An anonymous reader quotes a report from The Verge: DuckDuckGo has big plans for embedding AI into its search engine. The privacy-focused company just announced that its AI-generated answers, which appear for certain queries on its search engine, have exited beta and now source information from across the web -- not just Wikipedia. It will soon integrate web search within its AI chatbot, which has also exited beta. DuckDuckGo first launched AI-assisted answers -- originally called DuckAssist -- in 2023. The feature is billed as a less obnoxious version of tools like Google's AI Overviews, designed to offer more concise responses and let you adjust how often you see them, including turning the responses off entirely. If you have DuckDuckGo's AI-generated answers set to "often," you'll still only see them around 20 percent of the time, though the company plans on increasing the frequency eventually.

Some of DuckDuckGo's AI-assisted answers bring up a box for follow-up questions, redirecting you to a conversation with its Duck.ai chatbot. As is the case with its AI-assisted answers, you don't need an account to use Duck.ai, and it comes with the same emphasis on privacy. It lets you toggle between GPT-4o mini, o3-mini, Llama 3.3, Mistral Small 3, and Claude 3 Haiku, with the advantage being that you can interact with each model anonymously by hiding your IP address. DuckDuckGo also has agreements with the AI company behind each model to ensure your data isn't used for training.

Duck.ai also rolled out a feature called Recent Chats, which stores your previous conversations locally on your device rather than on DuckDuckGo's servers. Though Duck.ai is also leaving beta, that doesn't mean the flow of new features will stop. In the next few weeks, Duck.ai will add support for web search, which should enhance its ability to respond to questions. The company is also working on adding voice interaction on iPhone and Android, along with the ability to upload images and ask questions about them. ... [W]hile Duck.ai will always remain free, the company is considering including access to more advanced AI models with its $9.99 per month subscription.

The U.S. Citizenship and Immigration Services (USCIS) is proposing to expand mandatory social media screening, currently required only for new arrivals, to include all non-citizens already residing in the U.S. who apply for immigration benefits. The Register reports: Back in 2019, the Department of Homeland Security, which runs USCIS, decided anyone looking to enter the US on a work visa or similar had to hand over their social media handles to the authorities so that they could be looked over for wrongdoing and subversion. In fact, this goes back to 2014, at least, to one degree or another, and has been standard procedure for years for foreigners, particularly those coming in on a visa. [...]

On January 20 this year, President Trump signed an executive order calling for much tougher vetting of foreign aliens, and in response, USCIS has proposed rules saying those already in the country who are going through some process with the agency -- such as applying for permanent residency or citizenship -- will have their social media scanned for subversion. That means if you came to America before foreigners' internet presence was screened as it now is, and you're now seeking some kind of immigration benefit, at this rate you'll be subject to the same scanning as those entering the Land of the Free today. The proposed changes have a 60-day comment period for the public to suggest amendments. The last day to send them in is May 5.

An anonymous reader quotes a report from Reuters: The U.S. House Judiciary Committee subpoenaed Alphabet on Thursday seeking its communications with former President Joe Biden's administration about content moderation policies. House Judiciary Committee Chairman Jim Jordan, a Republican, also asked the YouTube parent company for similar communications with companies and groups outside government, according to a copy of the subpoena seen by Reuters. The subpoena seeks communications about limits or bans on content about President Donald Trump, Tesla CEO and close Trump ally Elon Musk, the virus that causes COVID-19 and a host of other conservative discussion topics. "Alphabet, to our knowledge, has not similarly disavowed the Biden-Harris Administration's attempts to censor speech," Jordan said in a letter.

Meanwhile, Google spokesperson Jose Castaneda said the company will "continue to show the committee how we enforce our policies independently, rooted in our commitment to free expression."

1Password has introduced a 'nearby items' feature, allowing users to tag credentials with physical locations so the relevant information automatically surfaces when users are near those locations. Engadget reports: Location information can be added to any new or existing item in a 1Password vault. The app has also been updated with a map view for setting and viewing the locations of your items. In the blog post announcing the feature, the company cited examples such as door codes for a workplace, health records at a doctor's office, WiFi access at the gym and rewards membership information for local shops as potential uses for location data.

Privacy and security are paramount for a password manager, and 1Password confirmed that a user's location coordinates are only used locally and do not leave the device. Nearby items is available to 1Password customers starting today.

An anonymous reader quotes a report from Ars Technica: The Trump administration is eliminating a preference for fiber Internet in a $42.45 billion broadband deployment program, a change that is expected to reduce spending on the most advanced wired networks while directing more money to Starlink and other non-fiber Internet service providers. One report suggests Starlink could obtain $10 billion to $20 billion under the new rules. Secretary of Commerce Howard Lutnick criticized the Biden administration's handling of the Broadband Equity, Access, and Deployment (BEAD) program in a statement yesterday. Lutnick said that "because of the prior Administration's woke mandates, favoritism towards certain technologies, and burdensome regulations, the program has not connected a single person to the Internet and is in dire need of a readjustment."

The BEAD program was authorized by Congress in November 2021, and the US was finalizing plans to distribute funding before Trump's inauguration. The National Telecommunications and Information Administration (NTIA), part of the Commerce Department, developed rules for the program in the Biden era and approved initial funding plans submitted by every state and territory. The program has been on hold since the change in administration, with Senator Ted Cruz (R-Texas) and other Republicans seeking rule changes. In addition to demanding an end to the fiber preference, Cruz wants to kill a requirement that ISPs receiving network-construction subsidies provide cheap broadband to people with low incomes. Cruz also criticized "unionized workforce and DEI labor requirements; climate change assessments; excessive per-location costs; and other central planning mandates."

Lutnick's statement yesterday confirmed that the Trump administration will end the fiber preference and replace it with a "tech-neutral" set of rules, and explore additional changes. He said: "Under my leadership, the Commerce Department has launched a rigorous review of the BEAD program. The Department is ripping out the Biden Administration's pointless requirements. It is revamping the BEAD program to take a tech-neutral approach that is rigorously driven by outcomes, so states can provide Internet access for the lowest cost. Additionally, the Department is exploring ways to cut government red tape that slows down infrastructure construction. We will work with states and territories to quickly get rid of the delays and the waste. Thereafter we will move quickly to implementation in order to get households connected." Lutnick said the department's goal is to "deliver high-speed Internet access... efficiently and effectively at the lowest cost to taxpayers."

India's income tax department will gain powers to access citizens' social media accounts, emails and other digital spaces beginning April 2026 under the new income tax bill, in a significant expansion of its search and seizure authority.

The legislation, which has raised privacy concerns among legal experts, allows tax officers to "gain access by overriding the access code" to computer systems and "virtual digital spaces" if they suspect tax evasion.

The bill broadly defines virtual digital spaces to include email servers, social media accounts, online investment accounts, banking platforms, and cloud servers.

"The expansion raises significant concerns regarding constitutional validity, potential state overreach, and practical enforcement," Sonam Chandwani, Managing Partner at KS Legal and Associates, told Indian newspaper Economic Times.

Nintendo has trumpeted its latest legal success in the company's ongoing fight against pirated games as "significant" not only for itself, "but for the entire games industry." From a report: The Mario maker today confirmed it had won a final victory over French file-sharing company Dstorage, which operates the website 1fichier.com, following years of legal wrangling and repeated appeals. Nintendo's victory means European file-sharing companies must now remove illegal copies of games when asked to do so, or be held accountable and cough up potentially sizable fines as punishment.

In 2021, the Judicial Court of Paris ordered Dstorage pay Nintendo $1 million in damages after it was found to be hosting pirate games. Dstorage launched an appeal, which then failed in 2023, and was ordered to pay Nintendo further costs. But the case didn't end there. Dstorage finally took the matter to the highest French judiciary court, where it argued that a specific court order was required before it needed to remove content from its hosting services. This bid has also now failed, ending the long-running matter for good.

An anonymous reader quotes a report from 404 Media: After a group of attorneys were caught using AI to cite cases that didn't actually exist in court documents last month, another lawyer was told to pay $15,000 for his own AI hallucinations that showed up in several briefs. Attorney Rafael Ramirez, who represented a company called HoosierVac in an ongoing case where the Mid Central Operating Engineers Health and Welfare Fund claims the company is failing to allow the union a full audit of its books and records, filed a brief in October 2024 that cited a case the judge wasn't able to locate. Ramirez "acknowledge[d] that the referenced citation was in error," withdrew the citation, and "apologized to the court and opposing counsel for the confusion," according to Judge Mark Dinsmore, U.S. Magistrate Judge for the Southern District of Indiana. But that wasn't the end of it. An "exhaustive review" of Ramirez's other filings in the case showed that he'd included made-up cases in two other briefs, too. [...]

In January, as part of a separate case against a hoverboard manufacturer and Walmart seeking damages for an allegedly faulty lithium battery, attorneys filed court documents that cited a series of cases that don't exist. In February, U.S. District Judge Kelly demanded they explain why they shouldn't be sanctioned for referencing eight non-existent cases. The attorneys contritely admitted to using AI to generate the cases without catching the errors, and called it a "cautionary tale" for the rest of the legal world. Last week, Judge Rankin issued sanctions on those attorneys, according to new records, including revoking one of the attorneys' pro hac vice admission (a legal term meaning a lawyer can temporarily practice in a jurisdiction where they're not licensed) and removed him from the case, and the three other attorneys on the case were fined between $1,000 and $3,000 each. The judge in the Ramirez case said that he "does not aim to suggest that AI is inherently bad or that its use by lawyers should be forbidden." In fact, he noted that he's a vocal advocate for the use of technology in the legal profession.

"Nevertheless, much like a chain saw or other useful [but] potentially dangerous tools, one must understand the tools they are using and use those tools with caution," he wrote. "It should go without saying that any use of artificial intelligence must be consistent with counsel's ethical and professional obligations. In other words, the use of artificial intelligence must be accompanied by the application of actual intelligence in its execution."

CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.

Despite a January announcement that America would explore the idea of a national digital asset stockpile, the exact cryptocurrecies weren't specified. Today on social media the president posted that it would include bitcoin, ether, XRP, Solana's SOL token and Cardano's ADA, reports CNBC — prompting a Sunday rally in cryptocurrencies trading. XRP surged 33% after the announcement while the token tied to Solana jumped 22%. Cardano's coin soared more than 60%. Bitcoin rose 10% to $94,425.29, after dipping to a three-month low under $80,000 on Friday. Ether, which has suffered some of the biggest losses in crypto year-to-date, gained 12%... This is the first time Trump has specified his support for a crypto "reserve" versus a "stockpile." While the former assumes actively buying crypto in regular installments, a stockpile would simply not sell any of the crypto currently held by the U.S. government.
"The total cryptocurrency market has risen about 10%," reports Reuters, "or more than $300 billion, in the hours since Trump's announcement, according to CoinGecko, a cryptocurrency data and analysis company."

"A U.S. Crypto Reserve will elevate this critical industry..." the president posted, promising to "make sure the U.S. is the Crypto Capital of the World," reports The Hill: His announcement comes just after the White House announced it would be welcoming cryptocurrency industry professionals on March 7 in a first-of-its-kind summit... It's unclear what exactly Trump's crypto reserve would look like, and while he previously dismissed crypto as a scam, he's embraced the industry throughout his most recent campaign.

A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News.

Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... The package is designed to log into Deezer, harvest track metadata, request full-length streaming URLs, and download complete audio files in clear violation of Deezer's API terms... [I]t orchestrates a distributed piracy operation by leveraging both user-supplied and hardcoded Deezer credentials to create sessions with Deezer's API. This approach enables full access to track metadata and the decryption tokens required to generate full-length track URLs.

Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation. In doing so, automslc exposes critical track details — including Deezer IDs, International Standard Recording Codes, track titles, and internal tokens like MD5_ORIGIN (a hash used in generating decryption URLs) — which, when collected en masse, can be used to reassemble full track URLs and facilitate unauthorized downloads...

Even if a user pays for access to the service, the content is licensed, not owned. The automslc package circumvents licensing restrictions by enabling downloads and potential redistribution, which is outside the bounds of fair use...
"The malicious package was initially published in 2019, and its popularity (over 100,000 downloads) indicates wide distribution..."

NBC News reports that Utah could make history as America's first state to ban fluoride in public water systems — even though major medical associations supporting water fluoridation: If signed into law [by the governor], HB0081 would prevent any individual or political subdivision from adding fluoride "to water in or intended for public water systems..." A report published recently in JAMA Pediatrics found a statistically significant association between higher fluoride exposure and lower children's IQ scores — but the researchers did not suggest that fluoride should be removed from drinking water. According to the report's authors, most of the 74 studies they reviewed were low-quality and done in countries other than the United States, such as China, where fluoride levels tend to be much higher, the researchers noted.

An Australian study published last year found no link between early childhood exposure to fluoride and negative cognitive neurodevelopment. Researchers actually found a slightly higher IQ in kids who consistently drank fluoridated water. The levels in Australia are consistent with U.S. recommendations.

Major public health groups, including the American Academy of Pediatrics, the American Dental Association and the CDC — which says drinking fluoridated water keeps teeth strong and reduces cavities — support adding fluoride to water.
The article notes that since 2010 over 150 U.S. towns or counties have voted to keep fluoride out of public water systems or to stop adding it to their water (according to the anti-fluoride group "Fluoride Action Network"). But this week the American Dental Association (representing 159,000 members) urged Utah's governor not to become " the only state to end this preventive health practice that has been in place for over three quarters of a century."

Thanks to Slashdot reader fjo3 for sharing the news.

"We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla explained Wednesday in a clarification a recent Terms of Use update. "Without it, we couldn't use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

But Friday they went further, and revised those new Terms of Use "to more clearly reflect the limited scope of how Mozilla interacts with user data," according to a Mozilla blog post. More details from the Verge: The particular language that drew criticism was:

"When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox."

That language has been removed. Now, the language in the terms says:

"You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content...."

Friday's post additionally provides some context about why the company has "stepped away from making blanket claims that 'We never sell your data.'" Mozilla says that "in some places, the LEGAL definition of 'sale of data' is broad and evolving," and that "the competing interpretations of do-not-sell requirements does leave many businesses uncertain about their exact obligations and whether or not they're considered to be 'selling data.'" Mozilla says that "there are a number of places where we collect and share some data with our partners" so that Firefox can be "commercially viable," but it adds that it spells those out in its privacy notice and works to strip data of potentially identifying information or share it in aggregate.

Apple is facing a class action lawsuit alleging it misled consumers by falsely claiming certain Apple Watches were carbon neutral, as the carbon offset projects it relied on did not effectively reduce greenhouse gas emissions. The Verge reports: Apple said in 2023 that "select case and band combinations" of its Apple Watch Series 9, Apple Watch Ultra 2, and Apple Watch SE would be the company's first carbon neutral devices. The suit was filed on behalf of anyone who bought those watches. It alleges that the products were not really carbon neutral because they relied on faulty offset projects that didn't actually reduce the company's greenhouse gas pollution. [...]

The company's carbon neutral claims were false, and the seven plaintiffs would not have purchased the Apple Watches or paid as much for them had they known that, the lawsuit alleges. "Apple's false advertising may lead [consumers] to choose its products over genuinely sustainable alternatives," the complaint (PDF) filed in a California federal court on Wednesday says.

Apple is standing by its assertions. "We are proud of our carbon neutral products, which are the result of industry-leading innovation in clean energy and low-carbon design," Apple spokesperson Sean Redding said in an email. Redding says the company reduced Apple Watch emissions by more than 75 percent. The company focused on cutting pollution from materials, electricity, and transportation used to make the watches, in part by getting more of its suppliers to switch to clean energy. To deal with the remaining pollution, Redding says Apple invests in "nature-based projects to remove hundreds of thousands of metric tons of carbon from the air." That's where the new lawsuit finds problems.

To offset their emissions, many companies buy carbon credits from forestry projects that represent tons of planet-heating carbon dioxide that trees and soil naturally trap. Apple primarily purchased credits from the Chyulu Hills project in Kenya and the Guinan Project in China, the suit says. It alleges that neither of the projects met a basic standard for carbon offsets, which is that they capture additional CO2 that would not otherwise have been sequestered had Apple not paid to support the project.

The Ninth Circuit Court of Appeals is set to review a California district court's ruling in Neo4j v. PureThink, which upheld Neo4j's right to modify the GNU AGPLv3 with additional binding terms. If the appellate court affirms this decision, it could set a precedent allowing licensors to impose unremovable restrictions on open-source software, potentially undermining the enforceability of GPL-based licenses and threatening the integrity of the open-source ecosystem. The Register reports: The GNU AGPLv3 is a free and open source software (FOSS) license largely based on the GNU GPLv3, both of which are published by the Free Software Foundation (FSF). Neo4j provided database software under the AGPLv3, then tweaked the license, leading to legal battles over forks of the software. The AGPLv3 includes language that says any added restrictions or requirements are removable, meaning someone could just file off Neo4j's changes to the usage and distribution license, reverting it back to the standard AGPLv3, which the biz has argued and successfully fought against in that California district court.

Now the matter, the validity of that modified FOSS license, is before an appeals court in the USA. "I don't think the community realizes that if the Ninth Circuit upholds the lower court's ruling, it won't just kill GPLv3," PureThink's John Mark Suhy told The Register. "It will create a dangerous legal precedent that could be used to undermine all open-source licenses, allowing licensors to impose unexpected restrictions and fundamentally eroding the trust that makes open source possible."

Perhaps equally concerning is the fact that Suhy, founder and CTO of PureThink and iGov (the two firms sued by Neo4j), and presently CTO of IT consultancy Greystones Group, is defending GPL licenses on his own, pro se, without the help of the FSF, founded by Richard Stallman, creator of the GNU General Public License. "I'm actually doing everything pro se because I used up all my savings to fight it in the lower court," said Suhy. "I'm surprised the Free Software Foundation didn't care too much about it. They always had an excuse about not having the money for it. Luckily the Software Freedom Conservancy came in and helped out there."

UPDATE (3/1/2025): "We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla explained Wednesday in a clarification a recent Terms of Use update. "Without it, we couldn't use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

But Friday they went further, and revised those new Terms of Use "to more clearly reflect the limited scope of how Mozilla interacts with user data," according to a Mozilla blog post. ("You give Mozilla the rights necessary to operate Firefox... This does not give Mozilla any ownership in that content.")

Slashdot's original post below...

New submitter SharkByte writes: Mozilla just updated its Terms of Use and Privacy Policy for Firefox with a very disturbing "You Give Mozilla Certain Rights and Permissions" clause:

H/T to reader agristin as well, who also wrote about this.

Researchers at George Mason University discovered a vulnerability in Apple's Find My network that allows hackers to silently track any Bluetooth device as if it were an AirTag, without the owner's knowledge. 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation."

In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers. Apple has acknowledged the George Mason researchers for discovering a Bluetooth exploit in its Find My network but has yet to issue a fix. "For now, they advise users to never allow unnecessary access to the device's Bluetooth when requested by apps, and of course, always keep their device's software updated," reports 9to5Mac.

Apple announced a new feature allowing parents to share a child's age with app developers without exposing sensitive information, as lawmakers debate age-verification laws for social media and apps. Reuters reports: States, such as Utah and South Carolina, are currently debating laws that would require app store operators such as Apple and Alphabet's Google to check the ages of users. That has set up a conflict in the tech industry over which party should be responsible for checking ages for users under 18 -- app stores, or each individual app. Meta, for instance, has long argued in favor of legislation requiring app stores to check ages when a child downloads an app.

Apple on Thursday said it does not want to be responsible for collecting sensitive data for those age verifications. "While only a fraction of apps on the App Store may require age verification, all users would have to hand over their sensitive personally identifying information to us -- regardless of whether they actually want to use one of these limited set of apps," Apple wrote in a whitepaper on its website.

An anonymous reader quotes a report from TechCrunch: Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands of once-public GitHub repositories from some of the world's biggest companies are affected, including Microsoft's, according to new findings from Lasso, an Israeli cybersecurity company focused on emerging generative AI threats.

Lasso co-founder Ophir Dror told TechCrunch that the company found content from its own GitHub repository appearing in Copilot because it had been indexed and cached by Microsoft's Bing search engine. Dror said the repository, which had been mistakenly made public for a brief period, had since been set to private, and accessing it on GitHub returned a "page not found" error. "On Copilot, surprisingly enough, we found one of our own private repositories," said Dror. "If I was to browse the web, I wouldn't see this data. But anyone in the world could ask Copilot the right question and get this data."

After it realized that any data on GitHub, even briefly, could be potentially exposed by tools like Copilot, Lasso investigated further. Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing's caching mechanism, the company found more than 20,000 since-private GitHub repositories still had data accessible through Copilot, affecting more than 16,000 organizations. Lasso told TechCrunch ahead of publishing its research that affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft. [...] For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said.

An anonymous reader shares a report: The company behind WordPress, Automattic Inc., and its founder, Matt Mullenweg, continue to face backlash over a "nuclear war" started with WP Engine (WPE) that allegedly messed with maintenance and security of hundreds of thousands of websites.

In a proposed class action lawsuit filed this weekend, a WPE customer, Ryan Keller, accused Automattic and Mullenweg of "deliberately abusing their power and control over the WordPress ecosystem to purposefully, deliberately, and repeatedly disrupt contracts" -- all due to a supposed trademark infringement claim. If granted, the class would include "all persons in the United States who had ongoing active WPE WordPress Web Hosting Plans on or before September 24, 2024 through December 10, 2024."

WPE had previously sued Automattic and Mullenweg, alleging that the attack on WPE was actually an attempt to extort what Keller alleged was "tens of millions of dollars" in payments from WPE for using the WordPress trademark. Mullenweg made it clear that the value of the payments was "based on what he thought WPE could afford, rather than what the value of the trademark actually was," Keller's complaint alleged. Automattic's "poorly disguised attempt to extort WPE," Keller alleged, was lobbed "against the threat of making it virtually impossible for WPE (and its customers) to conduct its ordinary business."