Last year's Pentagon report reviewing UFO reports "left out the truth behind some of the foundational myths about UFOs," reports the Wall Street Journal.

"The Pentagon itself sometimes deliberately fanned the flames, in what amounted to the U.S. government targeting its own citizens with disinformation." The congressionally ordered probe took investigators back to the 1980s, when an Air Force colonel visited a bar near Area 51, a top-secret site in the Nevada desert. He gave the owner photos of what might be flying saucers. The photos went up on the walls, and into the local lore went the idea that the U.S. military was secretly testing recovered alien technology. But the colonel was on a mission — of disinformation. The photos were doctored, the now-retired officer confessed to the Pentagon investigators in 2023. The whole exercise was a ruse to protect what was really going on at Area 51: The Air Force was using the site to develop top-secret stealth fighters, viewed as a critical edge against the Soviet Union. Military leaders were worried that the programs might get exposed if locals somehow glimpsed a test flight of, say, the F-117 stealth fighter, an aircraft that truly did look out of this world. Better that they believe it came from Andromeda.
That's not the only example. The Journal spoke to Robert Salas, now 84, who in 1967 was a 26-year-old Air Force captain "sitting in a walk-in closet-sized bunker, manning the controls of 10 nuclear missiles in Montana." Suddenly all 10 missiles were disabled after reports of "a glowing reddish-orange oval was hovering over the front gate... The next morning a helicopter was waiting to take Salas back to base. Once there he was ordered: Never discuss the incident."

58 years later, the Journal reports.... The barriers of concrete and steel surrounding America's nuclear missiles were thick enough to give them a chance if hit first by a Soviet strike. But scientists at the time feared the intense storm of electromagnetic waves generated by a nuclear detonation might render the hardware needed to launch a counterstrike unusable. To test this vulnerability, the Air Force developed an exotic electromagnetic generator that simulated this pulse of disruptive energy without the need to detonate a nuclear weapon... But any public leak of the tests at the time would have allowed Russia to know that America's nuclear arsenal could be disabled in a first strike. The witnesses were kept in the dark. To this day Salas believes he was party to an intergalactic intervention to stop nuclear war which the government has tried to hide.
"We were never briefed on the activities that were going on, the Air Force shut us out of any information," Salas tells the Journal.

But it's not just secrecy. Some military men were told directly that they were working on alien technology, according to Pentagon investigator Sean Kirkpatrick: A former Air Force officer was visibly terrified when he told Kirkpatrick's investigators that he had been briefed on a secret alien project decades earlier, and was warned that if he ever repeated the secret he could be jailed or executed. The claim would be repeated to investigators by other men who had never spoken of the matter, even with their spouses.

It turned out the witnesses had been victims of a bizarre hazing ritual. For decades, certain new commanders of the Air Force's most classified programs, as part of their induction briefings, would be handed a piece of paper with a photo of what looked like a flying saucer. The craft was described as an antigravity maneuvering vehicle. The officers were told that the program they were joining, dubbed Yankee Blue, was part of an effort to reverse-engineer the technology on the craft. They were told never to mention it again. Many never learned it was fake. Kirkpatrick found the practice had begun decades before, and appeared to continue still... Investigators are still trying to determine why officers had misled subordinates, whether as some type of loyalty test, a more deliberate attempt to deceive or something else. After that 2023 discovery, Kirkpatrick's deputy briefed President Joe Biden's director of national intelligence, Avril Haines, who was stunned... "We are talking about hundreds and hundreds of people. These men signed NDAs. They thought it was real."
The article also notes that reports of Unidentified Aerial Phenomenon "skyrocketed" after May of 2023 — but that "Many pilot accounts of floating orbs were actually reflections of the sun from Starlink satellites, investigators found."

An anonymous reader shared this report from The New York Times: Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two countries deepen their relationship. As Russia has become isolated from the West over its war in Ukraine, it has become increasingly reliant on Chinese money, companies and technology. But it has also faced what the document describes as increased Chinese espionage efforts.

The document indicates that the Russian domestic security agency, known as the F.S.B., pulls purloined data into an analytical tool known as "Skopishche" (a Russian word for a mob of people). Information from WeChat is among the data being analyzed, according to the document... One Western intelligence agency told The Times that the information in the document was consistent with what it knew about "Russian penetration of Chinese communications...." By design, [WeChat] does not use end-to-end encryption to protect user data. That is because the Chinese government exercises strict control over the app and relies on its weak security to monitor and censor speech. Foreign intelligence agencies can exploit that weakness, too...

WeChat was briefly banned in Russia in 2017, but access was restored after Tencent took steps to comply with laws requiring foreign digital platforms above a certain size to register as "organizers of information dissemination." The Times confirmed that WeChat is currently licensed by the government to operate in Russia. That license would require Tencent to store user data on Russian servers and to provide access to security agencies upon request.

An anonymous reader shared this report from SFGate about a lawsuit alleging a "warrantless drone surveillance program" that's "trampling residents' right to privacy": Sonoma County has been accused of deploying hundreds of drone flights over residents in a "runaway spying operation"... according to a lawsuit filed Wednesday by the American Civil Liberties Union. The North Bay county of Sonoma initially started the 6-year-old drone program to track illegal cannabis cultivation, but the lawsuit alleges that officials have since turned it into a widespread program to catch unrelated code violations at residential properties and levy millions of dollars in fines. The program has captured 5,600 images during more than 700 flights, the lawsuit said...

Matt Cagle, a senior staff attorney with the ACLU Foundation of Northern California, said in a Wednesday news release that the county "has hidden these unlawful searches from the people they have spied on, the community, and the media...." The lawsuit says the county employees used the drones to spy on private homes without first receiving a warrant, including photographing private areas like hot tubs and outdoor baths, and through curtainless windows.
One plaintiff "said the county secretly used the drone program to photograph her Sonoma County horse stable and issue code violations," according to the article. She only discovered the use of the drones after a county employee mentioned they had photos of her property, according to the lawsuit. She then filed a public records request for the images, which left her "stunned" after seeing that the county employees were monitoring her private property including photographing her outdoor bathtub and shower, the lawsuit said.

Meta's Facebook and Instagram apps "were siphoning people's data through a digital back door for months," writes a Washington Post tech columnist, citing researchers who found no privacy setting could've stopped what Meta and Yandex were doing, since those two companies "circumvented privacy and security protections that Google set up for Android devices.

"But their tactics underscored some privacy vulnerabilities in web browsers or apps. These steps can reduce your risks." Stop using the Chrome browser. Mozilla's Firefox, the Brave browser and DuckDuckGo's browser block many common methods of tracking you from site to site. Chrome, the most popular web browser, does not... For iPhone and Mac folks, Safari also has strong privacy protections. It's not perfect, though. No browser protections are foolproof. The researchers said Firefox on Android devices was partly susceptible to the data harvesting tactics they identified, in addition to Chrome. (DuckDuckGo and Brave largely did block the tactics, the researchers said....)

Delete Meta and Yandex apps on your phone, if you have them. The tactics described by the European researchers showed that Meta and Yandex are unworthy of your trust. (Yandex is not popular in the United States.) It might be wise to delete their apps, which give the companies more latitude to collect information that websites generally cannot easily obtain, including your approximate location, your phone's battery level and what other devices, like an Xbox, are connected to your home WiFi.

Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.

An anonymous reader quotes a report from Ars Technica: In 2019, we told you about a new interactive digital "murder map" of London compiled by University of Cambridge criminologist Manuel Eisner. Drawing on data catalogued in the city coroners' rolls, the map showed the approximate location of 142 homicide cases in late medieval London. The Medieval Murder Maps project has since expanded to include maps of York and Oxford homicides, as well as podcast episodes focusing on individual cases. It's easy to lose oneself down the rabbit hole of medieval murder for hours, filtering the killings by year, choice of weapon, and location. Think of it as a kind of 14th-century version of Clue: It was the noblewoman's hired assassins armed with daggers in the streets of Cheapside near St. Paul's Cathedral. And that's just the juiciest of the various cases described in a new paper published in the journal Criminal Law Forum.

The noblewoman was Ela Fitzpayne, wife of a knight named Sir Robert Fitzpayne, lord of Stogursey. The victim was a priest and her erstwhile lover, John Forde, who was stabbed to death in the streets of Cheapside on May 3, 1337. "We are looking at a murder commissioned by a leading figure of the English aristocracy," said University of Cambridge criminologist Manuel Eisner, who heads the Medieval Murder Maps project. "It is planned and cold-blooded, with a family member and close associates carrying it out, all of which suggests a revenge motive." Members of the mapping project geocoded all the cases after determining approximate locations for the crime scenes. Written in Latin, the coroners' rolls are records of sudden or suspicious deaths as investigated by a jury of local men, called together by the coroner to establish facts and reach a verdict. Those records contain such relevant information as where the body was found and by whom; the nature of the wounds; the jury's verdict on cause of death; the weapon used and how much it was worth; the time, location, and witness accounts; whether the perpetrator was arrested, escaped, or sought sanctuary; and any legal measures taken. The full historical context, analytical depth, and social commentary can be read in the the paper.

Interestingly, Eisner "extended their spatial analysis to include homicides committed in York and London in the 14th century with similar conclusions," writes Ars' Jennifer Ouellette. Most murders often occurred in public places, usually on weekends, with knives and swords as primary weapons. Oxford had a significantly elevated violence rate compared to London and York, "suggestive of high levels of social disorganization and impunity."

London, meanwhile, showed distinct clusters of homicides, "which reflect differences in economic and social functions," the authors wrote. "In all three cities, some homicides were committed in spaces of high visibility and symbolic significance."

Longtime Slashdot reader sinij shares a report from Car and Driver: [Volvo] is debuting a new version of the three-point seatbelt that it believes is a major improvement over the original. The new design will be a smart belt that adapts to each occupant's body and adjusts the belt load accordingly. It uses data from interior and exterior sensors to customize protection based on the road conditions and the specific occupants. The technology will debut on the upcoming EX60 crossover.

According to Volvo, the onboard sensors can accurately detect a passenger's height, weight, body shape, and seating position. Based on real-time data, the belts optimize protection -- increasing belt load for larger passengers or lowering it for smaller passengers. While the technology for customizing protection isn't new -- Volvo's current belts already use three load-limiting profiles- the new belts increase that number to 11. The belts should also get safer over time, too, as they are equipped to receive over-the-air updates. sinij adds: "Downloading patches for your seat belts from China. What could possibly go wrong?"

alternative_right shares a report: New York state lawmakers voted to stop the NYPD's attempt to block its radio communications from the public Thursday, with the bill expected to head to Gov. Kathy Hochul's desk. The "Keep Police Radio Public Act" passed both the state Senate and state Assembly, with a sponsor of the legislation arguing the proposal strikes the "proper balance" in the battle between transparency and sensitive information.

"Preserving access to police radio is critical for a free press and to preserve the freedoms and protections afforded by the public availability of this information," state Sen. Michael Gianaris (D-Queens) said in a statement. "As encrypted radio usage grows, my proposal strikes the proper balance between legitimate law enforcement needs and the rights and interests of New Yorkers."

The bill, which was sponsored in the Assembly by lawmaker Karines Reyes (D-Bronx), is meant to make real-time police radio communications accessible to emergency services organizations and reporters. "Sensitive information" would still be kept private, according to the legislation. In late 2023, the NYPD began encrypting its radio communications to increase officer safety and "protect the privacy interests of victims and witnesses." However, it led to outcry from press advocates and local officials concerned about reduced transparency and limited access to real-time information.

A bill to address the issue has passed both chambers of New York's legislature, but Governor Hochul has not yet indicated whether she will sign it.

An anonymous reader quotes a report from BleepingComputer: The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI.

These devices come preloaded with the BADBOX 2.0 malware botnet or become infected after installing firmware updates and through malicious Android applications that sneak onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explains the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Once infected, the devices connect to the attacker's command and control (C2) servers, where they receive commands to execute on the compromised devices, such as [routing malicious traffic through residential IPs to obscure cybercriminal activity, performing background ad fraud to generate revenue, and launching credential-stuffing attacks using stolen login data]. Over the years, the malware botnet continued expanding until 2024, when Germany's cybersecurity agency disrupted the botnet in the country by sinkholing the communication between infected devices and the attacker's infrastructure, effectively rendering the malware useless. However, that did not stop the threat actors, with researchers saying they found the malware installed on 192,000 devices a week later. Even more concerning, the malware was found on more mainstream brands, like Yandex TVs and Hisense smartphones. Unfortunately, despite the previous disruption, the botnet continued to grow, with HUMAN's Satori Threat Intelligence stating that over 1 million consumer devices had become infected by March 2025. This new larger botnet is now being called BADBOX 2.0 to indicate a new tracking of the malware campaign. "This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand,' uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

"The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. All of these devices are manufactured in mainland China and shipped globally; indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and territories worldwide."

Ars Technica's Kyle Orland reports: Last month, ahead of the launch of the Switch 2 and its GameChat communication features, Nintendo updated its privacy policy to note that the company "may also monitor and record your video and audio interactions with other users." Now that the Switch 2 has officially launched, we have a clearer understanding of how the console handles audio and video recorded during GameChat sessions, as well as when that footage may be sent to Nintendo or shared with partners, including law enforcement. Before using GameChat on Switch 2 for the first time, you must consent to a set of GameChat Terms displayed on the system itself. These terms warn that chat content is "recorded and stored temporarily" both on your system and the system of those you chat with. But those stored recordings are only shared with Nintendo if a user reports a violation of Nintendo's Community Guidelines, the company writes.

That reporting feature lets a user "review a recording of the last three minutes of the latest three GameChat sessions" to highlight a particular section for review, suggesting that chat sessions are not being captured and stored in full. The terms also lay out that "these recordings are available only if the report is submitted within 24 hours," suggesting that recordings are deleted from local storage after a full day. If a report is submitted to Nintendo, the company warns that it "may disclose certain information to third parties, such as authorities, courts, lawyers, or subcontractors reviewing the reported chats." If you don't consent to the potential for such recording and sharing, you're prevented from using GameChat altogether.

Nintendo is extremely clear that the purpose of its recording and review system is "to protect GameChat users, especially minors" and "to support our ability to uphold our Community Guidelines." This kind of human moderator review of chats is pretty common in the gaming world and can even apply to voice recordings made by various smart home assistants. [...] Overall, the time-limited, local-unless-reported recordings Nintendo makes here seem like a minimal intrusion on the average GameChat user's privacy. Still, if you're paranoid about Nintendo potentially seeing and hearing what's going on in your living room, it's good to at least be aware of it.

China's southernmost province of Hainan is piloting a programme to grant select corporate users broad access to the global internet, a rare move in a country known for having some of the world's most restrictive online censorship, as the island seeks to transform itself into a global free-trade port. From a report: Employees of companies registered and operating in Hainan can apply for the "Global Connect" mobile service through the Hainan International Data Comprehensive Service Centre (HIDCSC), according to the agency, which is overseen by the state-run Hainan Big Data Development Centre.

The programme allows eligible users to bypass the so-called Great Firewall, which blocks access to many of the world's most-visited websites, such as Google and Wikipedia. Applicants must be on a 5G plan with one of the country's three major state-backed carriers -- China Mobile, China Unicom or China Telecom -- and submit their employer's information, including the company's Unified Social Credit Code, for approval. The process can take up to five months, HIDCSC staff said.

A bitter fight over alleged corporate espionage involving two of Silicon Valley's hottest startups took a new twist on Tuesday, after $12 billion HR software company Deel claimed arch-rival Rippling had directed one of its employees to "pilfer" the company's assets by posing as a customer. From a report: The latest claim comes after Rippling alleged earlier this year that a staff member had been spying on behalf of Deel. The employee locked themselves into a bathroom and smashed their phone with an axe when confronted with allegations, according to their own testimony.

In new legal filings seen by the Financial Times, Deel has countered by arguing that: "Rippling has been actively engaged in a carefully co-ordinated espionage campaign, through which it infiltrated Deel's customer platform by fraudulent means and pilfered the company's most valuable proprietary assets."

Apple's emergency request to pause a court order forcing it to ease App Store restrictions was denied by the U.S. 9th Circuit Court of Appeals, allowing new compliance rules to take effect while Apple continues to appeal. 9to5Mac reports: Apple had asked the appeals court to halt enforcement of a recent ruling by U.S. District Judge Yvonne Gonzalez Rogers, who found Apple in contempt this April for effectively dodging her original injunction. Convoluted, right? Exactly. The judge observed several violations, including Apple's imposition of a 27% fee on out-of-app transactions and overall attempts to continue making it unappealing for developers to direct users to external payment options.

As Reuters noted: "In its emergency appeal, Apple said the ruling blocked the company from "exercising control over core aspects of its business operations' and forced it to give away free access to its services." In rejecting Apple's motion, the court is letting those new compliance requirements stand while the company appeals the decision. Apple had hoped to halt the enforcement until the decision was final, which would grant the company the right to roll back the changes it was recently compelled to implement. In a statement provided to 9to5Mac, Apple said: "We are disappointed with the decision not to stay the district court's order, and we'll continue to argue our case during the appeals process. As we've said before, we strongly disagree with the district court's opinion. Our goal is to ensure the App Store remains an incredible opportunity for developers and a safe and trusted experience for our users."

An anonymous reader quotes a report from 404 Media: Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target's specific device or in some cases include unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, Israel demanded data related to nearly 700 push notifications as part of a single request. The data for the first time puts a concrete figure on how many requests governments around the world are making, and sometimes receiving, for push notification data from Apple.

The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, "the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification." The published data relates to blocks of six month periods, starting in July 2022 to June 2024. Andre Meister from German media outlet Netzpolitik posted a link to the transparency data to Mastodon on Tuesday. Along with the data Apple published the following description: "Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device's push token, such as name, physical address and email address."

An anonymous reader quotes a report from Ars Technica: OpenAI is now fighting a court order (PDF) to preserve all ChatGPT user logs—including deleted chats and sensitive chats logged through its API business offering -- after news organizations suing over copyright claims accused the AI company of destroying evidence. "Before OpenAI had an opportunity to respond to those unfounded accusations, the court ordered OpenAI to 'preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court (in essence, the output log data that OpenAI has been destroying)," OpenAI explained in a court filing (PDF) demanding oral arguments in a bid to block the controversial order.

In the filing, OpenAI alleged that the court rushed the order based only on a hunch raised by The New York Times and other news plaintiffs. And now, without "any just cause," OpenAI argued, the order "continues to prevent OpenAI from respecting its users' privacy decisions." That risk extended to users of ChatGPT Free, Plus, and Pro, as well as users of OpenAI's application programming interface (API), OpenAI said. The court order came after news organizations expressed concern that people using ChatGPT to skirt paywalls "might be more likely to 'delete all [their] searches' to cover their tracks," OpenAI explained. Evidence to support that claim, news plaintiffs argued, was missing from the record because so far, OpenAI had only shared samples of chat logs that users had agreed that the company could retain. Sharing the news plaintiffs' concerns, the judge, Ona Wang, ultimately agreed that OpenAI likely would never stop deleting that alleged evidence absent a court order, granting news plaintiffs' request to preserve all chats.

OpenAI argued the May 13 order was premature and should be vacated, until, "at a minimum," news organizations can establish a substantial need for OpenAI to preserve all chat logs. They warned that the privacy of hundreds of millions of ChatGPT users globally is at risk every day that the "sweeping, unprecedented" order continues to be enforced. "As a result, OpenAI is forced to jettison its commitment to allow users to control when and how their ChatGPT conversation data is used, and whether it is retained," OpenAI argued. Meanwhile, there is no evidence beyond speculation yet supporting claims that "OpenAI had intentionally deleted data," OpenAI alleged. And supposedly there is not "a single piece of evidence supporting" claims that copyright-infringing ChatGPT users are more likely to delete their chats. "OpenAI did not 'destroy' any data, and certainly did not delete any data in response to litigation events," OpenAI argued. "The Order appears to have incorrectly assumed the contrary." One tech worker on LinkedIn suggested the order created "a serious breach of contract for every company that uses OpenAI," while privacy advocates on X warned, "every single AI service 'powered by' OpenAI should be concerned."

Also on LinkedIn, a consultant rushed to warn clients to be "extra careful" sharing sensitive data "with ChatGPT or through OpenAI's API for now," warning, "your outputs could eventually be read by others, even if you opted out of training data sharing or used 'temporary chat'!"

Reddit is suing AI startup Anthropic for what it's calling a breach of contract and for engaging in "unlawful and unfair business acts" by using the social media company's platform and data without authority. From a report: The lawsuit, filed in San Francisco on Wednesday, claims that Anthropic has been training its models on the personal data of Reddit users without obtaining their consent. Reddit alleges that it has been harmed by the unauthorized commercial use of its content.

The company opened the complaint by calling Anthropic a "late-blooming" AI company that "bills itself as the white knight of the AI industry." Reddit follows by saying, "It is anything but."

Longtime Slashdot reader schwit1 shares a report: A Romanian national pleaded guilty on Monday to charges related to his role in a "swatting" ring that targeted dozens of public officials, including a former US president. Going by the aliases "Plank," "Jonah" and "Cypher," 26-year-old Thomasz Szabo took part in a years-long conspiracy to place bogus 911 calls, claiming emergencies were taking place at the homes of top government officials, and make bomb threats against government buildings and houses of worship, according to the Justice Department.

Szabo and a co-conspirator, 21-year-old Serbian national Nemanja Radovanovic, allegedly targeted about 100 people, including members of Congress, governors, cabinet-level executive branch officials and state officials. Szabo, who was extradited from Romania last November, pleaded guilty to one count of conspiracy and one count of making bomb threats. He is slated to be sentenced in a Washington, DC, federal court in October. [...] Charges against Radovanovic are still pending.

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs. This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.

The Ninth Circuit has ruled that the 1967 Ford Mustang fastback nicknamed "Eleanor" in Gone in 60 Seconds is a film prop rather than a protectable character. The panel said the car fails all three Towle test prongs, so it cannot receive standalone copyright protection. sinij writes: The ruling states that the Mustang doesn't pass tests that would qualify it as a character. In the past, studio aggressively went after builders for any Mustang that even remotely approximated Eleanor, making it a hassle to restomod classic Mustangs.

President Trump's 2026 budget proposes over $1 billion for Mars exploration through a new Commercial Mars Payload Services Program, while simultaneously slashing NASA's overall budget by 25%. Phys.Org reports: Under the proposal, NASA would award contracts to companies developing spacesuits, communications systems and a human-rated landing vehicle to foster exploration of the Red Planet. Trump's proposed $18.8 billion NASA budget would cut the agency's funding by about 25% from the year before, with big hits to its science portfolio. The fleshed-out request on Friday builds upon a condensed budget proposal released earlier this month.

"We must continue to be responsible stewards of taxpayer dollars," NASA Acting Administrator Janet Petro wrote in a letter included in the request. "That means making strategic decisions -- including scaling back or discontinuing ineffective efforts." The new Mars scheme is modeled after NASA's Commercial Lunar Payload Services program that has benefited Intuitive Machines LLC, Firefly Aerospace Inc. and Astrobotic Technology Inc., though it has achieved mixed results. According to the budget, the contract to land on Mars would build upon existing lander contracts. America's Next NASA Administrator Will Not Be Former SpaceX Astronaut Jared Isaacman

Coinbase reportedly knew as early as January about a customer data breach linked to its outsourcing partner TaskUs, where an employee in India was caught leaking customer information in exchange for bribes. "At least one part of the breach [...] occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone," reports Reuters, citing five former TaskUs employees. Though Coinbase disclosed the incident in May after receiving an extortion demand, the newly revealed timeline raises questions about how long the company was aware of the breach, which could cost up to $400 million. Reuters reports: Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were.

TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January.