An anonymous reader quotes a report from Ars Technica: A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday. The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved. "This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," the researchers wrote in a report on Tuesday. "After collecting information from the infected machine, the stealer downloads an uploader binary from the C2 server, saving it to /var/tmp/atd. It then uses this binary to upload stealer execution results to the attackers' infrastructure."

Criminal gangs behind a rise in bombings and shootings in Sweden in recent years are using fake Spotify streams to launder money, a Swedish newspaper reported earlier this month. From a report: Criminal networks have for several years been using money from drug deals, robberies, fraud and contract killings to pay for false Spotify streams of songs published by artists with ties to the gangs, an investigative report in Svenska Dagbladet claimed. They then get paid by the platform for the high number of streams, thereby laundering the money. The newspaper said its information had been confirmed by four gang members from separate criminal networks in Stockholm, as well as an anonymous police investigator.

The cofounder and main promoter of the $4 billion OneCoin pyramid scheme was sentenced to 20 years in prison for his role in one of the first and biggest criminal frauds involving cryptocurrency. Bloomberg: Karl Sebastian Greenwood, 46, was sentenced in New York Tuesday, after pleading guilty in December to creating and promoting a phony cryptocurrency. Greenwood was the wingman of Ruja Ignatova, the so-called "Cryptoqueen" and most wanted crypto fugitive in the world. US District Judge Edgardo Ramos called the fraud "massive in many respects," noting that OneCoin had no blockchain, no real cryptocoin and no trading market. Victims could not withdraw their investments and most face the likelihood they'll never get any of their money back. "At base, it involved nothing more than old-fashioned snake oil," the judge said. Greenwoood's sentencing closes one chapter of the OneCoin case, which authorities describe as one of the largest pyramid schemes in history. It impacted 3.5 million victims across the globe and foreshadowed a broader crackdown on crime in the cryptocurrency markets.

An anonymous Slashdot reader shared this report from the New York Times: The collapse in cryptocurrency prices last year forced a procession of major firms into bankruptcy, triggering a government crackdown and erasing the savings of millions of inexperienced investors. But for a small group of corporate turnaround specialists, crypto's implosion has become a financial bonanza.

Lawyers, accountants, consultants, cryptocurrency analysts and other professionals have racked up more than $700 million in fees since last year from the bankruptcies of five major crypto firms, including the digital currency exchange FTX, according to a New York Times analysis of court records. That sum is likely to grow significantly as the cases unfold over the coming months. Large fees are common in corporate bankruptcies, which require complex and time-intensive legal work to untangle. But in the crypto world, the mounting fees have sparked widespread outrage because many of the people owed money are amateur traders who lost their personal savings, rather than corporations with the ability to weather a financial crisis. Every dollar in fees is deducted from the pool of funds that will be returned to creditors at the end of the bankruptcies.

The fees are "exorbitant and ridiculous," said Daniel Frishberg, a 19-year-old investor who lost about $3,000 when the crypto company Celsius Network filed for bankruptcy last year. "At every hearing, they have an army of people there, and most of them don't need to be there. You don't need 20 people taking notes."

An anonymous reader shared this report from Bloomberg: China-linked hackers breached the corporate account of a Microsoft engineer and are suspected of using that access to steal a valuable key that enabled the hack of senior U.S. officials' email accounts, the company said in a blog post. The hackers used the key to forge authentication tokens to access email accounts on Microsoft's cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon and State Department officials earlier this year.

The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft disclosed the breach in June, but it was still unclear at the time exactly how hackers were able to steal the key that allowed them to access the email accounts. Microsoft said the key had been improperly stored within a "crash dump," which is data stored after a computer or application unexpectedly crashes...

The incident has brought fresh scrutiny to Microsoft's cybersecurity practices.
Microsoft's blog post says they corrected two conditions which allowed this to occur. First, "a race condition allowed the key to be present in the crash dump," and second, "the key material's presence in the crash dump was not detected by our systems." We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer's corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don't have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.

Slashdot reader quonset writes: Roblox Corporation was to have its award ceremony for developers on Saturday when it cancelled the event at the last moment. According to reports, a game developer was reportedly arrested on gun charges outside the event.
More from MarketWatch: Citing jail records, the San Francisco Chronicle reported Sunday that a man identified as game developer Mikhail Olson, known by the nickname Simbuilder, was arrested by U.S. Park Police on suspicion of having a concealed firearm in his vehicle, along with armor-piercing ammunition and a large-capacity magazine.

The awards ceremony was held at Fort Mason Center, which is on federal property. According to the Chronicle, the suspect was arrested Saturday afternoon after allegedly assaulting U.S. Park Police officers who had been called over a report of a disturbance outside the Roblox conference.

Agence France-Presse reports that "Two years ago, El Salvador shrugged off a chorus of warnings and adopted Bitcoin as legal tender in a bid to revitalize its economy and improve access to financial services.

"It has not worked... Economist Cesar Villalona told AFP that Bitcoin 'does not exist in the local economy' in any significant way, because in El Salvador 'everything' is paid in dollars: wages, services and goods." Bitcoin has lost more than half its value since then and though President Nayib Bukele is wildly popular for his clampdown on criminal gangs, his currency gamble has not gone down equally well... [T]wo years after El Salvador became the first country in the world to adopt Bitcoin as its currency, alongside the U.S. dollar, "the goals that were pursued... have not been achieved, people hardly use it, they don't have much trust" in crypto, economist and former Reserve Bank governor Carlos Acevedo told AFP. "The experiment has not worked, it is a crypto winter," he said.

There are no figures available on how many Salvadorans have taken up Bitcoin. But a poll conducted in May by the Central American University found that 71 percent believed the cryptocurrency "has in no way helped to improve their family economic situation."

On the streets of San Salvador, the verdict is harsh. "I don't see that money working, it's just propaganda. Where's the benefit? There's no benefit. It's a bad investment," newspaper vendor Juan Antonio Salgado, 65, told AFP. "It's robbery," he added, in reference to the currency's volatility.
Even a video report from Al Jazeera opens by asking "So has the experiment succeeded? The general verdict — not yet, at least."

They report that even though one fifth of El Salvador's GDP comes from remittances, less than 2% of its remittances went through crypto currency and digital wallets so far this year. Building has yet to begin on "Bitcoin City" — and the country has yet to actually issue the "Volcano Bonds" that would fund its creation.

And meanwhile, the government's bitcoin purchases have now lost an estimated $45.4 million.

Popular Science reports that America's Department of Energy "is providing a nearly $400 million loan to a startup aimed at scaling the manufacturing and deployment of a zinc-based alternative to rechargeable lithium batteries."

If realized, Eos Energy's utility- and industrial-scale zinc-bromine battery energy storage system could provide cheaper, vastly more sustainable options for the country's burgeoning renewable power infrastructure... Unlike lithium-ion and lithium iron phosphate batteries, alternatives such as the Eos Z3 design rely on zinc-based cathodes alongside a water-based electrolyte, notes MIT Technology Review. This important distinction both increases their stability, as well as makes it incredibly difficult for them to support combustion. Zinc-bromine batteries meanwhile also boast lifespans as long as 20 years, while existing lithium options only manage between 10 and 15 years. What's more, zinc is considered the world's fourth most produced metal...

The U.S. Department of Energy also notes that "over time," Eos expects to source almost all of its materials within the U.S., thus better insulating its product against the market volatility and supply chain issues. While the Department of Energy previously issued similar loans to battery recycling and geothermal energy projects, last week's announcement marks the first funding offered to a manufacturer of lithium-battery alternatives.
MIT's article notes that Eos's semi-autonomous facility in Pennsylvania already produces around 540 megawatt-hours annually — and it isn't operating at full capacity. This new loan could boost factory toward full-power. The $398-million loan funds "up to four state-of-the-art production lines," according to the announcement from the U.S. Energy Department.

It notes that the technology is "specifically designed for long-duration grid-scale stationary battery storage that can assist in meeting the energy grids' growing demand with increasing amounts of renewable energy penetration." If finalized, the project is expected to manufacture 8 GWh of storage capacity annually by 2026. That is enough to provide electricity to over 300,000 average U.S. homes instantaneously or meet the annual electricity needs of approximately 130,000 homes if fully charged and discharged daily. The project is expected to create up to 50 union contractor construction jobs and as many as 650 new operations jobs when at full operational capacity...

Critically, Eos batteries are non-flammable and do not require active cooling to operate. The batteries can achieve 100% depth of discharge...

Internet services has long been slow for the Winnebago Tribe in the state of Nebraska, reports the Wall Street Journal. Now the U.S. government "plans to fix that by crisscrossing the reservation with fiber-optic cable — at an average cost of $53,000 for each household and workplace connected."

While that amount exceeds the assessed value of some of the 658 homes getting hookups — at a cost of $35.2 million — "the tribe is also starting an internet company to run the network, creating jobs and competing with an existing provider known for slow customer service." While most connections will cost far less, the expense to reach some remote communities has triggered concerns over the ultimate price tag for ensuring every rural home, business, school and workplace in America has the same internet that city dwellers enjoy... The U.S. has committed more than $60 billion for what the Biden administration calls the "Internet for All" program, the latest in a series of sometimes troubled efforts to bring high-speed internet to rural areas... Providing fiber-optic cable is the industry standard, but alternative options such as satellite service are cheaper, if less reliable. Congress has left it up to state and federal officials implementing the program to decide how much is too much in hard-to-reach areas...

Defenders of the broadband programs say a simple per-location cost doesn't capture their benefits. Once built, rural fiber lines can be used to upgrade cell service or to add more connections to nearby towns...

Some of the differences can be explained by the distinct geographic areas the programs are targeting. While the FCC program included some suburbs and excluded remote locations such as Alaska, the programs run by Commerce and USDA specifically targeted far-flung regions with difficult construction conditions. "These are some of the most challenging locations that there are to reach in America," said Andy Berke, administrator of the USDA's Rural Utilities Service. He cited one project in Alaska that involves a 793-mile undersea fiber cable to reach remote villages.

Huawei's launch last week of the Mate 60 Pro smartphone "shocked industry experts," reports CNN, who didn't understand how Huawei "would have the ability to manufacture such an advanced smartphone following sweeping efforts by the United States to restrict China's access to foreign chip technology."

And in a related note, CNN adds that South Korean chipmaker SK Hynix "is investigating how two of its memory chips mysteriously ended up inside the Mate 60 Pro, a controversial smartphone launched by Huawei last week." Shares in Hynix fell more than 4% on Friday after it emerged that two of its products, a 12 gigabyte (GB) LPDDR5 chip and 512 GB NAND flash memory chip, were found inside the Huawei handset by TechInsights, a research organization based in Canada specializing in semiconductors, which took the phone apart for analysis. "The significance of the development is that there are restrictions on what SK Hynix can ship to China," G Dan Hutcheson, vice chair of TechInsights, told CNN. "Where do these chips come from? The big question is whether any laws were violated."

A Hynix spokesperson told CNN Friday that it was aware of its chips being used in the Huawei phone and had started investigating the issue.

The company "no longer does business with Huawei since the introduction of the U.S. restrictions against the company," it said in a statement... Industry insiders said it was possible that Huawei had purchased the memory chips from the secondary market and not directly from the manufacturer. It's also possible Huawei may have had a stockpile of components accumulated before the U.S. export curbs kicked in fully.
Thanks to long-time Slashdot reader hackingbear for sharing the news.

"On the morning of his arrest, Grigor Sargsyan was still fixing matches. Four cellphones buzzed on his nightstand with calls and messages from around the world.... The information on his devices would provide a remarkable window into what has become the world's most manipulated sport, according to betting regulators. Thousands of texts, gambling receipts and bank transfers laid out Sargsyan's ascent in remarkable detail..."

That's part one of a two-part story in which more than 181 tennis players are involved, and from more than 30 countries, fixing more than 375 professional tennis matches. The Washington Post reveals the years-long investigation that began when Belgium's gambling commission tipped off their federal prosecutor's office to "irregular wagers on obscure tennis matches played around the world."

The breakthrough came with geolocation data on a cellphone, cross-referenced against the the names of people who'd recently flown to that country... The bets were made in small towns in the Flemish countryside. The gamblers appeared to be acting on inside information; they consistently won even when they bet against steep odds... [Nicolas Borremans, a 45-year-old police investigator based in the Flanders region of Belgium] knew little about sports. He had never watched an entire tennis match. But even a cursory description of the case was enough for him to see how a gambling operation might be used to launder money...

Within a few months, he had traced the accounts of four men who had placed suspicious bets in Belgium, all Armenian immigrants. Their wagers were mostly small — a few hundred euros each — ostensibly to avoid scrutiny. Almost all of the bets were on low-level professional tennis tournaments, where players earned barely enough to pay for their travel. Borremans secured wiretaps on the gamblers' phones, and a team of Armenian interpreters listened in. It became clear that the gamblers were working for someone. They received detailed instructions about which matches to bet on. They weren't gambling just on the outcomes, but on specific scores for sets and games... Borremans added more gamblers to his diagram. "Money mules," he called them. Eventually, he would uncover 1,671 accounts at gambling establishments across Europe. Many were registered by working-class Armenians: mechanics, a pizza deliveryman, a taxi driver.
While the tennis tour "has in recent months issued a raft of bans and suspensions," the article points out that the scale of the gambler/tennis player network "has remained a secret until now, in part because the tour is still working on active investigations related to the operation." (The professional tennis tour has its own investigation unit "formed in part because of pervasive allegations of match-fixing in the sport," which assisted the Belgian police.)

The operation's "maestro" had tried to evade investigators. (One French player received his payment in 21 separate transfers from Armenia.) The maestro also gave the tennis players anonymously-registered SIM cards for communication. But unfortunately, the article points out, every professional tennis player "signs a contract agreeing to hand their phones over to tennis investigators at any time if required." Soon investigators were reading the mastermind's text messages — and even wiretapping his phone calls to his mother.

His phone's search history would later offer a glimpse into his life and concerns. Sargsyan scoured the internet for references to himself and his players ("maestro tennis," "match fixing tennis hossam"); he did some broader research into his world ("tennis corruption," "armenian mafia"); he searched for ways to spend his new fortune ("escort geneve," "villa rent close port mallorca") But, mostly, he searched for new bookmakers ("croatia betting shop," "usa betting," "mybet Australia").
Caught in the investigation were Sebastian Rivera, the Chilean coach based in the United States, and Slovakian tennis player Dagmara Baskova (who says she was paid 10,000 euros for each thrown match). Another French player told investigators "Since 2015, I estimate that I have accepted to deliberately lose or manipulate the outcome of 20 to 30 matches for Maestro, both in singles and doubles." Some tennis players infuriated the maestro by tipping off other gamblers about their plans to throw matches.

Leaving the courtroom for his own trial, the maestro gave this response to the Post reporter asking how he felt about the courtroom proceedings. "If the prosecutor knew what I know, there would be many more people on trial." Later the maestro was sentenced to five years in prison for fraud, money laundering, and leading a criminal organization.

A web caching issue resulted in some Wyze security camera owners being able to see webcam feeds that weren't theirs. The Verge reports: Earlier on Friday, users on Reddit made posts about the issue. "Went to check on my cameras and they are all gone be replaced with a new one... and this isn't mine!" wrote one user. "Apologies if this is your house / dog... I don't want it showing up as much as you don't want it!" "I am able to click the events tab and see ALL the events on this random person's camera INSIDE their house," wrote another. "I don't know why, but I can see someone else's camera," wrote another.

Each thread has comments from other Reddit users reporting similar issues. Shockingly, I even saw some instances of people claiming they saw the same cameras that other people did. The user reports indicated that they were seeing the other feeds through Wyze's web viewer at view.wyze.com.

An anonymous reader quotes a report from TechCrunch: Apple released security updates on Thursday that patch two zero-day exploits -- meaning hacking techniques that were unknown at the time Apple found out about them -- used against a member of a civil society organization in Washington, D.C., according to the researchers who found the vulnerabilities. Citizen Lab, an internet watchdog group that investigates government malware, published a short blog post explaining that last week they found a zero-click vulnerability -- meaning that the hackers' target doesn't have to tap or click anything, such as an attachment -- used to target victims with malware.

The researchers said the vulnerability was used as part of an exploit chain designed to deliver NSO Group's malware, known as Pegasus. "The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim," Citizen Lab wrote. Once they found the vulnerability, the researchers reported it to Apple, which released a patch on Thursday, thanking Citizen Lab for reporting them. Based on what Citizen Lab wrote in the blog post, and the fact that Apple also patched another vulnerability and attributed its finding to the company itself, it appears Apple may have found the second vulnerability while investigating the first. Citizen Lab researcher John Scott-Railton says Apple's Lockdown Mode would have blocked the exploits found in this case. Lockdown Mode is an opt-in feature introduced in iOS 16 that gives users the option to temporarily switch off or limit features for security purposes. According to Apple, it "should be used only if you believe you may be targeted by a highly sophisticated cyberattack, such as by a private company developing state-sponsored mercenary spyware."

The FTC's chief administrative law judge (ALJ) ruled that Intuit, the parent company of TurboTax, "deceived consumers" and "engaged in deceptive advertising" by advertising its "Free Edition" tax filing service as free when users ultimately had to pay. The Verge reports: The ruling (PDF) includes several pages of commercials and online ads where Intuit advertised its "Free Edition" software. While the name implies that the service is, well, free, people wound up having to pay to use it -- sparking a lawsuit from the FTC and a $141 million payout to affected users. Meanwhile, Intuit's actually no-cost Free File version, which it launched in partnership with the IRS, remained exceedingly difficult to find. In 2021, Intuit exited the program after the IRS stopped letting companies hide their free filing services from search engines.

The FTC's ALJ determined that there is a "cognizant danger of a recurring violation" by Intuit and issued a cease-and-desist order that prohibits the company from "engaging in deceptive practices in the future." The ruling prevents Intuit from representing a product as free unless it actually is free for everyone to use and "clearly and conspicuously discloses any terms that would limit the offer." In a statement, Intuit called the FTC's investigation process "flawed and highly questionable," noting "Intuit already adheres to most of the advertising practices in the FTC's erroneous decision." The company adds that it has "been clear, fair, and transparent" with customers and remains "committed to free tax preparation."

New York law enforcement agencies have spent millions of dollars to expand their capabilities to track and analyze social media posts, new documents show, including by contracting with a surveillance firm accused of improperly scraping social media platforms for data. From a report: Documents obtained by the Surveillance Technology Oversight Project (Stop), a privacy advocacy non-profit and shared with the Guardian, reveal the New York police department in 2018 entered a nearly $9m contract with Voyager Labs, a surveillance company that has been sued by Meta for allegedly using nearly 40,000 fake Facebook accounts to collect data on an estimated 600,000 users. NYPD purchased Voyager Labs products that the company claims can use artificial intelligence to analyze online human behavior and detect and predict fraud and crimes, the documents show.

A separate document reveals a contract between the Queens district attorney and Israeli firm Cobwebs Technologies, which also offers social network mapping products, as well as tools to track location information through phones. It's unclear how much that contract is worth. Law enforcement across the United States have worked with social media analytics companies for years, hoping to more effectively and efficiently collect and make sense of the hordes of personal information available on the internet. But experts have argued the practice can cross ethical and legal lines, particularly when used to access private information, make inferences or predict future criminality based on the content posted on social media, or otherwise help law enforcement skip obtaining subpoenas and warrants before gathering information on someone.

A special commission within Poland's Senate concluded that the government's use of spyware, like the one made by NSO Group, is illegal. From a report: The commission announced on Thursday the conclusion of its 18-month-long investigation into allegations that the Polish government used NSO's spyware, known as Pegasus, to spy on an opposition politician and other politicians around the time of the country's 2019 elections. "Pegasus cannot be used under Polish law," the report read, according to a machine translation. "This is because the Polish legal system does not allow the use of programs in which acquired operational data is transferred through transmission channels uncontrolled by the relevant services, as this creates the risk of violating its integrity and does not ensure its confidentiality, as required by law."

In other words, NSO's spyware is not designed in a way that respects Polish law, collects too much information, and cannot guarantee that that information is secured properly, according to the report. The commission also concluded that the Polish government used Pegasus to retaliate against opposition figures, and that these surveillance operations negatively influenced the 2019 elections in the country. The commission compared these abuses with Russian government hackers activities in the 2016 elections in the United States.

An anonymous reader quotes a report from Wired: For years, some cybersecurity defenders and advocates have called for a kind of Geneva Convention for cyberwar, new international laws that would create clear consequences for anyone hacking civilian critical infrastructure, like power grids, banks, and hospitals. Now the lead prosecutor of the International Criminal Court at the Hague has made it clear that he intends to enforce those consequences -- no new Geneva Convention required. Instead, he has explicitly stated for the first time that the Hague will investigate and prosecute any hacking crimes that violate existing international law, just as it does for war crimes committed in the physical world.

In a little-noticed article released last month in the quarterly publication Foreign Policy Analytics, the International Criminal Court's lead prosecutor, Karim Khan, spelled out that new commitment: His office will investigate cybercrimes that potentially violate the Rome Statute, the treaty that defines the court's authority to prosecute illegal acts, including war crimes, crimes against humanity, and genocide. "Cyber warfare does not play out in the abstract. Rather, it can have a profound impact on people's lives," Khan writes. "Attempts to impact critical infrastructure such as medical facilities or control systems for power generation may result in immediate consequences for many, particularly the most vulnerable. Consequently, as part of its investigations, my Office will collect and review evidence of such conduct."

When WIRED reached out to the International Criminal Court, a spokesperson for the office of the prosecutor confirmed that this is now the office's official stance. "The Office considers that, in appropriate circumstances, conduct in cyberspace may potentially amount to war crimes, crimes against humanity, genocide, and/or the crime of aggression," the spokesperson writes, "and that such conduct may potentially be prosecuted before the Court where the case is sufficiently grave." Neither Khan's article nor his office's statement to WIRED mention Russia or Ukraine. But the new statement of the ICC prosecutor's intent to investigate and prosecute hacking crimes comes in the midst of growing international focus on Russia's cyberattacks targeting Ukraine both before and after its full-blown invasion of its neighbor in early 2022.

Ryan Salame, a top FTX executive who played a key role in the exchange's political fundraising operations, will forfeit $1.5 billion after pleading guilty on Thursday to federal criminal charges tied to the exchange. CoinDesk reports: Salame, who was co-CEO of FTX's Bahamas entity FTX Digital Markets, pleaded guilty to conspiracy to make unlawful contributions and defraud the Federal Election Commission and conspiracy to operate an unlicensed money transferring business. "I made political contributions in my name that were funded by transfers from an Alameda subsidiary," Salame told Judge Lewis Kaplan, who is also overseeing Bankman-Fried's trial, as he entered his guilty plea. The transfers were "categorized as loans," Salame said, but "it was understood that the would not be repaid." The donations, according to Salame, "were for the benefit of initiatives introduced by others but supported by Sam Bankman-Fried."

As part of his plea agreement with the government, Salame has been ordered to forfeit more than $1.5 billion dollars. He agreed to forfeit $6 million before his sentencing, expected in March of next year. To help cover this amount, Salame has already agreed to give the government a "2021 Porsche automobile" and multiple properties, including two Massachusetts homes and ownership of the East Rood Farm Corporation, an entity Salame owns. Additionally, Salame was ordered to pay more than $5.5 million in restitution to FTX debtors. According to a DOJ document (PDF), the $1.5 billion Salame will forfeit represents "property involved in" the unlicensed money transmitter charge.

An anonymous reader quotes a report from Gizmodo: Google's Privacy Sandbox, a controversial set of tools and settings meant to replace third-party cookies, is now on almost every single Chrome browser, according to a company blog post published Thursday. Google says Privacy Sandbox is now available to around 97% of Chrome users, and that number will reach 100% in the next few months. The news comes on the heels of the browser's 15th anniversary, which Google is celebrating by redesigning Chrome to make it look and feel more closely aligned with the design paradigm of Android and the rest of the Google suite. The final step in this process comes in 2024, when Google will disable third-party cookies in Chrome for good, marking the end of their decades-long reign of privacy-violating terror.

Back in 2019, Google said the cookie era was coming to a close. In place of third-party cookies, Privacy Sandbox will implement a long list of new tools for the ad industry. Google, after all, makes all of its money by spying on you and turning the insights into ads, so it's not about to put itself out of business. In fairness, this new system is really more private, though it's private on Google's terms. The biggest change is "Ad Topics," a.k.a. the Topics API if you're a huge nerd who's been following this stuff for years. With Topics, Chrome will keep track of all the websites you're looking at and sort you into a variety of categories. This tracking happens in your browser and the data stays on your device. Neither Google nor anyone else gets to see your browsing history or learn anything about you as an individual throughout this process. Websites and advertising companies will know there's a person interested in a certain Topic, but they won't be able to tell who you are specifically.

There's also an extremely complicated technique websites can use to tag you with subjects they want you to see ads about, called "Site Suggested Ads." Google is also rolling out a tool called "Ad Measurement," which helps companies keep track of how well their ads are working through metrics such as the time of day you saw an ad and whether you clicked on it. Google gives users some control over how these tools are implemented. With the rollout of Privacy Sandbox comes new settings listed as "Ad privacy controls," which you can adjust in Chrome's preferences. Further reading: Chrome is About To Look a Bit Different

Microsoft says it will defend buyers of its artificial intelligence products from copyright infringement lawsuits, an effort by the software giant to ease concerns customers might have about using its AI "Copilots" to generate content based on existing work. From a report: The Microsoft Copilot Copyright Commitment will protect customers as long as they've "used the guardrails and content filters we have built into our products" Hossein Nowbar, General Counsel, Corporate Legal Affairs and Corporate Secretary at Microsoft, said in a blog post Thursday. Microsoft also pledged to pay related fines or settlements and said it has taken steps to ensure its Copilots respect copyright.

"We believe in standing behind our customers when they use our products," Nowbar said. "We are charging our commercial customers for our Copilots, and if their use creates legal issues, we should make this our problem rather than our customers' problem." Generative AI applications scoop up existing content such as art, articles and programming code and use it to generate new material that can simplify or automate a range of tasks. Microsoft is baking the technology, developed with partner OpenAI, into many of its biggest products, including Office and Windows, potentially putting customers in legal jeopardy.