Arizona state prosecutors allege Kalshi is running an illegal gambling operation, charging the prediction market with 20 "wagering" misdemeanors. But Friday a federal judge "temporarily barred Arizona from enforcing its gambling laws against predictive market operators," reports the Associated Press, "and put the brakes on a criminal wagering case that the state has filed against Kalshi.

"U.S. District Judge Michael Liburdi's ruling means a Monday arraignment hearing for Kalshi has been called off." The order was issued in a lawsuit filed by the Trump administration. The judge's order said the federal Commodity Futures Trading Commission had sufficiently shown that "event contracts" fall within the Commodity Exchange Act's definition of "swaps," and that it had demonstrated a reasonable chance of success in showing that the act preempts Arizona law... The commission had sued Arizona in response to cease-and-desist letters sent to Kalshi from state gambling regulators and the criminal charges filed against the prediction market operator. The commission argued Arizona is intruding on its exclusive federal power to regulate national swaps markets...

Earlier this month, the federal government filed lawsuits against Connecticut, Arizona and Illinois challenging their efforts to regulate prediction market operators. The Trump administration has so far backed the platforms. President Donald Trump's eldest son is an adviser for both Kalshi and Polymarket and an investor in the latter. Trump's social media platform Truth Social is also launching its own cryptocurrency-based prediction market called Truth Predict.
Federal and state judges in Nevada and Massachusetts have now issued early rulings in favor of states looking to ban Kalshi and its competitor Polymarket from offering sports being in their states, according to the article, "while federal judges in New Jersey and Tennessee have ruled in favor of Kalshi."

And Arizona's attorney general's office said it disagrees with the court's ruling and "will evaluate our next steps."

An anonymous reader quotes a report from Ars Technica: The Trump administration has stepped up an effort to unmask a Reddit user who criticized Immigration and Customs Enforcement (ICE). After failing to obtain information through a summons issued (PDF) to Reddit, the government reportedly issued a subpoena demanding that Reddit provide the information and appear before a grand jury in Washington, DC. The Intercept described the subpoena today. "According to a subpoena obtained by The Intercept, Reddit has until April 14 to provide a wide range of personal data on one of its users, whom US Immigration and Customs Enforcement agents have been trying unsuccessfully to identify for more than a month," the article said.

The legal saga began in US District Court for the Northern District of California. On March 12, the anonymous Reddit user whose information is being sought filed a motion (PDF) to quash a summons seeking a host of information from Reddit. The summons was issued by the Department of Homeland Security and directed Reddit to turn information over to an ICE senior special agent. The summons cited authority under 19 U.S. Code 1509, which is part of the Smoot-Hawley Tariff Act of 1930. The motion to quash said the summons is not authorized by the law, which deals with imports of boats, alcoholic drinks, and animals, among other things.

"J. Doe is a US citizen who has not traveled out of the country, is not engaged in any international commerce, has no business concerns outside the United States, and primarily uses their Reddit account to engage in political speech relevant to their local community," said the filing by the Civil Liberties Defense Center (CLDC), which represents the Reddit user. "Yet the government claims the right to obtain Doe's name, telephone number, home address, banking and credit card information, IP addresses, telephone model number(s), and the names of any other accounts associated with their Reddit account. The information sought by the government in no way pertains to customs or importing or exporting merchandise, and is clearly intended to chill free speech." "We should be very, very, very concerned that they've now taken one of these to a grand jury," said David Greene, senior counsel for the Electronic Frontier Foundation. "It's something to be taken very seriously."

A Reddit spokesperson told Ars today that "we seek to inform users of any legal process compelling disclosure of their data, as we did in this case, because users should have the agency to protect their own information and are often better positioned to challenge requests that impact them."

"We do not voluntarily share information with any government, especially not on users exercising their rights to criticize the government or plan a protest. We review every inquiry for legal sufficiency and routinely object to requests that are overbroad or threaten civil rights. When legally compelled to disclose data, we provide only the minimum required and notify the user whenever possible so they can defend their interests."

An anonymous reader quotes a report from the New York Times: As the Trump administration seeks to fill a national shortage of air traffic controllers, officials are targeting a new talent pool: gamers. The Federal Aviation Administration on Friday is making a recruiting push aimed at avid players of video games, as the agency strives to fill thousands of vacancies that lawmakers have said leave the traveling public less safe. In a new YouTube ad, the agency is using flashy graphics and the promise of six-figure salaries to convince video game enthusiasts to apply their trigger fingers in service of air safety.

In recent years, video gamers have emerged as a target demographic for recruiters at a number of federal agencies, including the military and the Department of Homeland Security. They are welcomed for their hand-eye coordination, quick decision-making in complex environments and ability to remain focused on screens for hours on end. "To reach the next generation of air traffic controllers, we need to adapt," Transportation Secretary Sean Duffy said in a statement. Focusing recruiting efforts on gamers, he added, "taps into a growing demographic of young adults who have many of the hard skills it takes to be a successful controller."

[...] The F.A.A. plans to begin prioritizing recruiting gamers over more traditional avenues like college fairs, officials said, pointing out that only 25 percent of controllers have a traditional college degree, while the vast majority appear to have logged hours gaming. During the presidential transition in 2024, incoming Trump administration officials polled about 250 new air traffic academy graduates over six weeks. Only two of those interviewed were not gamers, according to F.A.A. officials [...]. Students who failed out of the training academy were not similarly queried, officials said, though they have plans to conduct more comprehensive exit interviews in the future. Still, the overwhelming presence of gaming habits among graduates tracked with what they were hearing anecdotally from controllers already certified to work in towers and other air traffic facilities, the officials said, many of whom liked to play video games during breaks in their shifts.

Bruce66423 shares a report from the Guardian: The European parliament has blocked the extension of a law that permits big tech firms to scan for child sexual exploitation on their platforms, creating a legal gap that child safety experts say will lead to crimes going undetected. The law, which was a carve-out of the EU Privacy Act, was put in place in 2021 as a temporary measure allowing companies to use automated detection technologies to scan messages for harms, including child sexual abuse material (CSAM), grooming and sextortion. However, it expired on April 3, and the EU parliament decided not to vote to extend it, amid privacy concerns from some lawmakers.

The regulatory gap has created uncertainty for big tech companies, because while scanning for harms on their platforms is now illegal, they still remain liable to remove any illegal content hosted on their platforms under a different law, the Digital Services Act. Google, Meta, Snap and Microsoft said they would continue to voluntarily scan their platforms for CSAM, in a joint statement posted on a Google blog. Bruce66423 adds: "Child abuse as the excuse for avoiding privacy protections. Who would have thought it?"

San Francisco police arrested a suspect after a Molotov cocktail was allegedly thrown at Sam Altman's home and threats were later made outside OpenAI's headquarters. "Thankfully, no one was hurt," said OpenAI in a statement to WIRED. "We deeply appreciate how quickly SFPD responded and the support from the city in helping keep our employees safe. The individual is in custody, and we're assisting law enforcement with their investigation." From the report: "At approximately 3:45am PT, an unidentified individual approached Sam's residence and threw an incendiary device toward the property. The device landed nearby and extinguished. There were no injuries and only minimal damage was reported," the message to staff reads. "Shortly afterward, an individual matching the suspect's description was contacted by security outside MB1," the message continues, referring to OpenAI's headquarters in San Francisco's Mission Bay neighborhood. "This person made threatening statements about the building."

OpenAI's corporate security team told staff it is cooperating with law enforcement on an investigation, and that employees may notice an increased police and security presence around the office on Friday. The security team said that the company's offices remain open, but employees were advised to "not let anyone tailgate into the building."
"Officials subsequently confirmed that the suspect was arrested outside the OpenAI's Third Street offices as he threatened to burn down the building," reports the Financial Express.

UPDATE: Sam Altman has responded to the incident.

An anonymous reader quotes a report from 404 Media: The FBI was able to forensically extract copies of incoming Signal messages from a defendant's iPhone, even after the app was deleted, because copies of the content were saved in the device's push notification database, multiple people present for FBI testimony in a recent trial told 404 Media. The case involved a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas in July, and one shooting a police officer in the neck. The news shows how forensic extraction -- when someone has physical access to a device and is able to run specialized software on it -- can yield sensitive data derived from secure messaging apps in unexpected places. Signal already has a setting that blocks message content from displaying in push notifications; the case highlights why such a feature might be important for some users to turn on.

"We learned that specifically on iPhones, if one's settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device," a supporter of the defendants who was taking notes during the trial told 404 Media. [...] During one day of the related trial, FBI Special Agent Clark Wiethorn testified about some of the collected evidence. A summary of Exhibit 158 published on a group of supporters' website says, "Messages were recovered from Sharp's phone through Apple's internal notification storage -- Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing)."

404 Media spoke to one of the supporters who was taking notes during the trial, and to Harmony Schuerman, an attorney representing defendant Elizabeth Soto. Schuerman shared notes she took on Exhibit 158. "They were able to capture these chats bc [because] of the way she had notifications set up on her phone -- anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device," those notes read. The supporter added, "I was in the courtroom on the last day of the state's case when they had FBI Special Agent Clark testifying about some Signal messages. One set came from Lynette Sharp's phone (one of the cooperating witnesses), but the interesting detailed messages shown in court were messages that had been set to disappear and had in fact disappeared in the Signal app." Further reading: Apple Gave Governments Data On Thousands of Push Notifications

An anonymous reader quotes a report from CNN: A hacker has allegedly stolen a massive trove of sensitive data -- including highly classified defense documents and missile schematics -- from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin -- a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies.

Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected. An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained "research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more." The group alleges the information is linked to "top organizations" including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.

Cyber security experts who have reviewed the data say the group is offering a limited preview of the alleged dataset, for thousands of dollars, with full access priced at hundreds of thousands of dollars. Payment was requested in cryptocurrency. CNN cannot verify the origins of the alleged dataset and the claims made by FlamingChina, but spoke with multiple experts whose initial assessment of the leak indicated it was genuine. The alleged sample data appeared to include documents marked "secret" in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.

After nearly 20 years on the platform, The Electronic Frontier Foundation (EFF) says it is leaving X. "This isn't a decision we made lightly, but it might be overdue," the digital rights group said. "The math hasn't worked out for a while now." From the report: We posted to Twitter (now known as X) five to ten times a day in 2018. Those tweets garnered somewhere between 50 and 100 million impressions per month. By 2024, our 2,500 X posts generated around 2 million impressions each month. Last year, our 1,500 posts earned roughly 13 million impressions for the entire year. To put it bluntly, an X post today receives less than 3% of the views a single tweet delivered seven years ago. [...]

When you go online, your rights should go with you. X is no longer where the fight is happening. The platform Musk took over was imperfect but impactful. What exists today is something else: diminished, and increasingly de minimis.

EFF takes on big fights, and we win. We do that by putting our time, skills, and our members' support where they will effect the most change. Right now, that means Bluesky, Mastodon, LinkedIn, Instagram, TikTok, Facebook, YouTube, and eff.org. We hope you follow us there and keep supporting the work we do. Our work protecting digital rights is needed more than ever before, and we're here to help you take back control.

BrianFagioli writes: Little Snitch, the well known macOS tool that shows which applications are connecting to the internet, is now being developed for Linux. The developer says the project started after experimenting with Linux and realizing how strange it felt not knowing what connections the system was making. Existing tools like OpenSnitch and various command line utilities exist, but none provided the same simple experience of seeing which process is connecting where and blocking it with a click. The Linux version uses eBPF for kernel level traffic interception, with core components written in Rust and a web based interface that can even monitor remote Linux servers.

During testing on Ubuntu, the developer noticed the system was relatively quiet on the network. Over the course of a week, only nine system processes made internet connections. By comparison, macOS reportedly showed more than one hundred processes communicating externally. Applications behave similarly across platforms though. Launching Firefox immediately triggered telemetry and advertising related connections, while LibreOffice made no network connections at all during testing. The early release is meant primarily as a transparency tool to show what software is doing on the network rather than a hardened security firewall.

A federal appeals court denied Anthropic's bid to temporarily block the Pentagon's blacklisting, meaning the company remains shut out of Defense Department contracts while the case continues, even though a separate court has allowed other federal agencies to keep using Claude for now. CNBC reports: "In our view, the equitable balance here cuts in favor of the government," the appeals court said in its decision. "On one side is a relatively contained risk of financial harm to a single private company. On the other side is judicial management of how, and through whom, the Department of War secures vital AI technology during an active military conflict. For that reason, we deny Anthropic's motion for a stay pending review on the merits." With the split decisions by the two courts, Anthropic is excluded from DOD contracts but is able to continue working with other government agencies while litigation plays out. Defense contractors will be prohibited from using Claude in their work with the agency, but they can use it for other cases.

[...] In the ruling on Wednesday, the court acknowledged that Anthropic "will likely suffer some degree of irreparable harm absent a stay," but that the company's interests "seem primarily financial in nature." While the company claimed the DOD was standing in the way of its right to free speech, "Anthropic does not show that its speech has been chilled during the pendency of this litigation," the order said. Because of the harm Anthropic is likely to suffer, the appeals court said "substantial expedition is warranted."

An Anthropic spokesperson said in a statement after the ruling that the company is "grateful the court recognized these issues need to be resolved quickly" and that it's "confident the courts will ultimately agree that these supply chain designations were unlawful." "While this case was necessary to protect Anthropic, our customers, and our partners, our focus remains on working productively with the government to ensure all Americans benefit from safe, reliable AI," Anthropic said.

An anonymous reader quotes a report from The Drive: Farmers have been fighting John Deere for years over the right to repair their equipment, and this week, they finally reached a landmark settlement. While the agricultural manufacturing giant pointed out in a statement that this is no admission of wrongdoing, it agreed to pay $99 million into a fund for farms and individuals who participated in a class action lawsuit. Specifically, that money is available to those involved who paid John Deere's authorized dealers for large equipment repairs from January 2018. This means that plaintiffs will recover somewhere between 26% and 53% of overcharge damages, according to one of the court documents (PDF) -- far beyond the typical amount, which lands between 5% and 15%.

The settlement also includes an agreement by Deere to provide "the digital tools required for the maintenance, diagnosis, and repair" of tractors, combines, and other machinery for 10 years. That part is crucial, as farmers previously resorted to hacking their own equipment's software just to get it up and running again. John Deere signed a memorandum of understanding in 2023 that partially addressed those concerns, providing third parties with the technology to diagnose and repair, as long as its intellectual property was safeguarded. Monday's settlement seems to represent a much stronger (and legally binding) step forward. The report notes that a judge's approval of the settlement is still required but likely to happen. John Deere also faces another lawsuit by the U.S. FTC, accusing the company of forcing farmers to use its authorized dealer network and driving up their costs for parts and repairs.

alternative_right quotes a report from the New York Post: The CIA used a futuristic new tool called "Ghost Murmur" to find and rescue the second American airman who was shot down in southern Iran, The Post has learned. The secret technology uses long-range quantum magnetometry to find the electromagnetic fingerprint of a human heartbeat and pairs the data with artificial intelligence software to isolate the signature from background noise, two sources close to the breakthrough said. It was the tool's first use in the field by the spy agency -- and was alluded to Monday afternoon by President Trump and CIA Director John Ratcliffe at a White House briefing. "It's like hearing a voice in a stadium, except the stadium is a thousand square miles of desert," a source briefed on the program told The Post. "In the right conditions, if your heart is beating, we will find you." The relatively barren landscape made for "an ideal first operational use" of Ghost Murmur, the first source noted.

"Normally this signal is so weak that it can only be measured in a hospital setting with sensors pressed nearly against the chest," the source said. "But advances in a field known as quantum magnetometry -- specifically sensors built around microscopic defects in synthetic diamonds -- have apparently made it possible to detect these signals at dramatically greater distances."

"The capability is not omniscient. It works best in remote, low-clutter environments and requires significant processing time," this person added.

An anonymous reader quotes a report from TechCrunch: A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim's internet traffic to steal their passwords and access tokens, security researchers and government authorities warned on Tuesday. [...] The hacking group targeted unpatched routers made by MikroTik and TP-Link using previously disclosed vulnerabilities according to the U.K. government's cybersecurity unit NCSC and Lumen's research arm Black Lotus Labs, which released new details of the campaign Tuesday.

According to the researchers, the hackers were able to spy on large numbers of people over the course of several years by compromising their routers, many of which run outdated software, leaving them vulnerable to remote attacks without their owners' knowledge. The NCSC said that these operations are "likely opportunistic in nature, with the actor casting a wide net to reach many potential victims, before narrowing in on targets of intelligence interest as the attack develops." Per the researchers and government advisories, the Russian hackers hacked routers to modify the device's settings so that the victim's internet requests are surreptitiously passed to infrastructure run by the hackers. This allows the hackers to redirect victims to spoof websites under their control, then steal passwords and tokens that let the hackers log in to that victim's online accounts without needing their two-factor authentication codes.

Black Lotus Labs said that Fancy Bear compromised at least 18,000 victims in around 120 countries, including government departments, law enforcement agencies, and email providers across North Africa, Central America, and Southeast Asia. Microsoft, which also released details of the campaign on Tuesday, said in a blog post that its researchers identified over 200 organizations and 5,000 consumer devices affected by these hacking operations, including at least three government organizations in Africa. The Justice Department said Tuesday it neutralized compromised routers in the U.S. under court authorization. As the DOJ put it, the FBI "developed a series of commands to send to compromised routers" to collect evidence, reset settings, and prevent hackers from breaking back in.

An anonymous reader quotes a report from TorrentFreak: Following on the heels of the landmark Cox v. Sony ruling, the Supreme Court has vacated the contributory copyright infringement verdict against ISP Grande Communications, ordering the Fifth Circuit to reconsider its decision in light of the new precedent. [...] The order (PDF) effectively removes the case from the Supreme Court docket, urging the Fifth Circuit Court of Appeals to take another look at its decision in light of the new ruling.

Given the similarities between the two cases, it is no surprise that the Supreme Court came to this conclusion. It is now up to the Fifth Circuit to revisit whether Grande's conduct meets the intent threshold that was established in Cox. That is a significantly higher bar than the one applied in the original verdict, which found that continuing to provide service to known infringers was enough to establish material contribution.

The music companies previously said they sent over a million copyright infringement notices, but that Grande failed to terminate even a single subscriber account in response. However, without proof of active inducement, these absolute numbers carry less weight now. Whether this translates into a win for Grande on remand remains to be seen. For now, however, the original $47 million verdict is further away than ever.

LinkedIn is facing allegations that it quietly scans users' browsers for installed Chrome extensions. The German group Fairlinked e.V. goes so far as to claim that the site is "running one of the largest corporate espionage operations in modern history."

"The program runs silently, without any visible indicator to the user," the group says. "It does not ask for consent. It does not disclose what it is doing. It reports the results to LinkedIn's servers. This is not a one-time check. The scan runs on every page load, for every visitor." PCMag reports: This browser extension "fingerprinting" technique has been spotted before, but it was previously found to probe only 2,000 to 3,000 extensions. Fairlinked alleges that LinkedIn is now scanning for 6,222 extensions that could indicate a user's political opinions or religious views. For example, the extensions LinkedIn will look for include one that flags companies as too "woke," one that can add an "anti-Zionist" tag to LinkedIn profiles, and two others that can block content forbidden under Islamic teachings.

It would also be a cakewalk to tie the collected extension data to specific users, since LinkedIn operates as a vast professional social network that covers people's work history. Fairlinked's concern is that Microsoft and LinkedIn can allegedly use the data to identify which companies use competing products. "LinkedIn has already sent enforcement threats to users of third-party tools, using data obtained through this covert scanning to identify its targets," the group claims. However, LinkedIn claims that Fairlinked mischaracterizes a LinkedIn safeguard designed to prevent web scraping by browser extensions. "We do not use this data to infer sensitive information about members," the company says. "To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members' consent or otherwise violate LinkedIn's Terms of Service," LinkedIn adds.

[...] The statement goes on to allege that Fairlinked is from a developer whose account was previously suspended for web scraping. One of the group's board members is listed as "S.Morell," which appears to be Steven Morell, the founder of Teamfluence, a tool that helps businesses monitor LinkedIn activity. [...] Still, the Microsoft-owned site is facing some blowback for not clearly disclosing the browser extension scanning in LinkedIn's privacy policy. Fairlinked is soliciting donations for a legal fund to take on Microsoft and is urging the public to encourage local regulators to intervene.

An anonymous reader quotes a report from Reuters: A federal appeals court ruled on Monday that New Jersey gaming regulators cannot prevent Kalshi from allowing people in the state to use its prediction market to place financial bets on the outcome of sporting events. A three-judge panel of the Philadelphia-based 3rd U.S. Circuit Court of Appeals ruled 2-1 (PDF) in finding that the U.S. Commodity Futures Trading Commission has exclusive jurisdiction over the sports-related event contracts that Kalshi allows people to trade on its platform. The ruling marked the first time a federal appeals court has ruled on what has become the central issue in an escalating battle over the ability of state gaming regulators to police the activity of prediction market operators.

Kalshi and companies like it allow users to place trades and profit from predictions on events such as sports and elections. States argue that firms like Kalshi are operating without required state licenses, in violation of gaming laws, including bans on wagers by those under 21. Those states include New Jersey, which last year sent Kalshi a cease-and-desist letter stating that its listing of sports-related event contracts on its platform violated state gambling laws that prohibit betting on collegiate sports. Kalshi sued the state, arguing its event contracts qualify as "swaps," a type of derivative contract, that under the Commodity Exchange Act can only be regulated by the CFTC, which had granted the company a license to operate a designated contract market (DCM).

A lower-court judge had sided with New York-based Kalshi and issued a preliminary injunction, prompting New Jersey to appeal. But a majority of the judges on the 3rd Circuit panel concluded the Commodity Exchange Act likely preempted state law. "Kalshi's sports-related event contracts are swaps traded on a CFTC-licensed DCM, so the CFTC has exclusive jurisdiction," U.S. Circuit Judge David Porter wrote. The ruling was in line with the position advanced in other litigation by the CFTC under President Donald Trump's administration. The regulator last week sued Arizona, Connecticut and Illinois to prevent them from pursuing what it called unlawful efforts to regulate prediction markets.

OpenAI is proposing (PDF) sweeping policy changes to help manage the societal disruption caused by advanced AI, including taxes on automated labor, a public wealth fund, and experiments with a four-day workweek. The company said the policy document offered a series of "initial ideas" to address the risk of "jobs and entire industries being disrupted" by the adoption of AI tools. Business Insider reports: Among the core policy suggestions is a public wealth fund, which would see lawmakers and AI companies work together to invest in long-term assets linked to the AI boom, with returns distributed directly to citizens. Another is that the government should encourage and incentivize employers to experiment with four-day workweeks with no loss in pay and offer "benefits bonuses" tied to productivity gains from new AI tools.

The policy document also suggests lawmakers modernize the tax system and shift the tax base to corporate income and capital gains, rather than relying on labor income and payroll taxes that could be hit by a wave of AI-powered job losses. It also recommends taxes related to automated labor. OpenAI also called for the accelerated expansion of the US's electricity grid, which is already feeling the strain from a wave of data center construction and energy demand for training ever more powerful AI models.

An anonymous reader quotes a report from KrebsOnSecurity: An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021. Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the "Bundeskriminalamt" or BKA for short). The BKA said Shchukin and another Russian -- 43-year-old Anatoly Sergeevitsch Kravchuk -- extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage.

Germany's BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil, which pioneered the practice of double extortion -- charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data. Shchukin's name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang's activities. The government said the digital wallet tied to Shchukin contained more than $317,000 in ill-gotten cryptocurrency. The BKA believes Shchukin resides in Krasnodar, Russia, where he is from. "Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia," the BKA advised. "Travel behavior cannot be ruled out."

Russia's "great crackdown" on VPNs — and a clampdown on Telegram's messaging platform — had an unintended side effect, reports Bloomberg. It "triggered the widespread banking outage seen across the country this week, Telegram's billionaire founder Pavel Durov said." "Telegram was banned in Russia, yet 65 million Russians still use it daily via VPNs," Durov said Saturday in a post on Telegram. "The government has spent years trying to ban VPNs too. Their blocking attempts just triggered a massive banking failure; cash briefly became the only payment method nationwide yesterday." Attempts on Friday to limit VPN use could have sparked the disruption affecting banking apps, The Bell and other Russian media reported, citing industry sources who weren't identified.

The outage may have been caused by an overload in the filtering systems run by Russia's communications watchdog, according to the reports, with experts warning that major restrictions risk undermining network stability... Separately, payments for Apple Inc.'s app store and other services became unavailable in Russia from April 1, the US company said on its website, without saying why. Earlier, RBC newswire reported that the Digital Development Ministry had asked mobile operators to disable top-ups, which could help limit VPN use....

Durov, who's being investigated in Russia for allegedly aiding terrorist activity, compared the situation in his home country to Iran, where similar restrictions prompted widespread adoption of VPNs instead of the intended shift to state-backed messaging apps. "Welcome back to the Digital Resistance, my Russian brothers and sisters," said Durov, who has lived in Dubai and France in recent years. "The entire nation is now mobilized to bypass these absurd restrictions," he wrote, adding that Telegram would continue adapting to make its traffic harder to detect and block.

One crime ring scammed 2,000 elderly people of more than $27 million between 2021 and 2023 using tech support/bank impersonation/refund scams. "Victims were in their 70s and 80s," reports the U.S. Attorney's office for California's southern district. Victims were first told they'd received a refund (either online or via phone), but then told they'd been "over-refunded" a massive amount, and asked to return that amount.

But 42-year-old Jiandong Chen just admitted Thursday in a U.S. federal court that he was involved in the fraud and money laundering via cryptocurrency — pleading guilty to two charges with maximum penalties of 40 years in prison and a $1 million fine, plus 20 years in prison with a maximum fine of $500,000 or twice the amount laundered. "Chen, a Chinese national, is the second defendant charged in a five-defendant indictment." And what tripped him up seems to be that "Certain members of the conspiracy also did in-person pickups of money directly from victims..."

And so YouTube enters the story — when the scammers called pranksters with 1,790,000 subscribers to their "Trilogy Media" channel. In an elaborate three-hour video, the team of pranksters lured the scammer to a rented Airbnb where they're staging a fake funeral with a nun. (One of the men acting in the video remembers "we start doing a prayer... I'm holding the scammer's hand in my nun outfit...")

They convince the scammer to collect the cash from a dead man — "Is there anything you'd like to say to him?" Then there's demon voices. The scammer's victim resurrects from the dead. Did the cash mule bring holy water?

The end result was a video titled "CONFRONTING SCAMMERS WITH A FAKE FUNERAL (EPIC REACTIONS)". But two and a half years later, their "cash mule sting house" video has racked up over 1.3 million views, 22,000 likes, and 2,979 comments. ("This video is longer than Oppenheimer. Thanks for the laughs fellas.")

And the scammer is facing 60 years in prison.

A former U.S. spy spoke to The New Yorker about "years of clandestine work for the C.I.A. — which, he said, had 'prevented Iran from getting a nuke'." [Kevin] Chalker told me that, as he understood it, the Pentagon had suggested running commando operations to kill key Iranian scientists, as Israel subsequently did. But the C.I.A. proposed recruiting those scientists to defect, as U.S. spies had once courted Soviet physicists. Chalker paraphrased the agency's pitch: "We can debrief them and learn so much more — and, if they say no, then you can kill them." (A more senior agency official confirmed the broad strokes of his account.) The White House liked the agency's idea, and [president George W.] Bush authorized the C.I.A. to conduct clandestine operations to stop Iran from building a bomb. The C.I.A. program that Chalker described to me became publicly known in 2007, when the Los Angeles Times reported on the existence of an agency project called Brain Drain. But the details of the "invitations" to Iranian scientists have not previously been reported...

Chalker typically had about ten minutes to explain, as gently as possible, that he was from the C.I.A., that he had the power to secure the scientist and his family a comfortable new life in the U.S. — and that, if the offer was rejected, the scientist, regrettably, would be assassinated. (Chalker tried to emphasize the happier potential outcome.) Killing a civilian scientist would violate international law. The American government has denied ever doing it, and I found no evidence that the U.S. has carried out any such murders. A former senior agency official familiar with the Brain Drain project told me all that mattered was that Iranian scientists had believed they would be killed, regardless of whether the U.S. actually made good on the threat. And Israel had been conducting a campaign to assassinate Iranian scientists, which made the prospect of lethal reprisal highly plausible. Other former officials with knowledge of the project told me that the C.I.A. sometimes shared intelligence with Mossad which enabled its operatives to locate and kill a scientist. Such information exchanges were kept vague enough to preserve deniability if a more legalistic U.S. Administration later took office...

[Chalker] is confident that those who rebuffed him were, in fact, killed — one way or another... One of Chalker's colleagues told me that, against the backdrop of so many Israeli assassinations, Chalker's interactions with Iranian scientists could almost be considered humanitarian — he had been "throwing them a lifeline." Of the many scientists he approached, three-quarters ultimately agreed to coöperate.
Their 10,000-word article suggests Chalker may now be resentful the CIA didn't help him in a later unrelated lawsuit, noting it's "nearly unheard of for ex-spies to divulge their past activities."

But Chalker also says he "helped obtain pivotal information that laid the groundwork for more than a decade of American efforts to disrupt the Iranian nuclear-weapons program, from the Stuxnet cyberattacks, which occurred around 2010 [destroying 1,000 uranium-enriching centrifuges], to the Obama Administration's nuclear deal, in 2015, to the U.S. air strikes on Iranian atomic-energy facilities in the summer of 2025."

Amazon "must negotiate with a labor union representing some 5,000 workers at a company warehouse on Staten Island," reports Reuters, citing a ruling Wednesday from America's National Labor Relations Board (NLRB).

The union formed in 2022, according to the article, and "has been seeking to negotiate with Amazon over pay, working conditions and other matters." The NLRB said in its ruling that Amazon "has engaged in unfair labor practices" by refusing to bargain with the labor group or to recognize its legitimacy... Amazon said on Thursday it disagreed with the NLRB's ruling. "Representatives of the NLRB improperly influenced this election," the company said in a statement, suggesting it planned to appeal. "We're confident an unbiased court will overturn the original certification, and we look forward to the opportunity for our team to fairly voice their opinions." An appeal would likely preclude Amazon from having to comply with the NLRB's order while it makes its way through the courts...

Related to the Staten Island case, Amazon has argued that the NLRB itself is unconstitutional and sued to block the agency from ruling on it. The matter is still pending.
After forming independently, that union "has since aligned with the International Brotherhood of Teamsters," the article points out. The Teamsters represent 1.3 million American workers, according to a statement they issued this week, which also includes this quote from the president of Amazon Labor Union-e Local 1. "We are making history at Amazon, and we are doing it through undiluted worker power..."

Their statement adds that the ruling "came only one day after the union announced another historic victory that upheld Amazon Teamsters' right to strike."

A Rome court ruled that several Netflix price hikes in Italy were unlawful because the company's contracts didn't adequately explain or justify future pricing changes. As a result, Netflix has been ordered to issue refunds that could total roughly 500 euros for some long-term subscribers. Ars Technica reports: The lawsuit was brought by Italian consumer advocacy group Movimento Consumatori, which alleged that the price hikes violate the Consumer Code, Italian legislation that aims to protect consumer rights. The Consumer Code says it's unlawful for a "professional to unilaterally modify the clauses of the contract, or the characteristics of the product or service to be provided, without a justified reason indicated in the contract itself," according to a Google-provided translation.

The court's April 1 ruling determined that Netflix's contracts were required to explain in advance why prices or other terms might change in the future. Because the price hikes were found to be imposed without providing customers with valid justifications, the court ruled that the new prices are invalid and ordered Netflix to refund affected subscribers. This comes despite Netflix reportedly providing a 30-day advance notice of the higher fees and allowing customers to cancel their subscriptions to avoid price hikes.

The court gave Netflix 90 days to inform millions of current and former customers via email, mail, its website, and Italian newspapers of their right to refunds or else face a penalty of 700 euros per day, Italian newspaper Il Sole 24 Ore reported today. Per Italian law, price increases that Netflix has issued or will issue beyond April 2025 are legal. At that time, Netflix adjusted its terms to state that contract terms could one day change due to technological, security, or regulatory needs, to clarify clauses, or to provide changes to the service, Il Sole 24 Ore reported.

An anonymous reader quotes a report from Wired: Today at a hearing of the Colorado Senate Business, Labor, and Technology committee, lawmakers voted unanimously to move Colorado state bill SB26-090 -- titled Exempt Critical Infrastructure from Right to Repair -- out of committee and into the state senate and house for a vote. The bill modifies Colorado's Consumer Right to Repair Digital Electronic Equipment act, which was passed in 2024 and went into effect in January 2026. While the protections secured by that act are wide, the new SB26-090 bill aims to "exempt information technology equipment that is intended for use in critical infrastructure from Colorado's consumer right to repair laws."

The bill is supported by tech manufacturers like Cisco and IBM, according to lobbying disclosures. These are companies that have vested interests in manufacturing things like routers, server equipment, and computers and stand to profit if they can control who fixes their products and the tools, components, and software used to make those upgrades and repairs. They also cite cybersecurity concerns, saying that giving people access to the tools and systems they would need to repair a device could also enable bad actors to use those methods for nefarious means. (This is a common argument manufacturers make when opposing right-to-repair laws.)

[...] During the hearing, more than a dozen repair advocates spoke from organizations like Pirg, the Repair Association, and iFixit opposing the bill. YouTuber and repair advocate Louis Rossmann was there. The main problem, repair advocates say, is that the bill deliberately uses vague language to make the case for controlling who can fix their products. [...] The Colorado Labor and Technology committee advanced the bill, but it still needs to go through votes on the Colorado Senate and House floors before going into effect. Those votes may take place as early as next week. Regardless of how the bill goes in the state, it's likely that manufacturers will continue their push to alter or undo repair legislation in other states across the country. "The 'information technology' and 'critical infrastructure' thing is as cynical as you can possibly be about it," says Nathan Proctor, the leader of Pirg's US right-to-repair campaign. "It sounds scary to lawmakers, but it just means the internet."

The current wording of the bill "leaves it up to the manufacturers to determine which items they will need to provide repair tools and parts to owners and independent repairers and which ones they don't," says Danny Katz, executive director CoPIRG, the Colorado branch of the consumer advocate group Pirg. "This is a bad policy and would be a big step back for Coloradans' repair rights."

iFixit CEO Kyle Wiens said in the hearing: "There's a general principle in cybersecurity that obscurity is not security," iFixit CEO Kyle Wiens said in the hearing. "The money that's behind the scenes, that's what's driving the bill."

Tony Isaac shares a report from NPR: When it comes to using AI, it seems some lawyers just can't help themselves. Last year saw a rapid increase in court sanctions against attorneys for filing briefs containing errors generated by artificial intelligence tools. The most prominent case was that of the lawyers for MyPillow CEO Mike Lindell, who were fined $3,000 each for filing briefs containing fictitious, AI-generated citations. But as a cautionary tale, it doesn't seem to have had much effect. The numbers started taking off last year, and the rate is still increasing. He counts a total of more than 1,200 to date, of which about 800 are from U.S. courts. "I am surprised that people are still doing this when it's been in the news," says Carla Wale, associate dean of information & technology and director of the law library at the University of Washington School of Law. "Whatever the generative AI tool gives you -- as in, 'Look at these cases' -- you, under the rules of professional conduct, you have to read those cases. You have to read the cases to make sure what you are citing is accurate."

"I think that lawyers who understand how to effectively and ethically use generative AI replace lawyers who don't," she says. "That's what I think the future is."

An anonymous reader quotes a report from Ars Technica: Perplexity's AI search engine encourages users to go deeper with their prompts by engaging in chat sessions that a lawsuit has alleged are often shared in their entirety with Google and Meta without users' knowledge or consent. "This happened to every user regardless of whether or not they signed up for a Perplexity account," the lawsuit alleged, while stressing that "enormous volumes of sensitive information from both subscribed and non-subscribed users" are shared.

Using developer tools, the lawsuit found that opening prompts are always shared, as are any follow-up questions the search engine asks that a user clicks on. Privacy concerns are seemingly worse for non-subscribed users, the complaint alleged. Their initial prompts are shared with "a URL through which the entire conversation may be accessed by third parties like Meta and Google." Disturbingly, the lawsuit alleged, chats are also shared with personally identifiable information (PII), even when users who want to stay anonymous opt to use Perplexity's "Incognito Mode." That mode, the lawsuit charged, is a "sham."

"'Incognito' mode does nothing to protect users from having their conversations shared with Meta and Google," the complaint said. "Even paid users who turned on the 'Incognito' feature still had their conversations shared with Meta and Google, along with their email addresses and other identifiers that allowed Meta and Google to personally identify them." "Perplexity's failure to inform its users that their personal information has been disclosed to Meta and Google or to take any steps to halt the continued disclosure of users' information is malicious, oppressive, and in reckless disregard" of users' rights, the lawsuit alleged.

"Nothing on Perplexity's website warns users that their conversations with its AI Machine will be shared with Meta and Google," Doe alleged. "Much less does Perplexity warn subscribed users that its 'Incognito Mode' does not function to protect users' private conversations from disclosure to companies like Meta and Google."

An anonymous reader quotes a report from NPR: Responding to public health concerns about microplastics and pharmaceuticals in the nation's drinking water, the Trump administration for the first time has placed them on a draft list of contaminants maintained by the Environmental Protection Agency. The EPA announced the move Thursday, touting it as a "historic step" for the Make America Healthy Again, or MAHA, movement, which often raises concerns about toxic chemicals and plastic pollution in our food and environment. Also Thursday, the Department of Health and Human Services announced a $144 million initiative, called STOMP, to develop tools to measure and monitor microplastics in drinking water and in a later stage, to remove them.

The Safe Drinking Water Act requires the EPA to publish an updated version of its Contaminant Candidate List every five years. This is the sixth iteration of the list. Microplastics and pharmaceuticals appear in the draft of the upcoming list, alongside per- and polyfluoroalkyl substances, or PFAS, and dozens of other chemicals and microbes. Their inclusion on the list gives local regulators a tool to evaluate risks in their water supply, the EPA says, and it can set the stage for more research and regulatory action -- but doesn't actually guarantee that will happen.

schwit1 shares a report from the Kathmandu Post: In Nepal, helicopter rescue on high altitude is, by any measure, a genuine lifesaving operation. At high altitude, where oxygen thins and weather changes without warning, the ability to airlift a stricken trekker to Kathmandu within hours has saved countless lives. But threaded through that legitimate system, exploiting its urgency, its opacity, and its distance from oversight, is one of the most sophisticated insurance fraud networks in the world. Nepal's fake rescue scam is not new. The Kathmandu Post first exposed it in 2018. Months later, the government convened a fact-finding committee, produced a 700-page report, and announced reforms. In February 2019, The Kathmandu Post published a long investigative report. Last year, Nepal Police's Central Investigation Bureau reopened the file, and what they found is that the fraud did not stop -- instead it was growing.

The mechanics of the fake rescue racket are straightforward: stage a medical emergency, call in a helicopter, check a tourist into a hospital, and file an insurance claim that bears little resemblance to what actually happened. But the sophistication lies in how each link in the chain is compensated, and how difficult it is for a foreign insurer -- operating from Australia and the United Kingdom -- to verify events that occurred at 3,000 metres in a remote Himalayan valley. The CIB investigation identifies two primary methods for manufacturing an "emergency." The first involves tourists who simply don't want to walk back. After completing a demanding trek -- an Everest Base Camp trek, for instance, can take up to two weeks on foot -- guides offer an alternative: pretend to be sick, and a helicopter will come. The guide handles the rest. The second method is more troubling. At altitudes above 3,000 meters, mild symptoms of altitude sickness are common. Blood oxygen saturation can drop, hands and feet tingle, headaches develop. In most cases, rest, hydration or a gradual descent is all that is needed. But guides and hotel staff, according to the CIB investigation, have been trained to terrify trekkers at precisely this moment. They tell them they are at risk of dying, that only immediate evacuation will save them. In some cases, investigators found that Diamox (Acetazolamide) tablets, used to prevent altitude sickness, were administered alongside excessive water intake to induce the very symptoms that would justify a rescue call.

In at least one case cited in the investigation, baking powder was mixed into food to make tourists physically unwell. Once a "rescue" is called, the financial choreography begins. A single helicopter carries multiple passengers. But separate, full-price invoices are submitted to each passenger's insurance company, as if each had their own dedicated flight. A $4,000 charter becomes a $12,000 claim. Fake flight manifests and load sheets are fabricated. At the hospital, medical officers prepare discharge summaries using the digital signatures of senior doctors who were never involved in the case. In some cases, these are done without those doctors' knowledge. Fake admission records are created for tourists who were, in some documented instances, drinking beer in the hospital cafeteria at the time they were supposedly receiving treatment. In one case, an office assistant at Shreedhi Hospital admitted that he had provided his own X-ray report taken about a year ago at a different hospital, to be used as a case for treatment of foreign trekkers to claim insurance. The commission structure that holds the network together was described in detail during police interrogations. Hospitals pay 20 to 25 percent of the insurance payment to trekking companies and a further 20 to 25 percent to helicopter rescue operators in exchange for patient referrals. Trekking guides and their companies benefit from inflated invoices. In some cases, tourists themselves are offered cash incentives to participate.

Longtime Slashdot reader Elektroschock writes: When Ubisoft pulled the plug on The Crew's servers without warning, players were left with a worthless game they'd already paid for. Now, consumer watchdog UFC-Que Choisir is fighting back, demanding gamers' right to play regardless of publisher whims. Supported by the "Stop Killing Games" movement, this landmark case challenges unfair terms before the Creteil Judicial Court (Val-de-Marne near Paris), and aims to protect players from disappearing games. The lawsuit that UFC-Que Choisir filed against Ubisoft on Tuesday alleges that the video game publisher "misled consumers about the permanence of their purchase and imposed abusive contractual clauses stripping players of ownership rights," reports Reuters.

A top EU official is urging Europeans to work from home, drive less, and cut air travel as the bloc braces for a prolonged energy crisis triggered by the Gulf conflict. The European Commission is also pushing member states to accelerate renewables and other energy-security measures as oil and gas disruptions continue. Politico reports: In a speech with echoes of the early days of the coronavirus pandemic, EU energy chief Dan Jorgensen said Europe was facing a "very serious situation" with no clear end in sight. "Even if ... peace is here tomorrow, still we will not go back to normal in the foreseeable future," he said, following an extraordinary meeting of the EU's 27 energy ministers on Tuesday to discuss the crisis. "The more you can do to save oil, especially diesel, especially jet fuel, the better we are off," Jorgensen said, confirming an earlier report by POLITICO that Brussels wanted Europeans to travel less.

He urged member countries to follow the advice of the International Energy Agency, which he said included "work from home where possible, reduce highway speed limits by ten kilometers [an hour], encourage public transport, alternate private car access ... increase car sharing and adopt efficient driving practices." Longer term, he urged EU countries to double down on building more renewables, saying "this must be the time we finally turn the tide and truly become energy independent."

Australia is preparing possible court action against major social media platforms that are failing to enforce the country's social media ban on under-16s. "Three months after the ban came into effect, the eSafety Commissioner said it was probing Meta's Instagram and Facebook, Google's YouTube, Snapchat and TikTok for possible breaches of the law," reports Reuters. From the report: Communications Minister Anika Wells said the government was gathering evidence "so that the eSafety Commissioner can go to the Federal Court and win." "We have spent the summer building that evidence base of all the stories that no doubt you have all heard ... about how kids are getting around that," Wells told reporters in Canberra. The legal threat is a striking change of tone from a government which had hailed tech giants' shows of cooperation when the ban went live in December.

Under the Australian law, platforms must show they are taking reasonable steps to keep out underage users or face fines of up to $34 million per breach, something eSafety would need to pursue in a civil court. The regulator previously said it would only take enforcement action in cases of systemic noncompliance. But in its first comprehensive compliance report since the ban took effect, eSafety said measures taken by the platforms were substandard and it would make a decision about next steps by mid-year. "We are now moving âinto an enforcement stance," said commissioner Julie Inman Grant in a statement.

The regulator reported major compliance gaps, including platforms prompting children who had previously declared ages under 16 to do fresh age checks, allowing repeated attempts at age-assurance tests until a child got a result over 16 and poor pathways for people to report underage accounts. Some platforms did not use age-inference, which estimates age based on someone's online activity, and some only used age-assurance measures like photo-based checks after a user tried to change their age, rather than at sign-up. That made it "likely many Australian children aged under 16 have been able to create accounts on age-restricted social media platforms by simply declaring they are 16 or older", the regulator said. Nearly one-third of parents reported their under-16 child had at least one social media account after the ban took effect, of which two-thirds said the platform had not asked the child's age, it added.

An anonymous reader quotes a report from Reuters: The Trump administration on Monday issued a long-awaited proposed rule to open up retirement plans to alternative assets, paving the way for private equity and cryptocurrencies to be added to 401(k) accounts. The measure, announced by the U.S. Department of Labor, is intended to ease longstanding barriers to incorporating these less liquid and less transparent assets into American retirement plans. It follows an executive order from President Donald Trump last summer and could clear the way for alternative asset management firms to tap a large new source of capital.

Industry groups have argued private market investments can enhance long-term returns and diversification for retirement savers, while skeptics warn higher fees, complexity and limited liquidity could limit those gains and pose risks for retail investors. Some private market funds that are already available to wealthier individual investors have shown signs of strain in recent months. Private credit funds known as business development companies have seen a wave of withdrawals. Treasury Secretary Scott Bessent said the proposed rule was "an initial step" and aimed to be "mindful of the importance of protecting retirement assets."

The guidance lays out how plan trustees, who have a legal fiduciary duty to act in the best interest of members, can incorporate these assets. They would have to "objectively, thoroughly, and analytically consider, and make determinations on factors including performance, fees, liquidity, valuation, performance benchmarks, and complexity," the DOL said. Trustees who abide by them will be granted safe harbor that protects them from lawsuits, it added. The Supreme Court agreed earlier this year to hear one such case filed in 2019 by a former Intel employee claiming trustees made "imprudent" decisions by investing in hedge funds and private equity funds.

OkCupid and parent company Match Group settled an FTC case dating back to 2014 over allegations that the dating app shared users' photos and other personal data with a third party without proper disclosure or opt-out rights. Engadget reports: According to the FTC, OkCupid's privacy policy at the time noted that the company wouldn't share a user's personal information with others, except for some cases including "service providers, business partners, other entities within its family of businesses." However, the lawsuit accused OkCupid of sharing three million photos of its users to Clarifai, which the FTC claims is a "unrelated third party" that didn't fall under the allowed entities. On top of that, the lawsuit alleged that OkCupid didn't inform its users of this data sharing, nor give them a chance to opt out.

Moving forward, the settlement would "permanently prohibit" Match Group, which owns OkCupid, and Humor Rainbow, which operates OkCupid, from misrepresenting what kind of personal information it collects, the purpose for collecting the data and any consumer choices to prevent data collection. Even after the 2014 incident, OkCupid was found with security flaws that could've exposed user account info but, which were quickly patched in 2020.

An anonymous reader quotes a report from TorrentFreak: In an effort to gather material for its LLM training, Meta used BitTorrent to download pirated books from Anna's Archive and other shadow libraries. According to several authors, Meta facilitated the infringement of others by "seeding" these torrents. This week, the court granted the authors permission to add these claims to their complaint, despite openly scolding their counsel for "lame excuses" and "Meta bashing." [...] The judge acknowledged that the contributory infringement claim could and should have been added back in November 2024, when the authors amended their complaint to include the distribution claim. After all, both claims arise from the same factual allegations about Meta's torrenting activity.

"The lawyers for the named plaintiffs have no excuse for neglecting to add a contributory infringement claim based on these allegations back in November 2024," Judge Chhabria wrote. The lawyers of the book authors claimed that the delay was the result of newly produced evidence that had "crystallized" their understanding of Meta's uploading activity. However, that did not impress the judge. He called it a "lame excuse" and "a bunch of doubletalk," noting that if the missing discovery truly prevented the contributory claim from being added in November 2024, the same logic would have prevented the distribution claim from being added at that time as well. "Rather than blaming Meta for producing discovery late, the plaintiffs' lawyers should have been candid with the Court, explaining that they missed an issue in a case of first impression..," the order reads.

Judge Chhabria went further, noting that the authors' law firm, Boies Schiller, showed "an ongoing pattern" of distracting from its own mistakes by attacking Meta. He pointed specifically to the dispute over when Meta disclosed its fair use defense to the distribution claim, which we covered here recently, characterizing it as a false distraction. "The lawyers for the plaintiffs seem so intent on bashing Meta that they are unable to exercise proper judgment about how to represent the interests of their clients and the proposed class members," the order reads. Despite the criticism, Chhabria granted the motion. [...] For now, the case moves forward with a fourth amended complaint, three new loan-out companies added as named plaintiffs, and a growing list of BitTorrent-related claims for Judge Chhabria to resolve.

Their goal is to use biometric data and blockchain to build age-verification measures directly into disposable vape cartridges.

Wired reports on a partnership between vape/cartridge manufacturer Ispire Technology and regulatory consulting company Chemular (which specializes in the nicotine market) — which they've named "Ike Tech": [Using blockchain-based security, the e-cig cartridge] would use a camera to scan some form of ID and then also take a video of the user's face. Once it verifies your identity and determines you're old enough to vape, it translates that information into anonymized tokens. That info goes to an identity service like ID.me or Clear. If approved, it bounces back to the app, which then uses a Bluetooth signal to give the vape the OK to turn on.

"Everything is tokenized," [says Ispire CEO Michael Wang]. "As a result of this process, we don't communicate consumer personal private information." He says the process takes about a minute and a half... After that onetime check, the Bluetooth connection on the phone will recognize when the vape cartridge is nearby and keep it unlocked. Move the vape too far away from the phone, and it shuts off again. Based on testing, the companies behind Ike Tech claim this process has a 100 percent success rate in age verification, more or less calling the tech infallible. "The FDA told us it's the holy grail technology they were looking for," Wang says. "That's word-for-word what they said when we met with them...."

Wang says the goal is to implement additional features in the verification process, like geo-fencing, which would force the vape to shut off while near a school or on an airplane. In the future, the plan is to license this biometric verification tech to other e-cig companies. The tech may also grow to include fingerprint readers and expand to other product categories; Wang suggests guns, which have a long history of age-verification features not quite working.

The Wall Street Journal reports that Rivian "just won a yearslong battle with car dealers in Washington state that threatens the model of how cars are sold." After fighting to sell its vehicles directly to buyers, Rivian threatened to take its case to voters with a ballot measure to permit direct sales. The dealers blinked. The state's dealer lobby not only dropped its opposition to a sales loophole for Rivian and rival EV-maker Lucid, but also encouraged lawmakers to approve one. The measure became law this month...

New auto entrants like Rivian, and Tesla before it, have spent years contending with long-established U.S. state laws that require new cars to be sold through independent franchised dealers. The auto startups — typically makers of EVs — argue that they can offer a better experience by selling directly to consumers, much as Apple sells iPhones through its own stores and online. Rivian CEO RJ Scaringe has said the company is committed to direct-only sales because it's more profitable and gives the company control over how its vehicles are sold, marketed and maintained. The Washington compromise riled traditional automakers, including General Motors, Ford and Toyota, which lobbied against it, arguing it unfairly advantages startups. A trade group representing the automakers called it discriminatory and argued the exception could one day open the door to Chinese EV makers...

German automaker Volkswagen is currently facing several lawsuits from dealers over its plan to sell new Scout vehicles directly to consumers. Dealers say independent franchises are vital to the car-buying process, creating competition between dealerships that keeps prices affordable for consumers, while providing valuable services such as repairs, warranty work and financing... Yet for Washington's dealers, the prospect of putting franchise laws up for a popular vote laid bare a tough reality: given the choice, many car buyers want the freedom to avoid dealerships. Rivian's polling, which the company shared with lawmakers, showed nearly 70% of respondents favored allowing direct sales when asked whether they would support manufacturers selling cars directly to consumers...

The fight comes at a critical time for Rivian, which is launching a new, more affordable SUV in a bid to make consistent profits amid a downturn in U.S. EV sales... Rivian is able to directly sell cars in roughly half of U.S. states, but a number of them limit how many locations the company can operate. They can't disclose the price, though. For that, customers must go online.
The article notes that "Following the win, Rivian executives are eyeing other states that, like Washington, ban direct sales but also allow ballot initiatives: Arkansas, Ohio, Oklahoma, Montana, Nebraska and South Dakota..." It adds that lawmakers (from both parties) in the state of Washington had said "they have long felt pulled between giving consumers more car-buying freedom and protecting dealers, essentially small-business owners who are vital to local economies — and politically powerful."

But an executive at the Washington State Auto Dealers Association said dealers supported this new law partly because it protects them by barring future automakers from selling directly in the state, and by requiring Rivian and Lucid to adhere to the same regulations that govern how dealers operate.

Apple unveiled new device-level age restrictions in the UK on Wednesday. "After downloading a new update, users will now have to confirm that they are 18 or older to access unrestricted features," reports Gizmodo.

"Users will be able to confirm their age with a credit card or by scanning an ID." For those underage or who have not confirmed their age, Apple will turn on Web Content Filter and Communication Safety, which will not only restrict access to certain apps or websites, but will also monitor messages, shared photo albums, AirDrop, and FaceTime calls for nudity. Apple didn't specify exactly which services and features are banned for under-18 users, but it will likely be in compliance with UK legislation...

The British government does not require Apple and other OS providers to institute device-level age checks, but it does restrict minor access to online pornography under the Online Safety Act, which passed in 2023. So far, that restriction has only been implemented at the website level, but UK officials have been worried about easy loopholes to evade the age restrictions, like VPNs.

The broader tech industry has been campaigning for some time to use device-level age checks instead in response to the rising tide of under-16 social media and internet bans around the world. Last month, in a landmark social media trial in California, Meta CEO Mark Zuckerberg also supported this idea, saying that conducting age verification "at the level of the phone is just a lot clearer than having every single app out there have to do this separately." Pornhub-operator Aylo had advocated for device-level restrictions in the UK as well, and even sent out letters to Apple, Google, and Microsoft in November asking for OS-level age verification...

The most obvious question: Could this be brought stateside?

An anonymous reader quotes a report from Ars Technica: AOMedia Video 1 (AV1) was invented by a group of technology companies to be an open, royalty-free alternative to other video codecs, like HEVC/H.265. But a lawsuit that Dolby Laboratories Inc. filed this week against Snap Inc. calls all that into question with claims of patent infringement. Numerous lawsuits are currently open in the US regarding the use of HEVC. Relevant patent holders, such as Nokia and InterDigital, have sued numerous hardware vendors and streaming service providers in pursuit of licensing fees for the use of patented technologies deemed essential to HEVC.

It's a touch rarer to see a lawsuit filed over the implementation of AV1. The Alliance for Open Media (AOMedia), whose members include Amazon, Apple, Google, Microsoft, Mozilla, and Netflix, says it developed AV1 "under a royalty-free patent policy (Alliance for Open Media Patent License 1.0)" and that the standard is "supported by high-quality reference implementations under a simple, permissive license (BSD 3-Clause Clear License)."

Yet, Dolby's lawsuit filed in the US District Court for the District of Delaware [PDF] alleges that AV1 leverages technologies that Dolby has patented and has not agreed to license for free and without receiving royalties. The filing reads: "[AOMedia] does not own all patents practiced by implementations of the AV1 codec. Rather, the AV1 specification was developed after many foundational video coding patents had already been filed, and AV1 incorporates technologies that are also present in HEVC. Those technologies are subject to existing third-party patent rights and associated licensing obligations." Dolby is seeking a jury trial, a declaration that Dolby isn't obligated to license the patents in questions under FRAND (fair, reasonable, and non-discriminatory) licensing obligations, and for the court to enjoin Snap from further "infringement."

The European Commission is investigating a breach after a threat actor allegedly accessed at least one of its AWS cloud accounts and claimed to have stolen more than 350 GB of data, including databases and employee-related information. AWS says its own services were not breached. BleepingComputer reports: Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating. While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).

They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees. The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.

Austria plans to restrict under-14s from using social media platforms over concerns about addictive algorithms and harmful content. The government says draft legislation should be ready by the end of June, though details around enforcement and age verification have yet to be finalized. The BBC reports: Announcing the plans, Vice-Chancellor Andreas Babler of the Social Democrats said the government could not stand by and watch as social media made children "addicted and also often ill." He said it was the responsibility of politicians to protect children and argued that the issue should be treated no different to alcohol or tobacco: "There must be clear rules in the digital world too." In future, said Babler, children under 14 would be protected from algorithms that were addictive. "Other information providers have clear rules to protect young people from harmful content." These, he said, should now be implemented in the digital space. Yesterday, juries in two separate cases found social media giants liable for harming young people's mental health. The verdicts are being hailed as social media's Big Tobacco moment.

Further reading: California Bill Would Require Parent Bloggers To Delete Content of Minors On Social Media

An anonymous reader quotes a report from Reuters: Iran-linked hackers have broken into FBI Director Kash Patel's personal email inbox, publishing photographs of the director and other documents to the internet, the hackers and the bureau said on Friday. On their website, the hacker group Handala Hack Team said Patel "will now find his name among the list of successfully hacked victims." The hackers published a series of personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum.

The FBI confirmed that Patel's emails had been targeted. In a statement, bureau spokesman Ben Williamson said, "we have taken all necessary steps to mitigate potential risks associated with this activity" and that the data involved was "historical in nature and involves no government information." Handala, which presents itself as a group of pro-Palestinian vigilante hackers, is considered by Western researchers to be one of several personas used by Iranian government cyberintelligence units. [...] Alongside the photographs of Patel, the hackers published a sample of more than 300 emails, which appear to show a mix of personal and work correspondence dating between 2010 and 2019.

joshuark shares a report from BleepingComputer: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the past month. According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer that harvests a wide range of sensitive data.

[...] Both malicious LiteLLM versions have been removed from PyPI, with version 1.82.6 now the latest clean release. [...] If compromise is suspected, all credentials on affected systems should be treated as exposed and rotated immediately. [...] Organizations that use LiteLLM are strongly advised to immediately:

- Check for installations of versions 1.82.7 or 1.82.8
- Immediately rotate all secrets, tokens, and credentials used on or found within code on impacted devices.
- Search for persistence artifacts such as '~/.config/sysmon/sysmon.py' and related systemd services
- Inspect systems for suspicious files like '/tmp/pglog' and '/tmp/.pg_state'
- Review Kubernetes clusters for unauthorized pods in the 'kube-system' namespace
- Monitor outbound traffic to known attacker domains

A California bill would let adults demand the removal of social media posts about them that were created by paid family content creators when they were minors. Supporters say Senate Bill 1247 addresses privacy, dignity, and safety harms caused when parents monetize their children's lives online. The Los Angeles Times reports: The legislation would require the parent or other relative to delete or edit the content within 10 business days of receiving the notification. Petitioners could take civil action against those who fail to comply and statutory damages would be set at $3,000 for each day the content remained online. Sen. Steve Padilla (D-San Diego), who introduced the bill last month, said it would help protect the dignity and mental health of those who had their childhood shared on social media. The measure was referred to the Senate Privacy, Digital Technologies and Consumer Protection Committee and is slated for a hearing on April 6.

"The evolution of these applications and technology is incredible," Padilla said. "But it's changing our social dynamic and it's creating situations that, while very productive for some folks, also need some guardrails." The bill would build upon previous legislation from Padilla that was signed into law two years ago and requires content creators that feature minors in at least 30% of their material to place some of their earnings into a trust the children can access when they turn 18.

An anonymous reader quotes a report from CNN: A federal judge in California has indefinitely blocked the Pentagon's effort to "punish" Anthropic by labeling it a supply chain risk and attempting to sever government ties with the AI company, ruling that those measures ran roughshod over its constitutional rights. "Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government," US District Judge Rita Lin wrote in a stinging 43-page ruling.

Lin, an appointee of former President Joe Biden, said she would delay implementation of her ruling for one week to allow the government to appeal. But in her ruling, she made it clear she disapproved of the government's actions, which she said violated the company's First Amendment and due process rights. [...] "These broad measures do not appear to be directed at the government's stated national security interests," she wrote. "The Department of War's records show that it designated Anthropic as a supply chain risk because of its 'hostile manner through the press.'" "Punishing Anthropic for bringing public scrutiny to the government's contracting position is classic illegal First Amendment retaliation," she added. "We're grateful to the court for moving swiftly, and pleased they agree Anthropic is likely to succeed on the merits," an Anthropic spokesperson said after the ruling. "While this case was necessary to protect Anthropic, our customers, and our partners, our focus remains on working productively with the government to ensure all Americans benefit from safe, reliable AI."

An anonymous reader quotes a report from 404 Media: Apple provided the FBI with the real iCloud email address hidden behind Apple's 'Hide My Email' feature, which lets paying iCloud+ users generate anonymous email addresses, according to a recently filed court record. The move isn't surprising but still provides uncommon insight into what data is available to authorities regarding the Apple feature. The data was turned over during an investigation into a man who allegedly sent a threatening email to Alexis Wilkins, the girlfriend of FBI director Kash Patel.

"On or about February 28, 2026, Person 1 received an email from the email address peaty_terms_1o@icloud.com," the affidavit reads. Earlier on, the document explicitly says that Person 1 is Alexis Wilkins. [...] The affidavit says Apple then provided records that indicated the peaty_terms_1o@icloud.com email address was associated with an Apple account in the name of Alden Ruml. The records showed that account generated 134 anonymized email addresses, according to the affidavit.

Law enforcement agents later interviewed Ruml and he confirmed he had sent the email, the affidavit says. Ruml said he sent the email after reading a February 28 article about how the FBI was using its own resources to provide security to Wilkins. The specific article is not named or linked in the affidavit, but a New York Times article published that same day described how Patel ordered a team to ferry his girlfriend on errands and to events.

Elizabeth Warren and Josh Hawley are pressing the Energy Information Administration (EIA) to provide better information on how much electricity data centers actually use. In a joint letter sent to the EIA on Thursday, the two senators press the agency to publicly collect "comprehensive, annual energy-use disclosures" on data centers, saying it's "essential for accurate grid planning and will support policymaking to prevent large companies from increasing electricity costs for American families." Wired reports: In December, EIA administrator Tristan Abbey said at a roundtable that he expects the EIA "is going to be an essential player in providing objective data and analysis to policymakers" with respect to data centers. The agency announced on Wednesday that it would be conducting a voluntary pilot program to collect energy consumption information from nearly 200 companies operating data centers in Texas, Washington, and Virginia, which will cover "energy sources, electricity consumption, site characteristics, server metrics, and cooling systems."

While the senators praise the EIA pilot program, their letter includes several questions about how the agency plans to move forward with more data collection, such as whether or not the energy surveys will be mandatory and whether or not the EIA will collect information on behind-the-meter power. This information will be especially crucial, the senators say, to make sure that big tech companies that signed the agreement at the White House earlier this month pledging that consumers won't bear the costs of data center electricity use will stick to their promises. "Without this data, policymakers, utility companies, and local communities are operating in the dark," the senators write.

The EIA mandates that other industries, including oil and gas and manufacturing, provide regular data to the agency; Hawley and Warren assert that the EIA should be able to collect similar information from data centers under the same provision. The provision is broad enough, Peskoe says, that it could absolutely be interpreted to encompass data centers. Yesterday, Senator Bernie Sanders and Rep. Alexandria Ocasio-Cortez announced a bill that would "enact a reasonable pause to the development of AI to ensure the safety of humanity." It calls for a federal moratorium on AI data centers until stronger national safeguards are in place around safety, jobs, privacy, energy costs, and environmental impact.

Reddit is rolling out human-verification checks for accounts that show signs of bot-like behavior, while also labeling approved automated accounts that provide useful services. The social media company stressed that these checks will only happen if something appears "fishy," and that it is "not conducting sitewide human verification." TechCrunch reports: To identify potential bots, Reddit is using specialized tooling that looks at account-level signals and other factors -- like how quickly the account is attempting to write or post content. Using AI to write posts or comments, however, is not against its policies (though community moderators may set their own rules).

To verify an account is human, Reddit will leverage third-party tools like passkeys from Apple, Google, YubiKey, and other third-party biometric services, like Face ID or even Sam Altman's World ID -- or, in some countries, the use of government IDs. Reddit notes this last category may be required in some countries like the U.K. and Australia and some U.S. states, because of local regulations on age verification, but it's not the company's preferred method. "If we need to verify an account is human, we'll do it in a privacy-first way," Reddit co-founder and CEO Steve Huffman wrote in the announcement Wednesday. "Our aim is to confirm there is a person behind the account, not who that person is. The goal is to increase transparency of what is what on Reddit while preserving the anonymity that makes Reddit unique. You shouldn't have to sacrifice one for the other."

Longtime Slashdot reader JackSpratts writes: The Supreme Court unanimously said on Wednesday that a major internet provider could not be held liable for the piracy of thousands of songs online in a closely watched copyright clash. Music labels and publishers sued Cox Communications in 2018, saying the company had failed to cut off the internet connections of subscribers who had been repeatedly flagged for illegally downloading and distributing copyrighted music. At issue for the justices was whether providers like Cox could be held legally responsible and required to pay steep damages -- a billion dollars or more in Cox's case -- if they knew that customers were pirating music but did not take sufficient steps to terminate their internet access.

In its opinion released (PDF) on Wednesday, the court said a company was not liable for "merely providing a service to the general public with knowledge that it will be used by some to infringe copyrights." Writing for the court, Justice Clarence Thomas said a provider like Cox was liable "only if it intended that the provided service be used for infringement" and if it, for instance, "actively encourages infringement." Justice Sonia Sotomayor, joined by Justice Ketanji Brown Jackson, wrote separately to say that she agreed with the outcome but for different reasons. [...] Cox called the court's unanimous decision a "decisive victory" for the industry and for Americans who "depend on reliable internet service."

"This opinion affirms that internet service providers are not copyright police and should not be held liable for the actions of their customers," the company said.

A jury found Meta and YouTube negligent in a landmark social media addiction case, ruling that addictive design features such as infinite scroll and algorithmic recommendations harmed a young user and contributed to her mental health distress. The verdict awards $3 million in compensatory damages so far and could pave the way for more lawsuits seeking financial penalties and product changes across the social media industry. "Meta is responsible for 70 percent of that cost and YouTube for the remainder," notes The New York Times. "TikTok and Snap both settled with the plaintiff for undisclosed terms before the trial started." From the report: The bellwether case, which was brought by a now 20-year-old woman identified as K.G.M., had accused social media companies of creating products as addictive as cigarettes or digital casinos. K.G.M. sued Meta, which owns Instagram and Facebook, and Google's YouTube over features like infinite scroll and algorithmic recommendations that she claimed led to anxiety and depression.

The jury of seven women and five men will deliberate further to decide what further punitive damages the companies should pay for malice or fraud. The verdict in K.G.M.'s case -- one of thousands of lawsuits filed by teenagers, school districts and state attorneys general against Meta, YouTube, TikTok and Snap, which owns Snapchat -- was a major win for the plaintiffs. The finding validates a novel legal theory that social media sites or apps can cause personal injury. It is likely to factor into similar cases expected to go to trial this year, which could expose the internet giants to further financial damages and force changes to their products. The verdict also comes on the heels of a New Mexico jury ruling that found Meta liable for violating state law by failing to protect users of its apps from child predators.

Meta lost a child safety trial in New Mexico after a court found that its platforms failed to adequately protect children from exploitation and misled parents about app safety. According to Ars Technica, the jury on Tuesday "deliberated for only one day before agreeing that Meta should pay $375 million in civil damages..." While the jury declined to impose the maximum penalty New Mexico sought, which could have cost the company $2.2 billion, Meta may still face additional financial penalties and could be forced to make changes to its apps. From the report: The trial followed a 2023 lawsuit filed by New Mexico Attorney General Raul Torrez after The Guardian published a two-year investigation exposing child sex trafficking markets on Facebook and Instagram. Torrez's office then conducted an undercover investigation codenamed "Operation MetaPhile," in which officers posed as children on Facebook, Instagram, and WhatsApp. The jury heard that these fake profiles were "simply inundated with images and targeted solicitations" from child abusers, Torrez told CNBC in 2024. Ultimately, three men were arrested amid the sting for attempting to use Meta's social networks to prey on children. At trial, Mark Zuckerberg and Instagram chief Adam Mosseri testified that "harms to children, such as sexual exploitation and detriments to mental health, were inevitable on the company's platforms due to their vast user bases," The Guardian reported. Internal messages and documents, as well as testimony from child safety experts within and outside the company, showed that Meta repeatedly ignored warnings and failed to fix platforms to protect kids, New Mexico's AG successfully argued.

Perhaps most troubling to the jury, law enforcement and the National Center for Missing and Exploited Children also testified that Meta's reporting of crimes to children on its apps -- including child sexual abuse materials (CSAM) -- was "deficient," The Guardian reported. Rather than make it easy to trace harms on its platforms, the jury learned from frustrated cops that Meta "generated high volumes of 'junk' reports by overly relying on AI to moderate its platforms." This made its reporting "useless" and "meant crimes could not be investigated," The Guardian reported.

Celebrating the win as a "historic victory," Torrez told CNBC that families had previously paid the price for "Meta's choice to put profits over kids' safety." "Meta executives knew their products harmed children, disregarded warnings from their own employees, and lied to the public about what they knew," Torrez said. "Today the jury joined families, educators, and child safety experts in saying enough is enough." Meta said the company plans to appeal the verdict. "We respectfully disagree with the verdict and will appeal," Meta's spokesperson said. "We work hard to keep people safe on our platforms and are clear about the challenges of identifying and removing bad actors or harmful content. We will continue to defend ourselves vigorously, and we remain confident in our record of protecting teens online."