Privacy

Meta To Pay Record $1.4 Billion To Settle Texas Facial Recognition Suit (texastribune.org) 43

Meta will pay Texas $1.4 billion to settle a lawsuit alleging the company used personal biometric data without user consent, marking the largest privacy-related settlement ever obtained by a state. The Texas Tribune reports: The 2022 lawsuit, filed by Texas Attorney General Ken Paxton in state court, alleged that Meta had been using facial recognition software on photos uploaded to Facebook without Texans' consent. The settlement will be paid over five years. The attorney general's office did not say whether the money from the settlement would go into the state's general fund or if it would be distributed in some other way. The settlement, announced Tuesday, does not act as an admission of guilt and Meta maintains no wrongdoing. This was the first lawsuit Paxton's office argued under a 2009 state law that protects Texans' biometric data, like fingerprints and facial scans. The law requires businesses to inform and get consent from individuals before collecting such data. It also limits sharing this data, except in certain cases like helping law enforcement or completing financial transactions. Businesses must protect this data and destroy it within a year after it's no longer needed.

In 2011, Meta introduced a feature known as Tag Suggestions to make it easier for users to tag people in their photos. According to Paxton's office, the feature was turned on by default and ran facial recognition on users' photos, automatically capturing data protected by the 2009 law. That system was discontinued in 2021, with Meta saying it deleted over 1 billion people's individual facial recognition data. As part of the settlement, Meta must notify the attorney general's office of anticipated or ongoing activities that may fall under the state's biometric data laws. If Texas objects, the parties have 60 days to attempt to resolve the issue. Meta officials said the settlement will make it easier for the company to discuss the implications and requirements of the state's biometric data laws with the attorney general's office, adding that data protection and privacy are core priorities for the firm.

Government

Senate Passes the Kids Online Safety Act (theverge.com) 84

An anonymous reader quotes a report from The Verge: The Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens' Online Privacy Protection Act (also known as COPPA 2.0), the first major internet bills meant to protect children to reach that milestone in two decades. A legislative vehicle that included both KOSA and COPPA 2.0 passed 91-3. Senate Majority Leader Chuck Schumer (D-NY) called it "a momentous day" in a speech ahead of the vote, saying that "the Senate keeps its promise to every parent who's lost a child because of the risks of social media." He called for the House to pass the bills "as soon as they can."

KOSA is a landmark piece of legislation that a persistent group of parent advocates played a key role in pushing forward -- meeting with lawmakers, showing up at hearings with tech CEOs, and bringing along photos of their children, who, in many cases, died by suicide after experiencing cyberbullying or other harms from social media. These parents say that a bill like KOSA could have saved their own children from suffering and hope it will do the same for other children. The bill works by creating a duty of care for online platforms that are used by minors, requiring they take "reasonable" measures in how they design their products to mitigate a list of harms, including online bullying, sexual exploitation, drug promotion, and eating disorders. It specifies that the bill doesn't prevent platforms from letting minors search for any specific content or providing resources to mitigate any of the listed harms, "including evidence-informed information and clinical resources."
The legislation faces significant opposition from digital rights, free speech, and LGBTQ+ advocates who fear it could lead to censorship and privacy issues. Critics argue that the duty of care may result in aggressive content filtering and mandatory age verification, potentially blocking important educational and lifesaving content.

The bill may also face legal challenges from tech platforms citing First Amendment violations.
Windows

Global Computer Outage Impact Vastly Underestimated, Microsoft Admits 64

Microsoft has revealed that the global computer outage caused by a faulty CrowdStrike software update, which impacted numerous major corporations, affected far more devices than initially reported, with the tech giant stating that the previously announced figure of 8.5 million affected Windows machines represents only a "subset" of the total impact. Microsoft has refrained from providing a revised estimate of the full scope of the disruption.

The revelation comes as the technology sector continues to grapple with the fallout from the incident, which occurred 10 days ago and led to widespread disruptions across various industries, prompting Microsoft to face criticism despite the root cause being traced back to a third-party cybersecurity provider's error. Microsoft clarified that the initial 8.5 million figure was derived solely from devices with enabled crash reporting features, suggesting that the true extent of the outage could be substantially higher, given that many systems do not have this optional feature activated.

Further reading: Delta Seeks Damages From CrowdStrike, Microsoft After Outage.
IT

Logitech Mulls Subscription Model for 'Forever' Mouse 177

Logitech, the Swiss-American computer peripherals manufacturer, is considering the development of a long-lasting mouse that could potentially serve customers "forever," according to CEO Hanneke Faber. In a recent interview, Faber revealed that the company's innovation center has presented her with a prototype of such a device. The concept mouse, described as slightly heavier than standard models, would rely on software updates and services to maintain its functionality over time. Faber likened it to a quality watch that doesn't require frequent replacement.
The Internet

Microsoft 365 and Azure Outage Takes Down Multiple Services (bleepingcomputer.com) 29

apcyberax shares a report: Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. "We're currently investigating access issues and degraded performance with multiple Microsoft 365 services and features. More information can be found under MO842351 in the admin center," Redmond said.

However, many users report having issues connecting to the Microsoft 365 admin center and opening the Service Health Status page, which should provide real-time information on issues impacting Microsoft Azure and the Microsoft 365/Power Platform admin centers. For the moment, the company says this incident is only affecting users in Europe and only a subset of its services.

Google

W3C Slams Google U-turn on Third-Party Cookie Removal (w3.org) 26

The World Wide Web Consortium (W3C) has expressed disappointment with Google's decision to retain third-party cookies, stating it undermines collaborative efforts. Google's reversal follows a five-year initiative to develop privacy-focused ad technology. While some advertising industry representatives welcomed the move, the W3C's criticism highlights the ongoing debate over online privacy and advertising practices. W3C writes: Third-party cookies are not good for the web. They enable tracking, which involves following your activity across multiple websites. They can be helpful for use cases like login and single sign-on, or putting shopping choices into a cart -- but they can also be used to invisibly track your browsing activity across sites for surveillance or ad-targeting purposes. This hidden personal data collection hurts everyone's privacy.

We aren't the only ones who are worried. The updated RFC that defines cookies says that third-party cookies have "inherent privacy issues" and that therefore web "resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future." We agree. Furthermore, tracking and subsequent data collection and brokerage can support micro-targeting of political messages, which can have a detrimental impact on society, as identified by Privacy International and other organizations. Regulatory authorities, such as the UK's Information Commissioner's Office, have also called for the blocking of third-party cookies.

The job of the TAG as stewards of the architecture of the web has us looking at the big picture (the whole web platform) and the details (proposed features and specs). We try to provide guidance to spec authors so that their new technologies fill holes that need to be filled, don't conflict with other parts of the web, and don't set us up for avoidable trouble in the future. We've been working with Chrome's Privacy Sandbox team (as well as others in the W3C community) for several years, trying to help them create better approaches for the things that third-party cookies do. While we haven't always agreed with the Privacy Sandbox team, we have made substantial progress together. This announcement came out of the blue, and undermines a lot of the work we've done together to make the web work without third-party cookies.

The unfortunate climb-down will also have secondary effects, as it is likely to delay cross-browser work on effective alternatives to third-party cookies. We fear it will have an overall detrimental impact on the cause of improving privacy on the web. We sincerely hope that Google reverses this decision and re-commits to a path towards removal of third-party cookies.

China

China Ponders Creating a National 'Cyberspace ID' (theregister.com) 52

China has proposed issuing "cyberspace IDs" to its citizens in order to protect their personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy. The Register reports: The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext -- presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs. The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary -- for now -- and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply.

China is one of the few countries in the world that requires citizens to use their real names on the internet. [...] Relying instead on a national ID means "the excessive collection and retention of citizens' personal information by internet service providers will be prevented and minimized," reasoned Beijing. "Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations," reads the draft.

The Internet

Low-Income Homes Drop Internet Service After Congress Kills Discount Program (arstechnica.com) 240

An anonymous reader quotes a report from Ars Technica: The death of the US government's Affordable Connectivity Program (ACP) is starting to result in disconnection of Internet service for Americans with low incomes. On Friday, Charter Communications reported a net loss of 154,000 Internet subscribers that it said was mostly driven by customers canceling after losing the federal discount. About 100,000 of those subscribers were reportedly getting the discount, which in some cases made Internet service free to the consumer. The $30 monthly broadband discounts provided by the ACP ended in May after Congress failed to allocate more funding. The Biden administration requested (PDF) $6 billion to fund the ACP through December 2024, but Republicans called the program "wasteful."

Republican lawmakers' main complaint was that most of the ACP money went to households that already had broadband before the subsidy was created. FCC Chairwoman Jessica Rosenworcel warned that killing the discounts would reduce Internet access, saying (PDF) an FCC survey found that 77 percent of participating households would change their plan or drop Internet service entirely once the discounts expired. Charter's Q2 2024 earnings report provides some of the first evidence of users dropping Internet service after losing the discount. "Second quarter residential Internet customers decreased by 154,000, largely driven by the end of the FCC's Affordable Connectivity Program subsidies in the second quarter, compared to an increase of 70,000 during the second quarter of 2023," Charter said.

Across all ISPs, there were 23 million US households enrolled in the ACP. Research released in January 2024 found that Charter was serving over 4 million ACP recipients and that up to 300,000 of those Charter customers would be "at risk" of dropping Internet service if the discounts expired. Given that ACP recipients must meet low-income eligibility requirements, losing the discounts could put a strain on their overall finances even if they choose to keep paying for Internet service. [...] Light Reading reported that Charter attributed about 100,000 of the 154,000 customer losses to the ACP shutdown. Charter said it retained most of its ACP subscribers so far, but that low-income households might not be able to continue paying for Internet service without a new subsidy for much longer.

Security

DigiCert Revoking Certs With Less Than 24 Hours Notice (digicert.com) 61

In an incident report today, DigiCert says it discovered that some CNAME-based validations did not include the required underscore prefix, affecting about 0.4% of their domain validations. According to CA/Browser Forum (CABF) rules, certificates with validation issues must be revoked within 24 hours, prompting DigiCert to take immediate action. DigiCert says impacted customers "have been notified." New submitter jdastrup first shared the news, writing: Due to a mistake going back years that has recently been discovered, DigiCert is required by the CABF to revoke any certificate that used the improper Domain Control Validation (DCV) CNAME record in 24 hours. This could literally be thousands of SSL certs. This could take a lot of time and potentially cause outages worldwide starting July 30 at 19:30 UTC. Be prepared for a long night of cert renewals. DigiCert support line is completely jammed.
Businesses

HPE Set For Unconditional EU Nod For $14 Billion Juniper Deal (reuters.com) 6

According to Reuters, Hewlett Packard Enterprise (HPE) is expected to secure unconditional EU antitrust approval for its $14 billion acquisition of networking gear maker Juniper Networks. From the report: HPE announced the deal in January, underscoring the rush by companies to upgrade and develop new products amid a sharp rise in artificial intelligence-driven services. The European Commission, which is scheduled to decide on the deal by Aug. 1, declined to comment. HPE was expected to underline the power of market leader and Juniper rival Cisco to allay any possible European Union competition concerns, other people with direct knowledge of the matter had previously told Reuters. The deal is also being assessed by Britain's antitrust enforcer, with a decision due on Aug. 14.
The Internet

French Internet Lines Cut In Latest Attack During Olympics (msn.com) 69

An anonymous reader quotes a report from Bloomberg: A number of fiber optic cables carrying broadband service across France were cut overnight in the latest attack on the country's infrastructure during the Olympic Games. Connections serving Paris, which is hosting the Olympic Games this week, and the games themselves weren't affected, a spokesman for Olympics telecom partner, Orange SA, said. Still, this is the second sabotage of French infrastructure in the past few days as the world converges on the capital. Coordinated fires on French rail lines disrupted trains ahead of the opening ceremony on Friday.

The fiber cables were cut in nine departments overall including: Ardeche, Aude, Bouches-du-Rhone, Drome, Herault, Vaucluse, Marne, Meuse and Oise, the French Telecom Federation said. SFR said its network was vandalized between 1 a.m. and 3 a.m. Paris time, and teams are working on repairs, a spokesman for the French phone company said. The carrier is using alternative routes to serve customers, though redirecting the traffic might lead to slower speeds. Other carriers, including Iliad SA's Free and Netalis, also said they were impacted in social media posts. Netalis Chief Executive Officer Nicolas Guillaume said that the telecom company had successfully moved traffic to backup networks early on Monday. French cloud provider OVHcloud is also working to reroute traffic after the incident, which had caused slower performance on connections between Europe and Asia Pacific, a spokesman said.
"We advocate for France reinforcing criminal sanctions for vandalism on telecom infrastructure, which should be put at the same level as vandalism on energy infrastructure," said Romain Bonenfant, head of the French Telecom Federation industry group, in an interview. "Telecom infrastructure, like the railways, covers kilometers across the whole territory -- you can't put surveillance on every part of it."
AI

AI Won't Replace Human Workers, But People Who Use It Will Replace Those Who Don't, Andrew Ng Says (businessinsider.in) 109

An anonymous reader writes: AI experts tend to agree that rapid advances in the technology will impact jobs. But there's a clear division growing between those who see that as a cause for concern and those who believe it heralds a future of growth. Andrew Ng, the founder of Google Brain and a professor at Stanford University, is in the latter camp. He's optimistic about how AI will transform the labor market. For one, he doesn't think it's going to replace jobs.

"For the vast majority of jobs, if 20-30% is automated, then what that means is the job is going to be there," Ng said in a recent talk organized by Chulalongkorn University in Bangkok, Thailand. "It also means AI won't replace people, but maybe people that use AI will replace people that don't."

AI

Websites are Blocking the Wrong AI Scrapers (404media.co) 32

An anonymous reader shares a report: Hundreds of websites trying to block the AI company Anthropic from scraping their content are blocking the wrong bots, seemingly because they are copy/pasting outdated instructions to their robots.txt files, and because companies are constantly launching new AI crawler bots with different names that will only be blocked if website owners update their robots.txt. In particular, these sites are blocking two bots no longer used by the company, while unknowingly leaving Anthropic's real (and new) scraper bot unblocked.

This is an example of "how much of a mess the robots.txt landscape is right now," the anonymous operator of Dark Visitors told 404 Media. Dark Visitors is a website that tracks the constantly-shifting landscape of web crawlers and scrapers -- many of them operated by AI companies -- and which helps website owners regularly update their robots.txt files to prevent specific types of scraping. The site has seen a huge increase in popularity as more people try to block AI from scraping their work. "The ecosystem of agents is changing quickly, so it's basically impossible for website owners to manually keep up. For example, Apple (Applebot-Extended) and Meta (Meta-ExternalAgent) just added new ones last month and last week, respectively," they added.

United States

Justice Dept. Says TikTok Could Allow China To Influence Elections 84

The Justice Department has ramped up the case to ban TikTok, saying in a court filing Friday that allowing the app to continue operating in its current state could result in voter manipulation in elections. From a report: The filing was made in response to a TikTok lawsuit attempting to block the government's ban. The Justice Department warned that the app's algorithm and parent company ByteDance's alleged ties to the Chinese government could be used for a "secret manipulation" campaign.

"Among other things, it would allow a foreign government to illicitly interfere with our political system and political discourse, including our elections...if, for example, the Chinese government were to determine that the outcome of a particular American election was sufficiently important to Chinese interests," the filing said. Under a law passed in April, TikTok has until January 2025 to find a new owner or it will be banned in the U.S. The company is suing to have that law overturned, saying it violates the company's First Amendment rights. The Justice Department disputed those claims. "The statute is aimed at national-security concerns unique to TikTok's connection to a hostile foreign power, not at any suppression of protected speech," officials wrote.
The Almighty Buck

Crypto Exchange To 'Socialize' $230 Million Security Breach Loss Among Customers 86

An anonymous reader shares a report: Indian cryptocurrency exchange WazirX announced on Saturday a controversial plan to "socialize" the $230 million loss from its recent security breach among all its customers, a move that has sent shockwaves through the local crypto community.

The Mumbai-based firm, which suspended all trading activities on its platform last week following the cyber attack that compromised nearly half of its reserves in India's largest crypto heist, has outlined a strategy to resume operations within a week or so while implementing a "fair and transparent socialized loss strategy" to distribute the impact "equitably" among its user base.

WazirX will "rebalance" customer portfolios on its platform, returning only 55% of their holdings while locking the remaining 45% in USDT-equivalent tokens. This will also impact customers whose tokens were not directly affected by the breach, with the company stating that "users with 100% of their tokens in the 'not stolen' category will receive 55% of those tokens back."
Microsoft

Microsoft Adds Intrusive OneDrive Ad in Windows 11 (windowslatest.com) 84

Microsoft has intensified its push for OneDrive adoption in Windows 11, introducing a full-screen pop-up that prompts users to back up their files to the cloud service, according to a report from Windows Latest. The new promotional message, which appears after a recent Windows update, mirrors the out-of-box experience typically seen during initial system setup and highlights OneDrive's features, including file protection, collaboration capabilities, and automatic syncing.
AI

Apple's AI Features Rollout Will Miss Upcoming iPhone Software Overhaul (yahoo.com) 4

Apple's upcoming AI features will arrive later than anticipated, missing the initial launch of its upcoming iPhone and iPad software overhauls but giving the company more time to fix bugs. Bloomberg: The company is planning to begin rolling out Apple Intelligence to customers as part of software updates coming by October, according to people with knowledge of the matter. That means the AI features will arrive a few weeks after the initial iOS 18 and iPadOS 18 releases planned for September, said the people, who declined to be identified discussing unannounced release details.

Still, the iPhone maker is planning to make Apple Intelligence available to software developers for the first time for early testing as soon as this week via iOS 18.1 and iPadOS 18.1 betas, they added. The strategy is atypical as the company doesn't usually release previews of follow-up updates until around the time the initial version of the new software generation is released publicly. The stakes are higher than usual. In order to ensure a smooth consumer release of its big bet on AI, Apple needs support from developers to help iron out issues and test features on a wider scale. Concerns over the stability of Apple Intelligence features, in part, led the company to split the features from the initial launch of iOS 18 and iPadOS 18.

Businesses

Amazon Paid Almost $1 Billion for Twitch in 2014. It's Still Losing Money. (msn.com) 72

Amazon paid nearly $1 billion to acquire the live-video startup Twitch Interactive in 2014. A decade later, the retail giant has received little financial return from one of its bigger acquisitions. WSJ: Known for hourslong broadcasts of videogame play, Twitch remains unprofitable despite periods of explosive popularity, according to current and former employees knowledgeable about its finances. Documents reviewed by The Wall Street Journal show Twitch's biggest-paying users are opening their wallets less, and third-party data reflect that growth in new users and engagement has slowed.

Following two rounds of layoffs in the past year, staffers are concerned that a third round could come this fall following an annual operational review, according to people familiar with the matter. Amazon Chief Executive Andy Jassy, who took over in 2021, has led a profitability review at the company and shown little tolerance for unprofitable businesses. Insiders said they worry Twitch is at risk of becoming what they called a "zombie brand" at Amazon -- internal projects or acquisitions that have been sidelined because they haven't lived up to expectations. These staffers pointed to book-review app Goodreads, online task finder Mechanical Turk and discount website Woot.

Chrome

Forbes Estimates Google's Chrome Temporarily Lost Millions of Saved Passwords (forbes.com) 28

An unexpected disapperance of saved passwords "impacted Chrome web browser users from all over the world," writes Forbes, "leaving them unable to find any passwords already saved using the Chrome password manager." Newly saved passwords were also rendered invisible to the affected users. Google, which has now fixed the issue, said that the problem was limited to the M127 version of Chrome Browser on the Windows platform.

The precise number of users to be hit by the Google password manager vanishing act is hard to pin down. However, working on the basis that there are more than 3 billion Chrome web browser users, with Windows users counting for the vast majority of these, it's possible to come up with an estimated number. Google said that 25% of the user base saw the configuration change rolled out, which, by my calculations, is around 750 million. Of these, around 2%, according to Google's estimation, were hit by the password manager issue. That means around 15 million users have seen their passwords vanish into thin air.

Google said that an interim workaround was provided at the time, which involved the particularly user-unfriendly process of launching the Chrome browser with a command line flag of " — enable-features=SkipUndecryptablePasswords." Thankfully, the full fix that has now been rolled out just requires users to restart their Chrome browser to take effect.

Transportation

Is Ford Trying To Patent a Way For Its Cars To Report Speeding To the Police? (motorauthority.com) 216

Is Ford trying to patent a way for its cars to report speeding drivers to the police? An article in Motor Authority notes that this patent application from Ford was filed January 12th of 2023 — and just published 11 days ago by the U.S. Patent and Trademark Office: In the application, Ford discusses using cars to monitor each other's speeds. If one car detects that a nearby vehicle is being driven above the posted limit, it could use onboard cameras to photograph that vehicle. A report containing both speed data and images of the targeted vehicle could then be sent directly to a police car or roadside monitoring units via an Internet connection, according to Ford. Using vehicles for speed surveillance would make cops' jobs easier, as they wouldn't have to quickly identify speeding violations and take off in pursuit, Ford notes in the application. It also means some of that work could be delegated to self-driving cars, which could be equipped to detect speeding violations, the automaker adds...

Ford has also tried to patent a "night drive mode" that would limit vehicle speeds at night for everyone — including first responders.

Thanks to long-time Slashdot reader schwit1 for sharing the article.

Slashdot Top Deals