The Guardian: For some, the adverts that precede the start of a film are the bane of a trip to the cinema; for others, they are a useful buffer as you stand in the popcorn queue. But for one man in India, the lengthy marathon of cinema advertising was so infuriating that he took the matter to the courts -- and won. Abhishek MR, a 30-year-old man from the southern city of Bangalore, had booked a trip to the cinema with friends in December last year to watch wartime drama Sam Bahadur.

But while the scheduled time he had booked the ticket for was 4.05pm, he had to sit through 25 minutes of adverts for upcoming features and commercial items such as homewares, mobile phones and cars before the film actually began. Having planned to return to work straight after the film, Abhishek MR was angered by what he felt was a costly disruption to his life. He filed a lawsuit against PVR Inox, India's largest cinema multiplex chain, stating that: "The complainant could not attend other arrangements and appointments which were scheduled for the day and has faced losses that cannot be calculated in terms of money as compensation." Bruce66423 adds: Great outcome -- and only 25 minutes of garbage punished. Note that Indian cinemas also make patrons sit through 15 minutes of adverts in the middle of the film.

Chegg has filed a lawsuit against Google, accusing the tech giant of using AI-generated overviews to undermine publishers by reducing site traffic and eroding financial incentives for original content. Chegg claims this practice violates antitrust laws and threatens the integrity of the online information ecosystem. Reuters reports: This will eventually lead to a "hollowed-out information ecosystem of little use and unworthy of trust," the company said. The Santa Clara, California-based company has said Google's AI overviews have caused a drop in visitors and subscribers. Chegg was trading at around $1.63 on Monday, down more than 98% from its peak price in 2021.

The company announced it would lay off 21% of its staff in November. Nathan Schultz, CEO of Chegg, said on Monday that Google is profiting off the company's content for free. "Our lawsuit is about more than Chegg -- it's about the digital publishing industry, the future of internet search, and about students losing access to quality, step-by-step learning in favor of low-quality, unverified AI summaries," he said.

Publishers allow Google to crawl their websites to generate search results, which Google monetizes through advertising. In exchange, the publishers receive search traffic to their sites when users click on the results, Chegg said. But Google has started coercing publishers to let it use the information for AI overviews and other features that result in fewer site visitors, the company said. Chegg argued the conduct violates a law against conditioning the sale of one product on the customer selling or giving its supplier another product.

On Wednesday Mozilla president Mark Surman "announced plans to tackle what he says are 'major headwinds' facing the company's ability to grow, make money, and remain relevant," reports the blog OMG Ubuntu: "Mozilla's impact and survival depend on us simultaneously strengthening Firefox AND finding new sources of revenue AND manifesting our mission in fresh ways," says Surman... It will continue to invest in privacy-respecting advertising; fund, develop and push open-source AI features in order to retain 'product relevance'; and will go all-out on novel new fundraising initiatives to er, get us all to chip in and pay for it!

Mozilla is all-in on AI; Surman describes it as Mozilla's North Star for the work it will do over the next few years. I wrote about its new 'Orbit' AI add-on for Firefox recently...

Helping to co-ordinate, collaborate and come up with ways to keep the company fixed and focused on these fledgling effort is a brand new Mozilla Leadership Council.
The article argues that without Mozilla the web would be "a far poorer, much ickier, and notably less FOSS-ier place..." Or, as Mozilla's blog post put it Wednesday, "Mozilla is entering a new chapter — one where we need to both defend what is good about the web and steer the technology and business models of the AI era in a better direction.

"I believe that we have the people — indeed, we ARE the people — to do this, and that there are millions around the world ready to help us. I am driven and excited by what lies ahead."

An anonymous reader shared this report from the Washington Post's "Tech Brief": Last fall, reports that Kroger was considering bringing facial recognition technology into its stores sparked outcry from lawmakers and customers. They worried personalized data could be used to charge different prices for different customers based on their shopping habits, financial circumstances or appearance. Kroger, the country's largest supermarket chain, had already been using digital price tags in its stores.

Kroger told lawmakers that it doesn't use facial recognition to help it set prices, a stance the company reiterated to the Tech Brief on Thursday. Still, the uproar helped to spark a push by consumer advocates who warn that the threat of invasive, personalized pricing schemes is real. Now, Democratic lawmakers in several states are working to ban so-called "surveillance pricing" — when businesses charge customers more or less for the same item based on their personal information.
Besides a bill in California, three more bill were introduced this month in Colorado, Georgia, and Illinois that also ban "surveillance wages," which the article defines as employers adjusting wages based on how much data an employee collects. "Both surveillance pricing and surveillance wages really disrupt fundamental ideals of fairness," University of California, Irvine law professor Veena Dubal tells the Washington Post.

Dubal is one of the consumer advocates behind a new report which notes information released last month by America's consumer-protecting FTC that "suggests that surveillance pricing tools are being actively developed and marketed across a range of industries, including consumer-facing businesses like 'grocery stores, apparel retailers, health and beauty retailers, home goods and furnishing stores, convenience stores, building and hardware stores, and general merchandise retailers such as department or discount stores." The consumer advocates (which include the Electronic Privacy Information Center) put it this way.

"Imagine walking into a grocery store and seeing a price for milk that's higher than what the next shopper pays because an algorithm calculated that you're willing to spend more..."

California sued to fine a data-harvesting company, reports the Washington Post, calling it "a rare step to put muscle behind one of the strongest online privacy laws in the United States." Even when states have tried to restrict data brokers, it has been tough to make those laws stick. That has generally been a problem for the 19 states that have passed broad laws to protect personal information, said Matt Schwartz, a policy analyst for Consumer Reports. He said there has been only 15 or so public enforcement actions by regulators overseeing all those laws. Partly because companies aren't held accountable, they're empowered to ignore the privacy standards. "Noncompliance is fairly widespread," Schwartz said. "It's a major problem."

That's why California is unusual with a data broker law that seems to have teeth. To make sure state residents can order all data brokers operating in the state to delete their personal records [with a single request], California is now requiring brokers to register with the state or face a fine of $200 a day. The state's privacy watchdog said Thursday that it filed litigation to force one data broker, National Public Data, to pay $46,000 for failing to comply with that initial phase of the data broker law. NPD declined to comment through an attorney... This first lawsuit for noncompliance, Schwartz said, shows that California is serious about making companies live up to their privacy obligations... "If they can successfully build it and show it works, it will create a blueprint for other states interested in this idea," he said.
Last summer NPD "spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online," according to the blog Krebs on Security, adding that another NPD data broker sharing access to the same consumer records "inadvertently published the passwords to its back-end database in a file that was freely available from its homepage..."

California's attempt to regulate the industry inspired the nonprofit Consumer Reports to create an app called Permission Slip that reveals what data companies collect and, for people in U.S. states, will "work with you to file a request, telling companies to stop selling your personal information."

Other data-protecting options suggested by The Washington Post:

• Use Firefox, Brave or DuckDuckGo, "which can automatically tell websites not to sell or share your data. Those demands from the web browsers are legally binding or will be soon in at least nine states."

• Use Privacy Badger, an EFF browser extension which the EFF says "automatically tells websites not to sell or share your data including where it's required by state law."

Microsoft's announcement of a breakthrough in quantum computing faces skepticism from physicists, who say evidence supporting the company's claims remains insufficient.

The tech giant reported creating Majorana particles - a development it says could revolutionize quantum computing - but the accompanying peer-reviewed paper in Nature does not conclusively demonstrate this achievement, according to multiple quantum physics experts who reviewed the research.

Microsoft's corporate vice president for quantum hardware, Chetan Nayak, acknowledged the Nature paper wasn't meant to prove the particles' existence, though he claimed measurements suggested "95% likelihood" of topological activity. The company plans to publish additional findings.

The announcement has drawn particular scrutiny given the field's history of retracted claims. Two previous Nature papers on similar discoveries were withdrawn in 2017 and 2018, while a 2020 paper in Science involving Microsoft researchers remains under review. "This is where you cross over from the realm of science to advertising," said Jay Sau, a theoretical physicist at the University of Maryland who sometimes consults for Microsoft but wasn't involved in the current research.

Apple is exploring ways to monetize its Maps app by introducing paid business listings and prioritized search results, Bloomberg News reports, citing an internal company meeting with the Maps team. The initiative would allow businesses to pay for higher placement in search results and more prominent display on maps, similar to Google Maps' advertising model. While no timeline has been set and no active development is underway, the move would mark Apple's first attempt to generate direct revenue from its mapping service. The potential Maps monetization comes as Apple expands its advertising business across other services. The company has previously increased its focus on search ads in the App Store and recently added advertising to its News and Stocks apps, as well as its sports content.

Remember Jeep's new in-dash pop-up ads which reportedly appeared every time you stopped?

"Since I'm a journalist, or at least close enough, I decided that I should at least get Stellantis/Jeep's side of things," writes car-culture site The Autopian: Would Stellantis do something so woefully misguided and annoying? I reached out to our Stellantis/Jeep contact to ask and was initially told that they were "investigating" on their end, which to me felt like a stalling tactic while the proper ass-covering plans were conceived. I eventually got this response from a Stellantis spokesperson:

"This was an in-vehicle message designed to inform Jeep customers about Mopar extended vehicle care options. A temporary software glitch affected the ability to instantly opt out in a few isolated cases, though instant opt-out is the standard for all our in-vehicle messages. Our team had already identified and corrected the error, and we are following up directly with the customer to ensure the matter is fully resolved..."

I suppose a glitch is possible, though I've not seen any examples of this ad popping up with the instant opt-out option available, but I guess it must exist, since not all Jeep owners seem to have had to deal with these ads. I suspect if this was happening to more people than these "few isolated cases" we'd still be cleaning up from the aftermath of the riots and uprisings.
Because, as they write, "Really, I can't think of a quicker way to incur the wrath of nearly every human..."

Reddit's recent earnings report revealed that AI licensing deals with Google and OpenAI account for about 10% of its $1.3 billion revenue, totaling approximately $130 million. With Google paying $60 million, OpenAI is estimated to be paying Reddit around $70 million annually for content licensing. Adweek reports: "It's a small part of our revenue -- I'll call it 10%. For a business of our size, that's material, because it's valuable revenue," [said the company's COO Jen Wong]. The social platform -- which on Wednesday reported a 71% year-over-year lift in fourth-quarter revenue -- has been "very thoughtful" about the AI developers it chooses to work with, Wong said. To date, the company has inked two content licensing deals: one with Google for a reported $60 million, and one with ChatGPT parent OpenAI.

Reddit has elected to work only with partners who can agree to "specific terms ... that are really important to us." These terms include user privacy protections and conditions regarding "how [Reddit is] represented," Wong said. While licensing agreements with AI firms offer a valuable business opportunity for Reddit, advertising remains the company's core revenue driver. Much of Reddit's $427.7 million Q4 revenues were generated by the ongoing expansion of its advertising business. And its ad revenue as a whole grew 60% YoY, underscoring the platform's growing appeal to brands. [...]

Helping to accelerate ad revenue growth is Reddit's rising traffic. While Reddit's Q4 user growth came in under Wall Street projections, causing shares to dip, its weekly active uniques grew 42% YoY to over 379 million visitors. Average revenue per unique visitor was $4.21 during the quarter, up 23% from the prior year. While Google is "nicely reinforcing" Reddit's growth in traffic, Wong said, she added that the site's logged-in users, which have grown 27% year-over-year, are "the bedrock of our business."

The German antitrust authority has charged Apple with abusing its market power through its app tracking tool and giving itself preferential treatment in a move that could result in daily fines for the iPhone maker if it fails to change its business practices. From a report: The move follows a three-year investigation by the Federal Cartel Office into Apple's App Tracking Transparency feature, which allows users to block advertisers from tracking them across different applications.

The U.S. tech giant has said the feature allows users to control their privacy but has drawn criticism from Meta Platforms, app developers and startups whose business models rely on advertising tracking. "The ATTF (app tracking tool) makes it far more difficult for competing app publishers to access the user data relevant for advertising," Andreas Mundt, cartel office president, said in a statement.

Connecticut's highest-ranking state legislator has proposed a bill requiring movie theaters to disclose both preview and feature film start times, setting up a clash with theater operators who say the measure threatens their advertising revenue.

Senate President Pro Tempore Martin Looney's proposal aims to prevent moviegoers from sitting through up to 30 minutes of advertisements and trailers before features begin. The Democrat cited complaints from constituents about lengthy pre-show delays. Theater owners are pushing back, local outlet RegisterCitizen reports, with Avon Theatre's executive director Peter Gistelinck warning the measure could undermine their financial stability.

"In-dash advertising is here and Stellantis, the parent company of Jeep, Dodge, Chrysler, and Ram, beat everyone to further enshittification," writes longtime Slashdot reader sinij. "Ads can be seen in this video." From a report: In a move that has left drivers both frustrated and bewildered, Stellantis has introduced full-screen pop-up ads on its infotainment systems. Specifically, Jeep owners have reported being bombarded with advertisements for Mopar's extended warranty service. The kicker? These ads appear every time the vehicle comes to a stop. Imagine pulling up to a red light, checking your GPS for directions, and suddenly, the entire screen is hijacked by an ad. That's the reality for some Stellantis owners. Instead of seamless functionality, drivers are now forced to manually close out of ads just to access basic vehicle functions.

One Jeep 4xe owner recently shared their frustration on an online forum, detailing how these pop-ups disrupt the driving experience. Stellantis, responding through their "JeepCares" representative, confirmed that these ads are part of the contractual agreement with SiriusXM and suggested that users simply tap the "X" to dismiss them. While the company claims to be working on reducing the frequency of these interruptions, the damage to customer trust may already be done.
UPDATE: Jeep Claims 'Software Glitch' Disabled Opting-Out of In-Vehicle Pop-Up Ads in 'a Few' Cases

Google's Super Bowl ad about a Gouda cheese seller appears to be using fake AI output, writes the Verge: The text portrayed as generated by AI has been available on the business's website since at least August 2020, as shown on this archived webpage. Google didn't launch Gemini until 2023, meaning Gemini couldn't have generated the website description as depicted in the ad.
The site Futurism calls the situation "beyond bizarre," asking why Google doesn't seem to trust its own technology. Either Google faked the ad entirely, or prompted its AI to generate the web page's existing copy word-for-word, or the AI was prompted to come up with original copy and instead copied the old version. In the publishing industry, that's referred to as "plagiarism."
And ironically if Gemini did plagiarize that text, the text that it plagiarized is also inaccurate.

In 2022, writer and activist Cory Doctorow coined the term "enshittification" to describe the gradual deterioration of a service or product. The term's prevalence has increased to the point that it was the National Dictionary of Australia's word of the year last year. The editors at Ars Technica, having "covered a lot of things that have been enshittified," decided to highlight some of the worst examples the've come across. Here's a summary of each thing mentioned in their report: Smart TVs: Evolved into data-collecting billboards, prioritizing advertising and user tracking over user experience and privacy. Features like convenient input buttons are sacrificed for pushing ads and webOS apps. "This is all likely to get worse as TV companies target software, tracking, and ad sales as ways to monetize customers after their TV purchases -- even at the cost of customer convenience and privacy," writes Scharon Harding. "When budget brands like Roku are selling TV sets at a loss, you know something's up."

Google's Voice Assistant (e.g., Nest Hubs): Functionality has degraded over time, with previously working features becoming unreliable. Users report frequent misunderstandings and unresponsiveness. "I'm fine just saying it now: Google Assistant is worse now than it was soon after it started," writes Kevin Purdy. "Even if Google is turning its entire supertanker toward AI now, it's not clear why 'Start my morning routine,' 'Turn on the garage lights,' and 'Set an alarm for 8 pm' had to suffer."

Portable Document Format (PDF): While initially useful for cross-platform document sharing and preserving formatting, PDFs have become bloated and problematic. Copying text, especially from academic journals, is often garbled or impossible. "Apple, which had given the PDF a reprieve, has now killed its main selling point," writes John Timmer. "Because Apple has added OCR to the MacOS image display system, I can get more reliable results by screenshotting the PDF and then copying the text out of that. This is the true mark of its enshittification: I now wish the journals would just give me a giant PNG."

Televised Sports (specifically cycling and Formula 1): Streaming services have consolidated, leading to significantly increased costs for viewers. Previously affordable and comprehensive options have been replaced by expensive bundles across multiple platforms. "Formula 1 racing has largely gone behind paywalls, and viewership is down significantly over the last 15 years," writes Eric Berger. "Major US sports such as professional and college football had largely been exempt, but even that is now changing, with NFL games being shown on Peacock, Amazon Prime, and Netflix. None of this helps viewers. It enshittifies the experience for us in the name of corporate greed."

Google Search: AI overviews often bury relevant search results under lengthy, sometimes inaccurate AI-generated content. This makes finding specific information, especially primary source documents, more difficult. "Google, like many big tech companies, expects AI to revolutionize search and is seemingly intent on ignoring any criticism of that idea," writes Ashley Belanger.

Email AI Tools (e.g., Gemini in Gmail): Intrusive and difficult to disable, these tools offer questionable value due to their potential for factual inaccuracies. Users report being unable to fully opt-out. "Gmail won't take no for an answer," writes Dan Goodin. "It keeps asking me if I want to use Google's Gemini AI tool to summarize emails or draft responses. As the disclaimer at the bottom of the Gemini tool indicates, I can't count on the output being factual, so no, I definitely don't want it."

Windows: While many complaints about Windows 11 originated with Windows 10, the newer version continues the trend of unwanted features, forced updates, and telemetry data collection. Bugs and performance issues also plague the operating system. "... it sure is easy to resent Windows 11 these days, between the well-documented annoyances, the constant drumbeat of AI stuff (some of it gated to pricey new PCs), and a batch of weird bugs that mostly seem to be related to the under-the-hood overhauls in October's Windows 11 24H2 update," writes Andrew Cunningham. "That list includes broken updates for some users, inoperable scanners, and a few unplayable games. With every release, the list of things you need to do to get rid of and turn off the most annoying stuff gets a little longer."

Web Discourse: The rapid spread of memes, trends, and corporate jargon on social media has led to a homogenization of online communication, making it difficult to distinguish original content and creating a sense of constant noise. "[T]he enshittifcation of social media, particularly due to its speed and virality, has led to millions vying for their moment in the sun, and all I see is a constant glare that makes everything look indistinguishable," writes Jacob May. "No wonder some companies think AI is the future."

China said Tuesday it has launched an antitrust investigation into Google, part of a swift retaliation after the U.S. President Donald Trump imposed a 10% tariff on Chinese goods. From a report: The probe by China's State Administration for Market Regulation will examine alleged monopolistic practices by the U.S. tech giant, which has had its search and internet services blocked in China since 2010 but maintains operations there primarily focused on advertising.

The UK is considering making households who only use streaming services such as Netflix and Disney pay the BBC license fee, as part of plans to modernize the way it funds the public-service broadcaster. Bloomberg: Extending the fee to streaming applications is on a menu of options being discussed by Prime Minister Keir Starmer's office, the Treasury and the Department for Culture, Media and Sport, according to people familiar with the matter who asked not to be named discussing internal government deliberations. Alternatives under discussion include allowing the British Broadcasting Corp. to use advertising, imposing a specific tax on streaming services, and asking those who listen to BBC radio to pay a fee.

The government is the early stages of examining how to overhaul the funding of Britain's public broadcaster when its current 11-year charter ends on Dec. 31, 2027. Ministers are looking to either retain and alter the current television license fee model or scrap it and instead fund the BBC through alternative models such as taxation or subscription. That's because viewing habits have changed as users gravitate toward on-demand services. [...] The license fee dates back to 1946, when consumers watched programs at the time of broadcast. It currently costs households who watch live TV or use BBC iPlayer $210.6 a year, an amount that usually rises annually with inflation. Even if they don't watch BBC programs, households are required to hold a TV license to view or stream programs live on sites including YouTube and Amazon Prime Video. However it's not needed by those who only watch on-demand, non-BBC content.

This weekend Cory Doctorow delved into "the two factors that make services terrible: captive users, and no constraints." If your users can't leave, and if you face no consequences for making them miserable (not solely their departure to a competitor, but also fines, criminal charges, worker revolts, and guerrilla warfare with interoperators), then you have the means, motive and opportunity to turn your service into a giant pile of shit... Every economy is forever a-crawl with parasites and monsters like these, but they don't get to burrow into the system and colonize it until policymakers create rips they can pass through.
Doctorow argues that "more and more critics are coming to understand that lock-in is the root of the problem, and that anti-lock-in measures like interoperability can address it." Even more important than market discipline is government discipline, in the form of regulation. If Zuckerberg feared fines for privacy violations, or moderation failures, or illegal anticompetitive mergers, or fraudulent advertising systems that rip off publishers and advertisers, or other forms of fraud (like the "pivot to video"), he would treat his users better. But Facebook's rise to power took place during the second half of the neoliberal era, when the last shreds of regulatory muscle that survived the Reagan revolution were being devoured... But it's worse than that, because Zuckerberg and other tech monopolists figured out how to harness "IP" law to get the government to shut down third-party technology that might help users resist enshittification... [Doctorow says this is "why companies are so desperate to get you to use their apps rather than the open web"] IP law is why you can't make an alternative client that blocks algorithmic recommendations. IP law is why you can't leave Facebook for a new service and run a scraper that imports your waiting Facebook messages into a different inbox. IP law is why you can't scrape Facebook to catalog the paid political disinformation the company allows on the platform...
But then Doctorow argues that "Legacy social media is at a turning point," citing as "a credible threat" new systems built on open standards like Mastodon (built on Activitypub) and Bluesky (built on Atproto): I believe strongly in improving the Fediverse, and I believe in adding the long-overdue federation to Bluesky. That's because my goal isn't the success of the Fediverse — it's the defeat of enshtitification. My answer to "why spend money fixing Bluesky?" is "why leave 20 million people at risk of enshittification when we could not only make them safe, but also create the toolchain to allow many, many organizations to operate a whole federation of Bluesky servers?" If you care about a better internet — and not just the Fediverse — then you should share this goal, too... Mastodon has one feature that Bluesky sorely lacks — the federation that imposes antienshittificatory discipline on companies and offers an enshittification fire-exit for users if the discipline fails. It's long past time that someone copied that feature over to Bluesky.
Doctorow argues that federated and "federatable" social media "disciplines enshittifiers" by freeing social media's captive audiences.

"Any user can go to any server at any time and stay in touch with everyone else."

Meta is deleting links to Pixelfed, a decentralized, open-source Instagram competitor, labeling them as "spam" on Facebook and removing them immediately. 404 Media reports: Pixelfed is an open-source, community funded and decentralized image sharing platform that runs on Activity Pub, which is the same technology that supports Mastodon and other federated services. Pixelfed.social is the largest Pixelfed server, which was launched in 2018 but has gained renewed attention over the last week. Bluesky user AJ Sadauskas originally posted that links to Pixelfed were being deleted by Meta; 404 Media then also tried to post a link to Pixelfed on Facebook. It was immediately deleted. Pixelfed has seen a surge in user signups in recent days, after Meta announced it is ending fact-checking and removing restrictions on speech across its platforms.

Daniel Supernault, the creator of Pixelfed, published a "declaration of fundamental rights and principles for ethical digital platforms, ensuring privacy, dignity, and fairness in online spaces." The open source charter contains sections titled "right to privacy," "freedom from surveillance," "safeguards against hate speech," "strong protections for vulnerable communities," and "data portability and user agency."

"Pixelfed is a lot of things, but one thing it is not, is an opportunity for VC or others to ruin the vibe. I've turned down VC funding and will not inject advertising of any form into the project," Supernault wrote on Mastodon. "Pixelfed is for the people, period."

Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."

The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."

But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."

Thanks to long-time Slashdot reader sinij for sharing the news.

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy. 404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.