An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Reuters reports that the United States Department of the Treasury under the Donald Trump administration has lifted sanctions on three executives linked to the spyware firm Intellexa. Reuters reports: The move partially reverses the imposition of sanctions last year by then-President Joe Biden's administration on seven people tied to Intellexa. The Treasury Department at the time described the consortium, opens new tab, launched by former Israeli intelligence official Tal Dilian, as "a complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products."

Treasury said in an email that the removal "was done as part of the normal administrative process in response to a petition request for reconsideration." It added that each of the individuals had "demonstrated measures to separate themselves from the Intellexa Consortium."

The notice said sanctions were lifted on Sara Hamou, whom the U.S. government accused of providing managerial services to Intellexa, Andrea Gambazzi, whose company was alleged by the U.S. government to have held the distribution rights to the Predator spyware, and Merom Harpaz, described by U.S. officials as a top executive in the consortium.

Longtime Slashdot reader ptorrone writes: The January 1, 2026, NYC mayoral inauguration prohibits attendees from bringing specific brand-name devices, explicitly banning Raspberry Pi single-board computers and the Flipper Zero, listed alongside weapons, explosives, and drones. Rather than restricting behaviors or capabilities like signal interference or unauthorized transmitters, the policy names two widely used educational and testing tools while allowing smartphones and laptops that are far more capable. Critics argue this device-specific ban creates confusion, encourages selective enforcement, and reflects security theater rather than a clear, capability-based public safety framework. New York has handled large-scale events more pragmatically before.

PostNord is ending letter delivery in Denmark after a 90%+ collapse in mail volume. It marks the first known case of a national postal carrier abandoning letters entirely -- a symbolic milestone of a fully digitized society that's sparking nostalgia even among people who stopped sending mail years ago. The New York Times reports: Denmark has had a postal service for more than 400 years. But a steep decline in its use has led the Nordic country's longtime postal carrier to stop letter deliveries entirely, a change taking effect on Tuesday.

Danes have seen it coming for months: The carrier, PostNord, has been removing its red mailboxes, once a ubiquitous public fixture. The disappearance of the mailboxes is "what actually made people emotional," said Julia Lahme, a trend researcher and the director of Lahme, a Danish communications agency, "even though most of them hadn't sent a letter in 18 months."

Letter writing in the country has declined by more than 90 percent since 2000, according to PostNord, which is owned jointly by the Danish and Swedish governments. Next year, in Denmark, it will only deliver packages, although in Sweden it will continue to deliver letters.

The change comes partly as a result of a drop-off in government mail. Denmark is one of the world's most digitized countries. Only 250,000 people, or less than 5 percent of the population, still receive their official communications in the mail. "People simply do not rely on physical letters the way they used to," Andreas Brethvad, the communications director of PostNord Denmark, said in an emailed statement. He said that because nine in 10 Danes shop online each month, the change "is about keeping up with times to meet the demands of society. It's a natural evolution." The report notes that snail mail lovers will still be able to send and receive letters through Dao, a private company. "While some Danes are quietly mourning a service that, for the most part, they had largely stopped using, the transition feels like a sign of the times," reports the Times.

Two cybersecurity professionals who spent their careers defending organizations against ransomware attacks have pleaded guilty in a Florida federal court to using ALPHV/BlackCat ransomware to extort American businesses throughout 2023.

Ryan Goldberg, a 40-year-old incident response manager from Georgia, and Kevin Martin, a 36-year-old ransomware negotiator from Texas, admitted to conspiring to obstruct commerce through extortion. Between April and December 2023, Goldberg, Martin, and a third unnamed co-conspirator deployed the ransomware against multiple U.S. victims and agreed to pay ALPHV BlackCat's operators a 20% cut of any ransoms received. They successfully extracted approximately $1.2 million in Bitcoin from one victim, splitting their 80% share three ways before laundering the proceeds. Both men face up to 20 years in prison and are scheduled for sentencing on March 12, 2026.

The Justice Department noted that all three conspirators possessed specialized skills in securing computer systems against the very attacks they carried out. ALPHV BlackCat has targeted more than 1,000 victims globally and was the subject of an FBI disruption operation in December 2023 that saved victims an estimated $99 million through a custom decryption tool.

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."

• Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")

• France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

• In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.

• The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants

Thanks to long-time Slashdot reader mspohr for sharing the article.

Apple will allow alternative iOS app stores and external payment systems in Brazil after settling an antitrust case with the country's competition authority, following a lawsuit brought by MercadoLibre back in 2022. Thurrott reports: Yesterday, Brazil's Conselho Administrativo de Defesa Economica (CADE) explained in its press release that it has approved a Term of Commitment to Cease (TCC) submitted by Apple. To settle the lawsuit, the iPhone maker has agreed to allow third-party iOS app stores in Brazil and to let developers use external payment systems. The company will also use neutral wording in the warning messages about third-party app stores and external payment systems that iOS users in Brazil will see.

As part of the settlement, Apple has 105 days to implement these changes to avoid a fine of up to $27.1 million. A separate report from Brazilian blog Tecnoblog revealed that Apple will still take a 5% "Core Technology Commission" fee on transactions going through alternative app stores. Additionally, the company will take a 15% cut on in-app purchases for App Store apps when developers redirect users to their own payment systems.

Italy's antitrust regulator Italian Competition Authority ordered Meta to suspend a policy that blocks rival AI chatbots from using WhatsApp's business APIs, citing potential abuse of market dominance. "Meta's conduct appears to constitute an abuse, since it may limit production, market access, or technical developments in the AI Chatbot services market, to the detriment of consumers," the Authority wrote. "Moreover, while the investigation is ongoing, Meta's conduct may cause serious and irreparable harm to competition in the affected market, undermining contestability." TechCrunch reports: The AGCM in November had broadened the scope of an existing investigation into Meta, after the company changed its business API policy in October to ban general-purpose chatbots from being offered on the chat app via the API. Meta has argued that its API isn't designed to be a platform for the distribution of chatbots and that people have more avenues beyond WhatsApp to use AI bots from other companies. The policy change, which goes into effect in January, would affect the availability of AI chatbots from the likes of OpenAI, Perplexity, and Poke on the app.

An anonymous reader quotes a report from the Wall Street Journal: Concerned that artificial intelligence could threaten Communist Party rule, Beijing is taking extraordinary steps to keep it under control. Although China's government sees AI as crucial to the country's economic and military future, regulations and recent purges of online content show it also fears AI could destabilize society. Chatbots pose a particular problem: Their ability to think for themselves could generate responses that spur people to question party rule.

In November, Beijing formalized rules it has been working on with AI companies to ensure their chatbots are trained on data filtered for politically sensitive content, and that they can pass an ideological test before going public. All AI-generated texts, videos and images must be explicitly labeled and traceable, making it easier to track and punish anyone spreading undesirable content. Authorities recently said they removed 960,000 pieces of what they regarded as illegal or harmful AI-generated content during three months of an enforcement campaign. Authorities have officially classified AI as a major potential threat, adding it alongside earthquakes and epidemics to its National Emergency Response Plan.

Chinese authorities don't want to regulate too much, people familiar with the government's thinking said. Doing so could extinguish innovation and condemn China to second-tier status in the global AI race behind the U.S., which is taking a more hands-off approach toward policing AI. But Beijing also can't afford to let AI run amok. Chinese leader Xi Jinping said earlier this year that AI brought "unprecedented risks," according to state media. A lieutenant called AI without safety like driving on a highway without brakes. There are signs that China is, for now, finding a way to thread the needle.

Chinese models are scoring well in international rankings, both overall and in specific areas such as computer coding, even as they censor responses about the Tiananmen Square massacre, human-rights concerns and other sensitive topics. Major American AI models are for the most part unavailable in China. It could become harder for DeepSeek and other Chinese models to keep up with U.S. models as AI systems become more sophisticated. Researchers outside of China who have reviewed both Chinese and American models also say that China's regulatory approach has some benefits: Its chatbots are often safer by some metrics, with less violence and pornography, and are less likely to steer people toward self-harm. "The Communist Party's top priority has always been regulating political content, but there are people in the system who deeply care about the other social impacts of AI, especially on children," said Matt Sheehan, who studies Chinese AI at the Carnegie Endowment for International Peace, a think tank. "That may lead models to produce less dangerous content on certain dimensions."

An anonymous reader quotes a report from the Associated Press: The State Department announced Tuesday it was barring five Europeans it accused of leading efforts to pressure U.S. tech firms to censor or suppress American viewpoints. The Europeans, characterized by Secretary of State Marco Rubio as "radical" activists and "weaponized" nongovernmental organizations, fell afoul of a new visa policy announced in May to restrict the entry of foreigners deemed responsible for censorship of protected speech in the United States. "For far too long, ideologues in Europe have led organized efforts to coerce American platforms to punish American viewpoints they oppose," Rubio posted on X. "The Trump Administration will no longer tolerate these egregious acts of extraterritorial censorship."

The five Europeans were identified by Sarah Rogers, the under secretary of state for public diplomacy, in a series of posts on social media. [...] The five Europeans named by Rogers are: Imran Ahmed, chief executive of the Centre for Countering Digital Hate; Josephine Ballon and Anna-Lena von Hodenberg, leaders of HateAid, a German organization; Clare Melford, who runs the Global Disinformation Index; and former EU Commissioner Thierry Breton, who was responsible for digital affairs. Rogers in her post on X called Breton, a French business executive and former finance minister, the "mastermind" behind the EU's Digital Services Act, which imposes a set of strict requirements designed to keep internet users safe online. This includes flagging harmful or illegal content like hate speech. She referred to Breton warning Musk of a possible "amplification of harmful content" by broadcasting his livestream interview with Trump in August 2024 when he was running for president.

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

A group of authors led by John Carreyrou has filed a new lawsuit against Anthropic, Google, OpenAI, Meta, xAI, and Perplexity, accusing the AI firms of training models on pirated copies of their books. TechCrunch reports: If this sounds familiar, it's because another set of authors already filed a class action suit against Anthropic for these same acts of copyright infringement. In that case, the judge ruled that it was legal for Anthropic and similar AI companies to train on pirated copies of books, but that it was not legal to pirate the books in the first place.

While eligible writers can receive about $3,000 from the $1.5 billion Anthropic settlement, some authors were dissatisfied with that resolution -- it doesn't hold AI companies accountable for the actual act of using stolen books to train their models, which generate billions of dollars in revenue. The plaintiffs in the new lawsuit say the proposed Anthropic settlement "seems to serve [the AI companies], not creators."

"LLM companies should not be able to so easily extinguish thousands upon thousands of high-value claims at bargain-basement rates, eliding what should be the true cost of their massive willful infringement."

A federal judge blocked Texas' app store age-verification law, ruling it likely violates the First Amendment by forcing platforms to gate speech and collect data in an overly broad way. The law was set to go into effect on January 1, 2026. The Verge reports: In an order granting a preliminary injunction on the Texas App Store Accountability Act (SB 2420), Judge Robert Pitman wrote that the statute "is akin to a law that would require every bookstore to verify the age of every customer at the door and, for minors, require parental consent before the child or teen could enter and again when they try to purchase a book." Pitman has not yet ruled on the merits of the case, but his decision to grant the preliminary injunction means he believes its defenders are unlikely to prevail in court.

Pitman found that the highest level of scrutiny must be applied to evaluate the law under the First Amendment, which means the state must prove the law is "the least restrictive means of achieving a compelling state interest." The judge found this is not the case and that it wouldn't even survive intermediate scrutiny, because Texas has so far failed to prove that its goals are connected to its methods. Since Texas already has a law requiring age verification for porn sites, Pitman said that "only in the vast minority of applications would SB 2420 have a constitutional application to unprotected speech not addressed by other laws." Though Pitman acknowledged the importance of safeguarding kids online, he added, "the means to achieve that end must be consistent with the First Amendment. However compelling the policy concerns, and however widespread the agreement that the issue must be addressed, the Court remains bound by the rule of law." "The Texas App Store Accountability Act is the first among a series of similar state laws to face a legal challenge, making the ruling especially significant, as Congress considers a version of the statute," notes The Verge. "The laws, versions of which also passed in Utah and Louisiana, aim to impose age verification standards at the app store level, making companies like Apple and Google responsible for transmitting signals about users' ages to app developers to block users from age-inappropriate experiences."

"The state can still appeal the ruling with the Fifth Circuit Court of Appeals, which has a history of reversing blocks on internet regulations."

An anonymous reader quotes a report from Ars Technica: CBS cannot contain the online spread of a "60 Minutes" segment that its editor-in-chief, Bari Weiss, tried to block from airing. The episode, "Inside CECOT," featured testimonies from US deportees who were tortured or suffered physical or sexual abuse at a notorious Salvadoran prison, the Center for the Confinement of Terrorism. "Welcome to hell," one former inmate was told upon arriving, the segment reported, while also highlighting a clip of Donald Trump praising CECOT and its leadership for "great facilities, very strong facilities, and they don't play games."

Weiss controversially pulled the segment on Monday, claiming it could not air in the US because it lacked critical voices, as no Trump officials were interviewed. She claimed that the segment "did not advance the ball" and merely echoed others' reporting, NBC News reported. Her plan was to air the segment when it was "ready," insisting that holding stories "for whatever reason" happens "every day in every newsroom." But Weiss apparently did not realize that the "Inside CECOT" would still stream in Canada, giving the public a chance to view the segment as reporters had intended.

Critics accusing CBS of censoring the story quickly shared the segment online Monday after discovering that it was available on the Global TV app. Using a VPN to connect to the app with a Canadian IP address was all it took to override Weiss' block in the US, as 404 Media reported the segment was uploaded to "to a variety of file sharing sites and services, including iCloud, Mega, and as a torrent," including on the recently revived file-sharing service LimeWire. It's currently also available to stream on the Internet Archive, where one reviewer largely summed up the public's response so far, writing, "cannot believe this was pulled, not a dang thing wrong with this segment except it shows truth." "Yo what," joked Reddit user Howzitgoin, highlighting only the word "LimeWire." Another user responded, "man, who knew my nostalgia prof pic would become relevant again, WTF."

"Bringing back LimeWire to illegally rip copies of reporting suppressed by the government is definitely some cyberpunk shit," a Bluesky user wrote.

"We need a champion against the darkness," a Reddit commenter echoed. "I side with LimeWire."

The FCC has banned approval of new foreign-made drones and components, citing "an unacceptable risk" to national security. The move will most heavily impact DJI but it "does not affect drones or drone components that are currently sold in the United States." Reuters reports: The tech was placed on the commission's "Covered List," barring DJI and other foreign drone manufacturers from receiving the FCC's approval to sell new drone models for import or sale in the U.S. In Monday's announcement, the agency said that the move "will reduce the risk of direct [drone] attacks and disruptions, unauthorized surveillance, sensitive data exfiltration and other [drone] threats to the homeland."

FCC Chair Brendan Carr said in a statement that while drones offer the potential to boost public safety and the U.S.' posture on global innovation, "criminals, terrorists and hostile foreign actors have intensified their weaponization of these technologies, creating new and serious threats to our homeland."

The ruling comes as China hawks in Congress amplify warnings about the security risks of drones made by DJI, which accounts for more than 90% of the global market share. But efforts to crack down on Capitol Hill have been met with some pushback due to the potential impacts of curbing the drone usage on U.S. businesses and law enforcement. A wide variety of sectors, including construction, energy, agriculture and mining companies, as well as local police and fire departments across the country, deploy DJI-made drones.

Beverly Hills High School has deployed an AI-powered surveillance apparatus that includes facial recognition cameras, behavioral analysis software, smoke detector-shaped bathroom listening devices from Motorola, drones, and license plate readers from Flock Safety -- a setup the district spent $4.8 million on in the 2024-2025 fiscal year and considers necessary given the school's high-profile location in Los Angeles.

Similar systems are spreading to campuses nationwide as schools try to stop mass shootings that killed 49 people on school property this year, 59 in 2024, and 45 in 2023. A 2023 ACLU report found that eight of the ten largest school shootings since Columbine occurred at schools that already had surveillance systems, and 32% of students surveyed said they felt like they were always being watched. The technology has a spotty track record, however.

Gun detection vendor Evolv, used by more than 800 schools including Beverly Hills High, was reprimanded by the FTC in 2024 for claiming its AI could detect all weapons after it failed to flag a seven-inch knife used to stab a student in 2022. Evolv has also flagged laptops and water bottles as guns. Rival vendor Omnilert flagged a 16-year-old student at a Maryland high school reaching for an empty Doritos bag as a possible gun threat; police held the teenager at gunpoint.

Not every school is buying in. Highline Schools in Washington state cancelled its $33,000 annual ZeroEyes contract this year and spent the money on defibrillators and Ford SUVs for its safety team instead.

A group of activists has scraped Spotify's entire library, accessing 256 million rows of track metadata and 86 million audio files totaling roughly 300TB of data. The metadata has been released via Anna's Archive, a search engine for "shadow libraries" that previously focused on books.

Spotify described the activists as "anti-copyright extremists who've previously pirated content from YouTube and other platforms" and confirmed it is actively investigating the incident. The activists claim this represents "the world's first 'preservation archive' for music which is fully open" and covers "around 99.6% of listens."

They appear to have used Spotify's public web API to scrape the metadata and circumvented DRM to access audio files. Spotify insists that this is not a security breach affecting user data. Though the more pressing concern for the music industry may be AI training rather than pirate streaming services -- similar YouTube datasets have reportedly been used by unlicensed generative AI music services.

They call it "the business-impersonator scam". And it's fooled 396,227 Americans in just the first nine months of 2025 — 18% more than the 335,785 in the same nine months of 2024. That's according to a Bloomberg reporter (who also fell for it in late November), citing the official statistics from America's Federal Trade Commission: Some pose as airline staff on social media and respond to consumer complaints. Others use texts or e-mails claiming to be an airline reporting a delayed or cancelled flight to phish for travellers' data. But the objective is always the same: to hit a stressed out, overwhelmed traveller at their most vulnerable. In my case, the scammer exploited weaknesses in Google's automated ad-screening system, so that fraudulent sponsored results rose to the top [They'd typed "United airlines agent on demand" into Google, and the top search result on their phone said United.com, had a 1-888 number next to it and said it had had 1M+ visits in past month. "It looked legit. I tapped the number..." ]

After I reported the fake "United Airlines" ad to Google, via an online form for consumers, it was taken down. But a few days later, I entered the same search terms and the identical ad featuring the same 1-888 number was back at the top of my results. I reported it again, and it was quickly removed again... A [Google] spokesperson there said the company is constantly evolving its tactics "to stay ahead of bad actors." Of the 5.1 billion ads blocked by the company last year, she said, 415 million were taken down for "scam-related violations." Google updated its ads misrepresentation policy in 2024 to include "impersonating or falsely implying affiliation with a public figure, brand or organization to entice users to provide money or information." Still, many impostor ads slip through the cracks.
"Reported losses from business-impostor scams in the United States rose 30 per cent, to US$835 million, in the first three quarters of 2025," the article points out (citing more figures from the America's Federal Trade Commision). An updated version of the article also includes a response from United Airlines. "We encourage customers to only use customer-service contact information that is listed on our website and app."

And what happened to the scammed reporter? "I called American Express and contested the charge before cancelling my credit card. I then contacted Experian, one of the three major credit bureaus, to put a fraud alert on my file. Next, I filed a complaint with the FTC and reported the fake ad to Google.

"American Express wound up resolving the dispute in my favour, but the memories of this chaotic Thanksgiving will stay with us forever. "

Tuesday the White House faces a deadline to decide "whether Chinese drone maker DJI Technologies poses a national security threat," reports Bloomberg. But their article notes it's "a decision with the potential to ground thousands of machines deployed by police and fire departments across the US."

One person making the case against the drones is Mike Nathe, a North Dakota Republican state representative described by the Post as "at the forefront of a nationwide campaign sounding alarms about the Made-in-China aircraft." Nathe tells them that "People do not realize the security issue with these drones, the amount of information that's being funneled back to China on a daily basis." The president already signed anexecutive orderin June targeting "foreign control or exploitation" of America's drone supply chain. That came after Congress mandated a review to determine whether DJI deserves inclusion in a federal register of companies believed to endanger national security. If DJI doesn't get a clean bill of health for Christmas, it could join Huawei Technologies Co. Ltd. and ZTE Corp.on that Federal Communications Commission list. The designation would give the Trump administration authority to prevent new domestic sales or even impose a flight ban, affecting public agencies from New York to North Dakota to Nevada...

The fleet used by public safety agencies nationwide exceeds about 25,000 aircraft, said Chris Fink, founder of Unmanned Vehicle Technologies LLC, a Fayetteville, Arkansas-based firm that advises law-enforcement clients. The overwhelming majority of those drones — called uncrewed aerial vehicles, or UAVs, in industry parlance — comes from China, said Jon Beal, president of theLaw Enforcement Drone Association, a training and advocacy group that counts DJI and some US competitors as corporate sponsors...

Currently, at least half a dozen states havetargeted DJIand other Chinese-manufactured drones, including restrictions in Arkansas, Mississippi and Tennessee. A Nevada law prohibiting public agencies from using Chinese drones took effect in January... Legislators also took up the cause in Connecticut, which passed a law this year preventing public offices from using Chinese drones. Supporters said they're worried about these eyes in the skies being used for spying. "We're kind of sitting ducks," said Bob Duff, the Democratic majority leader in the state senate who promoted the legislation. "They are designed to infiltrate systems even when the users don't think that they will."
One North Dakota sheriff's department complains U.S.-made drones are "at least double and triple the price out of the gate," according to the article, which adds that public safety officials "say it's difficult to find domestic alternatives that match DJI in price and performance."

And DJI "wants an extension on the security review," according to the article, "saying Tuesday is too soon to make a conclusion."

An anonymous reader shared this report from CNBC: The Trump administration on Monday unveiled a new initiative dubbed the "U.S. Tech Force," comprising about 1,000 engineers and other specialists who will work on artificial intelligence infrastructure and other technology projects throughout the federal government.

Participants will commit to a two-year employment program working with teams that report directly to agency leaders in "collaboration with leading technology companies," according to an official government website. ["...and work closely with senior managers from companies partnering with the Tech Force."] Those "private sector partners" include Amazon Web Services, Apple, Google Public Sector, Dell Technologies, Microsoft, Nvidia, OpenAI, Oracle, Palantir, Salesforce and numerous others [including AMD, IBM, Coinbase, Robinhood, Uber, xAI, and Zoom], the website says.

The Tech Force shows the Trump administration increasing its focus on developing America's AI infrastructure as it competes with China for dominance in the rapidly growing industry... The engineering corps will be working on "high-impact technology initiatives including AI implementation, application development, data modernization, and digital service delivery across federal agencies," the site says.
"Answer the call," says the new web site at TechForce.gov.

"Upon completing the program, engineers can seek employment with the partnering private-sector companies for potential full-time roles — demonstrating the value of combining civil service with technical expertise." [And those private sector companies can also nominate employees to participate.] "Annual salaries are expected to be in the approximate range of $150,000 to $200,000."

During a search for the Brown shoogin suspect, a law enforcement press conference included a request for "Ring camera footage from residents and businesses near Brown University," according to local news reports.

But in the end it was Flock cameras according to an article in Gizmodo, after a Reddit poster described seeing "odd" behavior of someone who turned out to be the suspect: The original Reddit poster, identified only as John in the affidavit, contacted police the next day and came in for an interview. He told them about his odd encounter with the suspect, noting that he was acting suspiciously by not having appropriate cold-weather clothes on when he saw him in a bathroom at Brown University. That was two hours before the shooting. After spotting him in the bathroom wearing a mask, John actually started following the suspect in what he called a "game of cat and mouse...." Police detectives showed John two images obtained through Flock, the company that's built extensive surveillance infrastructure across the U.S. used by investigators, and he recognized the suspect's vehicle, replying, "Holy shit. That might be it," according to the affidavit. Police were able to track down the license plate of the rental car, which gave them a name, and within 24 hours, they had found Claudio Manuel Neves Valente dead in a storage facility in Salem, New Hampshire, where he reportedly rented a unit.
"We intend to continue using technology to make sure our law enforcement are empowered to do their jobs," Flock's safety CEO Garrett Langley wrote on X.com, pinning the post to the top of his feed.

Though ironically, hours before Providence Police Chief Oscar Perez credited Flock for helping to find the suspect, CNN was interviewing Flock's safety CEO to discuss "his response to recent privacy concerns surrounding Flock's technology." To Langley, the situation underscored the value and importance of Flock's technology, despite mounting privacy concerns that have prompted some jurisdictions to cancel contracts with the company... Langley told me on Thursday that he was motivated to start Flock to keep Americans safer. His goal is to deter crime by convincing would-be criminals they'll be caught... One of Flock's cameras had recently spotted [the suspect's] car, helping police pinpoint Valente's location. Flock turned on additional AI capabilities that were not part of Providence Police's contract with the company to assist in the hunt, a company spokesperson told CNN, including a feature that can identify the same vehicle based on its description even if its license plates have been changed.

The company has faced criticism from some privacy advocates and community groups who worry that its networks of cameras are collecting too much personal information from private citizens and could be misused. Both the Electronic Frontier Foundation and the American Civil Liberties Union have urged communities not to work with Flock. "State legislatures and local governments around the nation need to enact strong, meaningful protections of our privacy and way of life against this kind of AI surveillance machinery," ACLU Senior Policy Analyst Jay Stanley wrote in an August blog post. Flock also drew scrutiny in October when it announced a partnership with Amazon's Ring doorbell camera system... ["Local officers using Flock Safety's technology can now post a request directly in the Ring Neighbors app asking for help," explains Flock's blog post.]

Langley told me it was up to police to reassure communities that the cameras would be used responsibly... "If you don't trust law enforcement to do their job, that's actually what you're concerned about, and I'm not going to help people get over that." Langley added that Flock has built some guardrails into its technology, including audit trails that show when data was accessed. He pointed to a case in Georgia where that audit found a police chief using data from LPR cameras to stalk and harass people. The chief resigned and was arrested and charged in November...

More recently, the company rolled out a "drone as first responder" service — where law enforcement officers can dispatch a drone equipped with a camera, whose footage is similarly searchable via AI, to evaluate the scene of an emergency call before human officers arrive. Flock's drone systems completed 10,000 flights in the third quarter of 2025 alone, according to the company... I asked what he'd tell communities already worried about surveillance from LPRs who might be wary of camera-equipped drones also flying overhead. He said cities can set their own limitations on drone usage, such as only using drones to respond to 911 calls or positioning the drones' cameras on the horizon while flying until they reach the scene. He added that the drones fly at an elevation of 400 feet.

"Super PAC aims to drown out AI critics in midterms," the Washington Post reported in August, noting its intial funding over $100 million from "some of Silicon Valley's most powerful investors and executives" including OpenAI president Greg Brockman, his wife, and VC firm Andreessen Horowitz. The group's goal was "to quash a philosophical debate that has divided the tech industry on the risk of artificial intelligence overpowering humanity," according to the article — and to support "pro-AI" candidates in America's next election in November of 2026 and "oppose candidates perceived as slowing down AI development."

Their first target? State assemblyman Alex Bores, now running to be a U.S. representative. While in the state legislature Bores sponsored a bill that would "require large AI companies to publish safety data on their technology," notes the Washington Post. So the attack ad charges that Bores "wants Albany bureaucrats regulating AI," excoriating him for sponsoring a bill that "hands AI to state regulators and creates a chaotic patchwork of state rules that would crush innovation, cost New York jobs, and fail to keep people safe! And he's backed by groups funded by convicted felon Sam Bankman-Fried. Is that really who should be shaping AI safety for our kids? America needs one smart national policy that sets clear stands for safe AI not Albany politicians like Alex Bores."

The Post calls it "the opening skirmish in a battle set to play out across the country" as tech moguls (and an independent effort receiving "tens of millions" from Meta) "try to use the 2026 midterms to reengineer Congress and state legislatures in favor of their ambitions for artificial intelligence" and "to wrest control of the narrative around AI, just as politicians in both parties have started warning that the industry is moving too fast." By knocking down candidates such as Bores, who favor regulations, and boosting industry sympathizers, the tech-backed groups could signal to incumbents and candidates nationwide that opposing the tech industry can jeopardize their electoral chances. "Bores just happened to be first, but he's not the last, and he's certainly not the only," said Josh Vlasto, co-head of Leading the Future, the bipartisan super PAC behind the ad.

The group plans to support and oppose candidates in congressional and state elections next year. It will also fund rapid response operations against voices in the industry pushing for more oversight... The strategy aims to replicate the success of the cryptocurrency industry, which used a super PAC to clear a path for Congress this summer to boost the sector's fortunes with the passage of the Genius Act... But signs that voters are increasingly wary of AI suggest that approach may be challenging to replicate. More than half of Americans believe AI poses a high risk to society, Pew Research Center found in a June survey. As AI usage continues to grow, more people are being warned by chief executives that AI will disrupt their jobs, seeing power-hungry data centers spring up in their towns or hearing claims that chatbots can harm mental health.
The article also notes there's at least two other groups seeking to counter this pro-AI push, raising money through a nonprofit called "Public First."

CNN calls the new pro-AI ads "a likely preview of the vast amounts of money the technology industry could spend ahead of next year's elections," noting that the ads are first targeting the candidate-choosing primary elections

An anonymous reader quotes a report from Search Engine Land: Google said today that it is suing SerpApi, accusing the company of bypassing security protections to scrape, harvest, and resell copyrighted content from Google Search results. The allegations: Google said SerpApi:

-Circumvented Google's security measures and industry-standard crawling controls.
-Ignored website directives that specify whether content can be accessed.
-Used cloaking, rotating bot identities, and large bot networks to scrape content at scale.
-Took licensed content from Search features, including images and real-time data, and resold it for profit.

What Google is saying. "Stealthy scrapers like SerpApi override [crawling] directives and give sites no choice at all," Google wrote, calling the alleged scraping "brazen" and "unlawful." Google said SerpApi's activity "increased dramatically over the past year." [...] If Google wins, reliable SERP data could become harder to get, more expensive, or both -- especially for teams that rely on tools powered by services like SerpApi. As AI already reduces clicks and transparency, Google now appears intent on making it even harder for brands to understand how Search works, how they appear in results, and how to measure success.

The White House says it's investigating how a personal-finance YouTuber's livestream briefly appeared on the White House's official live video page. The creator says he has no idea how his video ended up there. The Associated Press reports: The livestream appeared for at least eight minutes late Thursday on whitehouse.gov/live, where the White House usually streams live video of the president speaking. It's unclear if the website was breached or the video was linked accidentally by someone in the government. The White House said in a statement that it was "aware and looking into what happened." The video that appeared on the government-run website featured some of a more than two-hour livestream from Matt Farley, who posts as @RealMattMoney, as he answered financial questions.

Farley told The Associated Press on Friday that he had no idea what happened and learned about it after the fact. He said he had not been contacted by the government and didn't have any theories about how his livestream ended up on the website. He joked that he hoped President Donald Trump and his youngest son, Barron Trump, "are watching my streams and taking advice."

"Had I known it would have been on the White House website, I probably would have had other things to talk about than personal finance," Farley said. When asked what other things he would discuss, Farley responded with a laugh and said: "What would you talk about with the world for eight minutes if you had an opportunity? I'm just some guy making YouTube videos about stocks."

A California judge signaled support for forcing Vizio to provide the full source code for its SmartCast TV software after finding a contractual obligation under the GPL. If upheld, the case could strengthen users' rights to modify GPL-licensed software embedded in consumer electronics. The Register reports: The legal complaint from the Software Freedom Conservancy (SFC) seeks access to the SmartCast source code so that Vizio customers can make changes and improvements to the platform, something that ought to be possible for code distributed under the GPL. On Thursday, California Superior Court Judge Sandy Leal issued a tentative ruling in advance of a hearing, indicating support for part of SFC's legal challenge. The tentative ruling is not a final decision, but it signals the judge's inclination to grant the SFC's motion for summary adjudication, at least in part.

"The tentative ruling [PDF] grants SFC's motion on the issue that a direct contract was made between SFC and Vizio when SFC's systems administrator, Paul Visscher, requested the source code to a TV that SFC has purchased," the SFC said in a blog post. "This contract obligated Vizio to provide SFC the complete and corresponding source code." [...]

Karen Sandler, executive director of the SFC, told The Register in an email that the hearing went well, though Vizio's legal counsel "stridently disagreed" with the legal analysis in the tentative ruling. "Judge Leal said she would take the matter 'under submission' which means she will think about it further," Sandler said. "After the Court went off the record, Leal's clerk specifically verified the Court reporter could provide an expedited transcript, so Leal will likely review the hearing transcript soon." Sandler expects Leal will examine the filings again before issuing her opinion, which is likely to be issued in the next few weeks.

Hackers breached approximately 120,000 IP cameras across South Korea and allegedly sold footage captured from private homes, gynecology offices, breastfeeding rooms and massage parlors to an overseas pornography website, prompting an interagency government task force to announce sweeping reforms on December 7.

Police believe one suspect alone hacked 63,000 cameras and produced 545 videos that netted him 35 million won ($24,000) in cryptocurrency; a second suspect, operating independently, compromised 70,000 devices and earned 18 million won from 648 videos. The footage accounted for 62% of all content on the website, which maintains a dedicated "Korean" category. A government survey found that only 59% of installation companies consistently carried out mandatory security measures such as changing default passwords. Lawmakers are now pursuing legislation requiring security-certified IP cameras in sensitive facilities.

An anonymous reader quotes a report from the Guardian: The Massachusetts Institute of Technology (MIT) community is grieving after the "shocking" shooting death of the director of its plasma science and fusion center, according to officials. Nuno FG Loureiro, 47, had been shot multiple times at his home in the affluent Boston suburb of Brookline on Monday night when police said they received a call to investigate. Emergency responders brought Loureiro to a hospital, and the award-winning scientist was pronounced dead there Tuesday morning, the Norfolk county district attorney's office said in a statement.

The Boston Globe reported speaking with a neighbor of Loureiro who heard gunshots, found the academic lying on his back in the foyer of their building and then called for help alongside the victim's wife. The statement from the Norfolk district attorney's office said an investigation into Loureiro's slaying remained ongoing later Tuesday. But the agency did not immediately release any details about a possible suspect or motive in the killing, which gained widespread attention across academic circles, the US and in Loureiro's native Portugal.

Portugal's minster of foreign affairs announced Loureiro's death in a public hearing Tuesday, as CNN reported. Separately, MIT president Sally Kornbluth issued a university-wide letter expressing "great sadness" over the death of Loureiro, whose survivors include his wife. "This shocking loss for our community comes in a period of disturbing violence in many other places," said Kornbluth's letter, released after a weekend marred by deadly mass shootings at Brown University in Rhode Island -- about 50 miles away from MIT -- as well as on Australia's Bondi Beach. The letter concluded by providing a list of mental health resources, saying: "It's entirely natural to feel the need for comfort and support."

Longtime Slashdot reader schwit1 shares a report from Politico: The Senate on Wednesday approved Jared Isaacman for the top job at NASA -- an unprecedented comeback after President Donald Trump yanked his nomination this spring. Senators confirmed the billionaire private astronaut in a 67-30 vote. Trump renominated Isaacman for NASA administrator in November, after pulling his original nomination in May. He cited Isaacman's relationship with SpaceX CEO Elon Musk, with whom Trump had just had a falling out, as the rationale for his decision. Isaacman's surprise rebound followed months of political jockeying and help from high-profile figures in Trump's orbit. [...] Isaacman garnered backing from lawmakers during his hearing by confirming his support for NASA's Artemis moon-landing mission, a key prerogative for Capitol Hill. He also committed to instilling urgency at the space agency, citing China's space ambitions.

FCC Chairman Brendan Carr said in his Wednesday Senate testimony that the agency he governs "is not an independent agency, formally speaking." Axios: During his testimony, the word "independent" was removed from the FCC's mission statement on its website. The extraordinary statement speaks to a broader trend of regulatory agencies losing power to the executive branch during the Trump era. Last week, the Supreme Court appeared poised to allow President Trump to fire members of the Federal Trade Commission during oral arguments over the issue.

Sen. Ben Ray LujÃn (D-N.M.) began the line of questioning, citing the FCC's website, which said the agency was independent as of Wednesday morning. By Wednesday afternoon, the FCC's mission statement no longer said it was independent. Chairman Carr would not respond directly to questions about whether he believed the president was his boss. He would not answer whether it's appropriate if the president were to pressure him to go after media companies. He suggested the president has the power to fire him and other FCC commissioners.

Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday. From a report: The group, known as Darcula, sells software that allows users to send phishing text messages en masse, impersonating organizations like the IRS or the U.S. Postal Service in scams. The lawsuit is designed to give Google legal standing so U.S. courts will allow it to seize websites the group uses, hampering their operations, a spokesperson said.

Darcula is possibly the most prominent name in an emerging, loosely affiliated cybercrime world that creates and sells hacking programs for aspiring scammers to use. Darcula's signature program, called Magic Cat, provides an easy-to-use, intuitive way for cybercriminals without advanced hacking skills to quickly spam millions of phone numbers with links to fake websites impersonating businesses like YouTube's premium service, then steal the credit card numbers victims put in.

An anonymous reader quotes a report from the Wall Street Journal: The alleged perpetrator had improper access to virtually every South Korean adult's personal information: names, phone numbers and even the keycode to enter residential buildings. It was one of the biggest data breaches of recent years and it has sent the company it targeted -- Coupang, South Korea's equivalent of Amazon -- reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks. The leak went undetected for nearly five months, hitting Coupang's radar on Nov. 18 only after a customer flagged suspicious activity.

At first, Coupang, which was founded by a Korean-American entrepreneur, said it had experienced a data "exposure" affecting roughly 4,500 customer accounts. But within days, the e-commerce firm revised the figure: The leak exposed up to roughly 34 million user accounts in South Korea -- a sum representing more than 90% of the country's working-age population. Coupang started calling the incident a "leak" after Korean regulators took issue with the company's prior word choice. "The Whole Nation Is a Victim," read one local news headline.

An investigation has found that the alleged perpetrator had once worked in South Korea as a software developer for authentication systems at Coupang, which is known for its blockbuster U.S. initial public offering a few years ago. The suspected leaker is believed to be a Chinese national who has moved back to China and is now on the lam, South Korean officials say. They haven't named the person. Even after leaving the firm roughly a year ago, the suspect secretly held on to an internal authentication key that granted him unfettered access to the personal information of Coupang users, South Korean authorities and lawmakers say. The infiltration, using overseas servers, started on June 24. By using the login credentials, the suspect was able to appear as if he were still a Coupang employee when accessing the company's systems.

mprindle writes: The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology.

The lawsuits target Sony, Samsung, LG, and China-based companies Hisense and TCL Technology Group Corporation. Attorney General Ken Paxton's office also highlighted "serious concerns" about the two Chinese companies being required to follow China's National Security Law, which could give the Chinese government access to U.S. consumers' data.

According to complaints filed this Monday in Texas state courts, the TV makers can allegedly use ACR technology to capture screenshots of television displays every 500 milliseconds, monitor the users' viewing activity in real time, and send this information back to the companies' servers without the users' knowledge or consent.

An anonymous reader quotes a report from BleepingComputer: Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors.

In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

An anonymous reader quotes a report from Reuters: Several dozen people protested on Sunday in the Siberian city of Tomsk against Russia's ban on U.S. children's gaming platform Roblox, a rare show of public dissent as popular irritation over the ban gains some momentum. In wartime Russia, censorship is extensive: Moscow blocks or restricts social media platforms such as Snapchat, Facebook, Instagram, WhatsApp and YouTube while distributing its own narrative through a network of social media and Russian media. Russia's communications watchdog Roskomnadzor said on December 3 it had blocked Roblox because it was "rife with inappropriate content that can negatively impact the spiritual and moral development of children."

In Tomsk, 2,900 km (1,800 miles) east of Moscow, several dozen people braved the snow to hold up hand-drawn placards reading "Hands off Roblox" and "Roblox is the victim of the digital Iron Curtain" in Vladimir Vysotsky Park, according to photographs provided by an organizer of the protest. "Bans and blocks are all you are able to do," read one placard. The photographs showed about 25 people standing in a circle in the snow, holding up placards. In Russia, the ban on Roblox has triggered a debate over censorship, child safety in relation to technology and even the effectiveness of censorship in a digitalized world where children can bypass many bans in a few clicks.

"As Australia began enforcing a world-first social media ban for children under 16 years old this week, Denmark is planning to follow its lead," reports the Associated Press, "and severely restrict social media access for young people." The Danish government announced last month that it had secured an agreement by three governing coalition and two opposition parties in parliament to ban access to social media for anyone under the age of 15. Such a measure would be the most sweeping step yet by a European Union nation to limit use of social media among teens and children.

The Danish government's plans could become law as soon as mid-2026. The proposed measure would give some parents the right to let their children access social media from age 13, local media reported, but the ministry has not yet fully shared the plans... [A] new "digital evidence" app, announced by the Digital Affairs Ministry last month and expected to launch next spring, will likely form the backbone of the Danish plans. The app will display an age certificate to ensure users comply with social media age limits, the ministry said.
The article also notes Malaysia "is expected to ban social media accounts for people under the age of 16 starting at the beginning of next year, and Norway is also taking steps to restrict social media access for children and teens.

"China — which manufacturers many of the world's digital devices — has set limits on online gaming time and smartphone time for kids."

An anonymous reader shared this report from the BBC: A billionaire investor keen on buying TikTok's US operations has told the BBC he has been left in limbo as the latest deadline for the app's sale looms.

The US has repeatedly delayed the date by which the platform's Chinese owner, Bytedance, must sell or be blocked for American users. US President Donald Trump appears poised to extend the deadline for a fifth time on Tuesday. "We're just standing by and waiting to see what happens," investor Frank McCourt told BBC News...

The president...said "sophisticated" US investors would acquire the app, including two of his allies: Oracle chairman Larry Ellison and Dell Technologies' Michael Dell. Members of the Trump administration had indicated the deal would be formalised in a meeting between Trump and Xi in October — however it concluded without an agreement being reached. Neither TikTok's Chinese owner ByteDance nor Beijing have since announced approval of a sale, despite Trump's claims. This time there are no such claims a deal is imminent, leading most analysts to conclude another extension is inevitable.
Other investors besides McCourt include Reddit co-founder Alexis Ohanian and Shark Tank entrepreneur Kevin O'Leary.

U.S. Senator Sheldon Whitehouse said Friday he was moving to file a bipartisan bill to repeal Section 230 of America's Communications Decency Act.

"The law prevents most civil suits against users or services that are based on what others say," explains an EFF blog post. "Experts argue that a repeal of Section 230 could kill free speech on the internet," writes LiveMint — though America's last two presidents both supported a repeal: During his first presidency, U.S. President Donald Trump called to repeal the law and signed an executive order attempting to curb some of its protections, though it was challenged in court. Subsequently, former President Joe Biden also voiced his opinion against the law.
An EFF blog post explains the case for Section 230: Congress passed this bipartisan legislation because it recognized that promoting more user speech online outweighed potential harms. When harmful speech takes place, it's the speaker that should be held responsible, not the service that hosts the speech... Without Section 230, the Internet is different. In Canada and Australia, courts have allowed operators of online discussion groups to be punished for things their users have said. That has reduced the amount of user speech online, particularly on controversial subjects. In non-democratic countries, governments can directly censor the internet, controlling the speech of platforms and users. If the law makes us liable for the speech of others, the biggest platforms would likely become locked-down and heavily censored. The next great websites and apps won't even get started, because they'll face overwhelming legal risk to host users' speech.
But "I strongly believe that Section 230 has long outlived its use," Senator Whitehouse said this week, saying Section 230 "a real vessel for evil that needs to come to an end." "The laws that Section 230 protect these big platforms from are very often laws that go back to the common law of England, that we inherited when this country was initially founded. I mean, these are long-lasting, well-tested, important legal constraints that have — they've met the test of time, not by the year or by the decade, but by the century.

"And yet because of this crazy Section 230, these ancient and highly respected doctrines just don't reach these people. And it really makes no sense, that if you're an internet platform you get treated one way; you do the exact same thing and you're a publisher, you get treated a completely different way.

"And so I think that the time has come.... It really makes no sense... [Testimony before the committee] shows how alone and stranded people are when they don't have the chance to even get justice. It's bad enough to have to live through the tragedy... But to be told by a law of Congress, you can't get justice because of the platform — not because the law is wrong, not because the rule is wrong, not because this is anything new — simply because the wrong type of entity created this harm."

A January order blocking wind energy projects in America has now been vacated by a U.S. judge and declared unlawful, reports the Associated Press: [Judge Saris of the U.S. district court for the district of Massachusetts] ruled in favor of a coalition of state attorneys general from 17 states and Washington DC, led by Letitia James, New York's attorney general, that challenged President Trump's day one order that paused leasing and permitting for wind energy projects... The coalition that opposed Trump's order argued that Trump does not have the authority to halt project permitting, and that doing so jeopardizes the states' economies, energy mix, public health and climate goals.

The coalition includes Arizona, California, Colorado, Connecticut, Delaware, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, New Jersey, New Mexico, New York, Oregon, Rhode Island, Washington state and Washington DC. They say they have invested hundreds of millions of dollars collectively to develop wind energy and even more on upgrading transmission lines to bring wind energy to the electrical grid...

Wind is the United States' largest source of renewable energy, providing about 10% of the electricity generated in the nation, according to the American Clean Power Association.
But the BBC quotes Timothy Fox, managing director at the Washington, DC-based research firm ClearView Energy Partners, as saying he doesn't expect the ruling to reinvigorate the industry: "It's more symbolic than substantive," he said. "All the court is saying is ... you need to go back to work and consider these applications. What does that really mean?" he said. Officials could still deny permits or bog applications down in lengthy reviews, he noted.

Choosing your browser "is one of the most important digital decisions you can make, shaping how you experience the web, protect your data, and express yourself online," says the Firefox blog. They've urged readers to "take a stand for independence and control in your digital life."

But they also recently polled 8,000 adults in France, Germany, the UK and the U.S. on "how they navigate choice and control both online and offline" (attending in-person events in Chicago, Berlin, LA, and Munich, San Diego, Stuttgart): The survey, conducted by research agency YouGov, showcases a tension between people's desire to have control over their data and digital privacy, and the reality of the internet today — a reality defined by Big Tech platforms that make it difficult for people to exercise meaningful choice online:


— Only 16% feel in control of their privacy choices (highest in Germany at 21%)

— 24% feel it's "too late" because Big Tech already has too much control or knows too much about them. And 36% said the feeling of Big Tech companies knowing too much about them is frustrating — highest among respondents in the U.S. (43%) and the UK (40%)

— Practices respondents said frustrated them were Big Tech using their data to train AI without their permission (38%) and tracking their data without asking (47%; highest in U.S. — 55% and lowest in France — 39%)


And from our existing research on browser choice, we know more about how defaults that are hard to change and confusing settings can bury alternatives, limiting people's ability to choose for themselves — the real problem that fuels these dynamics.

Taken together our new and existing insights could also explain why, when asked which actions feel like the strongest expressions of their independence online, choosing not to share their data (44%) was among the top three responses in each country (46% in the UK; 45% in the U.S.; 44% in France; 39% in Germany)... We also see a powerful signal in how people think about choosing the communities and platforms they join — for 29% of respondents, this was one of their top three expressions of independence online.
"For Firefox, community has always been at the heart of what we do," says their VP of Global Marketing, "and we'll keep fighting to put real choice and control back in people's hands so the web once again feels like it belongs to the communities that shape it."

At TwitchCon in San Diego Firefox even launched a satirical new online card game with a privacy theme called Data War.

A former Chinese official who fled to the U.S. says Beijing has used advanced surveillance technology from U.S. companies to track, intimidate, and punish him and his family across borders. ABC News reports: Retired Chinese official Li Chuanliang was recuperating from cancer on a Korean resort island when he got an urgent call: Don't return to China, a friend warned. You're now a fugitive. Days later, a stranger snapped a photo of Li in a cafe. Terrified South Korea would send him back, Li fled, flew to the U.S. on a tourist visa and applied for asylum. But even there -- in New York, in California, deep in the Texas desert -- the Chinese government continued to hunt him down with the help of surveillance technology.

Li's communications were monitored, his assets seized and his movements followed in police databases. More than 40 friends and relatives -- including his pregnant daughter -- were identified and detained, even by tracking down their cab drivers through facial recognition software. Three former associates died in detention, and for months shadowy men Li believed to be Chinese operatives stalked him across continents, interviews and documents seen by The Associated Press show.

The Chinese government is using an increasingly powerful tool to cement its power at home and vastly amplify it abroad: Surveillance technology, much of it originating in the U.S., an AP investigation has found. Within China, this technology helped identify and punish almost 900,000 officials last year alone, nearly five times more than in 2012, according to state numbers. Beijing says it is cracking down on corruption, but critics charge that such technology is used in China and elsewhere to stifle dissent and exact retribution on perceived enemies.

Outside China, the same technology is being used to threaten wayward officials, along with dissidents and alleged criminals, under what authorities call Operations "Fox Hunt" and "Sky Net." The U.S. has criticized these overseas operations as a "threat" and an "affront to national sovereignty." More than 14,000 people, including some 3,000 officials, have been brought back to China from more than 120 countries through coercion, arrests and pressure on relatives, according to state information.

An anonymous reader quotes a report from Ars Technica: Dozens of Ukrainian civilians filed a series of lawsuits in Texas this week, accusing some of the biggest US chip firms of negligently failing to track chips that evaded export curbs. Those chips were ultimately used to power Russian and Iranian weapon systems, causing wrongful deaths last year. Their complaints alleged that for years, Texas Instruments (TI), AMD, and Intel have ignored public reporting, government warnings, and shareholder pressure to do more to track final destinations of chips and shut down shady distribution channels diverting chips to sanctioned actors in Russia and Iran.

Putting profits over human lives, tech firms continued using "high-risk" channels, Ukrainian civilians' legal team alleged in a press statement, without ever strengthening controls. All that intermediaries who placed bulk online orders had to do to satisfy chip firms was check a box confirming that the shipment wouldn't be sent to sanctioned countries, lead attorney Mikal Watts told reporters at a press conference on Wednesday, according to the Kyiv Independent. "There are export lists," Watts said. "We know exactly what requires a license and what doesn't. And companies know who they're selling to. But instead, they rely on a checkbox that says, 'I'm not shipping to Putin.' That's it. No enforcement. No accountability." [...]

Damages sought include funeral expenses and medical costs, as well as "exemplary damages" that are "intended to punish especially wrongful conduct and to deter similar conduct in the future." For plaintiffs, the latter is the point of the litigation, which they hope will cut off key supply chains to keep US tech out of weapon systems deployed against innocent civilians. "They want to send a clear message that American companies must take responsibility when their technologies are weaponized and used to commit harm across the globe," the press statement said. "Corporations must be held accountable when its unlawful decisions made in the name of profit directly cause the death of innocents and widespread human suffering." For chip firms, the litigation could get costly if more civilians join, with the threat of a loss potentially forcing changes that could squash supply chains currently working to evade sanctions. "We want to make this process so expensive and painful that companies are forced to act," Watts said. "That is our contribution to stopping the war against civilians."

An anonymous reader quotes a report from Reuters: The U.S. government will require artificial intelligence vendors to measure political "bias" to sell their chatbots to federal agencies, according to a Trump administration statement (PDF) released on Thursday. The requirement will apply to all large language models bought by federal agencies, with the exception of national security systems, according to the statement.

President Donald Trump ordered federal agencies in July to avoid buying large language models that he labeled as "woke." Thursday's statement gives more detail to that directive, saying that developers should not "intentionally encode partisan or ideological judgments" into a chatbot's outputs. Further reading: Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States

The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram.

But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.

Online retailer Coupang, often called South Korea's Amazon, is dealing with the fallout from a breach that exposed the personal information of more than 33 million accounts -- roughly two-thirds of the country's population -- after a former contractor allegedly used credentials that remained active months after his departure to access customer data through the company's overseas servers.

The breach began in June but went undetected until November 18, according to Coupang and investigators. Police have called it South Korea's worst-ever data breach. The compromised information includes names, phone numbers, email addresses and shipping addresses, though the company says login credentials, credit card numbers, and payment details were not affected.

Coupang's former CEO Park Dae-jun told a parliamentary hearing that the alleged perpetrator was a Chinese national who had worked on authentication tasks before his contract ended last December. Chief information security officer Brett Matthes testified that the individual had a "privileged role" giving him access to a private encryption key that allowed him to forge tokens to impersonate customers. Legislators say the key remained active after the employee left. The CEO of Coupang's South Korean subsidiary has resigned. Founder and chair Bom Kim has yet to personally apologize but has been summoned to a second parliamentary hearing.

Berlin's regional parliament has passed a far-reaching overhaul of its "security" law, giving police new authority to conduct both digital and physical surveillance. From a report: The CDU-SPD coalition, supported by AfD votes, approved the reform of the General Security and Public Order Act (ASOG), changing the limits that once protected Berliners from intrusive policing. Interior Senator Iris Spranger (SPD) argued that the legislation modernizes police work for an era of encrypted communication, terrorism, and cybercrime. But it undermines core civil liberties and reshapes the relationship between citizens and the state.

One of the most controversial elements is the expansion of police powers under paragraphs 26a and 26b. These allow investigators to hack into computers and smartphones under the banner of "source telecommunications surveillance" and "online searches." Police may now install state-developed spyware, known as trojans, on personal devices to intercept messages before or after encryption.

If the software cannot be deployed remotely, the law authorizes officers to secretly enter a person's home to gain access. This enables police to install surveillance programs directly on hardware without the occupant's knowledge. Berlin had previously resisted such practices, but now joins other federal states that permit physical entry to install digital monitoring tools.

Carl Rinsch, the director behind the 2013 Keanu Reeves film "47 Ronin," has been found guilty of defrauding Netflix out of $11 million that was meant to fund a science fiction series called "Conquest," which the streaming company ultimately cancelled in 2021 after Rinsch failed to meet any production milestones. A jury in the Southern District of New York convicted the 48-year-old on seven charges: one count each of wire fraud and money laundering, and five counts of transacting in illicitly obtained property.

Prosecutors alleged that Rinsch funneled the $11 million through multiple bank accounts into a personal brokerage account, lost more than half of it on securities within two months, and then began speculating on cryptocurrency. Court records show he also spent $2.4 million on a Ferrari and five Rolls Royces, $3.3 million on furniture and antiques, and $387,000 on a Swiss watch. Netflix has written off $55 million in total and has not recovered any funds. Rinsch faces up to 90 years in prison and is scheduled for sentencing on April 17, 2026.

An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences."

Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with."

Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts."

The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said.

Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together."

An anonymous reader quotes a report from Reuters: Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced in New York federal court on Thursday to 15 years in prison for fraud and conspiracy. Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility.

Kwon was one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies. [...] Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as "Terra Protocol" had restored the coin's value. Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents. "I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong."

He also faces charges in South Korea, and under his plea deal, prosecutors won't oppose his transfer abroad after he serves half of his U.S. sentence.

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.