An anonymous reader quotes a report from Reuters: Several dozen people protested on Sunday in the Siberian city of Tomsk against Russia's ban on U.S. children's gaming platform Roblox, a rare show of public dissent as popular irritation over the ban gains some momentum. In wartime Russia, censorship is extensive: Moscow blocks or restricts social media platforms such as Snapchat, Facebook, Instagram, WhatsApp and YouTube while distributing its own narrative through a network of social media and Russian media. Russia's communications watchdog Roskomnadzor said on December 3 it had blocked Roblox because it was "rife with inappropriate content that can negatively impact the spiritual and moral development of children."

In Tomsk, 2,900 km (1,800 miles) east of Moscow, several dozen people braved the snow to hold up hand-drawn placards reading "Hands off Roblox" and "Roblox is the victim of the digital Iron Curtain" in Vladimir Vysotsky Park, according to photographs provided by an organizer of the protest. "Bans and blocks are all you are able to do," read one placard. The photographs showed about 25 people standing in a circle in the snow, holding up placards. In Russia, the ban on Roblox has triggered a debate over censorship, child safety in relation to technology and even the effectiveness of censorship in a digitalized world where children can bypass many bans in a few clicks.

"As Australia began enforcing a world-first social media ban for children under 16 years old this week, Denmark is planning to follow its lead," reports the Associated Press, "and severely restrict social media access for young people." The Danish government announced last month that it had secured an agreement by three governing coalition and two opposition parties in parliament to ban access to social media for anyone under the age of 15. Such a measure would be the most sweeping step yet by a European Union nation to limit use of social media among teens and children.

The Danish government's plans could become law as soon as mid-2026. The proposed measure would give some parents the right to let their children access social media from age 13, local media reported, but the ministry has not yet fully shared the plans... [A] new "digital evidence" app, announced by the Digital Affairs Ministry last month and expected to launch next spring, will likely form the backbone of the Danish plans. The app will display an age certificate to ensure users comply with social media age limits, the ministry said.
The article also notes Malaysia "is expected to ban social media accounts for people under the age of 16 starting at the beginning of next year, and Norway is also taking steps to restrict social media access for children and teens.

"China — which manufacturers many of the world's digital devices — has set limits on online gaming time and smartphone time for kids."

An anonymous reader shared this report from the BBC: A billionaire investor keen on buying TikTok's US operations has told the BBC he has been left in limbo as the latest deadline for the app's sale looms.

The US has repeatedly delayed the date by which the platform's Chinese owner, Bytedance, must sell or be blocked for American users. US President Donald Trump appears poised to extend the deadline for a fifth time on Tuesday. "We're just standing by and waiting to see what happens," investor Frank McCourt told BBC News...

The president...said "sophisticated" US investors would acquire the app, including two of his allies: Oracle chairman Larry Ellison and Dell Technologies' Michael Dell. Members of the Trump administration had indicated the deal would be formalised in a meeting between Trump and Xi in October — however it concluded without an agreement being reached. Neither TikTok's Chinese owner ByteDance nor Beijing have since announced approval of a sale, despite Trump's claims. This time there are no such claims a deal is imminent, leading most analysts to conclude another extension is inevitable.
Other investors besides McCourt include Reddit co-founder Alexis Ohanian and Shark Tank entrepreneur Kevin O'Leary.

U.S. Senator Sheldon Whitehouse said Friday he was moving to file a bipartisan bill to repeal Section 230 of America's Communications Decency Act.

"The law prevents most civil suits against users or services that are based on what others say," explains an EFF blog post. "Experts argue that a repeal of Section 230 could kill free speech on the internet," writes LiveMint — though America's last two presidents both supported a repeal: During his first presidency, U.S. President Donald Trump called to repeal the law and signed an executive order attempting to curb some of its protections, though it was challenged in court. Subsequently, former President Joe Biden also voiced his opinion against the law.
An EFF blog post explains the case for Section 230: Congress passed this bipartisan legislation because it recognized that promoting more user speech online outweighed potential harms. When harmful speech takes place, it's the speaker that should be held responsible, not the service that hosts the speech... Without Section 230, the Internet is different. In Canada and Australia, courts have allowed operators of online discussion groups to be punished for things their users have said. That has reduced the amount of user speech online, particularly on controversial subjects. In non-democratic countries, governments can directly censor the internet, controlling the speech of platforms and users. If the law makes us liable for the speech of others, the biggest platforms would likely become locked-down and heavily censored. The next great websites and apps won't even get started, because they'll face overwhelming legal risk to host users' speech.
But "I strongly believe that Section 230 has long outlived its use," Senator Whitehouse said this week, saying Section 230 "a real vessel for evil that needs to come to an end." "The laws that Section 230 protect these big platforms from are very often laws that go back to the common law of England, that we inherited when this country was initially founded. I mean, these are long-lasting, well-tested, important legal constraints that have — they've met the test of time, not by the year or by the decade, but by the century.

"And yet because of this crazy Section 230, these ancient and highly respected doctrines just don't reach these people. And it really makes no sense, that if you're an internet platform you get treated one way; you do the exact same thing and you're a publisher, you get treated a completely different way.

"And so I think that the time has come.... It really makes no sense... [Testimony before the committee] shows how alone and stranded people are when they don't have the chance to even get justice. It's bad enough to have to live through the tragedy... But to be told by a law of Congress, you can't get justice because of the platform — not because the law is wrong, not because the rule is wrong, not because this is anything new — simply because the wrong type of entity created this harm."

A January order blocking wind energy projects in America has now been vacated by a U.S. judge and declared unlawful, reports the Associated Press: [Judge Saris of the U.S. district court for the district of Massachusetts] ruled in favor of a coalition of state attorneys general from 17 states and Washington DC, led by Letitia James, New York's attorney general, that challenged President Trump's day one order that paused leasing and permitting for wind energy projects... The coalition that opposed Trump's order argued that Trump does not have the authority to halt project permitting, and that doing so jeopardizes the states' economies, energy mix, public health and climate goals.

The coalition includes Arizona, California, Colorado, Connecticut, Delaware, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, New Jersey, New Mexico, New York, Oregon, Rhode Island, Washington state and Washington DC. They say they have invested hundreds of millions of dollars collectively to develop wind energy and even more on upgrading transmission lines to bring wind energy to the electrical grid...

Wind is the United States' largest source of renewable energy, providing about 10% of the electricity generated in the nation, according to the American Clean Power Association.
But the BBC quotes Timothy Fox, managing director at the Washington, DC-based research firm ClearView Energy Partners, as saying he doesn't expect the ruling to reinvigorate the industry: "It's more symbolic than substantive," he said. "All the court is saying is ... you need to go back to work and consider these applications. What does that really mean?" he said. Officials could still deny permits or bog applications down in lengthy reviews, he noted.

Choosing your browser "is one of the most important digital decisions you can make, shaping how you experience the web, protect your data, and express yourself online," says the Firefox blog. They've urged readers to "take a stand for independence and control in your digital life."

But they also recently polled 8,000 adults in France, Germany, the UK and the U.S. on "how they navigate choice and control both online and offline" (attending in-person events in Chicago, Berlin, LA, and Munich, San Diego, Stuttgart): The survey, conducted by research agency YouGov, showcases a tension between people's desire to have control over their data and digital privacy, and the reality of the internet today — a reality defined by Big Tech platforms that make it difficult for people to exercise meaningful choice online:


— Only 16% feel in control of their privacy choices (highest in Germany at 21%)

— 24% feel it's "too late" because Big Tech already has too much control or knows too much about them. And 36% said the feeling of Big Tech companies knowing too much about them is frustrating — highest among respondents in the U.S. (43%) and the UK (40%)

— Practices respondents said frustrated them were Big Tech using their data to train AI without their permission (38%) and tracking their data without asking (47%; highest in U.S. — 55% and lowest in France — 39%)


And from our existing research on browser choice, we know more about how defaults that are hard to change and confusing settings can bury alternatives, limiting people's ability to choose for themselves — the real problem that fuels these dynamics.

Taken together our new and existing insights could also explain why, when asked which actions feel like the strongest expressions of their independence online, choosing not to share their data (44%) was among the top three responses in each country (46% in the UK; 45% in the U.S.; 44% in France; 39% in Germany)... We also see a powerful signal in how people think about choosing the communities and platforms they join — for 29% of respondents, this was one of their top three expressions of independence online.
"For Firefox, community has always been at the heart of what we do," says their VP of Global Marketing, "and we'll keep fighting to put real choice and control back in people's hands so the web once again feels like it belongs to the communities that shape it."

At TwitchCon in San Diego Firefox even launched a satirical new online card game with a privacy theme called Data War.

A former Chinese official who fled to the U.S. says Beijing has used advanced surveillance technology from U.S. companies to track, intimidate, and punish him and his family across borders. ABC News reports: Retired Chinese official Li Chuanliang was recuperating from cancer on a Korean resort island when he got an urgent call: Don't return to China, a friend warned. You're now a fugitive. Days later, a stranger snapped a photo of Li in a cafe. Terrified South Korea would send him back, Li fled, flew to the U.S. on a tourist visa and applied for asylum. But even there -- in New York, in California, deep in the Texas desert -- the Chinese government continued to hunt him down with the help of surveillance technology.

Li's communications were monitored, his assets seized and his movements followed in police databases. More than 40 friends and relatives -- including his pregnant daughter -- were identified and detained, even by tracking down their cab drivers through facial recognition software. Three former associates died in detention, and for months shadowy men Li believed to be Chinese operatives stalked him across continents, interviews and documents seen by The Associated Press show.

The Chinese government is using an increasingly powerful tool to cement its power at home and vastly amplify it abroad: Surveillance technology, much of it originating in the U.S., an AP investigation has found. Within China, this technology helped identify and punish almost 900,000 officials last year alone, nearly five times more than in 2012, according to state numbers. Beijing says it is cracking down on corruption, but critics charge that such technology is used in China and elsewhere to stifle dissent and exact retribution on perceived enemies.

Outside China, the same technology is being used to threaten wayward officials, along with dissidents and alleged criminals, under what authorities call Operations "Fox Hunt" and "Sky Net." The U.S. has criticized these overseas operations as a "threat" and an "affront to national sovereignty." More than 14,000 people, including some 3,000 officials, have been brought back to China from more than 120 countries through coercion, arrests and pressure on relatives, according to state information.

An anonymous reader quotes a report from Ars Technica: Dozens of Ukrainian civilians filed a series of lawsuits in Texas this week, accusing some of the biggest US chip firms of negligently failing to track chips that evaded export curbs. Those chips were ultimately used to power Russian and Iranian weapon systems, causing wrongful deaths last year. Their complaints alleged that for years, Texas Instruments (TI), AMD, and Intel have ignored public reporting, government warnings, and shareholder pressure to do more to track final destinations of chips and shut down shady distribution channels diverting chips to sanctioned actors in Russia and Iran.

Putting profits over human lives, tech firms continued using "high-risk" channels, Ukrainian civilians' legal team alleged in a press statement, without ever strengthening controls. All that intermediaries who placed bulk online orders had to do to satisfy chip firms was check a box confirming that the shipment wouldn't be sent to sanctioned countries, lead attorney Mikal Watts told reporters at a press conference on Wednesday, according to the Kyiv Independent. "There are export lists," Watts said. "We know exactly what requires a license and what doesn't. And companies know who they're selling to. But instead, they rely on a checkbox that says, 'I'm not shipping to Putin.' That's it. No enforcement. No accountability." [...]

Damages sought include funeral expenses and medical costs, as well as "exemplary damages" that are "intended to punish especially wrongful conduct and to deter similar conduct in the future." For plaintiffs, the latter is the point of the litigation, which they hope will cut off key supply chains to keep US tech out of weapon systems deployed against innocent civilians. "They want to send a clear message that American companies must take responsibility when their technologies are weaponized and used to commit harm across the globe," the press statement said. "Corporations must be held accountable when its unlawful decisions made in the name of profit directly cause the death of innocents and widespread human suffering." For chip firms, the litigation could get costly if more civilians join, with the threat of a loss potentially forcing changes that could squash supply chains currently working to evade sanctions. "We want to make this process so expensive and painful that companies are forced to act," Watts said. "That is our contribution to stopping the war against civilians."

An anonymous reader quotes a report from Reuters: The U.S. government will require artificial intelligence vendors to measure political "bias" to sell their chatbots to federal agencies, according to a Trump administration statement (PDF) released on Thursday. The requirement will apply to all large language models bought by federal agencies, with the exception of national security systems, according to the statement.

President Donald Trump ordered federal agencies in July to avoid buying large language models that he labeled as "woke." Thursday's statement gives more detail to that directive, saying that developers should not "intentionally encode partisan or ideological judgments" into a chatbot's outputs. Further reading: Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States

The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram.

But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.

Online retailer Coupang, often called South Korea's Amazon, is dealing with the fallout from a breach that exposed the personal information of more than 33 million accounts -- roughly two-thirds of the country's population -- after a former contractor allegedly used credentials that remained active months after his departure to access customer data through the company's overseas servers.

The breach began in June but went undetected until November 18, according to Coupang and investigators. Police have called it South Korea's worst-ever data breach. The compromised information includes names, phone numbers, email addresses and shipping addresses, though the company says login credentials, credit card numbers, and payment details were not affected.

Coupang's former CEO Park Dae-jun told a parliamentary hearing that the alleged perpetrator was a Chinese national who had worked on authentication tasks before his contract ended last December. Chief information security officer Brett Matthes testified that the individual had a "privileged role" giving him access to a private encryption key that allowed him to forge tokens to impersonate customers. Legislators say the key remained active after the employee left. The CEO of Coupang's South Korean subsidiary has resigned. Founder and chair Bom Kim has yet to personally apologize but has been summoned to a second parliamentary hearing.

Berlin's regional parliament has passed a far-reaching overhaul of its "security" law, giving police new authority to conduct both digital and physical surveillance. From a report: The CDU-SPD coalition, supported by AfD votes, approved the reform of the General Security and Public Order Act (ASOG), changing the limits that once protected Berliners from intrusive policing. Interior Senator Iris Spranger (SPD) argued that the legislation modernizes police work for an era of encrypted communication, terrorism, and cybercrime. But it undermines core civil liberties and reshapes the relationship between citizens and the state.

One of the most controversial elements is the expansion of police powers under paragraphs 26a and 26b. These allow investigators to hack into computers and smartphones under the banner of "source telecommunications surveillance" and "online searches." Police may now install state-developed spyware, known as trojans, on personal devices to intercept messages before or after encryption.

If the software cannot be deployed remotely, the law authorizes officers to secretly enter a person's home to gain access. This enables police to install surveillance programs directly on hardware without the occupant's knowledge. Berlin had previously resisted such practices, but now joins other federal states that permit physical entry to install digital monitoring tools.

Carl Rinsch, the director behind the 2013 Keanu Reeves film "47 Ronin," has been found guilty of defrauding Netflix out of $11 million that was meant to fund a science fiction series called "Conquest," which the streaming company ultimately cancelled in 2021 after Rinsch failed to meet any production milestones. A jury in the Southern District of New York convicted the 48-year-old on seven charges: one count each of wire fraud and money laundering, and five counts of transacting in illicitly obtained property.

Prosecutors alleged that Rinsch funneled the $11 million through multiple bank accounts into a personal brokerage account, lost more than half of it on securities within two months, and then began speculating on cryptocurrency. Court records show he also spent $2.4 million on a Ferrari and five Rolls Royces, $3.3 million on furniture and antiques, and $387,000 on a Swiss watch. Netflix has written off $55 million in total and has not recovered any funds. Rinsch faces up to 90 years in prison and is scheduled for sentencing on April 17, 2026.

An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences."

Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with."

Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts."

The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said.

Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together."

An anonymous reader quotes a report from Reuters: Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced in New York federal court on Thursday to 15 years in prison for fraud and conspiracy. Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility.

Kwon was one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies. [...] Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as "Terra Protocol" had restored the coin's value. Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents. "I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong."

He also faces charges in South Korea, and under his plea deal, prosecutors won't oppose his transfer abroad after he serves half of his U.S. sentence.

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

President Trump signed an executive order establishing a single federal AI regulatory framework that preempts state-level rules, aiming to centralize oversight of the rapidly growing AI industry. "The Trump administration, with the aid of AI and crypto czar David Sacks, has been pursuing a path that would allow federal rules to preempt state regulations on AI, a move meant to keep big Democratic-led states like California and New York from exerting their control over the growing industry," notes CNBC.

Developing...

A UC Berkeley professor, suspecting years of targeted computer damage against one Ph.D. student, secretly installed a hidden camera that allegedly caught another doctoral candidate sabotaging the student's laptop. The student now faces felony vandalism charges and is due for his first court appearance on Dec. 15. The Mercury News reports: A UC Berkeley professor smelled a rat -- over the years there had been $46,855 in damage from computers that failed, and nearly all of it seemed to affect one particular Ph.D. candidate at the college's Electrical Engineering and Computer Sciences department.

The professor wondered if the student's luck was really that bad, or if something else was afoot. So he installed a hidden camera -- disguised in a department laptop, and pointed it at the student's computer. According to police, the sly move captured another Ph.D. candidate, 26-year-old Jiarui Zou, damaging his fellow student's computer with some implement that caused sparks to fly out of the laptop.

Now, Zou has been charged with three felony counts of vandalism, related to the destruction of three computers on Nov. 9-10. The charges allege the damage amounted to more than $400 each time, though the professor who reported the vandalism, and the affected student, told police they suspect Zou of the additional incidents that had been going on for years, court records show.

An anonymous reader quotes a report from Reuters: U.S. Secretary of State Marco Rubio on Tuesday ordered diplomats to return to using Times New Roman font in official communications, calling his predecessor Antony Blinken's decision to adopt Calibri a "wasteful" diversity move, according to an internal department cable seen by Reuters. The department under Blinken in early January 2023 had switched to Calibri, a modern sans-serif font, saying this was a more accessible font for people with disabilities because it did not have the decorative angular features and was the default in Microsoft products.

A cable dated December 9 sent to all U.S. diplomatic posts said that typography shapes the professionalism of an official document and Calibri is informal compared to serif typefaces. "To restore decorum and professionalism to the Department's written work products and abolish yet another wasteful DEIA program, the Department is returning to Times New Roman as its standard typeface," the cable said. "This formatting standard aligns with the President's One Voice for America's Foreign Relations directive, underscoring the Department's responsibility to present a unified, professional voice in all communications," it added.