An anonymous reader quotes a report from Ars Technica: Dozens of Ukrainian civilians filed a series of lawsuits in Texas this week, accusing some of the biggest US chip firms of negligently failing to track chips that evaded export curbs. Those chips were ultimately used to power Russian and Iranian weapon systems, causing wrongful deaths last year. Their complaints alleged that for years, Texas Instruments (TI), AMD, and Intel have ignored public reporting, government warnings, and shareholder pressure to do more to track final destinations of chips and shut down shady distribution channels diverting chips to sanctioned actors in Russia and Iran.

Putting profits over human lives, tech firms continued using "high-risk" channels, Ukrainian civilians' legal team alleged in a press statement, without ever strengthening controls. All that intermediaries who placed bulk online orders had to do to satisfy chip firms was check a box confirming that the shipment wouldn't be sent to sanctioned countries, lead attorney Mikal Watts told reporters at a press conference on Wednesday, according to the Kyiv Independent. "There are export lists," Watts said. "We know exactly what requires a license and what doesn't. And companies know who they're selling to. But instead, they rely on a checkbox that says, 'I'm not shipping to Putin.' That's it. No enforcement. No accountability." [...]

Damages sought include funeral expenses and medical costs, as well as "exemplary damages" that are "intended to punish especially wrongful conduct and to deter similar conduct in the future." For plaintiffs, the latter is the point of the litigation, which they hope will cut off key supply chains to keep US tech out of weapon systems deployed against innocent civilians. "They want to send a clear message that American companies must take responsibility when their technologies are weaponized and used to commit harm across the globe," the press statement said. "Corporations must be held accountable when its unlawful decisions made in the name of profit directly cause the death of innocents and widespread human suffering." For chip firms, the litigation could get costly if more civilians join, with the threat of a loss potentially forcing changes that could squash supply chains currently working to evade sanctions. "We want to make this process so expensive and painful that companies are forced to act," Watts said. "That is our contribution to stopping the war against civilians."

An anonymous reader quotes a report from Reuters: The U.S. government will require artificial intelligence vendors to measure political "bias" to sell their chatbots to federal agencies, according to a Trump administration statement (PDF) released on Thursday. The requirement will apply to all large language models bought by federal agencies, with the exception of national security systems, according to the statement.

President Donald Trump ordered federal agencies in July to avoid buying large language models that he labeled as "woke." Thursday's statement gives more detail to that directive, saying that developers should not "intentionally encode partisan or ideological judgments" into a chatbot's outputs. Further reading: Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States

The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram.

But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.

Online retailer Coupang, often called South Korea's Amazon, is dealing with the fallout from a breach that exposed the personal information of more than 33 million accounts -- roughly two-thirds of the country's population -- after a former contractor allegedly used credentials that remained active months after his departure to access customer data through the company's overseas servers.

The breach began in June but went undetected until November 18, according to Coupang and investigators. Police have called it South Korea's worst-ever data breach. The compromised information includes names, phone numbers, email addresses and shipping addresses, though the company says login credentials, credit card numbers, and payment details were not affected.

Coupang's former CEO Park Dae-jun told a parliamentary hearing that the alleged perpetrator was a Chinese national who had worked on authentication tasks before his contract ended last December. Chief information security officer Brett Matthes testified that the individual had a "privileged role" giving him access to a private encryption key that allowed him to forge tokens to impersonate customers. Legislators say the key remained active after the employee left. The CEO of Coupang's South Korean subsidiary has resigned. Founder and chair Bom Kim has yet to personally apologize but has been summoned to a second parliamentary hearing.

Berlin's regional parliament has passed a far-reaching overhaul of its "security" law, giving police new authority to conduct both digital and physical surveillance. From a report: The CDU-SPD coalition, supported by AfD votes, approved the reform of the General Security and Public Order Act (ASOG), changing the limits that once protected Berliners from intrusive policing. Interior Senator Iris Spranger (SPD) argued that the legislation modernizes police work for an era of encrypted communication, terrorism, and cybercrime. But it undermines core civil liberties and reshapes the relationship between citizens and the state.

One of the most controversial elements is the expansion of police powers under paragraphs 26a and 26b. These allow investigators to hack into computers and smartphones under the banner of "source telecommunications surveillance" and "online searches." Police may now install state-developed spyware, known as trojans, on personal devices to intercept messages before or after encryption.

If the software cannot be deployed remotely, the law authorizes officers to secretly enter a person's home to gain access. This enables police to install surveillance programs directly on hardware without the occupant's knowledge. Berlin had previously resisted such practices, but now joins other federal states that permit physical entry to install digital monitoring tools.

Carl Rinsch, the director behind the 2013 Keanu Reeves film "47 Ronin," has been found guilty of defrauding Netflix out of $11 million that was meant to fund a science fiction series called "Conquest," which the streaming company ultimately cancelled in 2021 after Rinsch failed to meet any production milestones. A jury in the Southern District of New York convicted the 48-year-old on seven charges: one count each of wire fraud and money laundering, and five counts of transacting in illicitly obtained property.

Prosecutors alleged that Rinsch funneled the $11 million through multiple bank accounts into a personal brokerage account, lost more than half of it on securities within two months, and then began speculating on cryptocurrency. Court records show he also spent $2.4 million on a Ferrari and five Rolls Royces, $3.3 million on furniture and antiques, and $387,000 on a Swiss watch. Netflix has written off $55 million in total and has not recovered any funds. Rinsch faces up to 90 years in prison and is scheduled for sentencing on April 17, 2026.

An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences."

Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with."

Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts."

The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said.

Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together."

An anonymous reader quotes a report from Reuters: Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced in New York federal court on Thursday to 15 years in prison for fraud and conspiracy. Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility.

Kwon was one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies. [...] Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as "Terra Protocol" had restored the coin's value. Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents. "I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong."

He also faces charges in South Korea, and under his plea deal, prosecutors won't oppose his transfer abroad after he serves half of his U.S. sentence.

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

President Trump signed an executive order establishing a single federal AI regulatory framework that preempts state-level rules, aiming to centralize oversight of the rapidly growing AI industry. "The Trump administration, with the aid of AI and crypto czar David Sacks, has been pursuing a path that would allow federal rules to preempt state regulations on AI, a move meant to keep big Democratic-led states like California and New York from exerting their control over the growing industry," notes CNBC.

Developing...

A UC Berkeley professor, suspecting years of targeted computer damage against one Ph.D. student, secretly installed a hidden camera that allegedly caught another doctoral candidate sabotaging the student's laptop. The student now faces felony vandalism charges and is due for his first court appearance on Dec. 15. The Mercury News reports: A UC Berkeley professor smelled a rat -- over the years there had been $46,855 in damage from computers that failed, and nearly all of it seemed to affect one particular Ph.D. candidate at the college's Electrical Engineering and Computer Sciences department.

The professor wondered if the student's luck was really that bad, or if something else was afoot. So he installed a hidden camera -- disguised in a department laptop, and pointed it at the student's computer. According to police, the sly move captured another Ph.D. candidate, 26-year-old Jiarui Zou, damaging his fellow student's computer with some implement that caused sparks to fly out of the laptop.

Now, Zou has been charged with three felony counts of vandalism, related to the destruction of three computers on Nov. 9-10. The charges allege the damage amounted to more than $400 each time, though the professor who reported the vandalism, and the affected student, told police they suspect Zou of the additional incidents that had been going on for years, court records show.

An anonymous reader quotes a report from Reuters: U.S. Secretary of State Marco Rubio on Tuesday ordered diplomats to return to using Times New Roman font in official communications, calling his predecessor Antony Blinken's decision to adopt Calibri a "wasteful" diversity move, according to an internal department cable seen by Reuters. The department under Blinken in early January 2023 had switched to Calibri, a modern sans-serif font, saying this was a more accessible font for people with disabilities because it did not have the decorative angular features and was the default in Microsoft products.

A cable dated December 9 sent to all U.S. diplomatic posts said that typography shapes the professionalism of an official document and Calibri is informal compared to serif typefaces. "To restore decorum and professionalism to the Department's written work products and abolish yet another wasteful DEIA program, the Department is returning to Times New Roman as its standard typeface," the cable said. "This formatting standard aligns with the President's One Voice for America's Foreign Relations directive, underscoring the Department's responsibility to present a unified, professional voice in all communications," it added.

Netflix's $72 billion bid to buy Warner Bros Discovery has triggered a consumer class action claiming the merger would crush competition, erase HBO Max as a rival, and hand Netflix control over major franchises. Reuters reports: The proposed class action (PDF) was filed on Monday by a subscriber to Warner Bros-owned HBO Max who said the proposed deal threatened to reduce competition in the U.S. subscription video-on-demand market. "Netflix has demonstrated repeated willingness to raise subscription prices even while facing competition from full-scale rivals such as WBD," the lawsuit said. [...] The lawsuit said the Warner Bros deal would eliminate one of Netflix's closest rivals, HBO Max, and give Netflix control over Warner Bros marquee franchises including Harry Potter, DC Comics and Game of Thrones. On Monday, Paramount Skydance launched a $108 billion hostile bid to buy Warner Bros. Discovery with an all-cash, $30-per-share offer.

Longtime Slashdot reader Randseed writes: With the likes of Google Nest, Ring, and others cooperating with law enforcement, I started to look for affordable wireless IP security cameras that I can put around my house. Unfortunately, it looks like almost every thing now incorporates some kind of cloud-based slop. All I really want is to put up some cameras, hook them up to my LAN, and install something like ZoneMinder. What are the most economical, wireless IP security cameras that I can set up with my server?

Congress quietly removed provisions that would have let the U.S. military fix its own equipment without relying on contractors, despite bipartisan and Pentagon support. The Register reports: The House and Senate versions of the NDAA passed earlier both included provisions that would have extended common right-to-repair rules to US military branches, requiring defense contractors to provide access to technical data, information, and components that enabled military customers to quickly repair essential equipment. Both of those provisions were stripped from the final joint-chamber reconciled version of the bill, published Monday, right-to-repair advocates at the US Public Interest Research Group (PIRG) pointed out in a press release. [...]

According to PIRG's press release on the matter, elected officials have been targeted by an "intensive lobbying push" in recent weeks against the provisions. House Armed Services Committee chair Mike Rogers (R-AL) and ranking Democrat Adam Smith (D-WA), responsible for much of the final version of the bill, have received significant contributions from defense contractors in recent years, and while correlation doesn't equal causation, it sure looks fishy. [Isaac Bowers, PIRG's federal legislative director] did tell us that he was glad that the defense sector's preferred solution to the military right to repair fight -- a "data as a service" solution -- was also excluded, so the 2026 NDAA isn't a total loss for the repairability fight. "That provision would have mandated the Pentagon access repair data through separate vendor contracts rather than receiving it upfront at the time of procurement, maintaining the defense industry's near monopoly over essential repair information and keeping troops waiting for repairs they could do quicker and cheaper themselves," Bowers said in an email.

An aide to the Democratic side of the Committee told The Register the House and Senate committees did negotiate a degree of right-to-repair permissions in the NDAA. According to the aide and a review of the final version of the bill, measures were included that require the Defense Department to identify any instances where a lack of technical data hinders operation or maintenance of weapon systems, as well as aviation systems. The bill also includes a provision that would establish a "technical data system" that would "track, manage, and enable the assessment" of data related to system maintenance and repair. Unfortunately, the technical data system portion of the NDAA mentions "authorized repair contractors" as the parties carrying out repair work, and there's also no mention of parts availability or other repairability provisions in the sections the staffer flagged -- just access to technical data. That means the provisions are unlikely to move the armed forces toward a new repairability paradigm.

An anonymous reader quotes a report from the New York Times: Since online genealogy services began operating, millions of people have sent them saliva samples in hopes of learning about their family roots and discovering far-flung relatives. These services also appeal to law enforcement authorities, who have used them to solve cold case murders and to investigate crimes like the 2022 killing of four University of Idaho students. Crime-scene DNA submitted to genealogy sites has helped investigators identify suspects and human remains by first identifying relatives.

The use of public records and family-tree building is crucial to this technique, and its main tool has been the genealogy site Ancestry, which has vast amounts of individual DNA profiles and public records. More than 1,400 cases have been solved with the help of so-called genetic genealogy investigations, most of them with help from Ancestry. But a recent step taken by the site is now deterring many police agencies from employing this crime-solving technique.

In August, Ancestry revised the terms and conditions on its site to make it clear that its services were off-limits "for law enforcement purposes" without a legal order or warrant, which can be hard to get, because of privacy concerns. This followed the addition last year to the terms and conditions that the services could not be used for "judicial proceedings." Investigators say the implications are dire and will result in crucial criminal cases slowing or stalling entirely, denying answers to grieving families. "Everyone who does this work has depended on the records database that Ancestry controls," said David Gurney, who runs Ramapo College's Investigative Genetic Genealogy Center in New Jersey. "Without it, casework is going to be a lot slower, and there will be some cases that can't be resolved at all."

Europol's GRIMM taskforce has arrested nearly 200 people accused of running or participating in "violence-as-a-service" schemes where cybercrime groups recruit youth online for real-world attacks. "These individuals are groomed or coerced into committing a range of violent crimes, from acts of intimidation and torture to murder," the European police said on Monday. The Register reports: GRIMM began in April, and includes investigators from Belgium, Denmark, Finland, France, Germany, Iceland, the Netherlands, Norway, Spain, Sweden, the UK, plus Europol experts and online service providers. During its first six months, police involved in this operation arrested 63 people directly involved in carrying out or planning violent crimes, 40 "enablers" accused of facilitating violence-for-hire services, 84 recruiters, and six "instigators," five of whom the cops labeled "high-value targets." [...]

Many of the criminals involved in recruiting and carrying out these violence-for-hire services are also members of The Com. This is a loosely knit gang, primarily English speakers, involved in several interconnected networks of hackers, SIM swappers, and extortionists. Their reach has spread across the Atlantic, and over the summer, the FBI warned that a subset of this cybercrime group, called In Real Life (IRL) Com, poses a growing threat to youth. The FBI's security bulletin specifically called out IRL Com subgroups that offer swat-for-hire services, in which hoaxers falsely report shootings at someone's residence or call in bomb threats to trigger massive armed police responses at the victims' homes.

The Trump administration will allow Nvidia to resume selling H200 chips to China, but only if the U.S. government takes a 25% cut. Axios reports: Trump said on Truth Social that he'll allow Nvidia to sell H200 chips -- the generation of chips before its current, more-advanced Blackwell lineup -- to China, with the U.S. government pocketing a quarter of the revenue. He said he would apply "the same approach to AMD, Intel, and other GREAT American Companies."

American defense hawks fear that China could use Nvidia chips to advance its military ambitions. Trump said Monday that the sales will be subject to "conditions that allow for continued strong National Security." The blockade remains in place for Nvidia's current generation of Blackwell chips, which will be replaced in the second half of 2026 by even more advanced Rubin chips. Huang said recently he was unsure if China would want the older chips. "We applaud President Trump's decision to allow America's chip industry to compete to support high paying jobs and manufacturing in America," Nvidia said in a statement. "Offering H200 to approved commercial customers, vetted by the Department of Commerce, strikes a thoughtful balance that is great for America."

Longtime Slashdot reader hackingbear writes: Taiwan's government has ordered a one-year block of a popular, mainland Chinese-owned social media app Xiaohongshu, also known as The Little RedNote, citing its failure to cooperate with authorities over fraud-related concerns. Taiwan's Ministry of the Interior on Thursday cited Xiaohongshu's, which does not have business presence on the island, refusal to cooperate with authorities as the basis for the ban, claiming that the platform has been linked to more than 1,700 fraud-related cases that resulted in financial losses of 247.7 million Taiwanese dollars ($7.9 million). "Due to the inability to obtain necessary data in accordance with the law, law enforcement authorities have encountered significant obstacles in investigations, creating a de facto legal vacuum," the ministry said in a statement.

Chinese Nationalist Party (KMT), Taiwan's opposition party, Chairwoman Cheng Li-wun decried the government plan to suspend access to Chinese social media platform Xiaohongshu for one year as censorship. "Many people online are already asking 'How to climb over the firewall to access Xiaohongshu,'" Cheng posted on social media. Meta was facing fines earlier this year for failing to disclose information on individuals who funded advertisements on its social media platforms, marking the second such penalty in Taiwan for violating the anti-fraud act. "Meta failed to fully disclose information regarding who paid for the advertisement and who benefited from it," Depute Minister Lin of Ministry of Digital Affairs said at a news conference on June 18.

If MODA decides to impose the fine, it would mark the second such penalty against Meta in Taiwan, following a NT$1 million ($33,381) fine issued in May for violating the Fraud Crime Hazard Prevention Act by failing to disclose information on individuals who commissioned and funded two Facebook advertisements. Meta's Threads were also included in the regulatory framework following nearly 1,900 fraud-related reports associated with the platform, with 718 confirmed as scams. Xiaohongshu has surged in popularity among young Taiwanese in recent years, amassing 3 million users in the island of 23 million.

An anonymous reader quotes a report from Reuters: Meta's proposal to use less personal data for targeted advertising in its pay-or-consent model that will be rolled out next month won the approval of EU antitrust regulators on Monday, signaling the company will not face daily fines after all. [...] The U.S. tech giant has been locked in discussions with the European Commission after getting hit with a $233 million fine in April for breaching the Digital Markets Act aimed at reining in the power of Big Tech. The violation covered Facebook and Instagram in the period from November 2023 to November 2024, after which Meta tweaked its pay-or-consent model to use less personal data for targeted advertising.

The EU executive has been examining the changes to see if they comply with the DMA, with Meta risking daily fines of as much as 5% of its average daily worldwide turnover if found to be still in breach of the law. The tweaks are in wording, design and transparency to remind users of the two options. Meta did not plan on any substantial changes to its November proposal despite the risk of EU fines, people with direct knowledge of the matter had told Reuters. The Commission, which acts as the EU competition enforcer, acknowledged Meta's November proposal, saying that it will monitor the new ad model and seek feedback, with no more talk of periodic fines. "Meta will give users the effective choice between consenting to share all their data and seeing fully personalized advertising, and opting to share less personal data for an experience with more limited personalized advertising," the Commission said in a statement.

"First the penny. Next, paper checks?" asks CNN: When the U.S. Mint stopped making pennies last month for the first time in 238 years, it drew a lot of attention. But there have been quiet moves to stop using paper checks as well. The government stopped sending out most paper checks to recipients as of the end of September, part of an effort to fully modernize federal benefits payments. And on Thursday the Federal Reserve put out a notice that suggested it is considering — but only considering — the "winding down" of checking services it now provides for banks.

The central bank's statement said that as an alternative to winding down those services, it is mulling more investment in its check processing services, but noted that would come at a higher cost. But it is also considering not making any such investments, in order to keep costs roughly unchanged. That would lead to reduced reliability of those services going forward. "Over time, check use has steadily declined, digital payment methods have grown in availability and use, and check fraud has risen," said the notice from the Fed. "Also, the Reserve Banks will need to make substantial investments in their check infrastructure to continue providing the same level of check services going forward."

A report from the Federal Reserve Bank of Atlanta in June found that as of last year, more than 90% of surveyed consumers said they prefer to use something other than a check for paying bills, and just 6% paid by check. That's a sharp drop from the 18% of bills paid by checks as recently as 2017. Consumers also reported they view checks as second-worst for convenience and speed of payment, ahead of only money orders. And they're ranked as the least secure form of any payment other than cash.

But even if it's true that options such as direct deposit, automatic bill paying and electronic payment systems such as Venmo, PayPal and Zelle have all reduced the need for traditional checks, paper checks are still an important part of the payment system. They make up about 5% of transactions and represent 21% of the value of all those payments, according to a statement from Michelle Bowman, the Fed's vice chair for supervision, who dissented from the Fed's Thursday statement.

Bloomberg reports that Google "must renegotiate any contract to make its search engine or artificial intelligence app the default for smartphones and other devices every year, a federal judge ruled." Judge Amit Mehta in Washington sided with the US Justice Department on the one year limitation in his final ruling on what changes the search giant must make in the wake of a landmark ruling that the company illegally monopolized online search. The yearly renegotiation will give rivals — particularly those in the burgeoning generative AI field — a chance to compete for key placements.

The final judgment will still allow Google to offer its products to Apple Inc. for use in its popular iPhone and pay other electronics makers like Samsung Electronics Co. for default placement. But the judge said those contracts must be renegotiated annually. Mehta noted in his ruling that both Google and the US government said they could work with the one-year limitation on default contracts. As such, "the court holds that a hard-and-fast termination requirement after one year would best carry out the purpose of the injunctive relief."

"Woman Hailed as Hero for Smashing Man's Meta Smart Glasses on Subway," reads the headline at Futurism: As Daily Dot reports, a New York subway rider has accused a woman of breaking his Meta smart glasses. "She just broke my Meta glasses," said the TikTok user, who goes by eth8n, in a video that has since garnered millions of views.

"You're going to be famous on the internet!" he shouted at her through the window after getting off the train. The accused woman, however, peered back at him completely unfazed, as if to say that he had it coming.

"I was making a funny noise people were honestly crying laughing at," he claimed in the caption of a followup video. "She was the only person annoyed..." But instead of coming to his support, the internet wholeheartedly rallied behind the alleged perpetrator, celebrating the woman as a folk hero — and perfectly highlighting how the public feels about gadgets like Meta's smart glasses.

"Good, people are tired of being filmed by strangers," one user commented.

"The fact that no one else on the train is defending him is telling," another wrote...

Others accused the man of fabricating details of the incident. "'People were crying laughing' — I've never heard a less plausible NYC subway story," one user wrote.
In a comment on TikTok, the man acknowledges he'd filmed her on the subway — it looks like he even zoomed in. The man says then her other options were "asking nicely to not post it or blur my face".

He also warns that she could get arrested for breaking his glasses if he "felt like it". (And if he sees her again.) "I filed a claim with the police and it's a misdemeanor charge." A subsequent video's captions describe him unboxing new Meta smartglasses "and I'm about to do my thing again... no crazy lady can stop me now."

I'm imagining being mugged — and then telling the mugger "You're going to be internet famous!" But maybe that just shows how easy it is to weaponize smartglasses and their potential for vast public exposure.

While Netflix hopes to buy Warner Bros. Discovery for $72 billion, CNBC reports a senior official in America's federal government said the administration was viewing the deal with "heavy skepticism. And that's not the only hurdle: On Thursday, The Wall Street Journal reported that Paramount, in a letter to lawyers for Warner Bros. Discovery [WBD], had warned that a sale to Netflix likely would "never close" because of regulatory challenges in the United States and overseas. "Acquiring Warner's streaming and studio assets 'will entrench and extend Netflix's global dominance in a matter not allowed by domestic or foreign competition laws,' Paramount's lawyers wrote," the Journal reported.
Paramount "is now weighing its options about whether to go straight to shareholders with one more improved bid," CNBC reported Friday, "perhaps even higher than the $30-per-share, all-cash offer it submitted to Warner Bros. Discovery this week."

And CNBC reported Friday that the review by America's Department of Justice "can take anywhere from months to more than a year." Netflix said Friday it expects the transaction to close in 12 to 18 months, after Warner Bros. Discovery spins out its portfolio of cable networks into Discovery Global... As part of the deal, Netflix has agreed to pay a $5.8 billion breakup fee to Warner Bros. Discovery if the deal were to get blocked by the government.
Netflix's planned move is already drawing high-powered criticism, reports CNN:

• "The world's largest streaming company swallowing one of its biggest competitors is what antitrust laws were designed to prevent. The outcome would eliminate jobs, push down wages, worsen conditions for all entertainment workers, raise prices for consumers, and reduce the volume and diversity of content for all viewers...." the Writers Guild of America union representing Hollywood writers.

• "Producers are rightfully concerned... Our legacy studios are more than content libraries — within their vaults are the character and culture of our nation." — The Producers Guild of America
• The deal raises "many serious questions" about the entertainment industry's future, "especially the human creative talent whose livelihoods and careers depend on it." — SAG-AFTRA, Hollywood's biggest actors union

• "This is not a win for consumers. Netflix has already aggressively raised prices, increased ad load, and stopped people from sharing passwords. Absorbing a competitor with strong content will only lead to its service becoming more expensive and give consumers less choice." — Ross Benes, a senior analyst at eMarketer, told CNN. [Benes also thinks this could mean fewer companies spending heavily on movies and TV shows. "This contracts the industry."

India is weighing a proposal to mandate always-on satellite tracking in smartphones for precise government surveillance -- an idea strongly opposed by Apple, Google, Samsung, and industry groups. Reuters reports: For years, the [Prime Minister Narendra Modi's] administration has been concerned its agencies do not get precise locations when legal requests are made to telecom firms during investigations. Under the current system, the firms are limited to using cellular tower data that can only provide an estimated area location, which can be off by several meters.

The Cellular Operators Association of India (COAI), which represents Reliance's Jio and Bharti Airtel, has proposed that precise user locations should only be provided if the government orders smartphone makers to activate A-GPS technology -- which uses satellite signals and cellular data -- according to a June internal federal IT ministry email. That would require location services to always be activated in smartphones with no option for users to disable them. Apple, Samsung, and Alphabet's Google have told New Delhi that should not be mandated, said three of the sources who have direct knowledge of the deliberations.

A measure to track device-level location has no precedent anywhere else in the world, lobbying group India Cellular & Electronics Association (ICEA), which represents both Apple and Google, wrote in a confidential July letter to the government, which was viewed by Reuters. "The A-GPS network service ... (is) not deployed or supported for location surveillance," said the letter, which added that the measure "would be a regulatory overreach." Earlier this week, Modi's government was forced to rescind an order requiring smartphone makers to preload a state-run cyber safety app on all devices after public backlash and privacy concerns.

The New York Times is suing Perplexity for copyright infringement, accusing the AI startup of repackaging its paywalled reporting without permission. TechCrunch reports: The Times joins several media outlets suing Perplexity, including the Chicago Tribune, which also filed suit this week. The Times' suit claims that "Perplexity provides commercial products to its own users that substitute" for the outlet, "without permission or remuneration." [...] "While we believe in the ethical and responsible use and development of AI, we firmly object to Perplexity's unlicensed use of our content to develop and promote their products," Graham James, a spokesperson for The Times, said in a statement. "We will continue to work to hold companies accountable that refuse to recognize the value of our work."

Similar to the Tribune's suit, the Times takes issue with Perplexity's method for answering user queries by gathering information from websites and databases to generate responses via its retrieval-augmented generation (RAG) products, like its chatbots and Comet browser AI assistant. "Perplexity then repackages the original content in written responses to users," the suit reads. "Those responses, or outputs, often are verbatim or near-verbatim reproductions, summaries, or abridgments of the original content, including The Times's copyrighted works."

Or, as James put it in his statement, "RAG allows Perplexity to crawl the internet and steal content from behind our paywall and deliver it to its customers in real time. That content should only be accessible to our paying subscribers." The Times also claims Perplexity's search engine has hallucinated information and falsely attributed it to the outlet, which damages its brand. "Publishers have been suing new tech companies for a hundred years, starting with radio, TV, the internet, social media, and now AI," Jesse Dwyer, Perplexity's head of communications, told TechCrunch. "Fortunately it's never worked, or we'd all be talking about this by telegraph."

Two Virginia brothers Muneeb and Sohaib Akhter, previously convicted of hacking the U.S. State Department, were rehired as federal contractors and are now charged with conspiring to steal sensitive data and destroy government databases after being fired. "Following the termination of their employment, the brothers allegedly sought to harm the company and its U.S. government customers by accessing computers without authorization, issuing commands to prevent others from modifying the databases before deletion, deleting databases, stealing information, and destroying evidence of their unlawful activities," the Justice Department said in a Wednesday press release. BleepingComputer reports: According to court documents, Muneeb Akhter deleted roughly 96 databases containing U.S. government information in February 2025, including Freedom of Information Act records and sensitive investigative documents from multiple federal agencies. One minute after deleting a Department of Homeland Security database, Muneeb Akhter also allegedly asked an artificial intelligence tool for instructions on clearing system logs after deleting a database.

The two defendants also allegedly ran commands to prevent others from modifying the targeted databases before deletion, and destroyed evidence of their activities. The prosecutors added that both men wiped company laptops before returning them to the contractor and discussed cleaning out their house in anticipation of a law enforcement search. The complaint also claims that Muneeb Akhter stole IRS information from a virtual machine, including federal tax data and identifying information for at least 450 individuals, and stole Equal Employment Opportunity Commission information after being fired by the government contractor.

Muneeb Akhter has been charged with conspiracy to commit computer fraud and destroy records, two counts of computer fraud, theft of U.S. government records, and two counts of aggravated identity theft. If found guilty, he faces a minimum of two years in prison for each aggravated identity theft count, with a maximum of 45 years on other charges. His brother, Sohaib, is charged with conspiracy to commit computer fraud and password trafficking, facing a maximum penalty of six years if convicted.

An anonymous reader quotes a report from Ars Technica: A Donald Trump-backed push has failed to wedge a federal measure that would block states from passing AI laws for a decade into the National Defense Authorization Act (NDAA). House Majority Leader Steve Scalise (R-La.) told reporters Tuesday that a sect of Republicans is now "looking at other places" to potentially pass the measure. Other Republicans opposed including the AI preemption in the defense bill, The Hill reported, joining critics who see value in allowing states to quickly regulate AI risks as they arise.

For months, Trump has pressured the Republican-led Congress to block state AI laws that the president claims could bog down innovation as AI firms waste time and resources complying with a patchwork of state laws. But Republicans have continually failed to unite behind Trump's command, first voting against including a similar measure in the "Big Beautiful" budget bill and then this week failing to negotiate a solution to pass the NDAA measure. [...]

"We MUST have one Federal Standard instead of a patchwork of 50 State Regulatory Regimes," Trump wrote on Truth Social last month. "If we don't, then China will easily catch us in the AI race. Put it in the NDAA, or pass a separate Bill, and nobody will ever be able to compete with America." If Congress bombs the assignment to find another way to pass the measure, Trump will likely release an executive order to enforce the policy. Republicans in Congress had dissuaded Trump from releasing a draft of that order, requesting time to find legislation where they believed an AI moratorium could pass. "The controversial proposal had faced backlash from a nationwide, bipartisan coalition of state lawmakers, parents, faith leaders, unions, whistleblowers, and other public advocates," the NDAA, a bipartisan group that lobbies for AI safety laws, said in a press release.

This "widespread and powerful" movement "clapped back" at Republicans' latest "rushed attempt to sneak preemption through Congress," Brad Carson, ARI's president, said, because "Americans want safeguards that protect kids, workers, and families, not a rules-free zone for Big Tech."

Ancient Slashdot user Alain Williams shares a report from Al Jazeera: The Irish Council for Civil Liberties (ICCL) has announced it filed a complaint against Microsoft, accusing the global tech giant of unlawfully processing data on behalf of the Israeli military and facilitating the killings of Palestinian civilians in Gaza. In the complaint, the council asked the Data Protection Commission -- the European Union's lead data regulator for the company -- to "urgently investigate" Microsoft Ireland's processing.

"Microsoft's technology has put millions of Palestinians in danger. These are not abstract data-protection failures -- they are violations that have enabled real-world violence," Joe O'Brien, ICCL's executive director, said in a statement. "When EU infrastructure is used to enable surveillance and targeting, the Irish Data Protection Commission must step in -- and it must use its full powers to hold Microsoft to account."

After months of complaints from rights groups and Microsoft whistleblowers, the company said in September it cancelled some services to the Israeli military over concerns that it was violating Microsoft's terms of service by using cloud computing software to spy on millions of Palestinians.

Russia has blocked Apple's FaceTime and the gaming platform Roblox as part of a broader crackdown on foreign tech platforms. CBC News reports: Both restrictions are part of an accelerating clampdown on foreign tech platforms: In the case of FaceTime, Russian authorities allege it is being used for criminal activity, while Roblox was accused of distributing extremist materials and "LGBT propaganda." The move follows restrictions against Google's YouTube, Meta's WhatsApp and the Telegram messaging service.

Critics say the curbs amount to censorship and a tightening of state control over private communications. Russia says they are legitimate law enforcement measures. Russian authorities have this year launched a state-backed rival app called Max, which critics say could be used for surveillance -- allegations that state media have dismissed as false.

Justifying its decision, the communications regulator, Roskomnadzor, said in an emailed statement: "According to law enforcement agencies, FaceTime is being used to organize and carry out terrorist attacks in the country, recruit perpetrators, and commit fraud and other crimes against Russian citizens." The watchdog did not cite evidence in support of the allegations.

The EU has opened an antitrust investigation into Meta over a new WhatsApp policy that could block rival AI assistants from accessing the platform. Complaints from smaller AI developers triggered the probe, which could lead to fines of up to 10% of Meta's global revenue if the company is found to have abused its dominance. Reuters reports: EU antitrust chief Teresa Ribera said the move was to prevent dominant firms from "abusing their power to crowd out innovative competitors." She added interim measures could be imposed to block Meta's new WhatsApp AI policy rollout. "AI markets are booming in Europe and beyond," she said. "This is why we are investigating if Meta's new policy might be illegal under competition rules, and whether we should act quickly to prevent any possible irreparable harm to competition in the AI space."

A WhatsApp spokesperson called the claims "baseless," adding that the emergence of chatbots on its platforms had put a "strain on our systems that they were not designed to support," a reference to AI systems from other providers. "Still, the AI space is highly competitive and people have access to the services of their choice in any number of ways, including app stores, search engines, email services, partnership integrations, and operating systems."

joshuark shares a report from BleepingComputer: Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files. Thus some element of social engineering, and user technically naive and gullibility such as thinking Windows is secure is required. [...]

As Trend Micro threat analysts discovered in March 2025, the CVE-2025-9491 was already being widely exploited by 11 state-sponsored groups and cybercrime gangs, including Evil Corp, Bitter, APT37, APT43 (also known as Kimsuky), Mustang Panda, SideWinder, RedHotel, Konni, and others. Microsoft told BleepingComputer in March that it would "consider addressing" this zero-day flaw, even though it didn't "meet the bar for immediate servicing." ACROS Security CEO and 0patch co-founder Mitja Kolsek found, Microsoft has silently changed LNK files in the November updates in an apparent effort to mitigate the CVE-2025-9491 flaw. After installing last month's updates, users can now see all characters in the Target field when opening the Properties of LNK files, not just the first 260. As the movie the Ninth Gate stated: "silentium est aurum"

An anonymous reader quotes a report from TechCrunch: Earlier this year, home goods maker Kohler launched a smart camera called the Dekoda that attaches to your toilet bowl, takes pictures of it, and analyzes the images to advise you on your gut health. Anticipating privacy fears, Kohler said on its website that the Dekoda's sensors only see down into the toilet, and claimed that all data is secured with "end-to-end encryption." The company's use of the expression "end-to-end encryption" is, however, wrong, as security researcher Simon Fondrie-Teitler pointed out in a blog post on Tuesday. By reading Kohler's privacy policy, it's clear that the company is referring to the type of encryption that secures data as it travels over the internet, known as TLS encryption -- the same that powers HTTPS websites. [...] The security researcher also pointed out that given Kohler can access customers' data on its servers, it's possible Kohler is using customers' bowl pictures to train AI. Citing another response from the company representative, the researcher was told that Kohler's "algorithms are trained on de-identified data only." A "privacy contact" from Kohler said that user data is "encrypted at rest, when it's stored on the user's mobile phone, toilet attachment, and on our systems." The company also said that, "data in transit is also encrypted end-to-end, as it travels between the user's devices and our systems, where it is decrypted and processed to provide our service."

A federal judge has ordered OpenAI to hand over 20 million anonymized ChatGPT logs in its copyright battle with the New York Times and other outlets. Reuters reports: U.S. Magistrate Judge Ona Wang in a decision made public on Wednesday said that the 20 million logs were relevant to the outlets' claims and that handing them over would not risk violating users' privacy. The judge rejected OpenAI's privacy-related objections to an earlier order requiring the artificial intelligence startup to submit the records as evidence. "There are multiple layers of protection in this case precisely because of the highly sensitive and private nature of much of the discovery," Wang said.

An OpenAI spokesperson on Wednesday cited an earlier blog post from the company's Chief Information Security Officer Dane Stuckey, which said the Times' demand for the chat logs "disregards long-standing privacy protections" and "breaks with common-sense security practices." OpenAI has separately appealed Wang's order to the case's presiding judge, U.S. District Judge Sidney Stein.

A group of newspapers owned by Alden Global Capital's MediaNews Group is also involved in the lawsuit. MediaNews Group executive editor Frank Pine said in a statement on Wednesday that OpenAI's leadership was "hallucinating when they thought they could get away with withholding evidence about how their business model relies on stealing from hardworking journalists."

An anonymous reader quotes a report from Politico: Five months after releasing a plan to accelerate the development of artificial intelligence, the Trump administration is turning to robots. Commerce Secretary Howard Lutnick has been meeting with robotics industry CEOs and is "all in" on accelerating the industry's development, according to three people familiar with the discussions who were granted anonymity to share details. The administration is considering issuing an executive order on robotics next year, according to two of the people. A Department of Commerce spokesperson said: "We are committed to robotics and advanced manufacturing because they are central to bringing critical production back to the United States."

The Department of Transportation is also preparing to announce a robotics working group, possibly before the end of the year, according to one person familiar with the planning. A spokesperson for the department did not respond to a request for comment. There's growing interest on Capitol Hill as well. A Republican amendment to the National Defense Authorization Act would have created a national robotics commission. The amendment was not included in the bill. Other legislative efforts are underway. The flurry of activity suggests robotics is emerging as the next major front in America's race against China. "There is now recognition that advanced robotics is crucial to the U.S. in terms of manufacturing, technology, national security, defense applications, public safety," said Brendan Schulman, VP of policy and government relations for Boston Dynamics. "The investment that we're seeing in the sector and the efforts in China to dominate the future of robotics are being noticed."

India has withdrawn its order requiring Apple and other smartphone makers to preinstall the government's Sanchar Saathi app after public backlash and privacy concerns. AppleInsider reports: On November 28, the India Ministry of Communication issued a secret directive to Apple and other smartphone manufacturers, requiring the preinstallation of a government-backed app. Less than a week later, the order has been rescinded. The withdrawal on Wednesday means Apple doesn't have to preload the Sanchar Saathi app onto iPhones sold in the country, in a way that couldn't be "disabled or restricted." [...]

In pulling back from the demand, the government insisted that the app had an "increasing acceptance" among citizens. There was a tenfold spike of new user registrations on Tuesday alone, with over 600,000 new users made aware of the app from the public debacle. India Minister of Communications Jyotiraditya Scindia took a moment to insist that concerns the app could be used for increased surveillance were unfounded. "Snooping is neither possible nor will it happen" with the app, Scindia claimed.

"This is a welcome development, but we are still awaiting the full text of the legal order that should accompany this announcement, including any revised directions under the Cyber Security Rules, 2024," said the Internet Freedom Foundation. It is treating the news with "cautious optimism, not closure," until formalities conclude. However, while promising, the backdown doesn't stop India from retrying something similar or another tactic in the future.

An anonymous reader quotes a report from the New York Times: The San Francisco city attorney filed on Tuesday the nation's first government lawsuit against food manufacturers over ultraprocessed fare (source may be paywalled; alternative source), arguing that cities and counties have been burdened with the costs of treating diseases that stem from the companies' products. David Chiu, the city attorney, sued 10 corporations that make some of the country's most popular food and drinks. Ultraprocessed products now comprise 70 percent of the American food supply and fill grocery store shelves with a kaleidoscope of colorful packages. Think Slim Jim meat sticks and Cool Ranch Doritos. But also aisles of breads, sauces and granola bars marketed as natural or healthy.

It is a rare issue on which the liberal leaders in San Francisco City Hall are fully aligned with the Trump administration, which has targeted ultraprocessed foods as part of its Make America Healthy Again mantra. Mr. Chiu's lawsuit, which was filed in San Francisco Superior Court on behalf of the State of California, seeks unspecified damages for the costs that local governments bear for treating residents whose health has been harmed by ultraprocessed food. The city accuses the companies of "unfair and deceptive acts" in how they market and sell their foods, arguing that such practices violate the state's Unfair Competition Law and public nuisance statute. The city also argues the companies knew that their food made people sick but sold it anyway.

Apple does not plan to comply with India's mandate to preload its smartphones with a state-owned cyber safety app that cannot be disabled. According to Reuters, the order "sparked surveillance concerns and a political uproar" after it was revealed on Monday. From the report: In the wake of the criticism, India's telecom minister Jyotiraditya M. Scindia on Tuesday said the app was a "voluntary and democratic system," adding that users can choose to activate it and can "easily delete it from their phone at any time." At present, the app can be deleted by users. Scindia did not comment on or clarify the November 28 confidential directive that ordered smartphone makers to start preloading it and ensure "its functionalities are not disabled or restricted."

Apple however does not plan to comply with the directive and will tell the government it does not follow such mandates anywhere in the world as they raise a host of privacy and security issues for the company's iOS ecosystem, said two of the industry sources who are familiar with Apple's concerns. They declined to be named publicly as the company's strategy is private. "Its not only like taking a sledgehammer, this is like a double-barrel gun," said the first source.

An anonymous reader quotes a report from the Wall Street Journal: The Trump administration has agreed to inject up to $150 million into a startup (source paywalled; alternative source) trying to develop more advanced semiconductor manufacturing techniques in the U.S., its latest bid to support strategically important domestic industries with government incentives. Under the arrangement, the Commerce Department would give the incentives to xLight, a startup trying to improve the critical chip-making process known as extreme ultraviolet lithography, the agency said in a Monday release. In return, the government would get an equity stake that would likely make it xLight's largest shareholder.

The Dutch firm ASML is currently the only global producer of EUV machines, which can cost hundreds of millions of dollars each. XLight is seeking to improve on just one component of the EUV process: the crucially important lasers that etch complex microscopic patterns onto chemical-treated silicon wafers. The startup is hoping to integrate its light sources into ASML's machines. XLight represents a second act for Pat Gelsinger, the former chief executive of Intel who was fired by the board late last year after the chip maker suffered from weak financial performance and a stalled manufacturing expansion. Gelsinger serves as executive chairman of xLight's board.

[...] The xLight deal uses funding from the 2022 Chips and Science Act allocated for earlier stage companies with promising technologies. It is the first Chips Act award in President Trump's second term and is a preliminary agreement, meaning it isn't finalized and could change. "This partnership would back a technology that can fundamentally rewrite the limits of chipmaking," Commerce Secretary Howard Lutnick said in the release.

The Supreme Court appears inclined to side with Cox Communications in a major copyright case, suggesting that ISPs shouldn't be held liable for users' music piracy based solely on "mere knowledge," given the risk of forcing outages for universities, hospitals, and other large customers. The New York Times reports: Leading music labels and publishers who represent artists ranging from Bob Dylan to Beyonce sued Cox Communications in 2018, saying it had failed to terminate the internet connections of subscribers who had been repeatedly flagged for illegally downloading and distributing copyrighted music. At issue is whether providers like Cox can be held legally responsible and be required to pay steep damages -- a billion dollars or more -- if they know that customers are pirating the music but do not take sufficient steps to terminate their internet access.

Justices from across the ideological spectrum on Monday raised concerns about whether finding for the music industry could result in internet providers being forced to cut off access to large account holders such as hospitals and universities because of the illegal acts of individual users. "What is the university supposed to do in your view?" asked Justice Samuel A. Alito Jr., a conservative, suggesting it would be difficult to track down bad actors without the risk of losing service campuswide. "I just don't see how it's workable at all."

"The internet is so amorphous," added Justice Sonia Sotomayor, a liberal, saying that a single "customer" could represent tens of thousands of users, particularly in rural areas where an entire region might be considered a "customer." After nearly two hours of argument, a majority of justices seemed likely to side with Cox and to send the case back to the U.S. Court of Appeals for the Fourth Circuit for review under a stricter standard. Several justices suggested the company's "mere knowledge" of the illegal downloads was not sufficient to hold Cox liable.

An anonymous reader quotes a report from 404 Media: Flock, the automatic license plate reader and AI-powered camera company, uses overseas workers from Upwork to train its machine learning algorithms, with training material telling workers how to review and categorize footage including images people and vehicles in the United States, according to material reviewed by 404 Media that was accidentally exposed by the company. The findings bring up questions about who exactly has access to footage collected by Flock surveillance cameras and where people reviewing the footage may be based. Flock has become a pervasive technology in the US, with its cameras present in thousands of communities that cops use every day to investigate things like carjackings. Local police have also performed numerous lookups for ICE in the system.

Companies that use AI or machine learning regularly turn to overseas workers to train their algorithms, often because the labor is cheaper than hiring domestically. But the nature of Flock's business -- creating a surveillance system that constantly monitors US residents' movements -- means that footage might be more sensitive than other AI training jobs. [...] Broadly, Flock uses AI or machine learning to automatically detect license plates, vehicles, and people, including what clothes they are wearing, from camera footage. A Flock patent also mentions cameras detecting "race." It included figures on "annotations completed" and "annotator tasks remaining in queue," with annotations being the notes workers add to reviewed footage to help train AI algorithms. Tasks include categorizing vehicle makes, colors, and types, transcribing license plates, and "audio tasks." Flock recently started advertising a feature that will detect "screaming." The panel showed workers sometimes completed thousands upon thousands of annotations over two day periods. The exposed panel included a list of people tasked with annotating Flock's footage. Taking those names, 404 Media found some were located in the Philippines, according to their LinkedIn and other online profiles.

Many of these people were employed through Upwork, according to the exposed material. Upwork is a gig and freelance work platform where companies can hire designers and writers or pay for "AI services," according to Upwork's website. The tipsters also pointed to several publicly available Flock presentations which explained in more detail how workers were to categorize the footage. It is not clear what specific camera footage Flock's AI workers are reviewing. But screenshots included in the worker guides show numerous images from vehicles with US plates, including in New York, Michigan, Florida, New Jersey, and California. Other images include road signs clearly showing the footage is taken from inside the US, and one image contains an advertisement for a specific law firm in Atlanta.

An anonymous reader quotes a report from TechCrunch: South Korean e-commerce platform Coupang over the weekend said nearly 34 million Korean customers' personal information had been leaked in a data breach that had been ongoing for more than five months. The company said it first detected the unauthorized exposure of 4,500 user accounts on November 18, but a subsequent investigation revealed that the breach had actually compromised about 33.7 million customer accounts in South Korea. The breach affected customers' names, email addresses, phone numbers, shipping addresses, and certain order histories, per Coupang. More sensitive data like payment information, credit card numbers, and login credentials was not compromised and remains secure, the company said. [...] Police have reportedly identified at least one suspect, a former Chinese Coupang employee now abroad, after launching an investigation following a November 18 complaint.

New York has become the first state in the nation to enact a law requiring retailers to disclose when AI and personal data are being used to set individualized prices [non-paywalled source] -- a measure that lawyers say will make algorithmic pricing "the next big battleground in A.I. regulation."

The law, enacted through the state budget, requires online retailers using personalized pricing to post a specific notice: "THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA." The National Retail Federation sued to block enforcement on First Amendment grounds, arguing the required disclosure was "misleading and ominous," but federal judge Jed S. Rakoff allowed the law to proceed last month.

Uber has started displaying the notice to New York users. Spokesman Ryan Thornton called the law "poorly drafted and ambiguous" but maintained the company only considers geographic factors and demand in setting prices. At least 10 states have bills pending that would require similar disclosures or ban personalized pricing outright. California and federal lawmakers are considering complete bans.

Two former U.S. congressmen announced this week that they're launching two tax-exempt fundraising groups "to back candidates who support AI safeguards," reports The Hill, "as a counterweight to industry-backed groups." Former Representatives Chris Stewart (Republican-Utah) and Brad Carson (Democrat-Oklahoma) plan to create separate Republican and Democratic super PACs and raise $50 million to elect candidates "committed to defending the public interest against those who aim to buy their way out of sensible AI regulation," according to a press release...

The pair is also launching a nonprofit called Public First to advocate for AI policy. Carson underscored that polling "shows significant public concern about AI and overwhelming voter support for guardrails that protect people from harm and mitigate major risks." Their efforts are meant to counter "anti-safeguard super PACs" that they argue are attempting to "kill commonsense guardrails around AI," the press release noted...

The super PAC is reportedly targeting a Democratic congressional candidate, New York state Assemblymember Alex Bores, who co-sponsored AI legislation in the Albany statehouse.
"This isn't a partisan issue — it's about whether we'll have meaningful oversight of the most powerful technology ever created," Chris Stewart says in their press release.

"We've seen what happens when government fails to act on other emerging technologies. With AI, the stakes are enormous, and we can't afford to make the same missteps."

It's "a complex mix of internet access and physical execution," says the chief informance security officer at Cequence Security.

Long-time Slashdot reader schwit1 summarizes this article from The Wall Street Journal: By breaking into carriers' online systems, cyber-powered criminals are making off with truckloads of electronics, beverages and other goods

In the most recent tactics identified by cybersecurity firm Proofpoint, hackers posed as freight middlemen, posting fake loads to the boards. They slipped links with malicious software into email exchanges with bidders such as trucking companies. By clicking on the links, trucking companies unwittingly downloaded remote-access software that lets the hackers take control of their online systems.

Once inside, the hackers used the truckers' accounts to bid on real shipments, such as electronics and energy drinks, said Selena Larson, a threat researcher at Proofpoint. "They know the business," she said. "It's a very convincing full-scale identity takeover."
"The goods are likely sold to retailers or to consumers in online marketplaces," the article explains. (Though according to Proofpoint "In some cases, products are shipped overseas and sold in local markets, where proceeds are used to fund paramilitaries and global terrorists.")

"The average value of cargo thefts is increasing as organized crime groups become more discerning, preferring high-value targets such as enterprise servers and cryptocurrency mining hardware, according to risk-assessment firm Verisk CargoNet."

27 million people live in Australia. But there's a big change coming if you're under 16, reports CNN: From December 10, sites that meet the Australian government's definition of an "age-restricted social media platform" will need to show that they're doing enough to eject or block children under 16 or face fines of up to 49.5 million Australian dollars ($32 million). The list includes Snapchat, Facebook, Instagram, Kick, Reddit, Threads, TikTok, Twitch, X, and YouTube...

Meta says it'll start deactivating accounts and blocking new Facebook, Instagram and Threads accounts from December 4. Under-16s are being encouraged to download their content. Snap says users can deactivate their accounts for up to three years, or until they turn 16...

There's another sting in the ban, too, coming at the end of the Australian school year before the summer break in the southern hemisphere. For eight weeks, there'll be no school, no teachers — and no scrolling. For millions of children, it could be the first school break they spend in years without the company of time-killing social media algorithms, or an easy way to contact their friends. Even for parents who support the ban, it could be a very long summer.
"There's every chance that bans will spread..." the article argues. "Other countries around the world are taking notes as Australia explores new territory that some say mirrors safety evolutions of years past — the dawning realization that maybe cars need safety belts, and that perhaps cigarettes should come with some kind of health warning." And according to the Associated Press, Malaysia "has also announced plans to ban social media accounts for children under 16 starting in 2026."

But CNN reports few teenagers in Australia knew about its impending ban on social media, judging by a show of hands at one high school auditorium. Teenagers in the audience had two questions.

• "Can you get your account back when you turn 16?"
• "What if I lie about my age?"

The U.S. Patent and Trademark Office has issued new guidelines outlining when inventions created with the help of AI can be patented. From a report: USPTO Director John Squires said on Wednesday in a notice set to be published Friday, that the office considers generative AI systems to be "analogous to laboratory equipment, computer software, research databases, or any other tool that assists in the inventive process."

"They may provide services and generate ideas, but they remain tools used by the human inventor who conceived the claimed invention," the office said. "When one natural person is involved in creating an invention with the assistance of AI, the inquiry is whether that person conceived the invention under the traditional conception standard."

The office reiterated its guidance from last year that AI itself cannot be considered an inventor under U.S. patent law. However, it rejected the approach taken by the PTO during former President Joe Biden's administration for deciding when AI-assisted inventions are patentable, which relied on a standard normally used to determine when multiple people can qualify as joint inventors.

Apple is challenging a new Indian antitrust law that would let regulators calculate penalties based on global revenue -- a change that could expose the company to a fine of roughly $38 billion in its dispute with Tinder owner Match. The 2022 antitrust case centers on accusations that Apple abused its power by forcing developers to use its in-app purchase system. MacRumors reports: Last year, India passed a law that allows the Competition Commission of India (CCI) to use global turnover when calculating penalties imposed on companies for abusing market dominance. Apple can be fined up to 10 percent, which would result in a penalty of around $38 billion. Apple said that using global turnover would result in a fine that's "manifestly arbitrary, unconstitutional, grossly disproportionate, and unjust."

Apple is asking India's Delhi High Court to declare the law illegal, suggesting that penalties should be based on the Indian revenue of the specific unit that violates antitrust law. [...] Apple said in today's filing that the CCI used the new penalty law on November 10 in an unrelated case, fining a company for a violation that happened 10 years ago. Apple said it had "no choice but to bring this constitutional challenge now" to avoid having retrospective penalties applied against it, too. Match has argued that a high fine based on global turnover would discourage companies from repeating antitrust violations. Apple's plea will be heard on December 3.

Greek authorities shut down an IPTV piracy operation on Santorini, arresting a reseller and referring 68 end users for prosecution. TorrentFreak reports: A new legal framework to tackle online infringement in Greece went live just a couple of months ago, and reports of prosecutions are already coming in. Early September, it was reported that a man from Sparta faces prosecution and a fine of up to 6,000 euros for two IPTV piracy offenses. The suspect, reportedly a cafe owner, was targeted at his workplace on a Saturday, allegedly in front of customers. One told local media that they believed that complaints of the cafe engaging in "unfair competition" preceded the untimely visit.

The Cybercrime Prosecution Directorate launched their operation in the early hours of November 19. The Athens-based unit targeted a network that sold illicit access to premium pay-TV via IPTV subscriptions. The raid, conducted on Santorini, one of the Cyclades islands, resulted in the arrest of a 48-year-old, who, from police reports, appears to be a reseller for a larger network. Customers were reportedly charged 50 euros for 3 months subscription or 100 euros for 6 months. Sales and management were handled by the 48-year-old via an online platform known as a 'panel,' while remote and in-person support were available as part of the service.

The impact of the raid was visible on the islands, locals said. According to a local report, hundreds of users in hotels, cafes, and residences on Santorini and beyond, found themselves suddenly without access to cheap TV. Apparently few areas were untouched by the disruption, such was local reliance on illegal streams.