Teenagers using Meta's virtual reality headsets to cheat at the popular game Gorilla Tag are unknowingly selling access to their home internet connections to potential cybercriminals, cybersecurity researchers found. The players have been side-loading Big Mama VPN, a free Android app, onto their VR headsets to create lag that makes it easier to win the tag-based game. However, the app simultaneously operates as a residential proxy service, selling access to users' IP addresses on a marketplace frequented by cybercriminals.

Cybersecurity firm Trend Micro discovered VR headsets were the third most common devices using Big Mama VPN, after Samsung and Xiaomi devices. The company's proxy services have been promoted on cybercrime forums and were linked to at least one cyberattack, according to research from security firms Trend Micro and Kela.

Home Assistant (not to be confused with the Google Assistant on Google Home) has launched the Voice Preview Edition (Voice PE), its first dedicated voice assistant hardware for $59. The device offers a privacy-focused, locally controlled solution that supports over 50 languages and integrates seamlessly with the open-source smart home platform. As The Verge notes, Voice PE supports the wake words "Hey Jarvis" right out of the box. From the report: The Voice PE is a small white box, about the size of your palm, with dual microphones and an audio processor. An internal speaker lets you hear the assistant, but you can also connect a speaker to it via a 3.5 mm headphone jack for better-quality media playback. A colored LED ring on top of the Voice PE indicates when the assistant is listening. It surrounds a rotary dial and a physical button, which is used for setup and to talk to the voice assistant without using the wake word. The button can also be customized to do whatever you want (because this is Home Assistant). A physical mute switch is on the side, and the device is powered by USB-C (charger and cable not included). There's also a Grove port where you can add sensors and other accessories.

For those who don't like the idea of always-listening microphones in their home from companies such as Amazon and Google, but who still want the convenience of controlling their home with their voice, the potential here is huge. But it may be a while until Voice PE is ready to replace your Echo or Nest smart speaker. [...] if you want more features, Voice PE can connect to supported AI models, such as ChatGPT or Gemini, to fully replace Assist or use it as a fallback for commands it doesn't understand. But for many smart home users, there will be plenty of value in a simple, inexpensive device that lets you turn your lights on and off, start a timer, and execute other useful commands with your voice without relying on an internet connection.

Congress approved $3 billion Wednesday for a long-languishing project to cull Chinese equipment from networks nationwide over fears they are vulnerable to cyberattacks, underscoring the risk Beijing-sponsored hackers pose to phone and internet networks. From a report: The new funding comes as the Commerce Department reviews whether to ban routers made by the Chinese-owned company TP-Link, which account for more than half of the U.S. retail router market.

The actions reflect the heightened attention among Washington policymakers to the threat posed by Chinese state-linked hackers. U.S. officials revealed the "Volt Typhoon" hack last year and in recent months have expressed alarm over the even bigger "Salt Typhoon" hack. In both cases, Chinese government hackers successfully penetrated major U.S. phone networks and critical infrastructure facilities, and U.S. officials said they still have not been able to expel the Salt Typhoon interlopers.

An anonymous reader quotes a report from TechCrunch: GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations -- such as the name of their workplace -- spilling from one of Hapn's servers, which TechCrunch has seen.

Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones." According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.

The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.

An anonymous reader shares a report: Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 -- years before other nations plan to do so -- over fears that advances in quantum computing could render it insecure.

The Land Down Under's plans emerged last week when the Australian Signals Directorate (ASD) published guidance for High Assurance Cryptographic Equipment (HACE) -- devices that send and/or receive sensitive information -- that calls for disallowing the cryptographic algorithms SHA-256, RSA, ECDSA and ECDH, among others, by the end of this decade.

Bill Buchanan, professor in the School of Computing at Edinburgh Napier University, wrote a blog post in which he expressed shock that the ASD aims to move so quickly. "Basically, these four methods are used for virtually every web connection that we create, and where ECDH is used for the key exchange, ECDSA or RSA is used to authenticate the remote server, and SHA-256 is used for the integrity of the data sent," he wrote. "The removal of SHA-256 definitely goes against current recommendations."

Spain's leftwing government has introduced a bill requiring digital platforms and social media influencers with large followings to publish corrections to false or harmful information. The law intends to "[make] life more difficult for those who dedicate themselves to lies and spreading fake news every day," said justice minister Felix Bolanos. The Guardian reports: The draft law replaces legislation from 1984 and targets internet users who have more than 100,000 followers on a single platform or 200,000 across several, the justice ministry said in a statement. These outlets and the platforms that host them must have a mechanism to facilitate citizens' right to ask that false or inaccurate information that harms them be corrected publicly, the ministry said. The correction request will no longer have to be addressed to the outlet's director because confirming their identity is difficult for many "pseudo media," justice minister Felix Bolanos told a press conference.

The Supreme Court has rejected the broadband industry's challenge to a New York law that requires Internet providers to offer $15- or $20-per-month service to people with low incomes. From a report: In August, six trade groups representing the cable, telecom, mobile, and satellite industries filed a petition asking the Supreme Court to overturn an appeals court ruling that upheld the state law. But the Supreme Court won't take up the case. The Supreme Court denied the telecom groups' petition without comment in a list of orders released yesterday.

Although a US District Court judge blocked the law in 2021, that judge's ruling was reversed by the US Court of Appeals for the 2nd Circuit in April 2024. The Supreme Court's denial of the industry petition leaves the 2nd Circuit ruling in place. The appeals court ruling is an important one for the broader question of how states can regulate broadband providers when the Federal Communications Commission isn't doing so. Trade groups claimed the state law is preempted by former FCC Chairman Ajit Pai's repeal of net neutrality rules, which ended Title II common-carrier regulation of ISPs.

In a 2-1 opinion, a panel of 2nd Circuit appeals court judges said the Pai-era FCC "order stripped the agency of its authority to regulate the rates charged for broadband Internet, and a federal agency cannot exclude states from regulating in an area where the agency itself lacks regulatory authority."

Hundreds of websites will be shut down on the day that Britain's Online Safety Act comes into effect, in what are believed to be the first casualties of the new internet laws. From a report: Microcosm, a web forum hosting service that runs 300 sites including cycling forums and local community hubs, said that the sites would go offline on March 16, the day that Ofcom starts enforcing the Act.

Its owner said they were unable to comply with the lengthy requirements of the Act, which created a "disproportionately high personal liability." The new laws, which were designed to crack down on illegal content and protect children, threaten fines of at least $23 million for sites that fail to comply with the laws. On Monday, Ofcom set out more than 40 measures that it expects online services to follow by March, such as carrying out risk assessments about their sites and naming senior people accountable for ensuring safety.

Cloudflare's 2024 internet traffic report highlights a 17.2% global increase in traffic, with Google maintaining its position as the most visited service and the U.S. responsible for 34.6% of bot traffic. The Register reports: One surprise (or perhaps not) is that IPv6 traffic is actually down as a percentage of the packets that passed through Cloudflare's network. It says that 28.5 percent of global traffic was IPv6 during 2024, whereas last year's report put this figure at 33.75 percent. The company also reveals that a fifth of all TCP connections (20.7 percent) are unexpectedly terminated before any useful data can be exchanged. Causes of this could vary from DoS attacks, quirky client behavior, or a network interrupting a connection to filter content.

Coudflare says about half of these incidents were connections closed "Post SYN" -- after its server has received a client's SYN packet, but before a subsequent acknowledgement (ACK) or any useful data. These can be attributed to DoS attacks or internet scanning, while Post-ACK or Post-PSH anomalies are more often associated with connection tampering activity such as filtering, especially if they occur at high rates in specific networks. Mobile device traffic accounted for about 41.3 percent of the total, which is roughly the same as last year. This is largely split between the Apple and Android ecosystems, with iOS on almost a third and Android accounting for two-thirds. [...]

Google's Chrome appears to be the most popular browser by far, accounting for 65.8 percent of all requests during 2024. Just 15.5 percent came from Apple's Safari browser, which leads the way on iOS devices, naturally. Microsoft's Edge accounted for 6.9 percent of browsing, while Mozilla Firefox stood at 4 percent. For search engines, Google also claimed the top spot, with a greater than 88 percent share of all search traffic that passed through Cloudflare. Yandex and Baidu were next with 3.1 percent and 2.7 percent, respectively, while Bing trailed with 2.6 percent. DuckDuckGo accounted for 0.9 percent of searches. You can read Cloudflare's full Year in Review here.

An anonymous reader quotes a report from TechCrunch: The European Union is forging ahead with plans for a constellation of internet satellites to rival Elon Musk-owned Starlink, after signing a $11.1 billion deal to launch nearly 300 satellites into low- and medium-Earth orbits by 2030. The bloc wants the space tech to boost its digital sovereignty by providing secure comms to governments.

First announced in 2022, Iris^2 (Infrastructure for Resilience, Interconnectivity and Security by Satellite) is a public-private partnership whose initial cost estimate (6 billion euros) leapt 76% through a fraught negotiation process. In the end, the program will be 61% funded from the public purse; an industry consortium called SpaceRise, selected in October, is making up the difference. This grouping includes French satellite giant Eutelsat, which merged with European rival OneWeb back in 2022.

The non-profit, free certificate authority Let's Encrypt shared some news from their executive director as they approach their 10th anniversary in 2025: Internally things have changed dramatically from what they looked like ten years ago, but outwardly our service hasn't changed much since launch. That's because the vision we had for how best to do our job remains as powerful today as it ever was: free 90-day TLS certificates via an automated API. Pretty much as many as you need. More than 500,000,000 websites benefit from this offering today, and the vast majority of the web is encrypted.

Our longstanding offering won't fundamentally change next year, but we are going to introduce a new offering that's a big shift from anything we've done before — short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we've done so much to encourage automation over the past decade, most of our subscribers aren't going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It's not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day. That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago... It was hard to build Let's Encrypt. It was difficult to scale it to serve half a billion websites...

Charitable contributions from people like you and organizations around the world make this stuff possible. Since 2015, tens of thousands of people have donated. They've made a case for corporate sponsorship, given through their Donor-Advised Funds, or set up recurring donations, sometimes to give $3 a month. That's all added up to millions of dollars that we've used to change the Internet for nearly everyone using it.
Thanks to long-time Slashdot reader rastos1 for sharing the news.

The Washington Post reports: Years before the internet was created and the first smartphones buzzed to life, an educational platform called PLATO offered a glimpse of the digital world to come. Launched in 1960 at the University of Illinois at Urbana-Champaign [UIUC], it was the first generalized, computer-based instructional system, and grew into a home for early message boards, emails, chatrooms, instant messaging and multiplayer video games.

The platform's developer, Donald Bitzer, was a handball-playing, magic-loving electrical engineer who opened his computer lab to practically everyone, welcoming contributions from Illinois undergrads as well as teenagers who were still in high school. Dr. Bitzer, who died Dec. 10 at age 90, spent more than two decades working on PLATO, managing its growth and development while also pioneering digital technologies that included the plasma display panel, a forerunner of the ultrathin screens used on today's TVs and tablets. "All of the features you see kids using now, like discussion boards or forums and blogs, started with PLATO," he said during a 2014 return to Illinois, his alma mater. "All of the social networking we take for granted actually started as an educational tool."
Long-time Slashdot reader theodp found another remembrance online. "Ray Ozzie, whose LinkedIn profile dedicates more space to describing his work as a PLATO developer as a UIUC undergrad than it does to his later successes as a creator of Lotus Notes and as Microsoft's Chief Software Architect, offers his own heartfelt mini-obit." Ozzie writes: It's difficult to adequately convey how much impact he had on so many, and I implore you to take a few minutes to honor him by reading a bit about him and his contributions. Links below. As an insecure young CS student at UIUC in 1974, Paul Tenczar, working for/with Don, graciously gave me a chance as a jr. systems programmer on the mind-bogglingly forward thinking system known as PLATO. A global, interactive system for learning, collaboration, and community like no other at the time. We were young and in awe of how Don led, inspired, and managed to keep the project alive. I was introverted; shaking; stage fright. Yeah I could code. But how could such a deeply technical engineer assemble such a strong team to execute on such a totally novel and inspirational vision, secure government funding, and yet also demo the product on the Phil Donahue show?

"Here's to the crazy ones. The misfits. The rebels. The troublemakers. The ones who see things differently. They're not fond of rules." You touched so many of us and shaped who we became and the risks we would take, having an impact well beyond that which you created. You made us think and you made us laugh. I hope we made you proud."

An anonymous reader shared this report from the SF Standard: San Francisco police found Open AI whistleblower Suchir Balaji, 26, dead in his Lower Haight apartment November 26, SiliconValley.com reported on Friday. Police said there is "no evidence of foul play. "The manner of death has been determined to be suicide," David Serrano Sewell, director of the office of the city's chief medical examiner, told The Standard by email.

Balaji, a former researcher for the company, accused OpenAI of using copyrighted material to train ChatGPT shortly after he quit the company in August. The New York Times profiled Balaji in a story focused on his whistleblowing in October. Multiple lawsuits against Open AI are expected to present information Balaji unearthed as key evidence.
More details from TechCrunch: After nearly four years working at OpenAI, Balaji quit the company when he realized the technology would bring more harm than good to society, he told The New York Times. Balaji's main concern was the way OpenAI allegedly used copyright data, and he believed its practices were damaging to the internet.

"We are devastated to learn of this incredibly sad news today and our hearts go out to Suchir's loved ones during this difficult time," said an OpenAI spokesperson in an email to TechCrunch...

On November 25, one day before police found Balaji's body, a court filing named the former OpenAI employee in a copyright lawsuit brought against the startup. As part of a good faith compromise, OpenAI agreed to search Balaji's custodial file related to the copyright concerns he had recently raised.

Tucked away in a blog post about Google's quantum computing chip, Willow, Google Quantum AI founder Hartmut Neven wrote that the chip was so "mind-boggling" fast that it seemed to borrow computational power from other universes. According to Neven, the chip's performance suggests the existence of parallel universes, writing, "We live in a multiverse." TechCrunch reports: Here's the passage: "Willow's performance on this benchmark is astonishing: It performed a computation in under five minutes that would take one of today's fastest supercomputers 1025 or 10 septillion years. If you want to write it out, it's 10,000,000,000,000,000,000,000,000 years. This mind-boggling number exceeds known timescales in physics and vastly exceeds the age of the universe. It lends credence to the notion that quantum computation occurs in many parallel universes, in line with the idea that we live in a multiverse, a prediction first made by David Deutsch."

This drop-the-mic moment on the nature of reality was met with skepticism by some, but, surprisingly, others on the internet who profess to understand these things argued that Nevan's conclusions were more than plausible. The multiverse, while stuff of science fiction, is also an area of serious study by the founders of quantum physics. The skeptics, however, point out that the performance claims are based on the benchmark that Google itself created some years ago to measure quantum performance. That alone doesn't prove that parallel versions of you aren't running around in other universes -- just where the underlying measuring stick came from.

Healthcare giant Optum has restricted access to an internal AI chatbot used by employees after a security researcher found it was publicly accessible online, and anyone could access it using only a web browser. TechCrunch: The chatbot, which TechCrunch has seen, allowed employees to ask the company questions about how to handle patient health insurance claims and disputes for members in line with the company's standard operating procedures (SOPs).

While the chatbot did not appear to contain or produce sensitive personal or protected health information, its inadvertent exposure comes at a time when its parent company, health insurance conglomerate UnitedHealthcare, faces scrutiny for its use of artificial intelligence tools and algorithms to allegedly override doctors' medical decisions and deny patient claims.

Mossab Hussein, chief security officer and co-founder of cybersecurity firm spiderSilk, alerted TechCrunch to the publicly exposed internal Optum chatbot, dubbed "SOP Chatbot." Although the tool was hosted on an internal Optum domain and could not be accessed from its web address, its IP address was public and accessible from the internet and did not require users to enter a password.

Nearly half of American teenagers say they are online "constantly," according to a new survey by the Pew Research Center. The report was based on a survey of 1,391 U.S. teens ages 13 to 17 conducted from Sept. 18 to Oct. 10, 2024. The Associated Press reports: As in past years, YouTube was the single most popular platform teenagers used -- 90% said they watched videos on the site, down slightly from 95% in 2022. Nearly three-quarters said they visit YouTube every day. There was a slight downward trend in several popular apps teens used. For instance, 63% of teens said they used TikTok, down from 67% and Snapchat slipped to 55% from 59%.

This small decline could be due to pandemic-era restrictions easing up and kids having more time to see friends in person, but it's not enough to be truly meaningful. X saw the biggest decline among teenage users. Only 17% of teenagers said they use X, down from 23% in 2022, the year Elon Musk bought the platform. Reddit held steady at 14%. About 6% of teenagers said they use Threads, Meta's answer to X that launched in 2023. [...]

Meta's messaging service WhatsApp was a rare exception in that it saw the number of teenage users increase, to 23% from 17% in 2022. Pew also asked kids how often they use various online platforms. Small but significant numbers said they are on them âoealmost constantly.â For YouTube, 15% reported constant use, for TikTok, 16% and for Snapchat, 13%.

An anonymous reader shares a report: Russia has reportedly cut some regions of the country off from the rest of the world's internet for a day, effectively siloing them, according to reports from European and Russian news outlets reshared by the US nonprofit Institute for the Study of War (ISW) and Western news outlets.

Russia's communications authority, Roskomnadzor, blocked residents in Dagestan, Chechnya, and Ingushetia, which have majority-Muslim populations, ISW says. The three regions are in southwest Russia near its borders with Georgia and Azerbaijan. People in those areas couldn't access Google, YouTube, Telegram, WhatsApp, or other foreign websites or apps -- even if they used VPNs, according to a local Russian news site.

Russian digital rights NGO Roskomsvoboda told TechRadar that most VPNs didn't work during the shutdown, but some apparently did. It's unclear which ones or how many actually worked, though. Russia has been increasingly blocking VPNs more broadly, and Apple has helped the country's censorship efforts by taking down VPN apps on its Russian App Store. At least 197 VPNs are currently blocked in Russia, according to Russian news agency Interfax.

Cable industry lobbyists have urged the Federal Communications Commission to avoid regulating data caps and overage charges, comparing broadband plans to restaurant menus in a filing last week.

NCTA - The Internet & Television Association argued that usage-based pricing benefits low-income consumers by providing cheaper options, pushing back against advocacy groups who say data caps disproportionately harm price-sensitive users. The group likened different pricing models to restaurants offering tasting menus, buffets, or unlimited soup and salad.

Consumer advocates, including Public Knowledge and Free Press, countered that low-income households often have no choice but to accept data caps since lower-priced plans typically include usage limits. They cited examples of users like Gloria Simmons, a Georgia retiree who pays $60 monthly for internet service plus $10 for every 50 gigabytes over her data allowance.

An anonymous reader shares a report: Amazon on Tuesday said it is piloting a quick commerce service in India that will see the U.S. tech giant delivering grocery and other items in 15 minutes or less.

[...] The quick-commerce model -- delivering items to customers within 10 to 15 minutes -- hasn't worked in most parts of the world, but it's increasingly finding success in India, where a range of retailers and internet firms, from food delivery giant Swiggy to online cosmetics platform Nykaa, are gearing up their supply chain ecosystems to accommodate for faster deliveries.

Malaysian lawmakers voted in favor of broadening the government's control over the internet, unmoved by criticism that the law risks suppressing dissent and free speech. From a report: Communications Minister Fahmi Fadzil told parliament Monday that the government needed to amend existing laws to tackle online harm including scams, cyber-bullying, and more. "Freedom of speech does exist, but we are also given power through parliament to impose any necessary restrictions for the safety of the public," said Fahmi.

The bill imposes stricter penalties on content violations and grants sweeping powers to law enforcement, such as the right of any authorized officer to search and seize without a warrant. Service providers may also be held liable under the law, and compelled to disclose user data to authorities during investigations of alleged violations. More than 20 consultation sessions were held with stakeholders in the drafting of the bill, Fahmi said.