A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.

An anonymous reader quotes a report from The Verge: Secretary of State Marco Rubio announced Wednesday that the U.S. would restrict visas for "foreign nationals who are responsible for censorship of protected expression in the United States." He called it "unacceptable for foreign officials to issue or threaten arrest warrants on U.S. citizens or U.S. residents for social media posts on American platforms while physically present on U.S. soil" and "for foreign officials to demand that American tech platforms adopt global content moderation policies or engage in censorship activity that reaches beyond their authority and into the United States."

It's not yet clear how or against whom the policy will be enforced, but seems to implicate Europe's Digital Services Act, a law that came into effect in 2023 with the goal of making online platforms safer by imposing requirements on the largest platforms around removing illegal content and providing transparency about their content moderation. Though it's not mentioned directly in the press release about the visa restrictions, the Trump administration has slammed the law on multiple occasions, including in remarks earlier this year by Vice President JD Vance.

The State Department's homepage currently links to an article on its official Substack, where senior advisor for the Bureau of Democracy, Human Rights, and Labor Samuel Samson critiques the DSA as a tool to "silence dissident voices through Orwellian content moderation." He adds, "Independent regulators now police social media companies, including prominent American platforms like X, and threaten immense fines for non-compliance with their strict speech regulations." "We will not tolerate encroachments upon American sovereignty," Rubio says in the announcement, "especially when such encroachments undermine the exercise of our fundamental right to free speech."

A former Minnesota waitress unknowingly helped North Korean workers steal $17.1 million in wages from over 300 American companies through an elaborate remote work scheme, federal prosecutors said this week. Christina Chapman operated a "laptop farm" from her home, managing dozens of computers that allowed North Koreans using stolen U.S. identities to work as legitimate tech employees.

The FBI estimates this broader infiltration involves thousands of North Korean workers generating hundreds of millions annually for the sanctions-hit regime. Chapman, recruited via LinkedIn in 2020 to serve as "the U.S. face" for overseas IT workers, handled logistics including receiving company laptops, installing remote access software, and processing falsified employment documents.

The North Korean workers accessed the devices daily from overseas, with some maintaining jobs for months or years at major American corporations. Chapman earned just under $177,000 before the FBI raided her Arizona operation in October 2023, seizing over 90 computers. She pleaded guilty in February to wire fraud, identity theft, and money laundering charges, facing up to nine years in prison at her July sentencing.

Cloudflare CEO Matthew Prince warned that LaLiga's ISP blocking campaign -- intended to stop football piracy -- has caused widespread collateral damage by blocking millions of unrelated websites, including emergency services, in Spain. He called the strategy "bonkers" and expressed fear that lives could be lost due to the overblocking. TorrentFreak reports: Posting to X last week, Prince asked if anyone wanted any general feedback, declaring that he felt "in an especially truthful mood." The first response contained direct questions about the LaLiga controversy, the blame for which LaLiga places squarely on the shoulders of Cloudflare. For the first time since Cloudflare legal action failed to end LaLiga's blocking campaign, Prince weighed in with his assessment of the current situation and where he believes it's inevitably heading.

"A huge percentage of the Internet sits behind us, including small businesses and emergency resources in Spain," Prince explained. "The strategy of blocking broadly through ISPs based on IPs is bonkers because so much content, including emergency services content, can be behind any IP. The collateral damage is vast and is hurting Spanish citizens from accessing critical resources," he added. [...]

Despite LaLiga's unshakable claims to the contrary, Prince believes that it's not a case of 'if' disaster strikes, it's 'when.' "It's only a matter of time before a Spanish citizen can't access a life-saving emergency resource because the rights holder in a football match refuses to send a limited request to block one resource versus a broad request to block a whole swath of the Internet," Prince warned. "When that unfortunately and inevitably happens and harms lives, I'm confident policy makers and courts in Spain and elsewhere will make the right policy decision. Until then, it'll be up to users to make politicians clear on the risk. I pray no one dies."

The suggestion that LaLiga's demands were too broad, doesn't mean that Cloudflare is refusing to help, Prince suggested. On the contrary, there's a process available, LaLiga just needs to use it. "We've always been happy and willing to work with rights holders in conjunction with judicial bodies to protect their content. We have a clear process that works around the world to do that," Prince explained.

A German court has sentenced two former Volkswagen executives to prison and handed suspended sentences to two others for their roles in the Dieselgate emissions scandal, marking the conclusion of a nearly four-year fraud trial. Politico reports: The former head of diesel development was sentenced to four and a half years in prison, and the head of drive train electronics to two years and seven months by the court in Braunschweig, German news agency dpa reported. Two others received suspended sentences of 15 months and 10 months. The scandal began in September 2015 when the U.S. Environmental Protection Agency issued a notice of violation. saying that the company had rigged engine control software that let the cars pass emissions tests while they emitted far more pollution in actual driving.

The company has paid more than $33 billion in fines and compensation to vehicle owners. Two VW managers received prison sentence in the U.S. The former head of the company's Audi division, Rupert Stadler, was given a suspended sentence of 21 months and a fine of 1.1 million euros ($1.25 million). The sentence is still subject to appeal. Missing from the trial, which lasted almost four years, was former CEO Martin Winterkorn. Proceedings against him have been suspended because of health issues, and it's not clear when he might go on trial. Winterkorn has denied wrongdoing. Further proceedings are open against 31 other suspects in Germany.

An anonymous reader quotes a report from Ars Technica: For millions of music fans, the most controversial app ban of the past year was not the brief TikTok outage but the ongoing delisting of Musi from Apple's App Store. Those users are holding out hope that Musi can defeat Apple in court and soon be reinstated. However, rather than coming to any sort of resolution, that court fight has intensified over the past month, with both sides now seeking sanctions, TorrentFreak reported. [...] For Musi, the App Store removal came as an existential threat, prompting a lawsuit after Musi's attempts to work out the dispute with Apple outside of court failed. The music-streaming app has alleged that the Apple ban did not come at YouTube's request but at the request of Apple's apparent music industry friends who allegedly asked Apple to find a way to get the app removed -- prompting Apple to push YouTube to re-open a supposedly resolved complaint.

In a court filing, Apple claimed that this "conspiracy theory," as well as other "baseless" claims, were "false and misleading allegations" warranting sanctions. "Discovery thoroughly disproved Musi's baseless conspiracy theory that Apple schemed to eliminate the Musi app from the App Store to benefit 'friends' in the music industry," Apple argued. But Musi fired back over the weekend, calling (PDF) Apple's motion for sanctions "frivolous" and demanding sanctions be ordered instead against Apple for allegedly abusing the sanctions rule as a "tactic of intimidation and harassment." Musi noted that Apple's requested sanctions against Musi "are not appropriate if there is even 'some credible evidence,'" then included internal emails and references to testimony from Apple's own employees that seemingly met this low bar.

Most likely, this part of the dispute will not be settled until July 30, when a hearing is scheduled on the motions for sanctions. Apple is seemingly hoping that the court will agree that Musi's complaint misrepresents the facts and is so misleading that the complaint must be struck entirely, perhaps cutting out the heart of Musi's argument. However, Musi pointed out that Apple previously sought sanctions and withdrew that fight, allegedly recognizing that its bid for sanctions was "baseless." To convince the court that this second bid is "equally frivolous," Musi shared receipts, attaching internal communications from Apple employees that Apple allegedly worked hard to keep out of the courtroom.

An anonymous reader quotes a report : Washington is joining a growing list of states trying to tear down barriers for consumers who want to repair their electronics rather than buy new ones. Gov. Bob Ferguson last week signed the state's new "Right to Repair" policy, House Bill 1483, into law. It was a yearslong effort to get the law approved. "This is a win for every person in Washington state," said the bill's prime sponsor, Rep. Mia Gregerson, D-SeaTac.

In 2021, the Federal Trade Commission reported that consumers with broken electronics don't have much choice but to replace them because repairs require specialized tools, unique parts and inaccessible proprietary software. And those restrictions, the FTC found, disproportionately burden communities of color and low-income communities. Some companies engage in a practice called "parts pairing" that can make replacing parts of a device impossible. Washington's new law would largely outlaw this tactic.

Starting Jan. 1, 2026, the law will require manufacturers to make tools, parts and documentation needed for diagnostics and maintenance available to independent repair businesses. The requirement applies to digital electronics, like computers, cellphones and appliances, sold in Washington after July 1, 2021. Manufacturers won't be able to use parts that inhibit repairs. The state attorney general's office could enforce violations of the new law under the Consumer Protection Act.

Texas Governor Greg Abbott signed an online child safety bill, bucking a lobbying push from big tech companies that included a personal phone call from from Apple CEO Tim Cook. From a report: The measure requires app stores to verify users' ages and secure parental approval before minors can download most apps or make in-app purchases. The bill drew fire from app store operators such as Google and Apple, which has argued that the legislation threatens the privacy of all users.

The bill was a big enough priority for Apple that Cook called Abbott to emphasize the company's opposition to it, said a person familiar with their discussion, which was first reported by the Wall Street Journal.

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. From a report: "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach.

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

"In the 1970s, the USSR used nuclear devices to try to send water from Siberia's rivers flowing south, instead of its natural route north..." remembers the BBC. [T]he Soviet Union simultaneously fired three nuclear devices buried 127m (417ft) underground. The yield of each device was 15 kilotonnes (about the same as the atomic bomb dropped on Hiroshima in 1945). The experiment, codenamed "Taiga", was part of a two-decade long Soviet programme of carrying out peaceful nuclear explosions (PNEs).

In this case, the blasts were supposed to help excavate a massive canal to connect the basin of the Pechora River with that of the Kama, a tributary of the Volga. Such a link would have allowed Soviet scientists to siphon off some of the water destined for the Pechora, and send it southward through the Volga. It would have diverted a significant flow of water destined for the Arctic Ocean to go instead to the hot, heavily populated regions of Central Asia and southern Russia. This was just one of a planned series of gargantuan "river reversals" that were designed to alter the direction of Russia's great Eurasian waterways...

Years later, Leonid Volkov, a scientist involved in preparing the Taiga explosions, recalled the moment of detonation. "The final countdown began: ...3, 2, 1, 0... then fountains of soil and water shot upward," he wrote. "It was an impressive sight." Despite Soviet efforts to minimise the fallout by using a low-fission explosive, which produce fewer atomic fragments, the blasts were detected as far away as the United States and Sweden, whose governments lodged formal complaints, accusing Moscow of violating the Limited Test Ban Treaty...

Ultimately, the nuclear explosions that created Nuclear Lake, one of the few physical traces left of river reversal, were deemed a failure because the crater was not big enough. Although similar PNE canal excavation tests were planned, they were never carried out. In 2024, the leader of a scientific expedition to the lake announced radiation levels were normal.
"Perhaps the final nail in the coffin was the Chernobyl nuclear disaster in 1986, which not only consumed a huge amount of money, but pushed environmental concerns up the political agenda," the article notes.

"Four months after the Number Four Reactor at the Chernobyl Nuclear Power Plant exploded, Soviet Premier Mikhail Gorbachev cancelled the river reversal project."

And a Russian blogger who travelled to Nuclear Lake in the summer of 2024 told the BBC that nearly 50 years later, there were some places where the radiation was still significantly elevated.

"In large, companies failed to self-regulate," writes long-time Slashdot reader BrendaEM: They have not been respected the individual's right to privacy. In software and web interfaces, companies have buried their privacy setting so deep that they cannot be found in a reasonable amount of time, or an unreasonable amount of steps are needed to attempt to retain data. These companies have taken away the individual's right to privacy --by default.

Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?

And do we need opt-out-by-defaut privacy laws?

Longtime Slashdot reader sinij shares a press release from the White House, outlining a series of executive orders that overhaul the Nuclear Regulatory Commission and speed up deployment of new nuclear power reactions in the U.S.. From a report: The NRC is a 50-year-old, independent agency that regulates the nation's fleet of nuclear reactors. Trump's orders call for a "total and complete reform" of the agency, a senior White House official told reporters in a briefing. Under the new rules, the commission will be forced to decide on nuclear reactor licenses within 18 months. Trump said Friday the orders focus on small, advanced reactors that are viewed by many in the industry as the future. But the president also said his administration supports building large plants. "We're also talking about the big plants -- the very, very big, the biggest," Trump said. "We're going to be doing them also."

When asked whether NRC reform will result in staff reductions, the White House official said "there will be turnover and changes in roles." "Total reduction in staff is undetermined at this point, but the executive orders do call for a substantial reorganization" of the agency, the official said. The orders, however, will not remove or replace any of the five commissioners who lead the body, according to the White House. Any reduction in staff at the NRC would come at time when the commission faces a heavy workload. The agency is currently reviewing whether two mothballed nuclear plants, Palisades in Michigan and Three Mile Island in Pennsylvania, should restart operations, a historic and unprecedented process. [...]

Trump's orders also create a regulatory framework for the Departments of Energy and Defense to build nuclear reactors on federal land, the administration official said. "This allows for safe and reliable nuclear energy to power and operate critical defense facilities and AI data centers," the official told reporters. The NRC will not have a direct role, as the departments will use separate authorities under their control to authorize reactor construction for national security purposes, the official said. The president's orders also aim to jump start the mining of uranium in the U.S. and expand domestic uranium enrichment capacity, the official said. Trump's actions also aim to speed up reactor testing at the Department of Energy's national laboratories.

The U.S. unsealed charges against 16 individuals behind DanaBot, a malware-as-a-service platform responsible for over $50 million in global losses. "The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware," reports KrebsOnSecurity. From the report: Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and $4,000 a month for access to the information stealer platform. The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million. The ringleaders of the DanaBot conspiracy are named as Aleksandr Stepanov, 39, a.k.a. "JimmBee," and Artem Aleksandrovich Kalinkin, 34, a.k.a. "Onix," both of Novosibirsk, Russia. Kalinkin is an IT engineer for the Russian state-owned energy giant Gazprom. His Facebook profile name is "Maffiozi."

According to the FBI, there were at least two major versions of DanaBot; the first was sold between 2018 and June 2020, when the malware stopped being offered on Russian cybercrime forums. The government alleges that the second version of DanaBot -- emerging in January 2021 -- was provided to co-conspirators for use in targeting military, diplomatic and non-governmental organization computers in several countries, including the United States, Belarus, the United Kingdom, Germany, and Russia. The indictment says the FBI in 2022 seized servers used by the DanaBot authors to control their malware, as well as the servers that stored stolen victim data. The government said the server data also show numerous instances in which the DanaBot defendants infected their own PCs, resulting in their credential data being uploaded to stolen data repositories that were seized by the feds.

"In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the criminal complaint reads. "In other cases, the infections seemed to be inadvertent -- one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." A statement from the DOJ says that as part of today's operation, agents with the Defense Criminal Investigative Service (DCIS) seized the DanaBot control servers, including dozens of virtual servers hosted in the United States. The government says it is now working with industry partners to notify DanaBot victims and help remediate infections. The statement credits a number of security firms with providing assistance to the government, including ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Team CYRMU, and ZScaler.

An anonymous reader quotes a report from Ars Technica: Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

"What makes this campaign particularly concerning is the diversity of attack vectors -- from subtle data corruption to aggressive system shutdowns and file deletion," Pandya wrote. "The packages were designed to target different parts of the JavaScript ecosystem with varied tactics." [...] Some of the payloads were limited to detonate only on specific dates in 2023, but in some cases a phase that was scheduled to begin in July of that year was given no termination date. Pandya said that means the threat remains persistent, although in an email he also wrote: "Since all activation dates have passed (June 2023-August 2024), any developer following normal package usage today would immediately trigger destructive payloads including system shutdowns, file deletion, and JavaScript prototype corruption." The list of malicious packages included js-bomb, js-hood, vite-plugin-bomb-extend, vite-plugin-bomb, vite-plugin-react-extend, vite-plugin-vue-extend, vue-plugin-bomb, and quill-image-downloader.

The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. From a report: The new proposal was announced by the chairman of the State Duma, Vyacheslav Volodin, who presented it as a measure to tackle migrant crimes. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," stated Volodin.

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location, fingerprint, face photograph, real-time geo-location monitoring.

BrianFagioli writes: Signal has officially had enough, folks. You see, the privacy-first messaging app is going on the offensive, declaring war on Microsoft's invasive Recall feature by enabling a new "Screen security" setting by default on Windows 11. This move is designed to block Microsoft's AI-powered screenshot tool from capturing your private chats.

If you aren't aware, Recall was first unveiled a year ago as part of Microsoft's Copilot+ PC push. The feature quietly took screenshots of everything happening on your computer, every few seconds, storing them in a searchable timeline. Microsoft claimed it would help users "remember" what they've done. Critics called it creepy. Security experts called it dangerous. The backlash was so fierce that Microsoft pulled the feature before launch.

But now, in a move nobody asked for, Recall is sadly back. And thankfully, Signal isn't waiting around this time. The team has activated a Windows 11-specific DRM flag that completely blacks out Signal's chat window when a screenshot is attempted. If you've ever tried to screen grab a streaming movie, you'll know the result: nothing but black.

Three teenagers nearly escaped prosecution for a 2020 house fire that killed five people until Denver police discovered a novel investigative technique: requesting Google search histories for specific terms. Kevin Bui, Gavin Seymour, and Dillon Siebert had burned down a house in Green Valley Ranch, mistakenly targeting innocent Senegalese immigrants after Bui used Apple's Find My feature to track his stolen phone to the wrong address.

The August 2020 arson killed a family of five, including a toddler and infant. For months, detectives Neil Baker and Ernest Sandoval had no viable leads despite security footage showing three masked figures. Traditional methods -- cell tower data, geofence warrants, and hundreds of tips -- yielded nothing concrete. The breakthrough came when another detective suggested Google might have records of anyone searching the address beforehand.

Police obtained a reverse keyword search warrant requesting all users who had searched variations of "5312 Truckee Street" in the 15 days before the fire. Google provided 61 matching devices. Cross-referencing with earlier cell tower data revealed the three suspects, who had collectively searched the address dozens of times, including floor plans on Zillow.

The SEC on Wednesday said it has charged cryptocurrency startup Unicoin and three of its top executives for false and misleading statements that raised more than $100 million from thousands of investors. "We allege that Unicoin and its executives exploited thousands of investors with fictitious promises that its tokens, when issued, would be backed by real-world assets including an international portfolio of valuable real estate holdings," said Mark Cave, Associate Director in the SEC's Division of Enforcement. "But as we allege, the real estate assets were worth a mere fraction of what the company claimed, and the majority of the company's sales of rights certificates were illusory. Unicoin's most senior executives are alleged to have perpetuated the fraud, and today's action seeks accountability for their conduct." From the release: The SEC alleges that Unicoin broadly marketed rights certificates to the public through extensive promotional efforts, including advertisements in major airports, on thousands of New York City taxis, and on television and social media. Among other things, Unicoin and its executives are alleged to have convinced more than 5,000 investors to purchase rights certificates through false and misleading statements that portrayed them as investments in safe, stable, and profitable "next generation" crypto assets, including claims that:

- Unicoin tokens underlying the rights certificates were "asset-backed" by billions of dollars of real estate and equity interests in pre-IPO companies, when Unicoin's assets were never worth more than a small fraction of that amount;
- the company had sold more than $3 billion in rights certificates, when it raised no more than $110 million; and
- the rights certificates and Unicoin tokens were "SEC-registered" or "U.S. registered" when they were not.

According to the SEC's complaint, Unicoin and Konanykhin also violated the federal securities laws by engaging in unregistered offers and sales of rights certificates. Konanykhin offered and sold over 37.9 million of his rights certificates to offer better pricing and target investors the company had prohibited from participating in the offering to avoid jeopardizing its exemption to registration requirements, as alleged.

Quebec Culture Minister Mathieu Lacombe has introduced Bill 109, which would require streaming platforms like Netflix and Spotify to feature and prioritize French-language content. CBC.ca reports: Bill 109 has been in the works for over a year. It marks the first time that Quebec would set a "visibility quota" for French-language content on major streaming platforms such as Netflix, Disney and Spotify. [...] The legislation, titled An Act to affirm the cultural sovereignty of Quebec and to enact the Act respecting the discoverability of French-language cultural content in the digital environment, would apply to every digital platform that offers a service for watching videos or listening to music and audiobooks online. Those include Canadian platforms such as Illico, Crave and Tou.tv. It would amend the Quebec Charter of Human Rights and Freedoms to enshrine "the right to discoverability of and access to original French-language cultural content."

If the bill is adopted, streaming platforms and television manufacturers would be forced to present interfaces for screening online videos in French by default. Those interfaces would need to provide access to platforms that offer original French-language cultural content based on the government's pending criteria. Financial penalties would be imposed on companies that don't follow the rules. If the business models of some companies prevent them from keeping to the letter of the proposed law, companies would be allowed to enter into an agreement with the Quebec government to set out "substitute measures" to fulfil Bill 109 obligations differently. "We don't want to exempt them. We're telling them, 'let's negotiate substitute measures,'" Lacombe told reporters.