The United States Space Force has activated its first and only unit dedicated to targeting other nations' satellites and the ground stations that support them. Space.com reports: The 75th Intelligence, Surveillance and Reconnaissance Squadron (ISRS) was activated on Aug. 11 at Peterson Space Force Base in Colorado. This unit is part of Space Delta 7, an element of the U.S. Space Force tasked with providing intelligence on adversary space capabilities. It'll do things like analyze the capabilities of potential targets, locate and track these targets as well as participate in "target engagement," which presumably refers to destroying or disrupting adversary satellites, the ground stations that support them and transmissions sent between the two.

Master Sgt. Desiree Cabrera, 75th ISRS operations superintendent, said the new unit will revolutionize the targeting capabilities of not just the Space Force, but also the entire U.S. military: "Not only are we standing up the sole targeting squadron in the U.S. Space Force, we are changing the way targeting is done across the joint community when it comes to space and electromagnetic warfare." The 75th ISRS will also analyze adversary space capabilities including "counterspace force threats," according to the Space Force's statement. Counterspace forces refer to adversary systems aimed at preventing the U.S. from using its own satellites during a conflict.

An anonymous reader quotes a report from The Register: Microsoft prohibits users from reverse engineering or harvesting data from its AI software to train or improve other models, and will store inputs passed into its products as well as any output generated. The details emerged as companies face fresh challenges with the rise of generative AI. People want to know what corporations are doing with information provided by users. And users are likewise curious about what they can do with the content generated by AI. Microsoft addresses these issues in a new clause titled 'AI Services' in its terms of service.

The five new policies, which were introduced on 30 July and will come into effect on September 30, state that:

Reverse Engineering. You may not use the AI services to discover any underlying components of the models, algorithms, and systems. For example, you may not try to determine and remove the weights of models.
Extracting Data. Unless explicitly permitted, you may not use web scraping, web harvesting, or web data extraction methods to extract data from the AI services.
Limits on use of data from the AI Services. You may not use the AI services, or data from the AI services, to create, train, or improve (directly or indirectly) any other AI service.
Use of Your Content. As part of providing the AI services, Microsoft will process and store your inputs to the service as well as output from the service, for purposes of monitoring for and preventing abusive or harmful uses or outputs of the service.
Third party claims. You are solely responsible for responding to any third-party claims regarding Your use of the AI services in compliance with applicable laws (including, but not limited to, copyright infringement or other claims relating to content output during Your use of the AI services). A spokesperson from Microsoft declined to comment on how long the company plans to store user inputs into its software. "We regularly update our terms of service to better reflect our products and services. Our most recent update to the Microsoft Services Agreement includes the addition of language to reflect artificial intelligence in our services and its appropriate use by customers," the representative told us in a statement.

Microsoft has previously said, however, that it doesn't save conversations or use that data to train its AI models for its Bing Enterprise Chat mode. The policies are a little murkier for its Microsoft 365 Copilot, although it doesn't appear to use customer data or prompts for training, it does store information. "[Copilot] can generate responses anchored in the customer's business content, such as user documents, emails, calendar, chats, meetings, contacts, and other business data. Copilot combines this content with the user's working context, such as the meeting a user is in now, the email exchanges the user has had on a topic, or the chat conversations the user had last week. Copilot uses this combination of content and context to help deliver accurate, relevant, contextual responses," it said.

Loading screen maps and movement physics are just some of the elements from The Legend of Zelda: Tears of the Kingdom that Nintendo is trying to patent. Kotaku reports: Automaton, a gaming website that focuses on Japanese games like Zelda, has a roundup of the 32 patents Nintendo put forth. Some of them are specific to Link's latest adventure, including things like Riju's lightning ability, which lets the player target enemies with a bow and bring down a lighting strike wherever the arrow lands. The weirder ones are related to baseline game design and coding that applies to plenty of other video games on the market. One of the hopeful patents relates to the physics of a character riding on top of a moving vehicle and reacting dynamically to it in a realistic manner.

The distinction, according to Automaton's translation of Japanese site Hatena Blog user nayoa2k's post on the matter, is down to how Tears of the Kingdom codes these interactions. Link and the objects he rides on move together at the same speed, rather than Link being technically stationary on top of a moving object as is common in the physics of other games. The two are functionally the same, but given that plenty of video games displayed characters who can walk around on top of moving vehicles, it's highly unlikely this kind of approach hasn't been utilized before.

On top of trying to patent the tech, Nintendo seeks to patent the loading screen that shows up when the player is fast-traveling across Hyrule. This specifically refers to the screen that shows the map transition from the player's starting point to their destination. Sure, that's pretty specific and not something every game utilizes, but it's still such a general concept that it feels almost petty to patent it when it's hardly an iconic draw of Tears of the Kingdom.

An anonymous reader quotes a report from Ars Technica: Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings. The attack, which commenced last Wednesday, hit Rapottoni, a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

"If you're an avid online refresher on any real estate website, you may have noticed a real nosedive in activity the last couple of days," Peg King, a realty agent in California's Sonoma County, wrote in an email newsletter she sent clients on Friday. "Real estate MLS systems across the country have been unusable since Wednesday after a massive cyberattack against major MLS provider, Rapattoni Corporation. This means that real estate markets (like ours!) can't list new homes, change prices, mark homes as pending/contingent/sold, or list open houses."

While Rapattoni has referred to the incident as a cyberattack, it has been widely reported that the event is a ransomware attack, in which criminals gain unauthorized access to a victim's network, encrypt or download crucial data and demand payment in exchange for decrypting the data or promising not to publish it. Rapattoni has so far not said publicly what sort of attack shut it down or other details. Rapattoni has yet to say whether personal information has been compromised. [...] Not all regional listing services are affected because some use data vendors other than Rapattoni. The damage the outage is causing to agents, buyers, renters, and sellers could get worse unless services are restored in the next few days. On Sunday, Rapattoni wrote: "We are continuing to investigate the nature and scope of the cyberattack that has caused a system outage and we are working diligently to get systems restored as soon as possible. All technical resources at our disposal are continuing to work around the clock through the weekend until this matter is resolved. We still do not have an ETA at this time, but we will continue to update you and keep you informed of our efforts."

An anonymous reader quotes a report from TorrentFreak: In the summer of 2021, DISH Network and Sling filed a copyright lawsuit against four unlicensed sports streaming sites, among them the popular SportsBay.org. After the plaintiffs named two alleged operators of the sites, this week a court in Texas held the pair liable for almost 2.5 million violations of the DMCA's anti-circumvention provisions and almost half a billion dollars in damages. [...] The complaint alleged that the unknown defendants circumvented (and provided technologies and services that circumvented) security measures employed by Sling and thereby provided "DISH's television programming" to users of their websites. The plaintiffs requested a permanent injunction, control of the defendants' domains, and damages of up to $2,500 for each violation of the DMCA's anti-circumvention provisions.

According to DISH's first amended complaint filed in January 2022, information obtained from the third-party service providers enabled the company to identify two men responsible for operating the SportsBay sites. Juan Barcan, an individual residing in Buenos Aires, Argentina, used his PayPal account to make payments to Namecheap and GitHub. Juan Nahuel Pereyra, also of Buenos Aires, used his PayPal account to make payments to Namecheap. On January 20, 2022, DISH sent a request to the Argentine Central Authority to serve Barcan and Pereyra under the Hague Convention. On October 31, 2022, the Central Authority informed DISH that Pereyra was served in Buenos Aires on September 14, 2022. Barcan was not served so after obtaining permission from the court, DISH served Barcan via a Gmail address used to make payments to Namecheap for the Sportsbay.org, Live-nba.stream, and Freefeds.com domain names. When the defendants failed to appear, DISH sought default judgment. [...]

In his order (PDF) handed down yesterday, District Judge Charles Eskridge entered a default judgment against Juan Barcan and Juan Nahuel Pereyra for violations of the DMCA's anti-circumvention provisions. The defendants and anyone acting in concert with them are permanently enjoined from circumventing any technological protection measure that controls access to Sling or DISH programming, including through the use of websites or any similar internet streaming service. Then comes the award for damages. "Plaintiffs are awarded $493,850,000 in statutory damages against Defendants, jointly and severally, for Defendants' 2,469,250 violations of section 1201(a)(2) of the DMCA," the order reads.

Long-time Slashdot reader destinyland shares a report from BleepingComputer: The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.

Yesterday, a person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database. The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID. "This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs.

The judge overseeing Apple's "batterygate" iPhone throttling lawsuit has cleared the way for payments to be sent out. MacRumors reports: Apple in 2020 agreed to pay $500 million to settle the "batterygate" lawsuit, which accused the company of secretly throttling older iPhone models. The class action lawsuit was open to U.S. customers who had an iPhone 6, 6 Plus, 6s, 6s Plus, 7, or 7 Plus running iOS 10.2.1 or iOS 11.2 prior to December 21, 2017. [...] Apple ultimately apologized for its lack of communication and dropped the price of battery replacements to $29 through the end of 2018. iPhone owners eligible for a payout would have needed to submit a claim back in 2020, and submissions were open through October 6, 2020. Those who submitted a claim back then will be eligible for a payment, which will be around $65 per claimant.

An anonymous reader quotes a report from TechCrunch: Iraq's telecom ministry lifted the ban on Telegram over the weekend, days after the agency blocked the chat app over security concerns. The ministry said it lifted the ban because of the "response of the company that owns the application to the requirements of the security authorities," which required Telegram to reveal sources leaking data of officials and citizens, according to a translated statement. Telegram has shown commitment to communicating with authorities about security concerns, the ministry said, insisting that it "doesn't stand against freedom of expression."

Telegram told Reuters that the company forbids users from posting private data on the platform without consent. Telegram didn't share any private user data with Iraqi authorities, the messaging app operator told the publication. "We can confirm that our moderators took down several channels sharing personal data. However, we can also confirm that no private user data was requested from Telegram and that none has been shared," the company told the publication in a statement. Context: "Last week, Iraq banned the chat app saying that many channels were publishing citizen's private data such as names, addresses, and family ties with other people," reports TechCrunch. "At that time, the ministry said that Telegram -- which has more than 800 million users globally -- didn't respond to its requests, and as a result, the country banned the app."

According to the Globe Gazette, the school board of Mason City, Iowa has begun leveraging AI technology to cultivate lists of potentially bannable books from the district's libraries ahead of the 2023/24 school year. Engadget reports: In May, the Republican-controlled state legislature passed, and Governor Kim Reynolds subsequently signed, Senate File 496 (SF 496), which enacted sweeping changes to the state's education curriculum. Specifically it limits what books can be made available in school libraries and classrooms, requiring titles to be "age appropriateâ and without "descriptions or visual depictions of a sex act," per Iowa Code 702.17. But ensuring that every book in the district's archives adhere to these new rules is quickly turning into a mammoth undertaking. "Our classroom and school libraries have vast collections, consisting of texts purchased, donated, and found," Bridgette Exman, assistant superintendent of curriculum and instruction at Mason City Community School District, said in a statement. "It is simply not feasible to read every book and filter for these new requirements."

As such, the Mason City School District is bringing in AI to parse suspect texts for banned ideas and descriptions since there are simply too many titles for human reviewers to cover on their own. Per the district, a "master list" is first cobbled together from "several sources" based on whether there were previous complaints of sexual content. Books from that list are then scanned by "AI software" -- the district doesn't specify which systems will be employed -- which tells the state censors whether or not there actually is a depiction of sex in the book. So far, the AI has flagged 19 books for removal. [The full list is available here.]

An anonymous reader quotes a report from TechCrunch: Millions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM. Colorado's Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado's Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass-hacks, exposing the data of more than four million patients.

In a data breach notification (PDF) to those affected, Colorado's HCPF said that the data was compromised because IBM, one of the state's vendors, "uses the MOVEit application to move HCPF data files in the normal course of business." The letter states that while no HCPF or Colorado state government systems were affected by this issue, "certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor." These files include patients' full names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income information, clinical and medical data including lab results and medication, and health insurance information. HCPF says about 4.1 million individuals are affected.

IBM has yet to publicly confirm that it was affected by the MOVEit mass-hacks, and an IBM spokesperson did not respond to a request for comment by TechCrunch. The breach of IBM's MOVEit systems also impacted Missouri's Department of Social Services (DSS), though the number of affected individuals is not yet known. More than six million people live in Missouri state. In a data breach notification posted last week, Missouri's DSS said: "IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians. The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS." DSS says that the data accessed may include an individual's name, department client number, date of birth, possible benefit eligibility status or coverage, and medical claims information.

A bomb threat against Caesars Forum, the main venue for this week's DEF CON hacking convention, led to the halls being cleared on Saturday evening and the building searched by fire crews and police officers. The Register reports: The timing was very bad, coming in the evening of the main party night for the event. The conference Goons, the red-shirted volunteers who serve as guides and organizers, were praised by attendees for managing the evacuation with aplomb, but when it became clear that the search for the suspect device was going to be hard to find, the DEC CON team cancelled the evening's festivities at Caesars, to the disappointment of thousands.

"Last night we were asked to evacuate the building due to a report of a suspicious package. Local police and fire departments conducted a thorough investigation and ultimately determined that the package was safe," the organizers said. "They also conducted additional sweeps of the building as a precaution before allowing our team to return and prepare for today's con. We are working quickly to keep the original schedule on track, but please check here for additional updates before arriving at DEF CON." The event kicked off on August 10 and wrapped up by August 13.

Presumably the hoax caller thought of themselves as a merry prankster, rather than the selfish idiot who ruined everyone's night - particularly the timing for those in the Track Four hall who were enjoying 2001: A Space Odyssey and who were forced to miss the crucial last 10 minutes of the movie. While tricks and pranks are something of a tradition, they only get respect if they are clever and intricate, not some fool showing they could use a telephone. It's not like security at the show wasn't heavy enough. The event was patrolled regularly by security guards in body armor with handguns, tasers, the occasional police dog, and a host of other equipment that was a bit of an overkill for a bunch of peaceable hackers. Dubbed by some as "Gravy SEALs," by the end of the show they were visibly warming up, and this hack saw several of them accepting stickers from attendees.

In the first ruling of its kind nationwide, a Montana state court decided Monday in favor of young people who alleged the state violated their right to a "clean and healthful environment" by promoting the use of fossil fuels. From a report: The court determined that a provision in the Montana Environmental Policy Act has harmed the state's environment and the young plaintiffs, by preventing Montana from considering the climate impacts of energy projects. The provision is accordingly unconstitutional, the court said. The win, experts say, could energize the environmental movement and reshape climate litigation across the country, ushering in a wave of cases aimed at advancing action on climate change. "People around the world are watching this case," said Michael Gerrard, the founder of Columbia's Sabin Center for Climate Change Law.

The ruling represents a rare victory for climate activists who have tried to use the courts to push back against government policies and industrial activities they say are harming the planet. In this case, it involved 16 young Montanans, ranging in age from 5 to 22, who brought the nation's first constitutional and first youth-led climate lawsuit to go to trial. Though the cumulative number of climate cases around the world has more than doubled in the last five years, youth-led lawsuits in the United States have faced an uphill battle. Already, at least 14 of these cases have been dismissed, according to a July report from the United Nations Environment Program and the Sabin Center. The report said about three-quarters of the approximately 2,200 ongoing or concluded cases were filed before courts in the United States. Experts said the Montana youth had an advantage in the state's constitution, which guarantees a right to a "clean and healthful environment." Coal is critical to the state's economy, and Montana is home to the largest recoverable coal reserves in the country. The plaintiff's attorneys say the state has never denied a permit for a fossil fuel project.

Dell has been fined more than $6.5 million by Australian regulators after it was found to have misled consumers on discounted hardware prices. From a report: The Australian Consumer and Competition Commission (ACCC) imposed a $10 million AUS fine on the tech giant for "making false and misleading representations" about discounted prices for add-on computer monitors. Dell Australia admitted that it has misled customers over prices available on monitors in 'bundle' packages alongside desktop, laptop, or notebook devices. Add-on monitors were "often advertised with a higher 'strikethrough' price," an investigation by the regulator found. These strikethrough prices were framed as a way for consumers to make significant savings on monitors if purchased alongside other computing products.

However, these discounted prices were often overstated, with the regulator ruling that the monitors were not sold for discounted prices in many instances. Dell also conceded it misled customers about the discounted price of add-on monitors with statements such as "Total Savings," "Includes x% off," "Discounted Price," and "Get the best price for popular accessories when purchased with this product." The ACCC said in a statement, "In many cases, consumers paid more than if they had purchased the monitor as a standalone product."

"It was difficult to maintain a poker face when the leader of a big US tech firm I was chatting to said there was a definite tipping point at which the firm would exit the UK," writes a BBC technology editor: Many of these companies are increasingly fed up. Their "tipping point" is UK regulation — and it's coming at them thick and fast. The Online Safety Bill is due to pass in the autumn. Aimed at protecting children, it lays down strict rules around policing social media content, with high financial penalties and prison time for individual tech execs if the firms fail to comply. One clause that has proved particularly controversial is a proposal that encrypted messages, which includes those sent on WhatsApp, can be read and handed over to law enforcement by the platforms they are sent on, if there is deemed to be a national security or child protection risk...

Currently messaging apps like WhatsApp, Proton and Signal, which offer this encryption, cannot see the content of these messages themselves. WhatsApp and Signal have both threatened to quit the UK market over this demand.

The Digital Markets Bill is also making its way through Parliament. It proposes that the UK's competition watchdog selects large companies like Amazon and Microsoft, gives them rules to comply with and sets punishments if they don't. Several firms have told me they feel this gives an unprecedented amount of power to a single body. Microsoft reacted furiously when the Competition and Markets Authority (CMA) chose to block its acquisition of the video game giant Activision Blizzard. "There's a clear message here — the European Union is a more attractive place to start a business than the United Kingdom," raged chief executive Brad Smith. The CMA has since re-opened negotiations with Microsoft. This is especially damning because the EU is also introducing strict rules in the same vein — but it is collectively a much larger and therefore more valuable market.

In the UK, proposed amendments to the Investigatory Powers Act, which included tech firms getting Home Office approval for new security features before worldwide release, incensed Apple so much that it threatened to remove Facetime and iMessage from the UK if they go through. Clearly the UK cannot, and should not, be held to ransom by US tech giants. But the services they provide are widely used by millions of people. And rightly or wrongly, there is no UK-based alternative to those services.
The article concludes that "It's a difficult line to tread. Big Tech hasn't exactly covered itself in glory with past behaviours — and lots of people feel regulation and accountability is long overdue."

"Owners of some older iPhone models are expected to receive about $65 each," reports SiliconValley.com, "after a judge cleared the way for payments in a class-action lawsuit accusing Apple of secretly throttling phone performance." The Cupertino cell phone giant agreed in 2020 to pay up to $500 million to resolve a lawsuit alleging it had perpetrated "one of the largest consumer frauds in history" by surreptitiously slowing the performance of certain iPhone models to address problems with batteries and processors...

According to the lawsuit, filed in 2018, reports of unexplained iPhone shutdowns began to surface in 2015 and increased in the fall of 2016. Consumers complained their phones were shutting off even though the batteries showed a charge of more than 30%, the lawsuit claimed. The lawsuit claimed the shutdowns resulted from a mismatch between phones' hardware, including batteries and processing chips, and the ever-increasing demands of constantly updating operating systems. Apple tried to fix the problem with a software update, but the update merely throttled device performance to cut the number of shutdowns, the lawsuit claimed... In a 2019 court filing in the case, Apple argued that lithium-ion batteries become less effective with time, repeated charging, extreme temperatures and general use. Updating software, Apple asserted in the filing, entails trade-offs. "Providing more features also introduces complexity and can reduce speed, and increasing features or speed may adversely impact hardware lifespan," the company said.

Consumer grief over the shutdowns and alleged throttling also led to a 2020 lawsuit against Apple by the State of California and Alameda and Los Angeles counties. Apple, admitting to no wrongdoing, settled the case for $113 million.
About 3 million claims were received, the article notes, and two iPhone owners who'd objected to the settlement lost their appeal this week, "removing the final obstacle to the deal..."

"The phones at issue in the case were iPhone 6, 6 Plus, 6s, 6s Plus, and SE devices running operating systems iOS 10.2.1 or later before Dec. 21, 2017, and iPhone 7 and 7 Plus phones running iOS 11.2 or later before that date."

Monday sees the release of "The Billion Dollar Heist," a documentary about the theft of $81 million from the Bangladesh Bank, considered the biggest cyber-heist of all time. The film's executive producer wrote the book Dark Market: How Hackers Became the New Mafia (and is also a rector at the Institute for Human Sciences).

But he's also written an article for the Financial Times outlining the complicated background of Russian-speaking hacker gangs responsible for malware and ransomware, starting with "one of the most remarkable if little-known events in post-cold war history: the first and, to my knowledge, the last publicly organised conference of avowed criminals" in May, 2002.

The First Worldwide Carders Conference was the brainchild of the administrators of a landmark website, carderplanet.com. Known as "the family", this was a mixed group of young men, both Ukrainians and Russians, who had spent the previous 10 years growing up in a lively atmosphere of gangster capitalism. During the 1990s, conventional law and order in the former Soviet Union had broken down. The collapse of the communist system had left a vacuum in which new forms of economic activity were emerging...

Founded a year before the conference, CarderPlanet revolutionised web-based criminal activity, especially the lucrative trade in stolen or cloned credit card data, by solving the conundrum that until then had faced every bad guy on the web: how can I do business with this person, as I know he's a criminal, so he must be untrustworthy by definition? To obviate the problem, the CarderPlanet administrators created an escrow system for criminals. They would act as guarantor of any criminal sale of credit and debit card data — a disinterested party mediating between the vendor and the purchaser... The escrow system led to an explosion of credit card crime around the world in which many criminal fortunes were made....

Roman Stepanenko Vega, a Russian-speaking Ukrainian national who was one of the founders and administrators of CarderPlanet, explained to me how "two days before the conference's opening, we received a visit from an FSB [Federal Security Service] officer in Moscow. He explained that Moscow had no objections to us cloning credit cards or defrauding banks in Europe and the United States but anywhere within the CIS was off limits." In addition, the FSB officer let CarderPlanet know that if the Russian state ever required assistance from criminal gangs, it would be expected to co-operate...

Members of criminal gangs were later recruited into notorious state-backed hacking teams such as Advanced Persistent Threat 28.
A 2021 ransomware attack on Colonial Pipeline brought warnings of a U.S. counterattack, the article notes, after which "Russian police started arresting and imprisoning cyber criminal groups." Ransomware attacks now seem particularly focused on Europe, and "According to cyber-security experts, the Russian government is giving these criminal groups information on potential targets." But once more the hackers have been careful not to cross what the Americans consider red lines, as advised, presumably, by Russia's security services. Russia is probably confident that disrupting European businesses will be unlikely to provoke a cyber attack. But the U.S. — whether its government, municipalities or police — remains strictly off-limits.
Thanks to long-time Slashdot reader Geoffrey.landis for sharing the article.

An anonymous reader shared this investigative report from The Markup: Over the past quarter-century, privacy policies — the lengthy, dense legal language you quickly scroll through before mindlessly hitting "agree" — have grown both longer and denser. A study released last year found that not only did the average length of a privacy policy quadruple between 1996 and 2021, they also became considerably more difficult to understand. "Analyzing the content of privacy policies, we identify several concerning trends, including the increasing use of location data, increasing use of implicitly collected data, lack of meaningful choice, lack of effective notification of privacy policy changes, increasing data sharing with unnamed third parties, and lack of specific information about security and privacy measures," wrote De Montfort University Associate Professor Isabel Wagner, who used machine learning to analyze some 50,000 website privacy policies for the study...

To get a sense of what all of this means, I talked to Jesse Woo — a data engineer at The Markup who previously helped write institutional data use policies as a privacy lawyer. Woo explained that, while he can see why the language in Zoom's terms of service touched a nerve, the sentiment — that users allow the company to copy and use their content — is actually pretty standard in these sorts of user agreements. The problem is that Zoom's policy was written in a way where each of the rights being handed over to the company are specifically enumerated, which can feel like a lot. But that's also kind of just what happens when you use products or services in 2023 — sorry, welcome to the future!

As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: "We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights." That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to "support or improve the provision of the Services."
The article ends with a link to a helpful new guide showing "how to read any privacy policy and quickly identify the important/creepy/enraging parts."

An anonymous reader shared this report from the Wall Street Journal: U.S. spy agencies will share more intelligence with U.S. companies, nongovernmental organizations and academia under a new strategy released this week that acknowledges concerns over new threats, such as another pandemic and increasing cyberattacks. The National Intelligence Strategy, which sets broad goals for the sprawling U.S. intelligence community, says that spy agencies must reach beyond the traditional walls of secrecy and partner with outside groups to detect and deter supply-chain disruptions, infectious diseases and other growing transnational threats. The intelligence community "must rethink its approach to exchanging information and insights," the strategy says.

The U.S. government in recent years has begun sharing vast amounts of cyber-threat intelligence with U.S. companies, utilities and others who are often the main targets of foreign hackers, as well as information on foreign-influence operations with social-media companies... The emphasis on greater intelligence sharing is part of a broader trend toward declassification that the Biden administration has pursued.
"The new strategy is meant to guide 18 U.S. intelligence agencies with an annual budget of about $90 billion... "

An anonymous reader shared this report from CNBC: The mastermind behind a ransomware hosting service that allegedly helped criminals collect more than 5,000 bitcoin in ransom from hundreds of victims was indicted in federal court this week, prosecutors announced Thursday. Artur Grabowski's LolekHosted service operated for about a decade and advertised itself as a haven for "everything but child porn," according to Florida prosecutors. Clients allegedly used the hosting service to deploy ransomware viruses that infected around 400 networks around the world... [That's 400 just for the Netwalker ransomware, which the announcement calls "one of the ransomware variants facilitated by LolekHosted."]

Grabowski was charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. Grabowski himself is also the subject of a $21.5 million seizure order... Grabowski, a Polish national, faces a maximum sentence of 45 years, if he is ever detained and convicted.
Grabowski also "remains a fugitive," according to an announcement from the U.S. Department of Justice. It notes that the 36-year-old's site — registered in 2014 — also "facilitated" brute-force attacks, and phishing.

"Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement."

Last year, Queens resident David Leacraft filed a lawsuit against Canon claiming that his Canon Pixma All-in-One printer won't scan documents unless it has ink. According to The Verge's Sean Hollister, it has quietly ended in a private settlement rather than becoming a big class-action. From the report: I just checked, and a judge already dismissed David Leacraft's lawsuit in November, without (PDF) Canon ever being forced to show what happens when you try to scan without a full ink cartridge. (Numerous Canon customer support reps wrote that it simply doesn't work.) Here's the good news: HP, an even larger and more shameless manufacturer of printers, is still possibly facing down a class-action suit for the same practice.

As Reuters reports, a judge has refused to dismiss a lawsuit by Gary Freund and Wayne McMath that alleges many HP printers won't scan or fax documents when their ink cartridges report that they've run low. Among other things, HP tried to suggest that Freund couldn't rely on the word of one of HP's own customer support reps as evidence that HP knew about the limitation. But a judge decided it was at least enough to be worth exploring in court. "Plaintiffs have plausibly alleged that HP had a duty to disclose and had knowledge of the alleged defect," wrote Judge Beth Labson Freeman, in the order denying almost all of HP's current attempts to dismiss the suit.

Interestingly, neither Canon nor HP spent any time trying to argue their printers do scan when they're low on ink in the lawsuit responses I've read. Perhaps they can't deny it? Epson, meanwhile, has an entire FAQ dedicated to reassuring customers that it hasn't pulled that trick since 2008. (Don't worry, Epson has other forms of printer enshittification.) HP does seem to be covering its rear in one way. The company's original description on Amazon for the Envy 6455e claimed that you could scan things "whenever". But when I went back now to check the same product page, it now reads differently: HP no longer claims this printer can scan "whenever" you want it to. Now, we wait to see whether the case can clear the bars needed to potentially become a big class-action trial, or whether it similarly settles like Canon, or any number of other outcomes.