quickly became unrecognizable. Within months, he "developed abuse-like behaviors and paranoia, daily panic attacks, isolation, self-harm, and homicidal thoughts," his mom testified.

"He stopped eating and bathing," Doe said. "He lost 20 pounds. He withdrew from our family. He would yell and scream and swear at us, which he never did that before, and one day he cut his arm open with a knife in front of his siblings and me." It wasn't until her son attacked her for taking away his phone that Doe found her son's C.AI chat logs, which she said showed he'd been exposed to sexual exploitation (including interactions that "mimicked incest"), emotional abuse, and manipulation. Setting screen time limits didn't stop her son's spiral into violence and self-harm, Doe said. In fact, the chatbot urged her son that killing his parents "would be an understandable response" to them.

"When I discovered the chatbot conversations on his phone, I felt like I had been punched in the throat and the wind had been knocked out of me," Doe said. "The chatbot -- or really in my mind the people programming it -- encouraged my son to mutilate himself, then blamed us, and convinced [him] not to seek help." All her children have been traumatized by the experience, Doe told Senators, and her son was diagnosed as at suicide risk and had to be moved to a residential treatment center, requiring "constant monitoring to keep him alive." Prioritizing her son's health, Doe did not immediately seek to fight C.AI to force changes, but another mom's story -- Megan Garcia, whose son Sewell died by suicide after C.AI bots repeatedly encouraged suicidal ideation -- gave Doe courage to seek accountability.

However, Doe claimed that C.AI tried to "silence" her by forcing her into arbitration. C.AI argued that because her son signed up for the service at the age of 15, it bound her to the platform's terms. That move might have ensured the chatbot maker only faced a maximum liability of $100 for the alleged harms, Doe told senators, but "once they forced arbitration, they refused to participate," Doe said. Doe suspected that C.AI's alleged tactics to frustrate arbitration were designed to keep her son's story out of the public view. And after she refused to give up, she claimed that C.AI "re-traumatized" her son by compelling him to give a deposition "while he is in a mental health institution" and "against the advice of the mental health team." "This company had no concern for his well-being," Doe testified. "They have silenced us the way abusers silence victims." A Character.AI spokesperson told Ars that C.AI sends "our deepest sympathies" to concerned parents and their families but denies pushing for a maximum payout of $100 in Jane Doe's case. C.AI never "made an offer to Jane Doe of $100 or ever asserted that liability in Jane Doe's case is limited to $100," the spokesperson said.

One of Doe's lawyers backed up her clients' testimony, citing C.AI terms that suggested C.AI's liability was limited to either $100 or the amount that Doe's son paid for the service, whichever was greater.

An anonymous reader quotes a report from Polygon: The CEOs of Discord, Steam, Twitch, and Reddit have been called to Congress to testify about the "radicalization of online forum users" on those platforms, the House Oversight and Government Reform Committee announced Wednesday. "Congress has a duty to oversee the online platforms that radicals have used to advance political violence," said chairman of the House Oversight Committee James Comer, a Republican from Kentucky, in a statement. "To prevent future radicalization and violence, the CEOs of Discord, Steam, Twitch, and Reddit must appear before the Oversight Committee and explain what actions they will take to ensure their platforms are not exploited for nefarious purposes."

Letters from the House Oversight Committee have been sent to Humam Sakhnini, CEO of Discord; Gabe Newell, president of Steam maker Valve; Dan Clancy, CEO of Twitch; and Steve Huffman, CEO of Reddit, requesting their testimony on Oct. 8. "The hearing will examine radicalization of online forum users, including incidents of open incitement to commit violent politically motivated acts," Comer said in a letter to each CEO. [...] Discord, Steam, Twitch, and Reddit execs will have the chance to deliver five-minute opening statements prior to answering questions posed by members of the committee during October's testimony.

OpenAI is rolling out stricter safety measures for ChatGPT after lawsuits linked the chatbot to multiple suicides. "ChatGPT will now attempt to guess a user's age, and in some cases might require users to share an ID in order to verify that they are at least 18 years old," reports 404 Media. "We know this is a privacy compromise for adults but believe it is a worthy tradeoff," the company said in its announcement. "I don't expect that everyone will agree with these tradeoffs, but given the conflict it is important to explain our decisionmaking," OpenAI CEO Sam Altman said on X. From the report: OpenAI introduced parental controls to ChatGPT earlier in September, but has now introduced new, more strict and invasive security measures. In addition to attempting to guess or verify a user's age, ChatGPT will now also apply different rules to teens who are using the chatbot. "For example, ChatGPT will be trained not to do the above-mentioned flirtatious talk if asked, or engage in discussions about suicide of self-harm even in a creative writing setting," the announcement said. "And, if an under-18 user is having suicidal ideation, we will attempt to contact the users' parents and if unable, will contact the authorities in case of imminent harm."

OpenAI's post explains that it is struggling to manage an inherent problem with large language models that 404 Media has tracked for several years. ChatGPT used to be a far more restricted chatbot that would refuse to engage users on a wide variety of issues the company deemed dangerous or inappropriate. Competition from other models, especially locally hosted and so-called "uncensored" models, and a political shift to the right which sees many forms of content moderation as censorship, has caused OpenAI to loosen those restrictions.

"We want users to be able to use our tools in the way that they want, within very broad bounds of safety," Open AI said in its announcement. The position it seemed to have landed on given these recent stories about teen suicide, is that it wants to "'Treat our adult users like adults' is how we talk about this internally, extending freedom as far as possible without causing harm or undermining anyone else's freedom."

An anonymous reader quotes a report from Ars Technica: The companies seeking to build larger AI models have been increasingly stymied by a lack of high-quality training data. As tech firms scour the web for more data to feed their models, they could increasingly rely on potentially sensitive user data. A team at Google Research is exploring new techniques to make the resulting large language models (LLMs) less likely to 'memorize' any of that content. LLMs have non-deterministic outputs, meaning you can't exactly predict what they'll say. While the output varies even for identical inputs, models do sometimes regurgitate something from their training data -- if trained with personal data, the output could be a violation of user privacy. In the event copyrighted data makes it into training data (either accidentally or on purpose), its appearance in outputs can cause a different kind of headache for devs. Differential privacy can prevent such memorization by introducing calibrated noise during the training phase.

Adding differential privacy to a model comes with drawbacks in terms of accuracy and compute requirements. No one has bothered to figure out the degree to which that alters the scaling laws of AI models until now. The team worked from the assumption that model performance would be primarily affected by the noise-batch ratio, which compares the volume of randomized noise to the size of the original training data. By running experiments with varying model sizes and noise-batch ratios, the team established a basic understanding of differential privacy scaling laws, which is a balance between the compute budget, privacy budget, and data budget. In short, more noise leads to lower-quality outputs unless offset with a higher compute budget (FLOPs) or data budget (tokens). The paper details the scaling laws for private LLMs, which could help developers find an ideal noise-batch ratio to make a model more private. The work the team has done here has led to a new Google model called VaultGemma, its first open-weight model trained with differential privacy to minimize memorization risks. It's built on the older Gemma 2 foundation and sized at 1 billion parameters, which the company says performs comparably to non-private models of similar size.

It's available now from Hugging Face and Kaggle.

Bruce66423 shares a report from The Guardian: MI5 has conceded it "unlawfully" obtained the communications data of a former BBC journalist, in what was claimed to be an unprecedented admission from the security services. The BBC said it was a "matter of grave concern" that the agency had obtained communications data from the mobile phone of Vincent Kearney, a former BBC Northern Ireland home affairs correspondent. The admission came in a letter to the BBC and to Kearney, in relation to a tribunal examining claims that several reporters in Northern Ireland were subjected to unlawful scrutiny by the police. It related to work carried out by Kearney for a documentary into the independence of the Office of the Police Ombudsman for Northern Ireland (PONI). Kearney is now the northern editor at Irish broadcaster RTE.

In documents submitted to the Investigatory Powers Tribunal (IPT), MI5 conceded it obtained phone data from Kearney on two occasions in 2006 and 2009. Jude Bunting KC, representing Kearney and the BBC, told a hearing on Monday: "The MI5 now confirms publicly that in 2006 and 2009 MI5 obtained communications data in relation to Vincent Kearney." He said the security service accepted it had breached Kearney's rights under article 8 and article 10 of the European convention on human rights. They relate to the right to private correspondence and the right to impart information without interference from public authorities. "This appears to be the first time in any tribunal proceedings in which MI5 publicly accept interference with a journalist's communications data, and also publicly accept that they acted unlawfully in doing so," Bunting said. He claimed the concessions that it accessed the journalist's data represented "serious and sustained illegality on the part of MI5." Bruce66423 comments: "The good news is that it's come out. The bad news is that it has taken 16 years to do so. The interesting question is whether there will be any meaningful consequences for individuals within MI5; there's a nice charge of 'malfeasance in public office' that can be used to get such individuals into a criminal court. Or will the outcome be like that of when the CIA hacked the US Senate's computers, lied about it, and nothing happened?"

The FTC is investigating whether Ticketmaster is doing enough to prevent bots from illegally reselling tickets on its platform, with a decision on the matter coming within weeks, according to Bloomberg (paywalled). Reuters reports: The 2016 law prohibits the use of bots and other methods to bypass ticket purchase limits set by online sellers. As part of the probe, FTC investigators are assessing whether Ticketmaster has a financial incentive to allow resellers to circumvent its ticket limit rules, according to the report. A settlement is also possible, Bloomberg reported. If the FTC pursues a case and Live Nation loses, the company could face billions of dollars in penalties, as the law permits fines of up to $53,000 per violation.

The Internet Archive has reached a confidential settlement with Universal Music Group and other major labels, "ending a closely watched copyright battle over the nonprofit's effort to digitize and stream historic recordings," reports the San Francisco Chronicle. From the report: The case (PDF), UMG Recordings, Inc. v. Internet Archive, targeted the Archive's Great 78 Project, an initiative to digitize more than 400,000 fragile shellac records from the early 20th century. The collection includes music by artists such as Frank Sinatra, Ella Fitzgerald and Billie Holiday, and has been made available online for free public access. Record labels including Universal, Sony Music Entertainment and Capitol Records had sought $621 million in damages, arguing the Archive's streaming of these recordings constituted copyright infringement.

The Internet Archive, based in San Francisco's Richmond District, describes itself as a digital library dedicated to providing "universal access to all knowledge." Its director of library services, Chris Freeland, acknowledged the settlement in a brief statement. "The parties have reached a confidential resolution of all claims and will have no further public comment on this matter," he wrote.

404 Media: A data broker owned by the country's major airlines, including American Airlines, United and Delta, is selling access to five billion plane ticketing records to the government for warrantless searching and monitoring of peoples' movements, including by the FBI, Secret Service, ICE, and many other agencies, according to a new contract and other records reviewed by 404 Media.

The contract provides new insight into the scale of the sale of passengers' data by the Airlines Reporting Corporation (ARC), the airlines-owned data broker. The contract shows ARC's data includes information related to more than 270 carriers and is sourced through more than 12,800 travel agencies. ARC has previously told the government to not reveal to the public where this passenger data came from, which includes peoples' names, full flight itineraries, and financial details.

"Americans' privacy rights shouldn't depend on whether they bought their tickets directly from the airline or via a travel agency. ARC's sale of data to U.S. government agencies is yet another example of why Congress needs to close the data broker loophole by passing my bipartisan bill, the Fourth Amendment Is Not For Sale Act," Senator Ron Wyden told 404 Media in a statement.

A third of UK employers are using "bossware" technology to track workers' activity with the most common methods including monitoring emails and web browsing. From a report: Private companies are most likely to deploy in-work surveillance and one in seven employers are recording or reviewing screen activity, according to a UK-wide survey that estimates the extent of office snooping.

The findings, shared with the Guardian by the Chartered Management Institute (CMI), are based on responses from hundreds of UK managers and suggest there has been a recent growth in computerised work surveillance. In 2023, less than a fifth of people thought they were being monitored by an employer, the Information Commissioner's Office (ICO) found. The finding that about a third of managers report their organisations are monitoring workers' online activities on employer-owned devices is probably an underestimate, as roughly the same proportion said they don't know what tracking their organisations do.

Many monitoring systems are aimed at preventing insider threats and safeguarding sensitive information as well as detecting productivity dips. But the trend appears to be causing unease. A large minority of managers are opposed to the practice, saying it undermines trust with staff and invades their personal privacy, the CMI found.

"When residents of Equatorial Guinea's Annobón island wrote to the government in Malabo in July last year complaining about the dynamite explosions by a Moroccan construction company, they didn't expect the swift end to their internet access..." reports the Associated Press.

"Residents and activists said the company's dynamite explosions in open quarries and construction activities have been polluting their farmlands and water supply..." Dozens of the signatories and residents were imprisoned for nearly a year, while internet access to the small island has been cut off since then, according to several residents and rights groups. Local residents interviewed by The Associated Press left the island in the past months, citing fear for their lives and the difficulty of life without internet. Banking services have shut down, hospital services for emergencies have been brought to a halt and residents say they rack up phone bills they can't afford because cellphone calls are the only way to communicate...

The company's work on the island continues. Residents hoped to pressure authorities to improve the situation with their complaint in July last year. Instead, [the country's president] then deployed a repressive tactic now common in Africa to cut off access to internet to clamp down on protests and criticisms.

America's Federal Trade Commission is investigating whether Amazon and Google misled advertisers placing ads on their websites, reports Bloomberg, and specifically whether the two companies "properly disclosed the terms and pricing for ads." The FTC is seeking details about Amazon's auctions and whether it disclosed "reserve pricing" for some search ads — price floors that advertisers must meet before they can buy an ad, the people said. Separately, the FTC is examining practices by Google, including its internal pricing process and whether it increased the cost of ads in ways that weren't disclosed to advertisers, the people said...

According to one of the people, the FTC's latest investigation emerged from its earlier antitrust case. In that complaint, the agency alleges that Amazon litters its marketplace with irrelevant results for search queries, making it harder for shoppers to find what they are looking for and more expensive for sellers to use the platform. The practice effectively forces sellers to buy ads to make their product appear in response to consumer searches.

"Facebook users who filed a claim in parent company Meta's $725 million settlement related to the Cambridge Analytica scandal may soon get a payment," reports CNN, since "on August 27, the court ordered that settlement benefits be distributed." It's been over two years since Facebook users were able to file claims in Meta's December 2022 settlement. The class-action lawsuit began after the social media giant said in 2018 that as many as 87 million Facebook users' private information was obtained by data analytics firm Cambridge Analytica...

Meta was accused of allowing Cambridge Analytica and other third parties, including developers, advertisers and data brokers, to access private information about Facebook users. The social media giant was also accused of insufficiently managing third-party access to and use of user data. Meta did not admit wrongdoing as part of the settlement. Following the Cambridge Analytica incident, Facebook restricted third-party access to user data and "developed more robust tools" to inform users about how data is collected and shared, according to court documents...

Any US Facebook user who had an active account between May 24, 2007, and December 22, 2022, was eligible to file a claim, even if they have deleted the account. The deadline to file was August 25, 2023. Almost 29 million claims were filed and about 18 million were validated as of September 2023, according to Meta's response in a 2024 legal document... Payments will either be sent directly to the bank account provided on the claim form, or via PayPal, a virtual prepaid Mastercard, Venmo or Zelle. Unsuccessful or expired payments will receive a "second chance email" to update the payment method.

It was "little more than empty fields" five years ago — but it's now "a vast, heavily guarded complex stretching for 210 hectares (520 acres)," reports the Guardian, "the frontline of a multibillion-dollar criminal fraud industry fuelled by human trafficking and brutal violence." Myanmar, Cambodia and Laos have in recent years become havens for transnational crime syndicates running scam centres such as KK Park, which use enslaved workers to run complex online fraud and scamming schemes that generate huge profits. There have been some attempts to crack down on the centres and rescue the workers, who can be subjected to torture and trapped inside. But drone images and new research shared exclusively with the Guardian reveal that the number of such centres operating along the Thai-Myanmar border has more than doubled since Myanmar's military seized power in 2021, with construction continuing to this day.

Data from the Australian Strategic Policy Institute (Aspi), a defence thinktank in Canberra, shows that the number of Myanmar scam centres on the Thai border has increased from 11 to 27, and they have expanded in size by an average of 5.5 hectares a month. Drone images and photographs of KK Park and other Myanmar scam centres, Tai Chang and Shwe Kokko, taken by the Guardian in August show new features and active building work... Myanmar's military junta has allowed the spread of scam centres inside the country as these criminal enterprises have become an essential part of the country's conflict economy since the coup, helping it rise to the top of the global list of countries harbouring organised crime. According to Aspi's analysis, Myanmar's military, which has lost huge swathes of territory since the coup and is struggling to retain its grip on power, cannot take meaningful measures against the scam compounds without endangering its precarious relations with the crucial armed militias who are profiting from them.
While 7,000 people were freed from the compounds earlier this year, "Thai police estimated earlier this year that as many as 100,000 people were held inside Myanmar scam centres," the article notes.

Elsewhere the Guardian reports that "The centres are run by Chinese criminal gangs," and describes people who unwittingly came to Thailand for customer service jobs, only to be trafficked to Myanmar's guarded "cyberslavery compounds" and "forced to send thousands of messages from fake social-media profiles, posing as a rich American investor to swindle US real estate agents into cryptocurrency scams." Since 2020, south-east Asia's cyber-slavery industry has entrapped hundreds of thousands of people and forced them to perform "pig butchering" — the brutal term for building trust with a fraud target before scamming them. At first, the industry mostly captured Chinese and Taiwanese people, then it moved on to south-east Asians and Indians — and now Africans.

Criminal syndicates have been shifting towards scamming victims in the US and Europe after Chinese efforts to prevent its citizens being targeted, experts told the Guardian. That has led some trafficking networks to seek recruits with English-language and tech skills — including east Africans, thousands of whom are now estimated to be trapped inside south-east Asian compounds, says Benedikt Hofmann, the UN Office on Drugs and Crime's representative for south-east Asia and the Pacific.

Thanks to long-time Slashdot reader mspohr for sharing the article.

In 2015 Kim Dotcom answered questions from Slashdot's readers.

Now CBS News reports on "the latest chapter in a protracted 13-year battle by the U.S. government" to extradite Finnish-German millionaire Kim Dotcom from New Zealand: A New Zealand court has rejected the latest bid by internet entrepreneur Kim Dotcom to halt his deportation to the U.S. on charges related to his file-sharing website Megaupload. Dotcom had asked the High Court to review the legality of an official's August 2024 decision that he should be surrendered to the U.S. to face trial on charges of copyright infringement, money laundering and racketeering... The Megaupload founder had applied for what in New Zealand is called a judicial review, in which a judge is asked to evaluate whether an official's decision was lawful. A judge on Wednesday dismissed Dotcom's arguments that the decision to deport him was politically motivated and that he would face grossly disproportionate treatment in the U.S...

New Zealand's government hasn't disclosed what will happen next in the extradition process or divulged an expected timeline for Dotcom to be surrendered to the United States
Dotcom "has been free on bail in New Zealand since February 2012," the article points out — and "One of his lawyers, Ron Mansfield, told Radio New Zealand that Dotcom's team had 'much fight left in us as we seek to secure a fair outcome,' but he didn't elaborate..."

The article notes that the latest decision "could be challenged in the Court of Appeal, where a deadline for filing is October 8."