An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted.

As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.

Tuckner said in an email Wednesday that the most recent status of the affected extensions is:

- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.

Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions.

They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation.

"Our scanning system wasn't intended to support this style of notation. Why, then, were we being bombarded with so many ASCII tab ChatGPT screenshots? I was mystified for weeks -- until I messed around with ChatGPT myself." That's how he saw ChatGPT telling people they could hear this music by opening a Soundslice account and uploading the image of the chat session. Only, they couldn't. Uploading those images wouldn't translate the ASCII tab into audio notes. He was struck with a new problem. "The main cost was reputational: New Soundslice users were going in with a false expectation. They'd been confidently told we would do something that we don't actually do," he described to TechCrunch.

He and his team discussed their options: Slap disclaimers all over the site about it -- "No, we can't turn a ChatGPT session into hearable music" -- or build that feature into the scanner, even though he had never before considered supporting that offbeat musical notation system. He opted to build the feature. "My feelings on this are conflicted. I'm happy to add a tool that helps people. But I feel like our hand was forced in a weird way. Should we really be developing features in response to misinformation?" he wrote.

The UK has transformed its broadband infrastructure in five years -- with full-fiber coverage jumping from 12% of properties in January 2020 to more than 78% by 2025, according to communications regulator Ofcom and ThinkBroadband data. Northern Ireland leads with 96% of premises in postcodes served with full-fiber connections.

The rollout accelerated after Ofcom's May 2021 regulatory framework gave other providers access to BT's Openreach ducts and poles while promising the company regulatory certainty through a "fair bet" approach that avoided price caps. The framework sparked investment from alternative networks, or "altnets," which increased homes passed from 8.2 million in 2022 to 16.4 million by 2025.

Microsoft is keen to show employees how much AI is transforming its own workplace, even as the company terminates thousands of personnel. From a report: During a presentation this week, Chief Commercial Officer Judson Althoff said artificial intelligence tools are boosting productivity in everything from sales and customer service to software engineering, according to a person familiar with his remarks.

Althoff said AI saved Microsoft more than $500 million last year in its call centers alone and increased both employee and customer satisfaction, according to the person, who requested anonymity to discuss an internal matter. The company is also starting to use AI to handle interactions with smaller customers, Althoff said. This effort is nascent, but already generating tens of millions of dollars, he said.

OpenAI is close to releasing an AI-powered web browser that will challenge market-dominating Google Chrome, Reuters reported Wednesday. From the report: The browser is slated to launch in the coming weeks, three of the people said, and aims to use artificial intelligence to fundamentally change how consumers browse the web. It will give OpenAI more direct access to a cornerstone of Google's success: user data.

Apple plans to release its first Vision Pro upgrade as early as this year, according to Bloomberg. The updated $3,499 headset will feature an M4 processor, replacing the current M2 chip, and components designed to better handle AI tasks.

The company is also developing new straps to reduce neck strain and head pain from the 1.4-pound device. The Vision Pro launched in February 2024 but has sold only hundreds of thousands of units. Apple is working on a significantly lighter redesigned model for 2027, the report added.

Two Chinese satellites, SJ-25 and SJ-21, have reportedly completed the first autonomous high-altitude orbital docking. "Although unconfirmed, this is thought to be the first orbital refueling at such a height -- the two satellites are currently over 20,000 miles from Earth," reports ExtremeTech. From the report: Orbital refueling is an important component in keeping satellites and space stations in low Earth orbit flying, but any efforts beyond that have been merely speculative until the past few years, when serious efforts from a range of private and national entities have explored its possibilities. China may have gotten ahead of the curve with this latest docking, though, in an impressive world first that raises serious concerns for satellites from nations and entities that align themselves differently from China's goals and ambitions.

In January, a satellite designated SJ-25 was launched "for the verification of satellite fuel replenishment and life extension service technologies," according to the Chinese state-owned designer, Shanghai Academy of Spaceflight Technology (via Ars Technica). Sometime last week, it matched orbits with the SJ-21 satellite, which previously conducted space debris maneuvering tests in 2021 and has remained in a geosynchronous orbit ever since.

Last week, the two satellites matched orbits and seemingly docked together. Analysts believe the newer SJ-25 has likely proven refueling is possible even for geosynchronous satellites without the need for a manned crew to facilitate it. In an effort to prove this, two US Space Force's inspector satellites have positioned themselves in closer orbits to SJ-25 and SJ-21 for improved optics. [...] China continues to suggest these missions are part of a debris clean-up program, though it hasn't publicly made any statements about the recent alleged docking and refueling to celebrate its successes. If it doesn't, the only way we'll know if a refueling maneuver was successful is if the SJ-21 satellite unshackles from its younger sibling and performs fuel-demanding maneuvers that its previously estimated fuel levels shouldn't allow for.

Senators Tim Sheehy and Elizabeth Warren have introduced the bipartisan "Warrior Right to Repair Act," which would guarantee the military's right to repair its own equipment. The bill builds on a previous Army directive and has broad public support, with nearly 75% of Americans in favor, according to a PIRG poll. Engadget reports: The Department of Defense has not been immune from restrictive practices set forth by manufacturers, and much like the average consumer, has been hamstrung in its ability to repair its own equipment by clauses in its purchase agreements. According to the Public Interest Research Group (PIRG), the current system leads to excessive repair and sustainment costs, and can even impede military readiness.

"When our neighbors, friends and family serve in our military, we expect them to get what they need to do their jobs as safely as possible," PIRG Federal Legislative Director Isaac Bowers wrote regarding the newly introduced bill. "Somehow, that hasn't included the materials and information they need to repair equipment they rely on. It's time we fixed that."

An anonymous reader quotes a report from TechCrunch: Google announced on Tuesday that it's launching a new Gmail feature that is designed to help users easily manage their subscriptions and declutter their inboxes. The new "Manage subscriptions" tool is rolling out on the web, Android, and iOS in select countries. With the new feature, users can view and manage their subscription emails in one place and quickly unsubscribe from the ones they no longer want to receive.

Users can view their active subscriptions, organized by the most frequent senders, alongside the number of emails they've sent in the past few weeks. Clicking on a sender provides a direct view of all emails from them. If a user decides to unsubscribe, Gmail will send an unsubscribe request to the sender on their behalf. "It can be easy to feel overwhelmed by the sheer volume of subscription emails clogging your inbox: Daily deal alerts that are basically spam, weekly newsletters from blogs you no longer read, promotional emails from retailers you haven't shopped in years can quickly pile up," Chris Doan, Gmail's Director of Product, wrote in a blog post.

Users can access the new feature by clicking the navigation bar in the top-left corner of their Gmail inbox and then selecting "Manage subscriptions." [...] Google says the new feature will begin rolling out on the web starting Tuesday, with Android and iOS users starting to receive it on July 14 and July 21, respectively. It may take up to 15 days from the start of the rollout for the feature to reach every user, the company says. The Manage subscriptions feature is available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts.

Meta has acquired a $3.5 billion stake in Ray-Ban maker EssilorLuxottica, "a deal that increases the U.S. tech giant's financial commitment to the fast-growing smart glasses industry," reports Bloomberg. From the report: Meta's investment in the eyewear giant deepens the relationship between the two companies, which have partnered over the past several years to develop AI-powered smart glasses. Meta currently sells a pair of Ray-Ban glasses, first debuted in 2021, with built-in cameras and an AI assistant. Last month, it launched separate Oakley-branded glasses with EssilorLuxottica. EssilorLuxottica Chief Executive Officer Francesco Milleri said last year that Meta was interested in taking a stake the company, but that plan hadn't materialized until now.

The deal aligns with Meta CEO Mark Zuckerberg's commitment to AI, which has become a top priority and major expense for the company. Smart glasses are a key part of that plan. While Meta has historically had to deliver its apps and services via smartphones created by competitors, glasses offer Meta a chance to build its own hardware and control its own distribution, Zuckerberg has said. The arrangement gives Meta the advantage of having more detailed manufacturing knowledge and global distribution networks, fundamental to turning its smart glasses into mass-market products. For EssilorLuxottica, the deal provides a deeper presence in the tech world, which would be helpful if Meta's futuristic bets pay off. Meta is also betting on the idea that people will one day work and play while wearing headsets or glasses.

X said Tuesday it is "deeply concerned about ongoing press censorship in India" after the Indian government ordered the platform to block 2,355 accounts on July 3, including two Reuters news agency handles. The social media company said the order came under India's Section 69A of the Information Technology Act, with non-compliance risking criminal liability.

The Indian Ministry of Electronics and Information Technology demanded immediate action within one hour without providing justification, X said. After public outcry, the government requested X to unblock the Reuters accounts.

Google is implementing a change that will enable its Gemini AI engine to interact with third-party apps, such as WhatsApp, even when users previously configured their devices to block such interactions. ArsTechnica: Users who don't want their previous settings to be overridden may have to take action. An email Google sent recently informing users of the change linked to a notification page that said that "human reviewers (including service providers) read, annotate, and process" the data Gemini accesses.

The email provides no useful guidance for preventing the changes from taking effect. The email said users can block the apps that Gemini interacts with, but even in those cases, data is stored for 72 hours. The email never explains how users can fully extricate Gemini from their Android devices and seems to contradict itself on how or whether this is even possible.

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...]

"Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

Waymo has launched new "road trips" to Philadelphia and New York City, "signaling the Alphabet-owned company's interest in expanding into Northeastern cities," reports TechCrunch. While these trips don't guarantee commercial launches, they follow a pattern that previously led to deployments in cities like Los Angeles. Other road trips this year are planned for Houston, Orlando, Las Vegas, San Diego, and San Antonio. From the report: Typically, the trips involve sending a small fleet of human-driven vehicles equipped with Waymo's autonomous driving system to map out the new city. Then Waymo tests the vehicles autonomously, though still with a human behind the wheel, before taking any data and learnings back to its engineers to improve the AI driver's performance. In some cases, these road trips have led to commercial launches. In 2023, the company made a road trip to Santa Monica, a city in Los Angeles County. The company now operates a commercial service in Los Angeles, including Santa Monica, Beverly Hills, and Hollywood.

For its Philadelphia trip, Waymo plans to place vehicles in the most complex parts of the city, including downtown and freeways, according to a spokesperson. She noted folks will see Waymo vehicles driving "at all hours throughout various Philadelphia neighborhoods, from North Central to Eastwick, University City, and as far east as the Delaware River."

In NYC, Waymo will drive its cars manually in Manhattan just north of Central Park down to The Battery and parts of Downtown Brooklyn. The company will also map parts of Jersey City and Hoboken in New Jersey. Waymo applied last month for a permit to test its AVs in New York City with a human behind the wheel. The company has not yet received approval.

Jack Dorsey has launched Bitchat, a decentralized, peer-to-peer messaging app that uses Bluetooth mesh networks for encrypted, ephemeral chats without requiring accounts, servers, or internet access. The beta version is live on TestFlight, with a full white paper available on GitHub. CNBC reports: In a post on X Sunday, Dorsey called it a personal experiment in "bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things."

Bitchat enables ephemeral, encrypted communication between nearby devices. As users move through physical space, their phones form local Bluetooth clusters and pass messages from device to device, allowing them to reach peers beyond standard range -- even without Wi-Fi or cell service. Certain "bridge" devices connect overlapping clusters, expanding the mesh across greater distances. Messages are stored only on device, disappear by default and never touch centralized infrastructure -- echoing Dorsey's long-running push for privacy-preserving, censorship-resistant communication.

Like the Bluetooth-based apps used during Hong Kong's 2019 protests, Bitchat is designed to keep working even when the internet is blocked, offering a censorship-resistant way to stay connected during outages, shutdowns or surveillance. The app also supports optional group chats, or "rooms," which can be named with hashtags and protected by passwords. It includes store and forward functionality to deliver messages to users who are temporarily offline. A future update will add WiFi Direct to increase speed and range, pushing Dorsey's vision for off-grid, user-owned communication even further.

An anonymous reader shares a report: Delhi's government has been forced to reverse a controversial plan to effectively ban older vehicles from city roads after public backlash and concerns over how the policy would be implemented.

The plan would have seen "end of life vehicles" -- petrol cars over 15 years old and diesel vehicles over 10 -- denied fuel at petrol stations using automatic number plate recognition cameras, or ANPR, and, potentially, impounded on the spot.

The policy was set to come into effect this week but state environment minister Manjinder Singh Sirsa said last week the government would halt the plan following widespread complaints. Mr Sirsa said the administration would not allow vehicles to be seized and cited "technological integration challenges" and a lack of coordination with neighbouring states sharing traffic with the capital.

alternative_right writes: A study by Anthropic researchers on how human feedback can encourage sycophantic behavior showed that AI assistants will sometimes modify accurate answers when questioned by the user -- and ultimately give an inaccurate response.

An anonymous reader shares a report: OpenAI said it has no active plans to use Google's in-house chip to power its products, two days after Reuters and other news outlets reported on the AI lab's move to turn to its competitor's artificial intelligence chips to meet growing demand.

A spokesperson for OpenAI said on Sunday that while the AI lab is in early testing with some of Google's tensor processing units (TPUs), it has no plans to deploy them at scale right now.

An anonymous reader shares a report: India is set to begin mass-producing electric-vehicle batteries within 18 months, a step hailed as a leap towards industrial self-reliance. Yet the structure of this new industry looks troublingly familiar, echoing a pattern of dependence that has long marked India's economy.

Nowhere is this dependence clearer than in the heft of intellectual property. The portfolios of India's largest battery-makers, Amara Raja and Exide, contain just seven patents combined. This pales in comparison to the industry's giants: China's CATL sits on a hoard of over 43,000 patents, while South Korea's LG Energy Solution possesses some 70,000.

Having largely missed the global lithium-ion boom, India's established lead-acid manufacturers built a business model on licensing technology rather than inventing it. This long-standing habit is now reflected in deals that create deep technological dependency. A 2022 agreement between Exide and China's SVOLT, for example, calls for SVOLT to not only transfer intellectual property but also to oversee plant construction, supply the equipment and integrate the factory into its own Chinese supply chain. Amara Raja's deal with Gotion High-Tech in June 2024 follows a similar template.