OpenAI, the company behind ChatGPT, is exploring whether users should be allowed to create AI-generated pornography and other explicit content with its products. From a report:While the company stressed that its ban on deepfakes would continue to apply to adult material, campaigners suggested the proposal undermined its mission statement to produce "safe and beneficial" AI. OpenAI, which is also the developer of the DALL-E image generator, revealed it was considering letting developers and users "responsibly" create what it termed not-safe-for-work (NSFW) content through its products. OpenAI said this could include "erotica, extreme gore, slurs, and unsolicited profanity."

It said: "We're exploring whether we can responsibly provide the ability to generate NSFW content in age-appropriate contexts ... We look forward to better understanding user and societal expectations of model behaviour in this area." The proposal was published as part of an OpenAI document discussing how it develops its AI tools. Joanne Jang, an employee at the San Francisco-based company who worked on the document, told the US news organisation NPR that OpenAI wanted to start a discussion about whether the generation of erotic text and nude images should always be banned from its products. However, she stressed that deepfakes would not be allowed.

An anonymous reader quotes a report from MIT Technology Review: Once a week, Sun Kai has a video call with his mother. He opens up about work, the pressures he faces as a middle-aged man, and thoughts that he doesn't even discuss with his wife. His mother will occasionally make a comment, like telling him to take care of himself -- he's her only child. But mostly, she just listens. That's because Sun's mother died five years ago. And the person he's talking to isn't actually a person, but a digital replica he made of her -- a moving image that can conduct basic conversations. They've been talking for a few years now. After she died of a sudden illness in 2019, Sun wanted to find a way to keep their connection alive. So he turned to a team at Silicon Intelligence, an AI company based in Nanjing, China, that he cofounded in 2017. He provided them with a photo of her and some audio clips from their WeChat conversations. While the company was mostly focused on audio generation, the staff spent four months researching synthetic tools and generated an avatar with the data Sun provided. Then he was able to see and talk to a digital version of his mom via an app on his phone.

"My mom didn't seem very natural, but I still heard the words that she often said: 'Have you eaten yet?'" Sun recalls of the first interaction. Because generative AI was a nascent technology at the time, the replica of his mom can say only a few pre-written lines. But Sun says that's what she was like anyway. "She would always repeat those questions over and over again, and it made me very emotional when I heard it," he says. There are plenty of people like Sun who want to use AI to preserve, animate, and interact with lost loved ones as they mourn and try to heal. The market is particularly strong in China, where at least half a dozen companies are now offering such technologies and thousands of people have already paid for them. In fact, the avatars are the newest manifestation of a cultural tradition: Chinese people have always taken solace from confiding in the dead.

The technology isn't perfect -- avatars can still be stiff and robotic -- but it's maturing, and more tools are becoming available through more companies. In turn, the price of "resurrecting" someone -- also called creating "digital immortality" in the Chinese industry -- has dropped significantly. Now this technology is becoming accessible to the general public. Some people question whether interacting with AI replicas of the dead is actually a healthy way to process grief, and it's not entirely clear what the legal and ethical implications of this technology may be. For now, the idea still makes a lot of people uncomfortable. But as Silicon Intelligence's other cofounder, CEO Sima Huapeng, says, "Even if only 1% of Chinese people can accept [AI cloning of the dead], that's still a huge market."

Google announced on Tuesday that it will be exiting One Market Plaza, a prominent office complex in San Francisco that it had been occupying since 2018. The company's lease for the 300,000-square-foot-office will expire next April. The San Francisco Chronicle reports: Many of Google's employees are already working outside of the giant waterfront office, in light of the company's flexible approach to office attendance. As one of the city's largest office properties and a prominent feature on its skyline, the 1.6-million-square-foot One Market Plaza complex features two high-rise towers and a 11-story office annex building known as the Landmark." Ryan Lamont, a spokesperson for Google, said the company will be moving out of One Market's Spear Tower, but will continue to occupy the smaller Landmark building. He declined to comment on how long Google plans to remain in the latter." As we've said before, we're focused on investing in real estate efficiently to meet the current and future needs of our hybrid workforce," Lamont said in an email to the Chronicle. "We remain committed to our long-term presence in San Francisco."

Real estate market participants who spoke with the Chronicle indicated that Google plans to consolidate much of its operations from One Market to nearby 345 Spear St., where the company leases about 400,000 square feet. These individuals said that Google will likely renew its lease at that property once it expires next year.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission clarified its net neutrality rules to prohibit more kinds of fast lanes. While the FCC voted to restore net neutrality rules on April 25, it didn't release the final text of the order until yesterday. The final text (PDF) has some changes compared to the draft version released a few weeks before the vote.

Both the draft and final rules ban paid prioritization, or fast lanes that application providers have to pay Internet service providers for. But some net neutrality proponents raised concerns about the draft text because it would have let ISPs speed up certain types of applications as long as the application providers don't have to pay for special treatment. The advocates wanted the FCC to clarify its no-throttling rule to explicitly prohibit ISPs from speeding up applications instead of only forbidding the slowing of applications down. Without such a provision, they argued that ISPs could charge consumers more for plans that speed up specific types of content. [...]

"We clarify that a BIAS [Broadband Internet Access Service] provider's decision to speed up 'on the basis of Internet content, applications, or services' would 'impair or degrade' other content, applications, or services which are not given the same treatment," the FCC's final order said. The "impair or degrade" clarification means that speeding up is banned because the no-throttling rule says that ISPs "shall not impair or degrade lawful Internet traffic on the basis of Internet content, application, or service." The updated language in the final order "clearly prohibits ISPs from limiting fast lanes to apps or categories of apps they select," leaving no question as to whether the practice is prohibited, said Stanford Law professor Barbara van Schewick.

Under the original plan, "there was no way to predict which kinds of fast lanes the FCC might ultimately find to violate the no-throttling rule," she wrote. "This would have given ISPs cover to flood the market with various fast-lane offerings, arguing that their version does not violate the no-throttling rule and daring the FCC to enforce its rule. The final order prevents this from happening."

Smart home device maker Brilliant has laid off most of its staff and is seeking a buyer after failing to secure funding, CEO Aaron Emigh told The Verge. The company has shut down its support center and halted sales of its smart light switches and controllers, which integrate with various smart home platforms. Emigh said existing devices will continue to function, but their long-term functionality remains uncertain. Founded in 2016, Brilliant aimed to simplify smart home control but struggled with high prices, interoperability issues, and slower-than-expected market growth. The company raised $60 million in funding over eight years.

Researchers should not be using tools like ChatGPT to automatically peer review papers, warned organizers of top AI conferences and academic publishers worried about maintaining intellectual integrity. From a report: With recent advances in large language models, researchers have been increasingly using them to write peer reviews -- a time-honored academic tradition that examines new research and assesses its merits, showing a person's work has been vetted by other experts in the field. That's why asking ChatGPT to analyze manuscripts and critique the research, without having read the papers, would undermine the peer review process. To tackle the problem, AI and machine learning conferences are now thinking about updating their policies, as some guidelines don't explicitly ban the use of AI to process manuscripts, and the language can be fuzzy.

The Conference and Workshop on Neural Information Processing Systems (NeurIPS) is considering setting up a committee to determine whether it should update its policies around using LLMs for peer review, a spokesperson told Semafor. At NeurIPS, researchers should not "share submissions with anyone without prior approval" for example, while the ethics code at the International Conference on Learning Representations (ICLR), whose annual confab kicked off Tuesday, states that "LLMs are not eligible for authorship." Representatives from NeurIPS and ICLR said "anyone" includes AI, and that authorship covers both papers and peer review comments. A spokesperson for Springer Nature, an academic publishing company best known for its top research journal Nature, said that experts are required to evaluate research and leaving it to AI is risky.

Researchers have hailed another "leap forward" for AI after Google DeepMind unveiled the latest version of its AlphaFold program, which can predict how proteins behave in the complex symphony of life. From a report: The breakthrough promises to shed fresh light on the biological machinery that underpins living organisms and drive breakthroughs in fields from antibiotics and cancer therapy to new materials and resilient crops. "It's a big milestone for us," said Demis Hassabis, the chief executive of Google DeepMind and the spin-off, Isomorphic Labs, which co-developed AlphaFold3. "Biology is a dynamic system and you have to understand how properties of biology emerge through the interactions between different molecules."

Earlier versions of AlphaFold focused on predicting the 3D structures of 200m proteins, the building blocks of life, from their chemical constituents. Knowing what shape a protein takes is crucial because it determines how the protein will function -- or malfunction -- inside a living organism. AlphaFold3 was trained on a global database of 3D molecular structures and goes a step further by predicting how proteins will interact with the other molecules and ions they encounter. When asked to make a prediction, the program starts with a cloud of atoms and steadily reshapes it into the most accurate predicted structure. Writing in Nature, the researchers describe how AlphaFold3 can predict how proteins interact with other proteins, ions, strands of genetic code, and smaller molecules, such as those developed for medicines. In tests, the program's accuracy varied from 62% to 76%.

Full repairs to three submarine internet cables damaged in the Red Sea in February are being held up by disputes over who controls access to infrastructure in Yemeni waters. From a report: The Yemeni government has granted permits for the repair of two out of three cables, but refused the third because of a dispute with one of the cable's consortium members. Repairs to the Seacom and EIG cables have been approved, but the consortium that runs AAE-1, which includes telecommunications company TeleYemen, was not granted a permit by Yemen's internationally recognized government, according to documents seen by Bloomberg.

Three out of more than a dozen cables that run through the Red Sea, a critical route for connecting Europe's internet infrastructure to Asia's, were knocked offline by the Houthi-sunk Rubymar vessel in late February. Although the telecommunications data that passes along the damaged cables was re-routed, the incident highlighted the vulnerability of critical subsea infrastructure and the challenges of making repairs in a conflict zone. The dispute over the third cable derives from the split political control of TeleYemen, the country's sole telecommunications provider, a reflection of the country's broader geopolitical divisions.

An anonymous reader quotes a report from the Washington Post: A key supplier to the Pentagon and U.S. intelligence agencies is building a $20 million supercomputer with buzzy chipmaker Nvidia to speed deployment of artificial intelligence capabilities across the U.S. federal government, the MITRE think tank said Tuesday. MITRE, a federally funded, not-for-profit research organization that has supplied U.S. soldiers and spies with exotic technical products since the 1950s, says the project could improve everything from Medicare to taxes. "There's huge opportunities for AI to make government more efficient," said Charles Clancy, senior vice president of MITRE. "Government is inefficient, it's bureaucratic, it takes forever to get stuff done. ... That's the grand vision, is how do we do everything from making Medicare sustainable to filing your taxes easier?" [...] The MITRE supercomputer will be based in Ashburn, Va., and should be up and running late this year. [...]

Clancy said the planned supercomputer will run 256 Nvidia graphics processing units, or GPUs, at a cost of $20 million. This counts as a small supercomputer: The world's fastest supercomputer, Frontier in Tennessee, boasts 37,888 GPUs, and Meta is seeking to build one with 350,000 GPUs. But MITRE's computer will still eclipse Stanford's Natural Language Processing Group's 68 GPUs, and will be large enough to train large language models to perform AI tasks tailored for government agencies. Clancy said all federal agencies funding MITRE will be able to use this AI "sandbox." "AI is the tool that is solving a wide range of problems," Clancy said. "The U.S. military needs to figure out how to do command and control. We need to understand how cryptocurrency markets impact the traditional banking sector. ... Those are the sorts of problems we want to solve."

"With all the improvements in car safety over the decades, the recent addition of a plethora of high tech sensors and warnings comes with increased costs," writes longtime Slashdot reader smooth wombat. "And not just to have to have them on your car. Any time you get into an accident, even a minor one, it will most likely require a detailed examination of any sensors which may have been affected and their subsequent realignment, replacement, and calibration." CNN reports: Some vehicles require "dynamic calibration," which means, once the sensors and cameras are back in place, a driver needs to take the vehicle out on real roads for testing. With proper equipment attached the car can, essentially, recalibrate itself as it watches lane lines and other markers. It requires the car to be driven for a set distance at a certain speed but weather and traffic can create problems. "If you're in Chicago or L.A., good luck getting to that speed," said [Hami Ebrahimi, chief commercial officer at Caliber] "or if you're in Seattle or Chicago or New York, with snow, good luck picking up all the road markings."

More commonly, vehicles need "static calibration," which can be done using machinery inside a closed workshop with a flat, level floor. Special targets are set up around the vehicle at set distances according to instructions from the vehicle manufacturer. "The car [views] those targets at those specific distances to recalibrate the world into the car's computer," Ebrahimi said. These kinds of repairs also demand buildings with open space that meet requirements including specific colors and lighting. And it requires special training for employees to perform these sorts of recalibrations, he said

"The change that we've seen in the last five years is greater than we've seen, probably, in the last five decades," said Todd Dillender, chief operating officer of Caliber Collision, one of the biggest auto body repair companies in the United States with more than 1,700 locations across 41 states. [...] With a rapidly changing industry, qualified auto body repair technicians are in short supply, just as they are in the engine repair business. That's also led to upward pressure on pay in the industry as technicians have to be highly qualified and educated, Dillender said. That's good for people who work in the industry, of course, but tougher for those who pay, and for the insurance companies who, in turn, pay for the repairs. A new study from consumer automotive group AAA says the cost to fix sensors and cameras in new vehicles "now accounts for more than a third of the post-crash repair costs," reports CNN. However, "no one, including AAA, recommends not getting these features because of repair costs," since many of them can cut crash rates in half and improve a car's overall safety.

"They're not going to prevent everything," said Greg Brannon, director of automotive engineering at AAA. "And when you are in a crash, there are additional costs so it's sort of the old 'there's no free ride' when it comes to these things."

An anonymous reader quotes a report from Wired: Amazon plans to start flying delivery drones in Arizona this year -- but don't count on them to bring you a refreshing drink on a hot day. The hexacopter can't operate when temperatures top 104 degrees Fahrenheit, or 40 degrees Celsius, the company says, and average daily highs exceed that for three months of the year in Tolleson, the city outside Phoenix where Amazon is preparing to offer aerial deliveries from inside a 7.5-mile radius. The drones can't help with midnight snacks either, because they'll be grounded after sunset. Potentially being inoperable for a quarter of the year might make launching drone deliveries in Tolleson and neighboring desert communities seem like an odd choice. It's far from the first challenge faced by Amazon's much-delayed drone project. The unit is years behind its goals of flying items to customers in under an hour on a regular basis, and a one-time target of 500 million deliveries by 2030 seems distant. Amazon Prime Air has completed just thousands of deliveries, falling behind rivals; Alphabet subsidiary Wing has notched hundreds of thousands of delivery flights and Walmart more than 20,000.

In the California wine country town of Lockeford, where Amazon initially launched drone deliveries, some residents told WIRED last year that they ordered only because Amazon lured them with gift cards. In Arizona, it could be discouraging not being able to rely on drones during those hours when one might not want to venture too far from the comfort of air conditioning. [...] That temperature and other environmental conditions could ground or hamper the drone industry has been known for years. A team from University of Calgary's geography department estimated that on average across the world, drones with limitations similar to Amazon's, including from weather and daylight, would be limited to flying about 2 hours a day. In the world's 100 most populous cities, the average daily flight time would be 6 hours. "Weather is an important and poorly resolved factor that may affect ambitions to expand drone operations," they wrote in a study published in 2021. Heat, in particular, forces motors to work harder to keep drones aloft, and their batteries are only so powerful.

Wayve, a UK-based AI firm focused on developing self-driving car technology, has secured a record $1.05 billion in funding, with Microsoft and Nvidia participating in the round led by SoftBank. According to the BBC, this investment is the largest for an AI company in Europe. The BBC reports: Wayve says the funding will allow it to help build the autonomous cars of the future. [...] Wayve is developing technology intended to power future self-driving vehicles by using what it calls "embodied AI." Unlike AI models carrying out cognitive or generative tasks such as answering questions or creating pictures, this new technology interacts with and learns from real-world surroundings and environments. "[The investment] sends a crucial signal to the market of the strength of the UK's AI ecosystem, and we look forward to watching more AI companies here thrive and scale," said Wayve head Alex Kendall.

An anonymous reader quotes a report from Ars Technica: In a major shake-up of its chip roadmap, Apple has announced a new M4 processor for today's iPad Pro refresh, barely six months after releasing the first MacBook Pros with the M3 and not even two months after updating the MacBook Air with the M3. Apple says the M4 includes "up to" four high-performance CPU cores, six high-efficiency cores, and a 10-core GPU. Apple's high-level performance estimates say that the M4 has 50 percent faster CPU performance and four times as much graphics performance. Like the GPU in the M3, the M4 also supports hardware-accelerated ray-tracing to enable more advanced lighting effects in games and other apps. Due partly to its "second-generation" 3 nm manufacturing process, Apple says the M4 can match the performance of the M2 while using just half the power.

As with so much else in the tech industry right now, the M4 also has an AI focus; Apple says it's beefing up the 16-core Neural Engine (Apple's equivalent of the Neural Processing Unit that companies like Qualcomm, Intel, AMD, and Microsoft have been pushing lately). Apple says the M4 runs up to 38 trillion operations per second (TOPS), considerably ahead of Intel's Meteor Lake platform, though a bit short of the 45 TOPS that Qualcomm is promising with the Snapdragon X Elite and Plus series. The M3's Neural Engine is only capable of 18 TOPS, so that's a major step up for Apple's hardware. Apple's chips since 2017 have included some version of the Neural Engine, though to date, those have mostly been used to enhance and categorize photos, perform optical character recognition, enable offline dictation, and do other oddities. But it may be that Apple needs something faster for the kinds of on-device large language model-backed generative AI that it's expected to introduce in iOS and iPadOS 18 at WWDC next month. A separate report from the Wall Street Journal says Apple is developing a custom chip to run AI software in datacenters. "Apple's server chip will likely be focused on running AI models, also known as inference, rather than in training AI models, where Nvidia is dominant," reports Reuters.

Further reading: Apple Quietly Kills the Old-school iPad and Its Headphone Jack

The Pixel 8A is officially here. The 8A gets Google's latest processor, adds a bunch of new AI features, and still starts at $499 in the US. But the very best news is that the 8A adopts the Pixel 8 and 8 Pro's seven years of software support, which is just unheard of in a midrange phone. From a report: The 8A retains the same general shape and size as its predecessor. But its 6.1-inch screen gets a couple of significant updates: the top refresh rate is now 120Hz, up from 90Hz, and the panel gets up to 40 percent brighter, up to 2,000 nits in peak brightness mode. They're important upgrades, especially since the 8A's main competition in the US, the OnePlus 12R, comes with an excellent display.

It comes with the same generative AI photo and video features that made a splash on the Pixel 8 and 8 Pro, including Best Take, Magic Editor, and Audio Magic Eraser. Circle to Search is also available, and the 8A will be able to run Google's mobile-optimized on-device AI model, Gemini Nano. As on the Pixel 8, it'll be a developer option delivered via feature drop. Other specs are either unchanged or slightly boosted compared to the last generation. There's still 8GB of RAM and 128GB of storage, though there's now a 256GB option. Camera hardware is unchanged from the 7A, including a stabilized 64-megapixel main sensor. There's an IP67 rating, consistent with the 7A, and battery capacity is a little higher at 4,492mAh compared to 4,385mAh. Wireless charging is available via Qi 1.3 at up to 7.5W -- no Qi2 here.

Motional, the autonomous vehicle startup borne out of a $4 billion joint venture between Hyundai and automotive supplier Aptiv, will pause its commercial operations and delay plans to launch a driverless taxi service as it undergoes a restructuring, TechCrunch reported Tuesday. From a report: The aim is make progress on the core technology and the business model, while preserving capital, according to sources familiar with the changes. Motional has pushed its plan to launch a commercial driverless robotaxi service with its second-generation AV -- the Hyundai Ioniq 5 -- to 2026, two years later than planned.

The company told employees Tuesday during an all-hands meeting that the changes will include layoffs, but did not provide a figure of how many people would be affected, according to sources who spoke to TechCrunch on condition of anonymity. Motional began notifying employees if they were laid off shortly after the meeting ended. The company employed more than 1,300 people prior to a 5% cut in workforce in March 2024. Motional will halt its commercial operations, which today includes taxi rides in autonomous Hyundai Ioniq 5 vehicles in Las Vegas via the Uber and Lyft network. The company will also end deliveries for Uber Eats customers in Santa Monica using its autonomous vehicles. A human safety operator is behind the wheel in all of its commercial operations.

Microsoft has deployed a generative AI model entirely divorced from the internet, saying US intelligence agencies can now safely harness the powerful technology to analyze top-secret information. From a report: It's the first time a major large language model has operated fully separated from the internet, a senior executive at the US company said. Most AI models including OpenAI's ChatGPT rely on cloud services to learn and infer patterns from data, but Microsoft wanted to deliver a truly secure system to the US intelligence community.

Spy agencies around the world want generative AI to help them understand and analyze the growing amounts of classified information generated daily, but must balance turning to large language models with the risk that data could leak into the open -- or get deliberately hacked. Microsoft has deployed the GPT4-based model and key elements that support it onto a cloud with an "air-gapped" environment that is isolated from the internet, said William Chappell, Microsoft's chief technology officer for strategic missions and technology.

The Register provides a retrospective look at how Microsoft "absorbed the handset division of Nokia" ten years ago, only to kill the unit two years later and write it off as a tax loss. What went wrong? "It was a fatal combination of bad management, a market evolving in ways hidebound people didn't predict, and some really (with a few superb exceptions) terrible products," reports The Register. From the report: Like Nokia, Windows Mobile's popularity peaked in 2007, then started to drop away. The iPhone was the tech item of choice for fashionistas, Blackberry was seen as essential for serious business, and Android -- with Google as its new owner -- was gaining traction. Microsoft by that time had a new CEO in Steve Ballmer, who completely and famously failed to see the shifting sands in the mobile market. He dismissed the iPhone as a threat to what he thought was Windows Mobile's unassailable market position, and was roundly mocked for it. So the scene was set for a mobile standards war, and Steve Ballmer staked his professional pride on winning it. Microsoft recruited Nokia to help out. [...]

Under [Executive VP of Microsoft Stephen Elop's] leadership, a closer working relationship with Microsoft was a given -- but in 2013 Redmond announced it was going the whole hog and buying Nokia's handset business outright for $7.2 billion. The deal was done in April 2014, a decade ago from today. Microsoft also got a ten-year license on Nokia's patents and the option to renew in perpetuity. It also got Elop back, as executive vice president of the Microsoft Devices Group. That meant stepping down as CEO of Nokia, for which he trousered an 18.8 million bonus package -- a payoff the Finnish prime minister at the time called "outrageous." Nokia retained its networking business in Finland. It purchased Siemens' half of the Nokia Siemens Networks joint venture and renamed in Nokia Networks. The Nokia board rolled the dice again on hiring another non-Suomi manager, Rajeev Suri, and this time hit a double D20 in D&D terms.

When Ballmer stepped down from the helm at Microsoft in 2014 -- shortly before the Nokia deal completion -- he left a hot mess to deal with. His plan had been to develop the mobile operating system in conjunction with Windows 10, and Windows Mobile 10 was supposed to be a part of a unified code environment. While Windows 10 on the desktop wasn't a bad operating system, Windows Mobile 10 really was. The promised synergy just didn't happen -- it was power-hungry, clunky, and about as popular as a rattlesnake in a pinata. It was this mess that Satya Nadella faced when he took over the reins. Nadella was never very keen on the phone platform and spent more time in press conferences talking about cricket or the cloud than Microsoft's mobile ambitions. It was clear to all that this really wasn't working. Elop was laid off by Redmond a year later.

It was clear that Windows Mobile wasn't going to work. Android and iOS were drinking Microsoft's milkshake, and Redmond realized the game was up. Microsoft started shedding mobile jobs -- both in Finland and Redmond. While mobile was still publicly touted as the way forward for Microsoft with Ballmer gone, the impetus wasn't there and support for the mobile OS shriveled. In 2015 Microsoft declared it was writing off $7.6 billion on the Phone Hardware division as "goodwill and asset impairment charges" -- $400 million more than it had originally paid for the Finnish firm. Nokia bought European networking giant Alcatel-Lucent in a $16.7 billion deal in 2015. Around the same time, Suri announced a move into tablets, since it had a non-compete agreement with Microsoft on mobiles. Meanwhile a bunch of former Nokia execs who'd fled Elop and Microsoft had started a mobile biz of their own: HMD. It was Finnish, but outsourced production to Foxconn in China, and was planning to make cheapish Android devices. In 2016 Microsoft sold its mobile hardware arm to HMD for an undisclosed -- but probably not large -- sum. Nadella clearly wanted out of the whole business and the Finnish startup concentrated on selling good-enough Android smartphones to Nokia's traditional cheap markets.

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

Abner Li reports via 9to5Google: Since the launch of Health Connect in 2022, Google has been winding down the Google Fit developer APIs. Earlier this week, the company fully detailed how the "Google Fit APIs have been deprecated and will be supported until June 30, 2025." Fitness and exercise apps that previously used Google Fit have until the June 2025 deadline to switch to Health Connect, with Google broadly referring to it as the "Android Health platform."

Google's migration guide for developers lists what they're supposed to switch to on Android phones and Wear OS. However, there is no replacement for the Goals API that lets Google Fit users set "how many steps and heart points they want to aim for each day." Google says it will "share more details about what's next for Android Health" at I/O later this month.

As of this API shutdown announcement, Google has said nothing about the Google Fit apps on Android, Wear OS, and iOS. They still work to track activity and house your full archive. [...] At this point, it's clear that Google Fit is not the future. On the Pixel Watch, Fitbit is the default, while Samsung and other Wear OS manufacturers have their own health tracking solutions. If Google were to announce a deprecation of the Fit app, having it coincide with the June 2025 developer deadline makes sense.