In mid-2021 Ameria's National Security Advisor set up a new directorate focused on "advanced chips, quantum computing, and other cutting-edge tech," reports Wired. And the next year as Congress was working on boosting America's semiconductor sector, he was "closing in on a plan to cripple China's... In October 2022, the Commerce Department forged ahead with its new export controls."

So what happened next? In a phone call with President Biden this past spring, Xi Jinping warned that if the US continued trying to stall China's technological development, he would not "sit back and watch." And he hasn't. Already, China has answered the US export controls — and its corresponding deals with other countries — by imposing its own restrictions on critical minerals used to make semiconductors and by hoovering up older chips and manufacturing equipment it is still allowed to buy. For the past several quarters, in fact, China was the top customer for ASML and a number of Japanese chip companies. A robust black market for banned chips has also emerged in China. According to a recent New York Times investigation, some of the Chinese companies that have been barred from accessing American chips through US export controls have set up new corporations to evade those bans. (These companies have claimed no connection to the ones who've been banned.) This has reportedly enabled Chinese entities with ties to the military to obtain small amounts of Nvidia's high-powered chips.

Nvidia, meanwhile, has responded to the US actions by developing new China-specific chips that don't run afoul of the US controls but don't exactly thrill the Biden administration either. For the White House and Commerce Department, keeping pace with all of these workarounds has been a constant game of cat and mouse. In 2023, the US introduced the first round of updates to its export controls. This September, it released another — an announcement that was quickly followed by a similar expansion of controls by the Dutch. Some observers have speculated that the Biden administration's actions have only made China more determined to invest in its advanced tech sector.

And there's clearly some truth to that. But it's also true that China has been trying to become self-sufficient since long before Biden entered office. Since 2014, it has plowed nearly $100 billion into its domestic chip sector. "That was the world we walked into," [NSA Advisor Jake] Sullivan said. "Not the world we created through our export controls." The United States' actions, he argues, have only made accomplishing that mission that much tougher and costlier for Beijing. Intel CEO Pat Gelsinger estimated earlier this year that there's a "10-year gap" between the most powerful chips being made by Chinese chipmakers like SMIC and the ones Intel and Nvidia are working on, thanks in part to the export controls.

If the measure of Sullivan's success is how effectively the United States has constrained China's advancement, it's hard to argue with the evidence. "It's probably one of the biggest achievements of the entire Biden administration," said Martijn Rasser, managing director of Datenna, a leading intelligence firm focused on China. Rasser said the impact of the US export controls alone "will endure for decades." But if you're judging Sullivan's success by his more idealistic promises regarding the future of technology — the idea that the US can usher in an era of progress dominated by democratic values — well, that's a far tougher test. In many ways, the world, and the way advanced technologies are poised to shape it, feels more unsettled than ever.

Four years was always going to be too short for Sullivan to deliver on that promise. The question is whether whoever's sitting in Sullivan's seat next will pick up where he left off.

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.
And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."

The Fifth Circuit Court of Appeals has affirmed a copyright infringement verdict against Internet provider Grande, which failed to take action against allegedly pirating subscribers. The jury's $47 million damages award in favor of the major music label plaintiffs is vacated. According to the Court (PDF), individual tracks that are part of an album, should not be counted as separate works. TorrentFreak reports: After hearing both sides, the Fifth Circuit Court of Appeals affirmed the jury verdict yesterday. Grande's arguments, suggesting that the district court mistakenly upheld the verdict earlier, were rejected. "The district court did not err in upholding the jury's unanimous liability verdict because Plaintiffs satisfied each element legally and factually," the decision reads. "The court correctly interpreted the law and instructed the jury on the relevant legal standards in light of the factual issues disputed by the parties, and Plaintiffs introduced ample evidence from which a reasonable jury could find in Plaintiffs' favor." [...]

In addition to the material contribution challenge, Grande and its supporters also pointed out that terminating Internet access isn't a "simple measure," as the jury concluded. Instead, it is drastic and overbroad, which could also impact innocent subscribers. The Court of Appeals rejects this reasoning. Instead, it states that the jury could and did conclude that terminations are a simple measure. There is no evidence to reach a different conclusion. All in all, the Court sees no reason to reverse the jury's verdict that Grande is liable for contributory infringement. This means that the jury verdict is affirmed.

Casio confirmed it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data from employees, job candidates, business partners, and some customers. Although customer payment data was not compromised, Casio warns the impact may broaden as the investigation continues. BleepingComputer reports: The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant's systems. Today, after the data was leaked, Casio published a new statement that admits that sensitive data was stolen during the attack on its network.

As to the current results of its ongoing investigation, Casio says the following information has been confirmed as likely compromised:

- Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
- Personal details related to business partners of Casio and certain affiliates.
- Personal information of individuals who have interviewed for employment with Casio in the past.
- Personal information related to customers using services provided by Casio and its affiliated companies.
- Details related to contracts with current and past business partners.
- Financial data regarding invoices and sales transactions.
- Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.

An anonymous reader quotes a report from NPR : For the first time, internal TikTok communications have been made public that show a company unconcerned with the harms the app poses for American teenagers. This is despite its own research validating many child safety concerns. The confidential material was part of a more than two-year investigation into TikTok by 14 attorneys general that led to state officials suing the company on Tuesday. The lawsuit alleges that TikTok was designed with the express intention of addicting young people to the app. The states argue the multi-billion-dollar company deceived the public about the risks. In each of the separate lawsuits state regulators filed, dozens of internal communications, documents and research data were redacted -- blacked-out from public view -- since authorities entered into confidentiality agreements with TikTok.

But in one of the lawsuits, filed by the Kentucky Attorney General's Office, the redactions were faulty. This was revealed when Kentucky Public Radio copied-and-pasted excerpts of the redacted material, bringing to light some 30 pages of documents that had been kept secret. A group of more than a dozen states sued TikTok on Tuesday, alleging the app was intentionally designed to addict teens, something authorities say is a violation of state consumer protection laws. After Kentucky Public Radio published excerpts of the redacted material, a state judge sealed the entire complaint following a request from the attorney general's office "to ensure that any settlement documents and related information, confidential commercial and trade secret information, and other protected information was not improperly disseminated," according to an emergency motion to seal the complaint filed on Wednesday by Kentucky officials.

NPR reviewed all the portions of the suit that were redacted, which highlight TikTok executives speaking candidly about a host of dangers for children on the wildly popular video app. The material, mostly summaries of internal studies and communications, show some remedial measures -- like time-management tools -- would have a negligible reduction in screen time. The company went ahead and decided to release and tout the features. Separately, under a new law, TikTok has until January to divest from its Chinese parent company, ByteDance, or face a nationwide ban. TikTok is fighting the looming crackdown. Meanwhile, the new lawsuits from state authorities have cast scrutiny on the app and its ability to counter content that harms minors.

TechCrunch's Carly Page reports: Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses. The Boston, Massachusetts-based investment firm said in a filing with Maine's attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 "using two customer accounts that they had recently established."

"We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers' Fidelity accounts. Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers' personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.

In another data breach notice filed with New Hampshire's attorney general, Fidelity revealed that the third party "accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers." Fidelity said the data breach included customers' Social Security numbers and driver's licenses, according to a separate data breach notice filed by Fidelity with the Massachusetts' attorney general. No information about the breach was found on Fidelity's website at the time of writing.

The FBI created a cryptocurrency as part of an investigation into price manipulation in crypto markets, the government revealed on Wednesday. From a report: The FBI's Ethereum-based token, NexFundAI, was created with the help of "cooperating witnesses." As a result of the investigation, the Securities and Exchange Commission charged three "market makers" and nine people for allegedly engaging in schemes to boost the prices of certain crypto assets. The Department of Justice charged 18 people and entities for "widespread fraud and manipulation" in crypto markets.

The defendants allegedly made false claims about their tokens and executed so-called "wash trades" to create the impression of an active trading market, prosecutors claim. The three market makers -- ZMQuant, CLS Global, and MyTrade -- allegedly wash traded or conspired to wash trade on behalf of NexFundAI, an Ethereum-based token they didn't realize was created by the FBI.

"What the FBI uncovered in this case is essentially a new twist to old-school financial crime," Jodi Cohen, the special agent in charge of the FBI's Boston division, said in a statement. "What we uncovered has resulted in charges against the leadership of four cryptocurrency companies, and four crypto 'market makers' and their employees who are accused of spearheading a sophisticated trading scheme that allegedly bilked honest investors out of millions of dollars."

A new study suggests game piracy costs publishers 19% of revenue on average when digital rights management (DRM) protections are cracked. Research associate William Volckmann at UNC analyzed 86 games using Denuvo DRM on Steam between 2014-2022.

The study, published in Entertainment Computing, found cracks appearing in the first week after release led to 20% revenue loss, dropping to 5% for cracks after six weeks. Volckmann used Steam user reviews and player counts as proxies for sales data.

The European Union has delayed the introduction of a new biometric entry-check system for non-EU citizens, which was due to be introduced on Nov. 10, after Germany, France and the Netherlands said border computer systems were not yet ready. From a report: "Nov. 10 is no longer on the table," EU Home Affairs Commissioner Ylva Johansson told reporters. She said there was no new timetable, but that the possibility of a phased introduction was being looked at. The Entry/Exit System (EES) is supposed to create a digital record linking a travel document to biometric readings confirming a person's identity, removing the need to manually stamp passports at the EU's external border. It would require non-EU citizens arriving in the Schengen free-travel area to register their fingerprints, provide a facial scan and answer questions about their stay.

Porch pirates across the country for months have been snatching FedEx packages that contain AT&T iPhones -- within minutes or even seconds of delivery. From a report: The key to these swift crimes, investigators say: The thieves are armed with tracking numbers. Another factor that makes packages from AT&T particularly vulnerable is that AT&T typically doesn't require signature on delivery. Doorbell camera videos show the thefts in New York, Pennsylvania, Delaware, Virginia, Michigan, Georgia, Florida and Texas. The details are similar: A FedEx driver drops off a box with an iPhone from AT&T. Then a person walks up -- sometimes wearing an Amazon delivery vest -- and plucks the package off the front step. The heist can be so quick that in some videos, the FedEx driver and thief cross paths.

"They know what's getting delivered and the location," said Detective Lt. Matt Arsenault from the Gardner Police Department in Massachusetts, which is investigating several recent thefts. "They meet the delivery driver at the front door and take it." Since the pandemic, parcel carriers have reported a rise in porch thefts as workers have returned to offices and fewer people are home during the day to receive packages. Now, a spate of thefts that began a few months ago is targeting FedEx deliveries for AT&T. The two companies said they were working with law enforcement to investigate, and declined to disclose how many such packages have been stolen.

Alypius shares a report from 9to5Mac: It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US. What's notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement. [...] Apple famously refused the FBI's request to create a backdoor into iPhones to help access devices used by shooters in San Bernardino and Pensacola. The FBI was subsequently successful in accessing all the iPhones concerned without the assistance it sought.

Our arguments against such backdoors predate both cases, when Apple spoke out on the issue in the wake of terrorist attacks in Paris more than a decade ago: "Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out. You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they're not -- and if they're not then it's a question of when, rather than if, others are able to exploit the vulnerability."

This latest case perfectly illustrates the point. The law required ISPs to create backdoors that could be used for wiretaps by US law enforcement, and hackers have now found and accessed them. Exactly the same would be true if Apple created backdoors into iPhones.

TorrentFreak's Andy Maxwell reports: In August, New Zealand's Justice Minister authorized Kim Dotcom's immediate arrest and extradition. Dotcom's response to his followers on X was simple: "I'm not leaving." Another post mid-September -- "we are very close to disaster" -- led to Dotcom disappearing for three weeks. On his return, Dotcom said X had suspended his account, based on an extremely serious allegation. After accusing Elon Musk of failing to help, yesterday Dotcom warned that a Trump loss would see Musk indicted and "fighting for his life." Dotcom has a plan to avoid extradition; chaos like this provides the fuel.

The details of Dotcom's "plan" to stay in New Zealand are yet to be revealed. Given Dotcom's history, exhausting the judiciary with every possible avenue of appeal is pretty much guaranteed, no matter how unlikely the prospects of success. At the same time, it's likely that Dotcom will use social media to preach to the existing choir. He will also try to appeal to those who loathe him, and those who merely hate him, by focusing on a common grievance. "People keep suggesting that I should leave this corrupt US colony like a fugitive on the run. Hell no," he told 1.7 million X followers recently. "Corrupt US colony" and the interchangeable "obedient" variant are clearly derogatory, catering to theories of joint complicity and sniveling weakness. This rhetoric has been visible on Dotcom's social media accounts for some time, but the main theme is Dotcom's belligerent, out-of-the-blue support for Russia's invasion of Ukraine. [...]

Some people believe that Dotcom genuinely supports Russia and, with his quotes regularly appearing on state-run news channels, arguing otherwise is a pretty tough ask. A different assessment starts with the things Dotcom values most -- his family, his wealth, and his freedom -- and applies that to a reputation of doing whatever it takes to protect and maintain those three, non-negotiable aspects of his life. Right now, his best chance is to tilt the chess board via a change at the White House, and then carefully exploit a change in policy. Dotcom's colleagues took a plea deal from the U.S. and New Zealand that Dotcom insists he would never accept; certainly not if Biden was in power. A Donald Trump win, on the other hand, would introduce an administration Dotcom could be seen to negotiate with, on previously unthinkable terms, without losing face. Previous reluctance to admit any wrongdoing could suddenly seem trivial after the prevention of World War 3.

[Since 2022, Dotcom supported narratives more closely aligned with those of the Kremlin, in particular the claim that United States policy is the root cause of the current conflict. The amplification of anti-Ukraine rumors in the United States, strategically links alleged U.S. policy failures to billions of dollars in military aid, all at taxpayers' expense. This toxic mix, Dotcom insists, heralds the collapse of the dollar, the dismantling of the "US Empire," and ultimately a global human catastrophe; World War 3, no holds barred.]

BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

In a new 32-page filing (PDF), the Department of Justice indicated that it was considering a possible breakup of Google as an antitrust remedy for its search and advertising monopoly. The remedies necessary to "prevent and restrain monopoly maintenance could include contract requirements and prohibitions; non-discrimination product requirements; data and interoperability requirements; and structural requirements," the department said in the filing. CNBC reports: The DOJ also said it was "considering behavioral and structural remedies that would prevent Google from using products such as Chrome, Play, and Android to advantage Google search and Google search-related products and features -- including emerging search access points and features, such as artificial intelligence -- over rivals or new entrants."

Additionally, the DOJ suggested limiting or prohibiting default agreements and "other revenue-sharing arrangements related to search and search-related products." That would include Google's search position agreements with Apple's iPhone and Samsung devices -- deals that cost the company billions of dollars a year in payouts. The agency suggested one way to do this is requiring a "choice screen," which could allow users to pick from other search engines. Such remedies would end "Google's control of distribution today" and ensure "Google cannot control the distribution of tomorrow."

An anonymous reader quotes a report from TechCrunch: U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers' personal information and transaction data during a cyberattack last month. The company said in a statement Monday that an unauthorized third party "accessed and acquired" customer data during the cyberattack on September 20. The cyberattack -- the nature of which remains unknown -- sparked a week-long outage that resulted in the company's website and app falling offline. MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.

The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a "limited number" of Social Security numbers and government identification documents, such as driver's licenses and other documents that contain personal information, like utility bills and bank account numbers. MoneyGram said the types of stolen data will vary by individual. MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, "for a limited number of consumers, criminal investigation information (such as fraud)."

A Nintendo Switch modder has entered a legal battle against Nintendo without legal representation, Torrent Freak reports. Ryan Daly, alleged owner of Modded Hardware, denied all allegations in a lawsuit filed by Nintendo in July. Nintendo claims Modded Hardware offers hardware and firmware for creating and playing pirated games, as well as providing customers with pirated Nintendo titles.

The company filed suit after Daly allegedly ignored warnings to cease operations in March and May 2024. Daly's court response denies wrongdoing and ownership of the business. His defenses include fair use, invalid copyrights, and unjust enrichment. The Modded Hardware website is now password-protected.

An anonymous reader shares a report: The companies behind the streaming industry, including smart TV and streaming stick manufacturers and streaming service providers, have developed a "surveillance system" that has "long undermined privacy and consumer protection," according to a report from the Center for Digital Democracy (CDD) published today and sent to the Federal Trade Commission (FTC). Unprecedented tracking techniques aimed at pleasing advertisers have resulted in connected TVs (CTVs) being a "privacy nightmare," according to Jeffrey Chester, report co-author and CDD executive director, resulting in calls for stronger regulation.

The 48-page report, How TV Watches Us: Commercial Surveillance in the Streaming Era [PDF], cites Ars Technica, other news publications, trade publications, blog posts, and statements from big players in streaming -- from Amazon to NBCUniversal and Tubi, to LG, Samsung, and Vizio. It provides a detailed overview of the various ways that streaming services and streaming hardware target viewers in newfound ways that the CDD argues pose severe privacy risks. The nonprofit composed the report as part of efforts to encourage regulation. Today, the CDD sent letters to the FTC [PDF], Federal Communications Commission (FCC), California attorney general [PDF], and California Privacy Protection Agency (CPPA) [PDF], regarding its concerns. "Not only does CTV operate in ways that are unfair to consumers, it is also putting them and their families at risk as it gathers and uses sensitive data about health, children, race, and political interests,â Chester said in a statement.

An anonymous reader quotes a report from Reuters: The U.S. Federal Trade Commission's case accusing Amazon of stifling competition in online retail will move forward, though some of the states that sued alongside the agency had their claims dismissed, court documents showed. U.S. District Judge John Chun in Seattle unsealed his ruling from Sept. 30, which dismissed some of the claims brought by attorneys general in New Jersey, Pennsylvania, Maryland and Oklahoma. Last year, the FTC alleged Amazon.com, which has 1 billion items in its online superstore, was using an algorithm that pushed up prices U.S. households paid by more than $1 billion. Amazon has said in court papers it stopped using the program in 2019.

The FTC has accused the online retailer of using anti-competitive tactics to maintain dominance among online superstores and marketplaces. Amazon asked Chun to dismiss the case in December, saying the FTC had raised no evidence of harm to consumers. The judge said in his ruling that he cannot consider Amazon's claims that its actions benefited competition at this early stage in the case.

An anonymous Slashdot reader shared the EFF's "Deeplink" blog post: EFF, along with the ACLU and the ACLU of Mississippi, filed an amicus brief on Thursday asking a federal appellate court to continue to block Mississippi's HB 1126 — a bill that imposes age verification mandates on social media services across the internet. Our friend-of-the-court brief, filed in the U.S. Court of Appeals for the Fifth Circuit, argues that HB 1126 is "an extraordinary censorship law that violates all internet users' First Amendment rights to speak and to access protected speech" online.

HB 1126 forces social media sites to verify the age of every user and requires minors to get explicit parental consent before accessing online spaces. It also pressures them to monitor and censor content on broad, vaguely defined topics — many of which involve constitutionally protected speech. These sweeping provisions create significant barriers to the free and open internet and "force adults and minors alike to sacrifice anonymity, privacy, and security to engage in protected online expression." A federal district court already prevented HB 1126 from going into effect, ruling that it likely violated the First Amendment.

At the heart of our opposition to HB 1126 is its dangerous impact on young people's free expression. Minors enjoy the same First Amendment right as adults to access and engage in protected speech online. "No legal authority permits lawmakers to burden adults' access to political, religious, educational, and artistic speech with restrictive age-verification regimes out of a concern for what minors might see" [argues the brief]. "Nor is there any legal authority that permits lawmakers to block minors categorically from engaging in protected expression on general purpose internet sites like those regulated by HB 1126..."
"The law requires all users to verify their age before accessing social media, which could entirely block access for the millions of U.S. adults who lack government-issued ID..." And it also asks another question. "Would you want everything you do online to be linked to your government-issued ID?"

And the blog post makes one more argument. "in an era where data breaches and identity theft are alarmingly common." So the bill "puts every user's personal data at risk... No one — neither minors nor adults — should have to sacrifice their privacy or anonymity in order to exercise their free speech rights online."

Long-time Slashdot reader schwit1 shared this report from Australia's public broadcaster ABC: Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings — taken inside customers' houses — to train the company's AI models.

The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program.

When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will "help us strengthen the improvement of product functions and attached quality". Users are instructed to click "above" to read the specifics, however there is no link available on that page.

Ecovacs's privacy policy — available elsewhere in the app — allows for blanket collection of user data for research purposes, including:

- The 2D or 3D map of the user's house generated by the device
- Voice recordings from the device's microphone
— Photos or videos recorded by the device's camera

"It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs..."