The BBC reports that "while most of the world was grappling with the blue screen of death on Friday," there was one country that managed to escape largely unscathed: China. The reason is actually quite simple: CrowdStrike is hardly used there. Very few organisations will buy software from an American firm that, in the past, has been vocal about the cyber-security threat posed by Beijing. Additionally, China is not as reliant on Microsoft as the rest of the world. Domestic companies such as Alibaba, Tencent and Huawei are the dominant cloud providers.

So reports of outages in China, when they did come, were mainly at foreign firms or organisations. On Chinese social media sites, for example, some users complained they were not able to check into international chain hotels such as Sheraton, Marriott and Hyatt in Chinese cities. Over recent years, government organisations, businesses and infrastructure operators have increasingly been replacing foreign IT systems with domestic ones. Some analysts like to call this parallel network the "splinternet".

"It's a testament to China's strategic handling of foreign tech operations," says Josh Kennedy White, a cybersecurity expert based in Singapore. "Microsoft operates in China through a local partner, 21Vianet, which manages its services independently of its global infrastructure. This setup insulates China's essential services — like banking and aviation — from global disruptions."
"Beijing sees avoiding reliance on foreign systems as a way of shoring up national security."

Thanks to long-time Slashdot reader hackingbear for sharing the article.

In April the U.S. Space Force began testing "a new ground-based satellite jamming weapon to help keep U.S. military personnel safe from potential 'space-enabled' attacks" (according to a report from Space.com). The weapon was "designed to deny, degrade, or disrupt communications with satellites overhead, typically through overloading specific portions of the electromagnetic spectrum with interference," according to the article, with the miitary describing it as a small form-factor system "designed to be fielded in large numbers at low-cost and operated remotely" and "provide counterspace electronic warfare capability to all of the new Space Force components globally."

And now, Bloomberg reports that the U.S. is about to deploy them: The devices aren't meant to protect U.S. satellites from Chinese or Russian jamming but "to responsibly counter adversary satellite communications capabilities that enable attacks," the Space Force said in a statement to Bloomberg News. The Pentagon strives — on the rare occasions when it discusses such space capabilities — to distinguish its emerging satellite-jamming technology as purely defensive and narrowly focused. That's as opposed to a nuclear weapon the U.S. says Russia is developing that could create high-altitude electromagnetic pulses that would take out satellites and disrupt entire communications networks.

The first 11 of 24 Remote Modular Terminal jammers will be deployed in several months, and all of them could be in place by Dec. 31 at undisclosed locations, according to the Space Force statement... The new terminals augment a much larger jamming weapon called the Counter Communications System that's already deployed and a mid-sized one called Meadowlands "by providing the ability to have a proliferated, remotely controlled and relatively relocatable capability," the Space Force said. The Meadowlands system has encountered technical challenges that have delayed its delivery until at least October, about two years later than planned.

China has "hundreds and hundreds of satellites on orbit designed to find, fix, track, target and yes, potentially engage, US and allied forces across the Indo-Pacific," General Stephen Whiting, head of US Space Command, said Wednesday at the annual Aspen Security Forum. "So we've got to understand that and know what it means for our forces."
Bloomberg also got this comment from the chief director of space security and stability at the Secure World Foundation (which produces reports on counterspace weapons). The new U.S. Space Force jamming weapons are "reversible, temporary, non-escalatory and allow for plausible deniability in terms of who the instigator is."

For the third straight day, "More than 1,000 US flights have been," reports CNN, "as airlines struggle to recover from a global tech outage that left thousands of passengers stranded at airports." More than 1,200 flights into, within or out of the United States were canceled by early Sunday afternoon, while more than 5,000 U.S. flights were delayed, according to the tracking website FlightAware.com... On Saturday, 2,136 US flights were canceled, and more than 21,300 flights were delayed...
USA Today notes that Friday several U.S. airlines issued ground stops (according to America's Federal Aviation Administration) "which caused a domino effect into Sunday."

They note that "most of the cancellations and delays Sunday are likely to be caused by airline crews and equipment being out of place."

The Verge reports that for machines that aren't automatically receiving Crowdstrike's newly-released software fix, Microsoft has released a recovery tool that creates a bootable USB drive. Some IT admins have reported rebooting PCs multiple times will get the necessary update, but for others the only route is having to manually boot into Safe Mode and deleting the problematic CrowdStrike update file. Microsoft's recovery tool now makes this recovery process less manual, by booting into its Windows PE environment via USB, accessing the disk of the affected machine, and automatically deleting the problematic CrowdStrike file to allow the machine to boot properly. This avoids having to boot into Safe Mode or a requirement of admin rights on the machine, because the tool is simply accessing the disk without booting into the local copy of Windows. If a disk is protected by BitLocker encryption, the tool will prompt for the BitLocker recovery key and then continue to fix the CrowdStrike update.

Last year two different tourists — following GPS directions — drove their cars straight into the same harbor in Hawaii.

And then last weekend — at the same harbor — it happened again. "This time it was different," reports a local news station. "The driver was a local..." Multiple witnesses say the Prius was actually parked at the top of the ramp and that an enforcement officer with the Department of Land and Natural Resources told the owner she had to move it. Witnesses also said that the woman had an issue getting the car started. Eventually, she was able to start the vehicle and called out that the car was running.

Then the car went down the ramp....
More from Hawaii News Now: This follows another viral incident, captured on video in May of last year, showing another SUV sinking in the water with its passengers inside. "The GPS led them into the water," said one witness. Then, a few weeks later, it happened again. Witnesses say the driver, also an out-of-state visitor, was following their GPS directions.

"The first time I heard it, the thought in my head was, you got to be joking," said Hawaii County Mayor Mitch Roth. "The third was — are you serious? This is just another form of people not paying attention to what they're doing."
The news outlet reached out to the Department of Land and Natural Resources — and specifically to its Division of Boating & Ocean Recreation, to ask whether the harbor's boat ramp had adequate lighting and signage.

They responded that a boat ramp descending into the waters of the Pacific ocean is "hard to miss" — and called the recent incidents "operator error."

Meanwhile in Wyoming, SFGate reports that "an SUV with five people inside plunged about 9 feet deep into a 105-degree geyser at Yellowstone National Park after it 'inadvertently drove off the roadway' last Thursday, National Park Service officials said."

Who wrote the code for Windows' notorious "Blue Screen of Death? It's "been a source of some contention," writes SFGate: A Microsoft developer blog post from Raymond Chen in 2014 said that former Microsoft CEO Steve Ballmer wrote the text for the Ctrl+Alt+Del dialog in Windows 3.1. That very benign post led to countless stories from tech media claiming Ballmer was the inventor of the "Blue Screen of Death." That, in turn, prompted a follow-up developer blog post from Chen titled "Steve Ballmer did not write the text for the blue screen of death...."

Chen then later tried to claim he was responsible for the "Blue Screen of Death," saying he coded it into Windows 95. Problem is, it already existed in previous iterations of Windows, and 95 simply removed it. Chen added it back in, which he sort of cops to, saying: "And I'm the one who wrote it. Or at least modified it last." No one challenged Chen's 2014 self-attribution, until 2021, when former Microsoft developer Dave Plummer stepped in. According to Plummer, the "Blue Screen of Death" was actually the work of Microsoft developer John Vert, whom logs revealed to be the father of the modern Windows blue screen way back in version 3.1.
Plummer spoke directly with Vert, according to Vert, who'd remembered that he got the idea because there was already a blue screen with white text in both his machine at the time (a MIPS RISC box) and this text editor (SlickEdit)...

Slashdot reader Thelasko shared Friday's article from Digital Trends: Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that's affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that's plaguing the world today, and that's apparently because it's using Windows 3.1.

Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven't had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest's systems are reportedly built on Windows 95 and Windows 3.1...
UPDATE: Reached for comment, Southwest "would not confirm" that's it's using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:

âoeWe believe that Southwestâ(TM)s older technology kept it somewhat immune from the issues affecting other airlines today."

"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction."

Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.

And they also emphasize that it's "not tracking." The way it works is there's an "aggregation service" that can periodically send advertisers a summary of ad-related actions — again, aggregated data, from a mass of many other users. (And Mozilla says that aggregated summary even includes "noise that provides differential privacy.") This Privacy-Preserving Attribution concept "does not involve sending information about your browsing activities to anyone... Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

More from It's FOSS: Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blog posts, they failed to communicate this decision clearly, to a wider audience... In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on.

He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla. He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques. But, there were two limitations with this approach. One was that advertisers would try to bypass these countermeasures. The second, most users just accept the default options that they are shown...

Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that "[opt-in features are] making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in. They need to be the default.

"If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this."
This has already provoked a discussion among Slashdot readers. "It doesn't seem that evil to me," argues Slashdot reader geekprime. "Seems like the elimination of cross site cookies is a privacy enhancing idea." (They cite Mozilla's statement that their goal is "to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people. By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.")

But Slashdot reader TheNameOfNick disagrees. "How realistic is the part where advertisers stop tracking you because they get less information from the browser maker...?"

Mozilla has provided simple instructions for disabling the feature:

• Click the menu button and select Settings.
• In the Privacy & Security panel, find the Website Advertising Preferences section.
• Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

A solar superstorm in May caused thousands of satellites to simultaneously maneuver to maintain altitude due to the thickening of the upper atmosphere, creating potential collision hazards as existing prediction systems struggled to cope. Space.com reports: According to a pre-print paper published on the online repository arXiv on June 12, satellites and space debris objects in low Earth orbit -- the region of space up to an altitude of 1,200 miles (2,000 kilometers) -- were sinking toward the planet at the speed of 590 feet (180 meters) per day during the four-day storm. To make up for the loss of altitude, thousands of spacecraft began firing their thrusters at the same time to climb back up. That mass movement, the authors of the paper point out, could have led to dangerous situations because collision avoidance systems didn't have time to calculate the satellites' changing paths.

The solar storm that battered Earth from May 7 to 10 reached the intensity of G5, the highest level on the five-step scale used by the National Oceanic and Atmospheric Administration (NOAA) to assess the strength of solar storms. It was the strongest solar storm to hit Earth since 2003. The authors of the paper, however, pointed out that the environment around the planet has changed profoundly since that time. While only a few hundred satellites were orbiting Earth twenty years ago, there are thousands today. The authors of the paper put the number of "active payloads at [low Earth orbit]" at 10,000. [...] The new paper points out that space weather forecasts ahead of the May storm failed to accurately predict the duration and intensity of the event, making satellite collision predictions nearly impossible.

On the upside, the storm helped to clear out some junk as defunct satellites and debris fragments spiraled deeper into the atmosphere. The authors of the report estimate that thousands of space debris objects lost several kilometers in altitude during the storm. More powerful solar storms can be expected in the coming months as the peak of the current solar cycle -- the 11-year ebb and flow in the number of sunspots, solar flares and eruptions -- is expected in late 2024 and early 2025. The paper can be found here.

An anonymous reader quotes a report from the New York Times: For years, the people building powerful artificial intelligence systems have used enormous troves of text, images and videos pulled from the internet to train their models. Now, that data is drying up. Over the past year, many of the most important web sources used for training A.I. models have restricted the use of their data, according to a study published this week by the Data Provenance Initiative, an M.I.T.-led research group. The study, which looked at 14,000 web domains that are included in three commonly used A.I. training data sets, discovered an "emerging crisis in consent," as publishers and online platforms have taken steps to prevent their data from being harvested.

The researchers estimate that in the three data sets -- called C4, RefinedWeb and Dolma -- 5 percent of all data, and 25 percent of data from the highest-quality sources, has been restricted. Those restrictions are set up through the Robots Exclusion Protocol, a decades-old method for website owners to prevent automated bots from crawling their pages using a file called robots.txt. The study also found that as much as 45 percent of the data in one set, C4, had been restricted by websites' terms of service. "We're seeing a rapid decline in consent to use data across the web that will have ramifications not just for A.I. companies, but for researchers, academics and noncommercial entities," said Shayne Longpre, the study's lead author, in an interview.

Nigeria fined Meta for $220 million on Friday, alleging the tech giant violated the country's local consumer, data protection and privacy laws. Reuters reports: Nigeria's Federal Competition and Consumer Protection Commission (FCCPC) said Meta appropriated the data of Nigerian users on its platforms without their consent, abused its market dominance by forcing exploitative privacy policies on users, and meted out discriminatory and disparate treatment on Nigerians, compared with other jurisdictions with similar regulations. FCCPC chief Adamu Abdullahi said the investigations were jointly held with Nigeria's Data Protection Commission and spanned over 38 months. The investigations found Meta policies don't allow users the option or opportunity to self-determine or withhold consent to the gathering, use, and sharing of personal data, Abdullahi said.

"The totality of the investigation has concluded that Meta over the protracted period of time has engaged in conduct that constituted multiple and repeated, as well as continuing infringements... particularly, but not limited to abusive, and invasive practices against data subjects in Nigeria," Abdullahi said. "Being satisfied with the significant evidence on the record, and that Meta has been provided every opportunity to articulate any position, representations, refutations, explanations or defences of their conduct, the Commission have now entered a final order and issued a penalty against Meta," Abdullahi said. The final order mandates steps and actions Meta must take to comply with local laws, Abdullahi said.

Bangladesh is experiencing a "near-total" nationwide internet shutdown amid government efforts to control widespread student protests against the country's quota system for government jobs. The country's quota system requires a third of government jobs be reserved for relatives of veterans who had fought for independence from Pakistan.

According to Reuters, the protests "have opened old and sensitive political fault lines between those who fought for Bangladesh's independence from Pakistan in 1971 and those accused of collaborating with Islamabad." Analysts say the protests have also been "fueled by high unemployment among young people" and "wider economic woes, such as high inflation and shrinking reserves of foreign exchange." Engadget reports on the internet disruptions: To control the situation, Bangladeshi authorities shut down internet and phone access throughout the country, a common practice in South Asia to prevent the spread of rumors and misinformation and exercise state control. NetBlocks, a global internet monitor that works on digital rights analyzed live network data that showed that Bangladesh was in the middle of a "near-total national internet shutdown." [...]

Bangladesh has frequently blacked out the internet to crack down on political opposition and activists. At the end of 2023, research tool CIVICUS Monitor, which provides data on the state of civil society and freedoms in nearly 200 countries, downgraded Bangladesh's civic space to "closed," its lowest possible rating, after the country imposed six internet shutdowns the previous year. That made Bangladesh the fifth-largest perpetrator of internet shutdowns in 2022, Access Now said.

The country's telecom regulator had pledged to keep internet access on through Bangladesh's general elections at the beginning of 2024, but that electoral period is now over. Despite the pledge, Bangladesh blocked access to news websites during its elections.

AMD has introduced its latest Ryzen AI chips, built on the new Zen 5 architecture, in an ambitious attempt to compete with Apple's dominant MacBook processors. During a recent two-day event in Los Angeles, the company made bold claims about outperforming Apple's M3 and M3 Pro chips in various tasks including multitasking, image processing, and gaming, though these assertions remain unverified due to limited demonstrations and benchmarks provided at the event, The Verge reports. The report adds: At that event, I heard AMD brag about beating the MacBook more than I've ever heard a company directly target a competitor before. AMD claimed its new Ryzen chip "exceeds the performance of what MacBook Air has to offer in multitasking, image processing, 3D rendering, and gaming"; "is 15 percent faster than the M3 Pro" in Cinebench; and is capable of powering up to four displays, "unlike the MacBook Air, which limits you to two displays only." While AMD touted significant improvements in CPU architecture, graphics performance, and AI capabilities, journalists present at the event were unable to fully test or validate these features, leaving many questions unanswered about the chips' real-world performance.

The company's reluctance or inability to showcase certain capabilities, particularly in gaming and AI applications, has raised eyebrows among industry observers, the report adds. The new Ryzen AI chips are scheduled to debut in Asus laptops on July 28th, marking a critical juncture for AMD in the fiercely competitive laptop processor market. As Apple's M-series chips and Qualcomm's Snapdragon processors continue to gain traction in the mobile computing space, the success or failure of AMD's latest offering could have far-reaching implications for the future of x86 architecture in laptops.

Russian officials boasted on Friday that Moscow was spared the impact of the global IT systems outage because of its increased self-sufficiency after years of Western sanctions, though some experts said Russian systems could still be vulnerable. From a report: Microsoft and other IT firms have suspended sales of new products in Russia and have been scaling down their operations in line with sanctions imposed over Russia's war in Ukraine, which Moscow describes as a special military operation. The Kremlin, along with companies from state nuclear giant Rosatom, which operates all of Russia's nuclear plants, to major lenders and airlines, reported no glitches amid the outage that affected international companies across the globe. "The situation once again highlights the significance of foreign software substitution," Russia's digital development ministry said. Russian financial and currency markets also ran smoothly.

An anonymous reader shares a report, which expands on the ongoing global outage: The incident will exacerbate concerns about concentration risk in the cyber security industry. Just 15 companies worldwide account for 62 per cent of the market in cyber security products and services, according to SecurityScorecard. In modern endpoint security, the business of securing PCs, laptops and other devices, the problem is worse: three companies, with Microsoft and CrowdStrike by far the largest, controlled half the market last year, according to IDC.

While the US Cyber Safety Review Board dissects large cyber attacks for lessons learned, there is no obvious body charged with analysing these technical failures to improve the resilience of global tech infrastructure, said Ciaran Martin, former head of the UK's National Cyber Security Centre. The current global outage should spur clients -- and perhaps even governments and regulators -- to think more about how to build diversification and redundancy into their systems. Further reading: Without Backup Plans, Global IT Outages Will Happen Again.

Google has revised its Play Store policies, aiming to eliminate subpar and potentially harmful Android apps. The updated Spam and Minimum Functionality policy, set to take effect on August 31, 2024, targets apps that crash frequently, lack substantial content, or provide minimal utility to users, the company said.

This policy shift follows Google's ongoing efforts to enhance Play Store security, with the company having blocked over 2 million policy-violating apps and rejected around 200,000 submissions in 2023 alone.

An anonymous reader quotes a report from The Record: When Florida real estate professional Susan Hicks discovered the app Forewarn over a year ago, she was shocked to learn that for a service costing about $20 a month she could instantly retrieve detailed data on prospective clients with only their phone number. "For anybody who's had exposure to this, usually the first time they see it, it blows their mind," Hicks told Recorded Future News, adding that she enthusiastically recommends the tool to the brokers she manages. "It's incredible that there's that amount of information out there that you can just access with one click." "It can be real creepy and you have to swear that you're not going to use it in a wrong manner," Hicks added, referring to Forewarn rules which say real estate agents can't share data from the app publicly or with third parties, or use the app to pull information on non-professional contacts.

Forewarn is primarily marketed to and used by the real estate industry, and it has been penetrating that market at a rapid clip. Although some real estate agents say the financial information it returns saves time when finding clients most likely to have the budget for the houses they're looking at, most agents and associations tout it primarily as a safety tool because it also supplies criminal records. In addition to those records, the product -- owned by the data broker red violet -- also supplies a given individual's address history; phone, vehicle and property records; bankruptcies; and liens and judgements, including foreclosure histories. Although such data could generally be gleaned from public records, Forewarn delivers it at the press of a button -- a function real estate agents say allows them to gather publicly available information without having to visit courthouses and municipal offices, a process which would normally take days.

The power of Forewarn's technology has led to rapid adoption, but the company is still largely unknown outside the real estate industry. Several fair housing and civil rights advocates interviewed by Recorded Future News weren't aware of its existence. The individuals whose data it sells also have no idea their information is being shared with real estate agents, who potentially might choose not to work with them because of what they discover on the app. Forewarn did not respond to multiple requests for comment, however, statements made by one of its executives suggest that the company intentionally keeps a low profile. "Do not tell the prospect that they are not permitted or unqualified to purchase or sell property because of information you obtained from Forewarn," a company executive said at a recent training webinar with Illinois real estate agents. She emphasized that potential buyers "do not get notified" when they are screened with the app, a question she said many real estate agents ask. Real estate agents who, for example, discover a client has a lien filed against them, should consider telling the prospect they "obtained this information from a confidential service that bases their information on available public record information," the executive added.

Longtime Slashdot reader schwit1 shares a report from Ars Technica, written by Scharon Harding: Since the acquisition closed in 2021, the Google-fication of Fitbit has largely meant a reduction in features and a focus from Google on getting people onto the Fitbit app. Long-time users have flocked to Fitbit -- sometimes upon Fitbit's request -- to share hundreds of complaints about recent changes. However, Google has been mostly unresponsive to customer feedback. [...] It's worth mentioning that users disgruntled with Fitbit are more likely to complain online. However, it's notable that Fitbit's announcement has been met with 1,523 (as of this writing) mostly negative replies, with new responses still coming in. Another thread on Fitbit's forum that requests to keep the web dashboard currently has 601 upvotes. You can find outraged users on Reddit, too.

The most common complaints are around losing previously available features. "Change is fine. Removing key features is not," Community member Seymourh86 wrote in June. "Unless you want people to go to competitors..." Comments from this week show that users are not over the change. DebL555, for example, said today that they're "extremely disappointed and frustrated I cannot access my Dashboard on my PC." Yesterday, NessWeb dubbed the change "an incredibly bad decision," adding: "It's particularly awful for anyone with a visual disability or a finger dexterity issue. It's still bad for everyone else because you just can't see as much on a 3" screen as you can see on a real computer ... Bring back the web interface!!"

As has been the case every time there have been problems with Fitbit post-acquisition, theories that Google is making Fitbit worse to push people toward the Pixel Watch run rampant. Others on the Community forum were upset because they felt like Google was ignoring feedback from longtime Fitbit customers. In June, a user going by jessicabilasano wrote: "I just hope Fitbit does not end up like any other Google purchase that turns into a nightmare product/company. Google, instead of removing things that users love about Fitbit features, why not improve them? Listen to your customers/consumers." However, a lack of response to public negative customer feedback has become commonplace for the Fitbit brand lately. "Users seek alternatives as Google is intent on app-centric focus," captions schwit1. "Google ruins everything, it's already ruined Google."

In 2018, Google replaced its URL shortener service, goo.gl, with Firebase Dynamic Links, citing "the changes we've seen in how people find content on the internet, and the number of new popular URL shortening services that emerged in that time." Although it stopped accepting new URLs to shorten, it continued to serve existing URLs that used their service. That's about to change on August 25th, 2025, when Google will turn off the service portion of Google URL Shortener.

"Any developers using links built with the Google URL Shortener in the form https://goo.gl/* will be impacted, and these URLs will no longer return a response after August 25th, 2025," says Google in a blog post today. "Starting August 23, 2024, goo.gl links will start displaying an interstitial page for a percentage of existing links notifying your users that the link will no longer be supported after August 25th, 2025 prior to navigating to the original target page. Over time the percentage of links that will show the interstitial page will increase until the shutdown date." All links will return a 404 response after the shutdown date.

An anonymous reader quotes a report from TechCrunch: The U.S. Postal Service was sharing the postal addresses of its online customers with advertising and tech giants Meta, LinkedIn and Snap, TechCrunch has found. On Wednesday, the USPS said it addressed the issue and stopped the practice, claiming that it was "unaware" of it. TechCrunch found USPS was sharing customers' information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user -- such as which pages they visit -- every time a webpage containing the code loads in the customer's browser.

In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to see photos of their incoming mail before it arrives. It's not clear how many individuals had their information collected or for how long. Informed Delivery had more than 62 million users (PDF) as of March 2024. [...] The code also collected other data, such as information about the user's computer type and browser, which appeared as partly pseudonymized -- essentially scrambled in a way that makes it more difficult for humans to know where data came from, or who it relates to, by using randomized identifiers in place of real customer names. But researchers have long warned that pseudonymous data can still be used to re-identify seemingly anonymous individuals.

TechCrunch also found that tracking numbers entered into the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap. Some in-transit tracking data was also shared, such as the real-world location of the mail in the postal system, even if the customer was not logged in to USPS' website. USPS spokesperson Jim McKean said in a statement: "The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products. The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media."

"We have taken immediate action to remediate this issue," the spokesperson added, without saying what action was taken.