Transportation

Man Trapped in Circling Waymo on Way to Airport (cbsnews.com) 137

It "felt like a Disneyland ride," reports CBS News. A man took a Waymo takes to the airport — only to discover the car "wouldn't stop driving around a parking lot in circles." And because the car was in motion, he also couldn't get out.

Still stuck in the car, Michael Johns — a tech-industry worker — then phoned Waymo for help. ("Has this been hacked? What's going on? I feel like I'm in the movies. Is somebody playing a joke on me?") But he also filmed the incident... "Why is this thing going in a circle? I'm getting dizzy," Johns said in a video posted on social media that has since gone viral, garnering more than two million views and interactions....

The Waymo representative was finally able to get the car under control after a few minutes, allowing him to get to the airport just in time to catch his flight back to LA. He says that the lack of empathy from the representative who attempted to help him, on top of the point that he's unsure if he was talking to a human or AI, are major concerns. "Where's the empathy? Where's the human connection to this?" Johns said while speaking with CBS News Los Angeles. "It's just, again, a case of today's digital world. A half-baked product and nobody meeting the customer, the consumers, in the middle."

Johns, who ironically works in the tech industry himself, says he would love to see services like Waymo succeed, but he has no plans to hop in for a ride until he's sure that the kinks have been fixed. In the meantime, he's still waiting for someone from Waymo to contact him in regards to his concerns, which hasn't yet happened despite how much attention his video has attracted since last week.

"My Monday was fine till i got into one of Waymo 's 'humanless' cars," he posted on LinkedIn . "I get in, buckle up ( safety first) and the saga begins.... [T]he car just went around in circles, eight circles at that..."

A Waymo spokesperson admitted they'd added about five minutes to his travel time, but then "said the software glitch had since been resolved," reports the Los Angeles Times, "and that Johns was not charged for the ride."

One final irony? According to his LinkedIn profile, Johns is a CES Innovations Awards judge.
China

Are US Computer Networks A 'Key Battlefield' in any Future Conflict with China? (msn.com) 72

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.

The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...
Microsoft

FSF Urges Moving Off Microsoft's GitHub to Protest Windows 11's Requiring TPM 2.0 (fsf.org) 152

TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, "and shielding them from unauthorized access," Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be "a non-negotiable standard for the future of Windows."

Or, as BleepingComputer put it, Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide still run Windows 10.") They add that Microsoft "announced on October 31 that Windows 10 home users will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."

But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: "Keep putting pressure on Microsoft." Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...

What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.

The Internet

'Starlink Mini': High-Speed Internet, Fits in a Backpack, Now Available in the US (cnet.com) 74

It's weighs less than 15 pounds. It's 17 inches wide. And in June Elon Musk said it was "easily carried in a backpack. This product will change the world."

And now, CNET reports: Calling all digital nomads and van-lifers: SpaceX's Starlink Mini is now available everywhere in the US. The small antenna costs $599 and requires a monthly subscription of either $50 or $165, depending on which plan you choose. Thanks to thousands of low Earth orbit satellites, Starlink has the unique ability to send high-speed internet just about anywhere. Standard service is great for home internet in rural areas, while the provider's Roam service and new portable dish are ideal for staying connected on the go...

The Mini is a satellite dish and Wi-Fi router all in one that's about the size of a laptop. According to Starlink's website, it uses approximately half the power of Starlink's standard dish. It can be powered with a portable USB battery and can "melt snow and withstand sleet, heavy rain and harsh winds."

The article adds that users "can connect up to 128 devices, and it promises low latency... According to Starlink's broadband labels, your download speeds typically range from 30 to 100Mbps and 5 to 25Mbps in upload."
Businesses

UK Bosses Try To Turn Back Clock On Hybrid Working (theguardian.com) 38

As UK workers face a tougher-than-usual January return to offices, many large employers, including Amazon, BT, PwC, and Santander, are enforcing stricter in-person attendance mandates. The Guardian reports: As of 1 January, BT is requiring its 50,000 office-based employees across the UK and several other countries to attend three days a week in what it calls a "three together, two wherever" approach. Workers at the telecoms company have been told that office entry and exit data will be used to monitor attendance. The accountancy firm PwC is also clamping down on remote working; the Spanish-owned bank Santander is formalizing attendance requirements for its 10,000 UK staff; the digital bank Starling has ordered staff back to the office more regularly; and the supermarket chain Asda has made a three-day office week compulsory for thousands of workers at its Leeds and Leicester sites. The international picture is similar. [...]

Multiple studies suggest that the future of work is flexible, with time split between the office and home or another location, in what has been called "the new normal" by the Office for National Statistics. The ONS found in its latest survey that hybrid was the standard pattern for more than a quarter (28%) of working adults in Great Britain in autumn 2024. At the same time, working entirely remotely had fallen since 2021, it found. One of the most frequently reported business reasons for hybrid working was "improved staff wellbeing," the ONS found, while those who worked from home saved an average of 56 minutes each day by dodging the commute.

UK staff have been slower to return to their desks after the pandemic than their counterparts in France, Germany, Italy, Spain and the US. London, in particular, has lagged behind other global cities including Paris and New York, according to recent research from the Centre for Cities thinktank, where workers spent on average 2.7 days a week in the office, attendance levels similar to Toronto and Sydney. It cited the cost, and average length of the commute in and around the UK capital as one of the main reasons for the trend. Despite this, there has been a "slow but steady increase in both attendance and desk use" in British offices, according to AWA, which tracked a 4% rise in attendance, from 29% to 33%, between July 2022 and September 2024.
"Hybrid working is here, it's not going away," said Andrew Mawson, the founder of Advanced Workplace Associates (AWA), a workplace transformation consultancy. "Even though companies are trying to mandate, foolishly in my view, to have their people in the office on a certain number of days, the true reality of it is different."
Privacy

Online Gift Card Store Exposed Hundreds of Thousands of People's Identity Documents (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries.
MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.
Businesses

India Again Delays Rules To Break Payments Duopoly (techcrunch.com) 11

India has once again pushed back a contentious plan to limit major technology companies' control of the nation's digital payments system, extending a regulatory uncertainty that has weighed on the sector for years. From a report: The National Payments Corporation of India said on Tuesday it would extend the deadline for implementing a 30% cap on any individual app's share of transactions on the Unified Payments Interface, or UPI, the country's ubiquitous digital payments network, to December 31, 2026.

The decision provides temporary relief to Walmart-backed PhonePe and Google Pay, which together handle more than 85% of transactions on UPI. The network, which processes over 13 billion transactions monthly, has become the backbone of India's digital economy since its launch eight years ago.

Science

Scientist's 'Ruthlessly Imaginative' 1925 Predictions For the Future (theguardian.com) 44

An anonymous reader quotes a report from The Guardian: When the scientist and inventor Prof Archibald Montgomery Low predicted "a day in the life of a man of the future" one century ago, his prophecies were sometimes dismissed as "ruthlessly imaginative." They included, reported the London Daily News in 1925, "such horrors" as being woken by radio alarm clock; communications "by personal radio set"; breakfasting "with loudspeaker news and television glimpses of events"; shopping by moving stairways and moving pavements. One hundred years after Low's publication of his book The Future some of his forecasts were spot on. Others, including his prophecy that everyone would be wearing synthetic felt one-piece suits and hats, less so.

Researchers from the online genealogy service Findmypast, have excavated accounts of Low's predictions from its extensive digital archive of historical newspapers available to the public and included them in a collection on its website of forecasts made for 2025 by people a century ago. Low, born in 1888, was an engineer, research physicist, inventor and author. A pioneer in many fields, he invented the first powered drone, worked on the development of television, was known as the "father of radio guidance systems" for his work on planes, torpedo boats and guided rockets and reportedly attracted at least two unsuccessful assassination attempts by the Germans.
"It's amazing that a century ago, one visionary scientist could predict how emerging technology -- in its infancy at the time -- could have changed the world by 2025," said Jen Baldwin, a research specialist at Findmypast. "It makes you stop to wonder how the advancements we see around us today will be experienced by our own descendants."
AI

AI Might Start Selling Your Choices Before You Make Them, Study Warns (courthousenews.com) 36

AI ethicists are cautioning that the rise of AI may bring with it the commodification of even one's motivations. From a report: Researchers from the University of Cambridge's Leverhulme Center for the Future of Intelligence say -- in a paper published Monday in the Harvard Data Science Review journal -- the rise of generative AI, such as chatbots and virtual assistants, comes with the increasing opportunity for persuasive technologies to gain a strong foothold.

"Tremendous resources are being expended to position AI assistants in every area of life, which should raise the question of whose interests and purposes these so-called assistants are designed to serve," Yaqub Chaudhary, a visiting scholar at the Center for Future of Intelligence, said in a statement. When interacting even causally with AI chatbots -- which can range from digital tutors to assistants to even romantic partners -- users share intimate information that gives the technology access to personal "intentions" like psychological and behavioral data, the researcher said.

"What people say when conversing, how they say it, and the type of inferences that can be made in real-time as a result, are far more intimate than just records of online interactions," Chaudhary added. In fact, AI is already subtly manipulating and influencing motivations by mimicking the way a user talks or anticipating the way they are likely to respond, the authors argue. Those conversations, as innocuous as they may seem, leave the door open for the technology to forecast and influence decisions before they are made. "We caution that AI tools are already being developed to elicit, infer, collect, record, understand, forecast, and ultimately manipulate and commodify human plans and purposes," Chaudhary said.

Bitcoin

MicroStrategy's Big Bet On Bitcoin Went Stratospheric (theguardian.com) 33

MicroStrategy has transformed into a "bitcoin treasury company," investing billions in bitcoin through debt and equity issuance, driving its stock price up nearly 400% in 2024 despite declining software revenues and heightened financial risks. The Guardian reports: In the summer of 2020, as the Covid-19 pandemic upended economies around the world, an obscure U.S. software firm decided to diversify. MicroStrategy, whose head office is situated next to a shopping mall and metro station in Tysons Corner, Virginia, had decided the steady business of "software as a service" was not racy enough. Instead, it would branch out by investing up to $250 million in alternative assets -- "stocks, bonds, commodities such as gold, digital assets such as bitcoin or other asset types." Less than five years later, that bitcoin side hustle has gone stratospheric. MicroStrategy's share price has swollen twentyfold, lifting its market capitalization to almost $75 billion and catapulting the stock into the Nasdaq 100 index of top technology shares.
AI

AI Tools May Soon Manipulate People's Online Decision-Making, Say Researchers (theguardian.com) 25

Slashdot reader SysEngineer shared this report from the Guardian: AI tools could be used to manipulate online audiences into making decisions — ranging from what to buy to who to vote for — according to researchers at the University of Cambridge. The paper highlights an emerging new marketplace for "digital signals of intent" — known as the "intention economy" — where AI assistants understand, forecast and manipulate human intentions and sell that information on to companies who can profit from it. The intention economy is touted by researchers at Cambridge's Leverhulme Centre for the Future of Intelligence (LCFI) as a successor to the attention economy, where social networks keep users hooked on their platforms and serve them adverts. The intention economy involves AI-savvy tech companies selling what they know about your motivations, from plans for a stay in a hotel to opinions on a political candidate, to the highest bidder...

The study claims that large language models (LLMs), the technology that underpins AI tools such as the ChatGPT chatbot, will be used to "anticipate and steer" users based on "intentional, behavioural and psychological data"... Advertisers will be able to use generative AI tools to create bespoke online ads, the report claims... AI models will be able to tweak their outputs in response to "streams of incoming user-generated data", the study added, citing research showing that models can infer personal information through workaday exchanges and even "steer" conversations in order to gain more personal information.

The article includes this quote from Dr. Jonnie Penn, an historian of technology at LCFI. "Unless regulated, the intention economy will treat your motivations as the new currency. It will be a gold rush for those who target, steer and sell human intentions.

"We should start to consider the likely impact such a marketplace would have on human aspirations, including free and fair elections, a free press and fair market competition, before we become victims of its unintended consequences."
Open Source

'Raspberry Pi Holdings' Stock Price Nearly Doubles In December (proactiveinvestors.co.uk) 6

Slashdot reader DevNull127 writes: This year the London Stock Exchange got a new listing for "Raspberry Pi Holdings plc." It's the computer-making commercial subsidiary of their larger educational charity, the Raspberry Pi Foundation. "Access to the public market will enable us to build more of the products you love, faster," explained CEO Eben Upton in June. And in May Foundation head Philip Colligan added that beyond the $50 million already donated to their educational charity by the commercial subsidiary, the IPO would allow the conversion of some stock sales to "an endowment that we will use to fund our educational programmes... The Foundation will use any funds that we raise through the sale of shares at the IPO — or subsequently — to advance our ambitious global strategy to enable every young person to realise their full potential through the power of computing and digital technologies."

So how's that working out? A finance site called Proactive Investors UK reports that in September Raspbery Pi Holdings plc "reported underlying profits (EBITDA) of US$20.9 million, up by 55% from a year ago, on revenues up 61% to US$144 million... The Pi 5 single-board computer (SBC), launched at the end of last October [2023], sold 1.1 million units in the first half, with overall unit growth at 31%."

And then in December its stock price suddenly shot up to more than double where it was at the end of November — giving Raspbery Pi Holdings plc a valuation "just under £1.3 billion."

Privacy

Massive VW Data Leak Exposed 800,000 EV Owners' Movements (carscoops.com) 69

A new report reveals that the VW Group left sensitive data for 800,000 electric vehicles from Audi, VW, Seat, and Skoda poorly secured on an Amazon cloud, exposing precise GPS locations, battery statuses, and user habits for months. Carscoops reports: It gets worse. A more tech-savvy user could reportedly connect vehicles to their owners' personal credentials, thanks to additional data accessible through VW Group's online services Crucially, in 466,000 of the 800,000 cases, the location data was so precise that anyone with access could create a detailed profile of each owner's daily habits. As reported by Spiegel, the massive list of affected owners isn't just a who's-who of regular folks. It includes German politicians, entrepreneurs, Hamburg police officers (the entire EV fleet, no less), and even suspected intelligence service employees. Yes, even spies may have been caught up in this digital debacle.

This glaring error originated from Cariad, a VW Group company that focuses on software, due to an error that occurred in the summer of 2024. An anonymous whistleblower used freely accessible software to dig up the sensitive information and promptly alerted Chaos Computer Club (CCC), Europe's largest hacker association. CCC wasted no time contacting Lower Saxony's State Data Protection Officer, the Federal Ministry of the Interior, and other security bodies. They also gave VW Group and Cariad 30 days to address the issue before going public. According to CCC, Cariad's technical team "responded quickly, thoroughly and responsibly," blocking unauthorized access to its customers' data.

Games

'2024 Was the Year Gamers Really Started Pushing Back On the Erosion of Game Ownership' (pcgamer.com) 50

Mass game shutdowns and service terminations marked 2024 as a pivotal year for digital ownership concerns in the gaming industry. PC Gamer adds: The arguments have been around forever, but they've been made concrete by the simple fact that, over the last decade in particular, we've seen more and more games simply disappear. And we're not talking about obscure hobbyist projects, but seriously big budget titles that companies have spent millions developing, and hundreds of devs have spent years of their careers on. Sony's Concord shooter lasted only 11 days before closure, while Ubisoft's decade-old The Crew became unplayable in April, sparking the Stop Killing Games campaign. The movement, which has gathered over 400,000 signatures, aims to pressure EU regulators to ban publishers from rendering multiplayer games inoperable.
Security

Apple Sends Spyware Victims To Nonprofit Security Lab 'Access Now' (techcrunch.com) 14

Since 2021, Apple has been sending threat notifications to certain users, informing them that they may have been individually targeted by mercenary spyware attacks. When victims of spyware reach out to Apple for help, TechCrunch reports, "Apple doesn't tell the targets to get in touch with its own security engineers." Instead, Apple directs them to the nonprofit security lab Access Now, "which runs a digital helpline for people in civil society who suspect they have been targets of government spyware."

While some view this as Apple sidestepping responsibility, cybersecurity experts agree that Apple's approach -- alerting victims, directing them to specialized support, and recommending tools like Lockdown Mode -- has been a game changer in combating mercenary spyware threats. From the report: For people who investigate spyware, Apple sharing spyware notifications with victims represented a turning point. Before the notifications, "We were just like in the dark, not knowing who to check," according to Access Now's legal counsel Natalia Krapiva. "I think it's one of the greatest things that's happened in the sphere of this kind of forensic investigations and hunting of sophisticated spyware," Krapiva told TechCrunch.

Now, when someone or a group of people get a notification from Apple, they are warned that something potentially anomalous is happening with their device, that someone is targeting them, and that they need to get help. And Apple tells them exactly where to get it, according to Scott-Railton, who said Access Now's helpline is the right place to go because "the helpline is able to do good, systematic triage work and support." Krapiva said that the helpline is staffed by more than 30 people, supported by others who work in other departments of the nonprofit. So far in 2024, Krapiva said Access Now received 4,337 tickets through the helpline.

For anyone alerted by a notification, Apple tells those targets and victims of spyware to update their iOS software and all their apps. Apple also suggests the user switches on Lockdown Mode, an opt-in iOS security feature that has stopped spyware attacks in the past by limiting device features that are often exploited to plant spyware. Apple said last year that it is not aware of any successful spyware infection against someone who used Lockdown Mode.

DRM

Takedown Notices Hit Luigi Mangione Merchandise and Photos - Including DMCAs (404media.co) 100

Newsweek supplies some context After his arrest, merch — including T-shirts featuring Mangione's booking photos and others taken from his social media accounts — began popping up for sale on several sites. Websites, including Amazon, eBay and Etsy, have moved to take down products that glorify violence or the suspect. An eBay spokesperson told Newsweek that "items that glorify or incite violence, including those that celebrate the recent murder of UHC CEO Brian Thompson, are prohibited."
Inc. magazine adds: Separately, GoFundMe has shuttered several fundraising campaigns created for Mangione. The fundraising site's terms and conditions are pretty clear on the matter, NBC News reports, with a company spokesperson explaining they prohibit "fundraisers for the legal defense of violent crimes."
But one incident was different, according to a post from the law school of the University of British Columbia: To provide a quick summary, Rachel Kenaston, an artist selling merch on TeePublic received an e-mail from the platform regarding intellectual property claim by UnitedHealth Group Inc and decided to remove Kenaston's design from the merch store. Obviously, it is important to point out that it isn't quite clear who is filing those DMCA claims. While TeePublic, in the email, claimed that they have no say in the matter, [an article from 404 Media] goes on to explain that TeePublic has the right to refuse DMCA claims, but often choose not to in order to avoid headache. The design had nothing to do with UnitedHealthcare-it seems to be a picture of the Mangione in a heart frame. Meaning, whether it was UnitedHealthcare or not, the claim shouldn't hold any weight.

Consensus seems to be mostly leaning towards speculation that it is unlikely to be UnitedHealthcare actually filing those DMCA claims, but rather potential competitors... Regardless of whether or not it really was UnitedHealthcare that filed DMCA claims, I think the important point here is that the merch actually did get taken down. In fact, this would be more problematic if it was from a competitor using DMCA as a form of removing competition, because, then it really has nothing to do with intellectual property. I would assume that this happens quite frequently. Especially for YouTubers, it seems that copyright strikes are more than a mere pesky occurrence, but for many, something that affects livelihood...

The difficult part, as always, is finding the balance between protecting the rights of the copyright holders and ensuring that the mechanisms doesn't get abused.

The artist told Gizmodo she was filing a counterclaim to the copyright notice, adding that instead of a DMCA, "I honestly expected the design to be pulled for condoning violence or something..."

Gizmodo published the image — a watercolored rendition of a hostel surveillance-camera photo released by police — adding "UnitedHealth Group didn't respond to questions emailed on Monday [December 16] about how the company could possibly claim a copyright violation had occurred." And while Gizmodo promised they'd update the post if UnitedHealth responded — there has been no update since...

404 Media adds that the watercolor "is not the only United Healthcare or Luigi Mangione-themed artwork on the internet that has been hit with bogus DMCA takedowns in recent days. Several platforms publish the DMCA takedown requests they get on the Lumen Database, which is a repository of DMCA takedowns." On December 7, someone named Samantha Montoya filed a DMCA takedown with Google that targeted eight websites selling "Deny, Defend, Depose" merch that uses elements of the United Healthcare logo... Medium, one of the targeted websites, has deleted the page that the merch was hosted on...

Over the weekend, a lawyer demanded that independent journalist Marisa Kabas take down an image of Luigi Mangione and his family that she posted to Bluesky, which was originally posted on the campaign website of Maryland assemblymember Nino Mangione. The lawyer, Desiree Moore, said she was "acting on behalf of our client, the Doe Family," and claimed that "the use of this photograph is not authorized by the copyright owner and is not otherwise permitted by law..." In a follow-up email to Kabas, Moore said "the owner of the photograph has not authorized anyone to publish, disseminate, or otherwise use the photograph for any purpose, and the photograph has been removed from various digital platforms as a result," which suggests that other websites have also been threatened with takedown requests. Moore also said that her "client seeks to remain anonymous" and that "the photograph is hardly newsworthy."

404 Media believes the takedown request "shows that the Mangione family or someone associated with it is using the prospect of a copyright lawsuit to threaten journalists for reporting on one of the most important stories of the year..."

UPDATE: Long-time Slashdot reader destinyland notes there's an interesting precedent from 2007: [D]eep within the DMCA law is a counter-provision — 512(f), which states that misrepresenting yourself as a copyright owner has consequences. Any damage caused by harmful misrepresentation must be reimbursed. In 2004 the Electronic Frontier Foundation won a six-figure award from Diebold Election Systems, who had claimed a "copyright" on embarrassing internal memos which were published online.
Books

Cory Doctorow's Prescient Novella About Health Insurance and Murder (theguardian.com) 175

Five years ago, journalist and sci-fi author Cory Doctorow published a short story that explored the radicalization of individuals denied healthcare coverage. As The Guardian notes in a recent article, the story "might seem eerily similar" to the recent shooting of UnitedHealthcare's CEO. While it appears that the alleged shooter never read the story, Doctorow said: "I feel like the most important thing about that is that it tells you that this is not a unique insight." Doctorow continued: "that the question that I had is a question other people have had." As an activist in favor of liberalizing copyright laws and a proponent of the Creative Commons organization, it's important to note that Doctorow advocates for systemic reform through collective action rather than violence. Here's an excerpt from the The Guardian's article: In Radicalized, one of four novellas comprising a science fiction novel of the same name, Doctorow charts the journey of a man who joins an online forum for fathers whose partners or children have been denied healthcare coverage by their insurers after his wife is diagnosed with breast cancer and denied coverage for an experimental treatment. Slowly, over the course of the story, the men of the forum become radicalized by their grief and begin plotting -- and executing -- murders of health insurance executives and politicians who vote against universal healthcare.

In the wake of the December 4 shooting of UnitedHealthcare CEO Brian Thompson, which unleashed a wave of outrage at the U.S. health system, Doctorow's novella has been called prescient. When the American Prospect magazine republished the story last week, it wrote: "It is being republished with permission for reasons that will become clear if you read it." But Doctorow doesn't think he was on to something that no one else in the U.S. understood. [...]

In one part of the story, a man whose young daughter died after an insurance company refused to pay for brain surgery bombs the insurer's headquarters. "It's not vengeance. I don't have a vengeful bone in my body. Nothing I do will bring Lisa back, so why would I want revenge? This is a public service. There's another dad just like me," he shares in a video message on the forum. "And right now, that dad is talking to someone at Cigna, or Humana, or BlueCross BlueShield, and the person on the phone is telling that dad that his little girl has. To. Die. Someone in that building made the decision to kill my little girl, and everyone else in that building went along with it. Not one of them is innocent, and not one of them is afraid. They're going to be afraid, after this."

"Because they must know in their hearts," he goes on. "Them, their lobbyists, the men in Congress who enabled them. They're parents. They know. Anyone who hurt their precious children, they'd hunt that person down like a dog. The only amazing thing about any of this is that no one has done it yet. I'm going to make a prediction right now, that even though I'm the first, I sure as hell will not be the last. There's more to come."

AI

'Yes, I am a Human': Bot Detection Is No Longer Working 91

The rise of AI has rendered traditional CAPTCHA tests increasingly ineffective, as bots can now "[solve] these puzzles in milliseconds using artificial intelligence (AI)," reports The Conversation. "How ironic. The tools designed to prove we're human are now obstructing us more than the machines they're supposed to be keeping at bay." The report warns that the imminent arrival of AI agents -- software programs designed to autonomously interact with websites on our behalf -- will further complicate matters. From the report: Developers are continually coming up with new ways to verify humans. Some systems, like Google's ReCaptcha v3 (introduced in 2018), don't ask you to solve puzzles anymore. Instead, they watch how you interact with a website. Do you move your cursor naturally? Do you type like a person? Humans have subtle, imperfect behaviors that bots still struggle to mimic. Not everyone likes ReCaptcha v3 because it raises privacy issues -- plus the web company needs to assess user scores to determine who is a bot, and the bots can beat the system anyway. There are alternatives that use similar logic, such as "slider" puzzles that ask users to move jigsaw pieces around, but these too can be overcome.

Some websites are now turning to biometrics to verify humans, such as fingerprint scans or voice recognition, while face ID is also a possibility. Biometrics are harder for bots to fake, but they come with their own problems -- privacy concerns, expensive tech and limited access for some users, say because they can't afford the relevant smartphone or can't speak because of a disability. The imminent arrival of AI agents will add another layer of complexity. It will mean we increasingly want bots to visit sites and do things on our behalf, so web companies will need to start distinguishing between "good" bots and "bad" bots. This area still needs a lot more consideration, but digital authentication certificates are proposed as one possible solution.

In sum, Captcha is no longer the simple, reliable tool it once was. AI has forced us to rethink how we verify people online, and it's only going to get more challenging as these systems get smarter. Whatever becomes the next technological standard, it's going to have to be easy to use for humans, but one step ahead of the bad actors. So the next time you find yourself clicking on blurry traffic lights and getting infuriated, remember you're part of a bigger fight. The future of proving humanity is still being written, and the bots won't be giving up any time soon.
EU

EU Wants Apple To Open AirDrop and AirPlay To Android (9to5google.com) 47

The EU is pushing Apple to make iOS more interoperable with other platforms, requiring features like AirDrop and AirPlay to work seamlessly with Android and third-party devices, while also enabling background app functionality and cross-platform notifications. 9to5Google reports: A new document released (PDF) by the European Commission this week reveals a number of ways the EU wants Apple to change iOS and its features to be more interoperable with other platforms. There are some changes to iOS itself, such as opening up notifications to work on third-party smartwatches as they do with the Apple Watch. Similarly, the EU wants Apple to let iOS apps work in the background as Apple's first-party apps do, as this is a struggle of some apps, especially companion apps for accessories such as smartwatches (other than the Apple Watch, of course). But there are also some iOS features that the EU directly wants Apple to open up to other platforms, including Android. [...]

As our sister site 9to5Mac points out, Apple has responded (PDF) to this EU document, prominently criticizing the EU for putting out a mandate that "could expose your private information." Apple's document primarily focuses in on Meta, which the company says has made "more interoperability requests" than anyone else. Apple says that opening AirPlay to Meta would "[create] a new class of privacy and security issues, while giving them data about users homes." The EU is taking consultation on this case until January 9, 2025, and if Apple doesn't comply when the order is eventually put into effect, it could result in heavy fines.

Security

Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets (wired.com) 72

Longtime Slashdot reader sinij shares a report from Wired with the caption: "This story will be an on-going payday for traffic ticket lawyers. I am ordering one now." From the report: Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls -- or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to "jailbreak" digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image. That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. "You can put whatever you want on the screen, which users are not supposed to be able to do," says Rodriguez. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle -- whose driver would then receive the malicious user's tickets and toll bills. "If you can change the license plate number whenever you want, you can cause some real problems," Rodriguez says. All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features without paying Reviver's $29.99 monthly subscription fee. Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level -- in Reviver's chips themselves -- Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning -- a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. "It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it," he says.

Slashdot Top Deals