Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."

The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."

But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."

Thanks to long-time Slashdot reader sinij for sharing the news.

Friday America's consumer watchdog agency "proposed a rule to give virtual video game currencies protections similar to those of real-world bank accounts..." reports the Washington Post, "so players can receive refunds or compensation for unauthorized transactions, similar to how banks are required to respond to claims of fraudulent activity." The Consumer Financial Protection Bureau is seeking public input on a rule interpretation to clarify which rights are protected and available to video game consumers under the Electronic Fund Transfer Act. It would hold video game companies subject to violations of federal consumer financial law if they fail to address financial issues reported by customers. The public comment period lasts from Friday through March 31. In particular, the independent federal agency wants to hear from gamers about the types of transactions they make, any issues with in-game currencies, and stories about how companies helped or denied help.

The effort is in response to complaints to the bureau and the Federal Trade Commission about unauthorized transactions, scams, hacking attempts and account theft, outlined in an April bureau report that covered banking in video games and virtual worlds. The complaints said consumers "received limited recourse from gaming companies." Companies may ban or lock accounts or shut down a service, according to the report, but they don't generally guarantee refunds to people who lost property... The April report says the bureau and FTC received numerous complaints from players who contacted their banks regarding unauthorized charges on Roblox. "These complaints note that while they received refunds through their financial institutions, Roblox then terminated or locked their account," the report says.

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

An anonymous reader shared this report from CNN: New intelligence has led two US intelligence agencies to conclude that it's possible a small number of mysterious health ailments colloquially termed as Havana Syndrome impacting spies, soldiers and diplomats around the world may have been caused by a "novel weapon" wielded by a foreign actor, according to intelligence officials and a new unclassified summary report released on Friday. However, the two agencies are in the minority and the broader intelligence community assessment remains that it is very unlikely that the symptoms were caused by a foreign actor, according to the unclassified report summary issued Friday — even as an official with the Office of the Director of National Intelligence [ODNI] emphasized that analysts cannot "rule out" the possibility in some small number of cases.

The subtle, technocratic shift in the assessment over the cause of Havana Syndrome has reignited a bitter debate that has split US officials, Capitol Hill and victims over the likelihood that the bizarre injuries were caused by a weapon or a host of disparate, natural causes. Sometime in the last two years, the US received new intelligence that indicated a foreign nation's directed energy research programs had been "making progress," according to the official. That led one unnamed intelligence agency to assess that there was a "roughly even chance" that a foreign country has used some kind of novel weapon against a small group of victims, causing the symptoms that the government officially calls "anomalous health incidents" — headaches, vertigo and even, in some cases, signs of traumatic brain injury. A second intelligence agency assessed a "roughly even" chance that a foreign actor possessed such a weapon but is unlikely to have deployed it against US personnel...

But both judgments were made with low confidence, according to the ODNI official. And critically, possessing a capability is not the same as proof that it has been used.
The article notes that U.S. intelligence and administration officials "do not doubt that the injuries are real and deserving of government compensation." But one official in the Office of the Director of National Intelligence told CNN "The intelligence does not link a foreign actor to these events. Indeed, it points away from their involvement." And they added that all U.S. Intelligence Community components "agree that years of Intelligence Community collection, targeting and analytic efforts have not surfaced compelling intelligence reporting that ties a foreign actor to any specific event reported" as a possible anomalous health incident.

CNN adds that "the official said some evidence directly contradicts the notion that a foreign government was involved." The White House emphasized that research to determine the causes of the incidents is ongoing... On Friday, officials emphasized that the intelligence community is now supporting lab work on whether radio frequencies can cause "bioeffects" in line with what victims have reported. The latest findings from limited studies have shown mixed results, while previously most results had shown no effects, officials said. A panel of experts assembled by the intelligence community that studied a smaller set of incidents previously found that the symptoms might be explained by "pulsed electromagnetic or acoustic energy," as opposed to environmental or medical conditions. "There was unanimous judgment by the panel that the most plausible explanation for a subset of cases was exposure to directed energy," a second senior administration official said.

But complicating matters for victims and analysts is the fact that not all of those reporting Anomalous Health Incidents have the same set of symptoms — and the vast majority of cases have been explained by other causes, officials have previously said...

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content.

Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content."

The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored...

The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents "using a compromised credential," the California-based biz told its clients in an email seen by Register this week.

[...] "We believe the unauthorized actor extracted two tables within the student information system database," a spokesperson told us. "These tables primarily include contact information with data elements such as name and address information for families and educators. "For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. "Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations." While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion "may have been more serious and gone on much longer than has been publicly acknowledged so far," reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

"Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust" may have been compromised, too.

An anonymous reader quotes a report from Crypto Briefing: The US Department of Justice (DOJ) has been authorized to sell approximately 69,370 Bitcoin seized in connection with the Silk Road darknet marketplace, a haul currently valued at around $6.5 billion, DB News reported Wednesday. The decision is set to end a years-long legal dispute over the BTC stash's ownership. On December 30, a federal judge ruled in favor of the DOJ's request to liquidate the crypto assets, the report said. Battle Born Investments, which had asserted a claim to the Bitcoin stash through a bankruptcy estate, ultimately failed in its bid to delay the sale.

As noted, the group had pursued a Freedom of Information Act (FOIA) request seeking the identity of "Individual X," who initially surrendered Bitcoin, but the effort also proved unsuccessful. Battle Born's legal counsel criticized the DOJ's handling of the case, alleging the department employed "procedural trickery" in its use of civil asset forfeiture to avoid scrutiny. The DOJ, in its arguments before the court, cited Bitcoin's price volatility as motivation for seeking a quick sale of the seized assets. A DOJ spokesperson, when contacted, stated, "The Government will proceed further consistent with the judgment in this case."

The update comes after the US Supreme Court refused to hear an appeal challenging the seizure of the Bitcoin stash, which was brought by Battle Born last October. The decision likely paved the way for the US government to sell Bitcoin, which was valued at $4.4 billion at the time. The US Marshals Service is expected to manage the liquidation process, which, if confirmed, will be one of the largest sales of seized crypto in history. Further reading: Judge Rejects Man From Retrieving $750 Million of Bitcoin From Landfill

An IT engineer from Wales lost a decade-long legal battle to recover a hard drive containing 8,000 Bitcoins from a Newport landfill. The hard drive, accidentally thrown away in 2013, is now valued between $700-750 million. crypto.news reports: However, Judge Keyser KC ruled there were no "reasonable grounds" for the claim, citing environmental concerns and the council's ownership of the landfill contents. The landfill reportedly holds 1.4 million tonnes of waste, but Howells claims to have pinpointed the hard drive's location to a 100,000-ton section. Reacting to the ruling, Howells expressed frustration, calling it a "kick in the teeth," according to the BBC.

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy. 404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.

The Biden administration plans one additional round of restrictions on the export of AI chips before leaving office, "a final push in his effort to keep advanced technologies out of the hands of China and Russia," reports Bloomberg. From the report: The US wants to curb the sale of AI chips used in data centers on both a country and company basis, with the goal of concentrating AI development in friendly nations and getting businesses around the world to align with American standards, according to people familiar with the matter. The result would be an expansion of semiconductor caps to most of the world -- an attempt to control the spread of AI technology at a time of soaring demand. The regulations, which could be issued as soon as Friday, would create three tiers of chip trade restrictions, said the people, who asked not to be identified because the discussions are private.

At the top level, a small number of US allies would maintain essentially unmitigated access to American chips. A group of adversaries, meanwhile, would be effectively blocked from importing the semiconductors. And the vast majority of the world would face limits on the total computing power that can go to one country. Countries in the last group would be able to bypass their national limits -- and get their own, significantly higher caps -- by agreeing to a set of US government security requirements and human rights standards, one of the people said. That type of designation -- called a validated end user, or VEU -- aims to create a set of trusted entities that develop and deploy AI in secure environments around the world.

Plaintiffs in Kadrey v. Meta allege that Meta CEO Mark Zuckerberg authorized the team behind the company's Llama AI models to use a dataset of pirated ebooks and articles for training. They further accuse the company of concealing its actions by stripping copyright information and torrenting the data. TechCrunch reports: In newly unredacted documents filed (PDF) with the U.S. District Court for the Northern District of California late Wednesday, plaintiffs in Kadrey v. Meta, who include bestselling authors Sarah Silverman and Ta-Nehisi Coates, recount Meta's testimony from late last year, during which it was revealed that Zuckerberg approved Meta's use of a data set called LibGen for Llama-related training. LibGen, which describes itself as a "links aggregator," provides access to copyrighted works from publishers including Cengage Learning, Macmillan Learning, McGraw Hill, and Pearson Education. LibGen has been sued a number of times, ordered to shut down, and fined tens of millions of dollars for copyright infringement.

According to Meta's testimony, as relayed by plaintiffs' counsel, Zuckerberg cleared the use of LibGen to train at least one of Meta's Llama models despite concerns within Meta's AI exec team and others at the company. The filing quotes Meta employees as referring to LibGen as a "data set we know to be pirated," and flagging that its use "may undermine [Meta's] negotiating position with regulators." The filing also cites a memo to Meta AI decision-makers noting that after "escalation to MZ," Meta's AI team "[was] approved to use LibGen." (MZ, here, is rather obvious shorthand for "Mark Zuckerberg.")

The details seemingly line up with reporting from The New York Times last April, which suggested that Meta cut corners to gather data for its AI. At one point, Meta was hiring contractors in Africa to aggregate summaries of books and considering buying the publisher Simon & Schuster, according to the Times. But the company's execs determined that it would take too long to negotiate licenses and reasoned that fair use was a solid defense. The filing Wednesday contains new accusations, like that Meta might've tried to conceal its alleged infringement by stripping the LibGen data of attribution.

An anonymous reader quotes a report from Ars Technica: A federal judge this week rejected Google's motion to throw out a class-action lawsuit alleging that it invaded the privacy of users who opted out of functionality that records a users' web and app activities. A jury trial is scheduled for August 2025 in US District Court in San Francisco. The lawsuit concerns Google's Web & App Activity (WAA) settings, with the lead plaintiff representing two subclasses of people with Android and non-Android phones who opted out of tracking. "The WAA button is a Google account setting that purports to give users privacy control of Google's data logging of the user's web app and activity, such as a user's searches and activity from other Google services, information associated with the user's activity, and information about the user's location and device," wrote (PDF) US District Judge Richard Seeborg, the chief judge in the Northern District Of California.

Google says that Web & App Activity "saves your activity on Google sites and apps, including associated info like location, to give you faster searches, better recommendations, and more personalized experiences in Maps, Search, and other Google services." Google also has a supplemental Web App and Activity setting that the judge's ruling refers to as "(s)WAA." "The (s)WAA button, which can only be switched on if WAA is also switched on, governs information regarding a user's '[Google] Chrome history and activity from sites, apps, and devices that use Google services.' Disabling WAA also disables the (s)WAA button," Seeborg wrote. But data is still sent to third-party app developers through the Google Analytics for Firebase (GA4F), "a free analytical tool that takes user data from the Firebase kit and provides app developers with insight on app usage and user engagement," the ruling said. GA4F "is integrated in 60 percent of the top apps" and "works by automatically sending to Google a user's ad interactions and certain identifiers regardless of a user's (s)WAA settings, and Google will, in turn, provide analysis of that data back to the app developer."

Plaintiffs have brought claims of privacy invasion under California law. Plaintiffs "present evidence that their data has economic value," and "a reasonable juror could find that Plaintiffs suffered damage or loss because Google profited from the misappropriation of their data," Seeborg wrote. The lawsuit was filed in July 2020. The judge notes that summary judgment can be granted when "there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Google hasn't met that standard, he ruled. In a statement provided to Ars, Google said that "privacy controls have long been built into our service and the allegations here are a deliberate attempt to mischaracterize the way our products work. We will continue to make our case in court against these patently false claims."

An anonymous reader quotes a report from Bloomberg: Italy is in advanced talks with Elon Musk's SpaceX for a deal to provide secure telecommunications for the nation's government -- the largest such project in Europe, people with knowledge of the matter said Sunday. Discussions are ongoing, and a final agreement on the five-year contract hasn't been reached, said the people, who asked not to be identified citing confidential discussions. The project has already been approved by Italy's Intelligence Services as well as Italy's Defense Ministry, they said. Italy on Monday confirmed discussions are ongoing, saying no deal had yet been reached. "The talks with SpaceX are part of normal government business," the government said.

The negotiations, which had stalled until recently, appeared to move forward after Italian Prime Minister Giorgia Meloni visited President-elect Donald Trump in Florida on Saturday. The Italian government said the two didn't discuss the issue during their meeting. Italian officials have been negotiating on a $1.6 billion deal aimed at supplying Italy with a full range of top-level encryption for telephone and Internet services used by the government, the people said. The plan also includes communications services for the Italian military in the Mediterranean area as well as the rollout of so-called direct-to-cell satellite services in Italy for use in emergencies like terror attacks or natural disasters, they said. The possible deal has been under review since mid-2023. It's been opposed by some Italian officials concerned about how the services may detract from local carriers.

BleepingComputer's Sergiu Gatlan reports: "Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. The Cyber Trust Mark label, which will appear on smart products sold in the United States later this year, will help American consumers determine whether the devices they want to buy are safe to install in their homes. It's designed for consumer smart devices, such as home security cameras, TVs, internet-connected appliances, fitness trackers, climate control systems, and baby monitors, and it signals that the internet-connected device comes with a set of security features approved by NIST.

Vendors will label their products with the Cyber Trust Mark logo if they meet the National Institute of Standards and Technology (NIST) cybersecurity criteria. These criteria include using unique and strong default passwords, software updates, data protection, and incident detection capabilities. Consumers can scan the QR code included next to the Cyber Trust Mark labels for additional security information, such as instructions on changing the default password, steps for securely configuring the device, details on automatic updates (including how to access them if they are not automatic), the product's minimum support period, and a notification if the manufacturer does not offer updates for the device. "Americans are worried about the rise of criminals remotely hacking into home security systems to unlock doors, or malicious attackers tapping into insecure home cameras to illicitly record conversations," the Biden administration said on Tuesday.

"The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devise [sic], much as EnergyStar labels did for energy efficiency.

Telegram's Transparency Report reveals a sharp increase in U.S. government data requests, with 900 fulfilled requests affecting 2,253 users. "The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company's unwillingness to provide user data in a child abuse investigation," notes 404 Media. From the report: Between January 1 and September 30, 2024, Telegram fulfilled 14 requests "for IP addresses and/or phone numbers" from the United States, which affected a total of 108 users, according to Telegram's Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data. "Fulfilled requests from the United States of America for IP address and/or phone number: 900," Telegram's Transparency Reports bot said when prompted for the latest report by 404 Media. "Affected users: 2253," it added.

A month after Durov's arrest in August, Telegram updated its privacy policy to say that the company will provide user data, including IP addresses and phone numbers, to law enforcement agencies in response to valid legal orders. Up until then, the privacy policy only mentioned it would do so when concerning terror cases, and said that such a disclosure had never happened anyway. Even though the data technically covers the entire of 2024, the jump from a total of 108 affected users in October to 2253 as of now, indicates that the vast majority of fulfilled data requests were in the last quarter of 2024, showing a huge increase in the number of law enforcement requests that Telegram completed. You can access the platform's transparency reports here.

Former MoviePass CEO Theodore Farnsworth has pleaded guilty to securities fraud and conspiracy charges for misleading investors about the movie subscription service's "unlimited plan" and its parent company's capabilities, U.S. prosecutors said.

Farnsworth falsely claimed the $9.95 monthly unlimited movie plan was sustainable and that Helios & Matheson Analytics could monetize subscriber data through artificial intelligence, knowing both statements were untrue. He faces up to 20 years in prison for MoviePass-related fraud and five years for a separate conspiracy charge involving Vinco Ventures.

The shift from paywalled to open-access scientific publishing is progressing, driven in part by platforms like Sci-Hub -- a website that allows users to upload PDFs of published papers and share them with anyone. While the shadow library website has faced ongoing attempts by publishers to block access, it has another problem: the platform features many outdated or retracted papers that could spread misinformation or flawed findings. Ars Technica reports: Sci-Hub works a bit like a combination of cache and aggregator for published materials. Whenever it gets a request for a paper that's not already in its database, it uses leaked login credentials to go to the website of whatever journal published the paper and obtain a copy. If it already has a copy, however, it will simply serve that up instead. This leaves open the possibility that it will have obtained a copy of a paper prior to its retraction and continue to distribute that copy after the paper has been retracted.

To check this, the researchers obtained a list of nearly 17,000 retracted papers and searched for them on Sci-Hub. They then visually examined the documents that were returned. They found that 85 percent of them contained no indication that the paper had been retracted. "The availability of [unlabeled retracted articles] in the field of health sciences is particularly high," they note, "which indicates a significant risk of their unintended use and further citation in future research."

While corrections are less severe than retractions, they're likely to suffer a similar problem. And corrections will often involve the technical details of a paper -- the experimental approaches or raw data that will be critical for anyone wanting to replicate or extend previously published results. So, if anything, their impact will be more significant. Ars notes that a system called Crossmark is available to help find the most up-to-date version of a paper, including any corrections or retraction notices.

According to police, the man killed in the January 1st Las Vegas Cybertruck blast used ChatGPT to plan the explosion. The Hill reports: In a press conference, Tuesday, Las Vegas police released more details of the intentions of 37-year-old Matthew Livelsberger, who died of a gunshot wound prior to the car exploding. Las Vegas Sheriff Kevin McMahill said it was concerning that Livelsberger used ChatGPT, a popular artificial intelligence model created by OpenAI, to carry out the explosion. According to police, Livelsberger asked ChatGPT various questions, including where the largest gun stores in Denver were, information about the explosive targets Tannerite and pistols. "We knew that AI was going to change the game at some point or another in really all of our lives and certainly, I think this is the first incidence that I'm aware of on U.S. soil where ChatGPT is utilized to help an individual build a particular device, to learn information all across the country as they're moving forward," McMahill said.

"And so, absolutely, it's a concerning moment for us," he continued.

An anonymous reader quotes a report from Ars Technica: The US Justice Department today announced it filed an antitrust lawsuit against "six of the nation's largest landlords for participating in algorithmic pricing schemes that harmed renters." One of the landlords, Cortland Management, agreed to a settlement "that requires it to cooperate with the government, stop using its competitors' sensitive data to set rents and stop using the same algorithm as its competitors without a corporate monitor," the DOJ said. The pending settlement requires Cortland to "cooperate fully and truthfully... in any civil investigation or civil litigation the United States brings or has brought" on this subject matter.

The US previously sued RealPage, a software maker accused of helping landlords collectively set prices by giving them access to competitors' nonpublic pricing and occupancy information. The original version of the lawsuit described actions by landlords but did not name any as defendants. The Justice Department filed an amended complaint (PDF) today in order to add the landlords as defendants. The landlord defendants are Greystar, LivCor, Camden, Cushman, Willow Bridge, and Cortland, which collectively "operate more than 1.3 million units in 43 states and the District of Columbia," the DOJ said. "The amended complaint alleges that the six landlords actively participated in a scheme to set their rents using each other's competitively sensitive information through common pricing algorithms," the DOJ said. The phrase "price fixing" came up in discussions between landlords, the amended complaint said: "For example, in Minnesota, property managers from Cushman & Wakefield, Greystar, and other landlords regularly discussed competitively sensitive topics, including their future pricing. When a property manager from Greystar remarked that another property manager had declined to fully participate due to 'price fixing laws,' the Cushman & Wakefield property manager replied to Greystar, 'Hmm... Price fixing laws huh? That's a new one! Well, I'm happy to keep sharing so ask away. Hoping we can kick these concessions soon or at least only have you guys be the only ones with big concessions! It's so frustrating to have to offer so much.'"

The Justice Department is joined in the case by the attorneys general of California, Colorado, Connecticut, Illinois, Massachusetts, Minnesota, North Carolina, Oregon, Tennessee, and Washington. The case is in US District Court for the Middle District of North Carolina.

Further reading: Are We Entering an AI Price-Fixing Dystopia?

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. 404 Media: The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.