aggregator

An anonymous reader quotes a report from TechCrunch: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users' access to their Facebook, Google and TikTok accounts. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. YX International claims to send 5 million SMS text messages daily. But the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database's public IP address. Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world's largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. The database had monthly logs dating back to July 2023 and was growing in size by the minute. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. The database went offline a short time later.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=A+Leaky+Database+Spilled+2FA+Codes+For+the+World's+Tech+Giants%3A+https%3A%2F%2Fdevelopers.slashdot.org%2Fstory%2F24%2F03%2F01%2F2130254%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fdevelopers.slashdot.org%2Fstory%2F24%2F03%2F01%2F2130254%2Fa-leaky-database-spilled-2fa-codes-for-the-worlds-tech-giants%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://developers.slashdot.org/story/24/03/01/2130254/a-leaky-database-spilled-2fa-codes-for-the-worlds-tech-giants?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk. As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies. Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating. Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable. The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff. This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=How+the+Pentagon+Learned+To+Use+Targeted+Ads+To+Find+Its+Targets%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2352251%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2352251%2Fhow-the-pentagon-learned-to-use-targeted-ads-to-find-its-targets%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/2352251/how-the-pentagon-learned-to-use-targeted-ads-to-find-its-targets?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

In a series of tests using fake data, a U.S. government watchdog was able to steal more than 1GB of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The experiment is detailed in a new report by the Department of the Interior's Office of the Inspector General (OIG), published last week. TechCrunch reports: The goal of the report was to test the security of the Department of the Interior's cloud infrastructure, as well as its "data loss prevention solution," software that is supposed to protect the department's most sensitive data from malicious hackers. The tests were conducted between March 2022 and June 2023, the OIG wrote in the report. The Department of the Interior manages the country's federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud. According to the report, in order to test whether the Department of the Interior's cloud infrastructure was secure, the OIG used an online tool called Mockaroo to create fake personal data that "would appear valid to the Department's security tools." The OIG team then used a virtual machine inside the Department's cloud environment to imitate "a sophisticated threat actor" inside of its network, and subsequently used "well-known and widely documented techniques to exfiltrate data." "We used the virtual machine as-is and did not install any tools, software, or malware that would make it easier to exfiltrate data from the subject system," the report read. The OIG said it conducted more than 100 tests in a week, monitoring the government department's "computer logs and incident tracking systems in real time," and none of its tests were detected nor prevented by the department's cybersecurity defenses. "Our tests succeeded because the Department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data," said the OIG's report. "In the years that the system has been hosted in a cloud, the Department has never conducted regular required tests of the system's controls for protecting sensitive data from unauthorized access." That's the bad news: The weaknesses in the Department's systems and practices "put sensitive [personal information] for tens of thousands of Federal employees at risk of unauthorized access," read the report. The OIG also admitted that it may be impossible to stop "a well-resourced adversary" from breaking in, but with some improvements, it may be possible to stop that adversary from exfiltrating the sensitive data.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Government+Watchdog+Hacked+US+Federal+Agency+To+Stress-Test+Its+Cloud+Security%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2335241%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2335241%2Fgovernment-watchdog-hacked-us-federal-agency-to-stress-test-its-cloud-security%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/2335241/government-watchdog-hacked-us-federal-agency-to-stress-test-its-cloud-security?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from NPR: ExxonMobil faces dozens of lawsuits from states and localities alleging the company lied for decades about its role in climate change and the dangers of burning fossil fuels. But now, ExxonMobil is going on the offensive with a lawsuit targeting investors who want the company to slash pollution that's raising global temperatures. Investors in publicly-traded companies like ExxonMobil try to shape corporate policies by filing shareholder proposals that are voted on at annual meetings. ExxonMobil says it's fed up with a pair of investor groups that it claims are abusing the system by filing similar proposals year after year in an effort to micromanage its business. ExxonMobil's lawsuit points to growing tensions between companies and activist investors calling for corporations to do more to shrink their climate impact and prepare for a hotter world. Interest groups on both sides of the case say it could unleash a wave of corporate litigation against climate activists. It is happening at a time when global temperatures continue to rise, and corporate analysts say most companies aren't on track to meet targets they set to reduce their heat-trapping emissions. "Exxon is really upping the ante here in a big way by bringing this case," says Josh Zinner, chief executive of an investor coalition called the Interfaith Center on Corporate Accountability, whose members include a defendant in the ExxonMobil case. "Other companies could use this tactic not just to block resolutions," Zinner says, "but to intimidate their shareholders from even bringing these [climate] issues to the table." ExxonMobil said in an email that it is suing the investor groups Arjuna Capital and Follow This because the U.S. Securities and Exchange Commission (SEC) isn't enforcing rules governing when investors can resubmit shareholder proposals. A court is the "the right place to get clarity on SEC rules," ExxonMobil said, adding that the case "is not about climate change." Other corporations are watching ExxonMobil's case, says Charles Crain, a vice president at the National Association of Manufacturers, which represents ExxonMobil and other industrial companies. "If companies are decreasingly able to get the SEC to allow them to exclude proposals that are obviously politically motivated, then the next question is, well, can the courts succeed where the SEC has failed -- or, more accurately, not even tried?," Crain says. "The shareholder proposal from Arjuna and Follow This called for ExxonMobil to cut emissions faster from its own operations and from its supply chain, including the pollution that's created when customers burn its oil and natural gas," notes NPR. "That indirect pollution, known as Scope 3 emissions, accounts for 90% of ExxonMobil's carbon footprint." "ExxonMobil says it is committed to cutting emissions from its operations. But the idea that activist investors like Arjuna and Follow This can quickly push the company out of the oil and gas business with new climate policies is 'simplistic and against the interests of the vast majority of ExxonMobil shareholders,' the company said in a court filing in Texas." The company added that while shareholders are entitled to submit proposals, they don't have "an unlimited right to put forth any proposal to do anything." "Their intent is to advance their agenda rather than creating long-term value for shareholders," ExxonMobil said of Arjuna and Follow This.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=ExxonMobil+Is+Suing+Investors+Who+Want+Faster+Climate+Action%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F233215%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F233215%2Fexxonmobil-is-suing-investors-who-want-faster-climate-action%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/233215/exxonmobil-is-suing-investors-who-want-faster-climate-action?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Stephanie Kirchgaessner reports via The Guardian: NSO Group, the maker of one the world's most sophisticated cyber weapons, has been ordered by a US court to hand its code for Pegasus and other spyware products to WhatsApp as part of the company's ongoing litigation. The decision by Judge Phyllis Hamilton is a major legal victory for WhatsApp, the Meta-owned communication app which has been embroiled in a lawsuit against NSO since 2019, when it alleged that the Israeli company's spyware had been used against 1,400 WhatsApp users over a two-week period. NSO's Pegasus code, and code for other surveillance products it sells, is seen as a closely and highly sought state secret. NSO is closely regulated by the Israeli ministry of defense, which must review and approve the sale of all licences to foreign governments. In reaching her decision, Hamilton considered a plea by NSO to excuse it of all its discovery obligations in the case due to "various US and Israeli restrictions." Ultimately, however, she sided with WhatsApp in ordering the company to produce"all relevant spyware" for a period of one year before and after the two weeks in which WhatsApp users were allegedly attacked: from 29 April 2018 to 10 May 2020. NSO must also give WhatsApp information "concerning the full functionality of the relevant spyware." Hamilton did, however, decide in NSO's favor on a different matter: the company will not be forced at this time to divulge the names of its clients or information regarding its server architecture.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Court+Orders+Maker+of+Pegasus+Spyware+To+Hand+Over+Code+To+WhatsApp%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F02%2F29%2F2239229%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F24%2F02%2F29%2F2239229%2Fcourt-orders-maker-of-pegasus-spyware-to-hand-over-code-to-whatsapp%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://tech.slashdot.org/story/24/02/29/2239229/court-orders-maker-of-pegasus-spyware-to-hand-over-code-to-whatsapp?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr. How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...] If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=The+FBI+Is+Using+Push+Notifications+To+Catch+Sexual+Predators%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2231222%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2231222%2Fthe-fbi-is-using-push-notifications-to-catch-sexual-predators%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/2231222/the-fbi-is-using-push-notifications-to-catch-sexual-predators?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

A B.C. lawyer has been ordered to pay costs for opposing counsel for the time they took to discover that two cases she cited as precedent were created by ChatGPT. CBC News reports: The cases would have provided compelling precedent for a divorced dad to take his children to China -- had they been real. But instead of savouring courtroom victory, the Vancouver lawyer for a millionaire embroiled in an acrimonious split has been told to personally compensate her client's ex-wife's lawyers for the time it took them to learn the cases she hoped to cite were conjured up by ChatGPT. In a decision released Monday, a B.C. Supreme Court judge reprimanded lawyer Chong Ke for including two AI "hallucinations" in an application filed last December. The cases never made it into Ke's arguments; they were withdrawn once she learned they were non-existent. Justice David Masuhara said he didn't think the lawyer intended to deceive the court -- but he was troubled all the same. "As this case has unfortunately made clear, generative AI is still no substitute for the professional expertise that the justice system requires of lawyers," Masuhara wrote in a "final comment" appended to his ruling. "Competence in the selection and use of any technology tools, including those powered by AI, is critical."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=BC+Lawyer+Reprimanded+For+Citing+Fake+Cases+Invented+By+ChatGPT%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2124254%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2124254%2Fbc-lawyer-reprimanded-for-citing-fake-cases-invented-by-chatgpt%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/2124254/bc-lawyer-reprimanded-for-citing-fake-cases-invented-by-chatgpt?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from Ars Technica: Video doorbell cameras have been commoditized to the point where they're available for $30-$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however. Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities." Among the camera's vulnerabilities cited by CR: - Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption - Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app - Access to still images from the video feed and other information by knowing the camera's serial number. CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon "Overall Pick" label (as one model did when an Ars writer looked on Wednesday). CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell. "These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they've found their way onto major digital marketplaces such as Amazon and Walmart," said Justin Brookman, director of tech policy at Consumer Reports, in a statement. "Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm's way."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Cheap+Doorbell+Cameras+Can+Be+Easily+Hijacked%2C+Says+Consumer+Reports%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2117215%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F2117215%2Fcheap-doorbell-cameras-can-be-easily-hijacked-says-consumer-reports%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/2117215/cheap-doorbell-cameras-can-be-easily-hijacked-says-consumer-reports?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

The Intercept, Raw Story, and AlterNet have filed separate lawsuits against OpenAI and Microsoft, alleging copyright infringement and the removal of copyright information while training AI models. The Verge reports: The publications said ChatGPT "at least some of the time" reproduces "verbatim or nearly verbatim copyright-protected works of journalism without providing author, title, copyright or terms of use information contained in those works." According to the plaintiffs, if ChatGPT trained on material that included copyright information, the chatbot "would have learned to communicate that information when providing responses." Raw Story and AlterNet's lawsuit goes further (PDF), saying OpenAI and Microsoft "had reason to know that ChatGPT would be less popular and generate less revenue if users believed that ChatGPT responses violated third-party copyrights." Both Microsoft and OpenAI offer legal cover to paying customers in case they get sued for violating copyright for using Copilot or ChatGPT Enterprise. The lawsuits say that OpenAI and Microsoft are aware of potential copyright infringement. As evidence, the publications point to how OpenAI offers an opt-out system so website owners can block content from its web crawlers. The New York Times also filed a lawsuit in December against OpenAI, claiming ChatGPT faithfully reproduces journalistic work. OpenAI claims the publication exploited a bug on the chatbot to regurgitate its articles.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=The+Intercept%2C+Raw+Story%2C+and+AlterNet+Sue+OpenAI+and+Microsoft%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F003212%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F29%2F003212%2Fthe-intercept-raw-story-and-alternet-sue-openai-and-microsoft%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/29/003212/the-intercept-raw-story-and-alternet-sue-openai-and-microsoft?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from Ars Technica: Convicted FTX fraudster Sam Bankman-Fried pleaded for a lenient prison sentence in a court filing yesterday, saying that he isn't motivated by greed and "is already being punished." Bankman-Fried requested a sentence of 63 to 78 months, or 5.25 to 6.5 years. Because of "Sam's charitable works and demonstrated commitment to others, a sentence that returns Sam promptly to a productive role in society would be sufficient, but not greater than necessary, to comply with the purposes of sentencing," the court filing (PDF) said. Bankman-Fried's filing also said that he maintains his innocence and intends to appeal his convictions. A presentence investigation report (PSR) prepared by a probation officer recommended that Bankman-Fried be sentenced to 100 years in prison, according to the filing. "That recommendation is grotesque," SBF's filing said, arguing that it is based on an erroneously calculated loss of $10 billion. The $10 billion loss asserted in the PSR is "illusory" because the "victims are poised to recover -- were always poised to recover -- a hundred cents on the dollar" in bankruptcy proceedings, SBF's filing said. The filing urged the court to "reject the PSR's barbaric proposal" of 100 years, saying that such sentences should only be for "heinous conduct" like terrorism and child sexual abuse. The founder and ex-CEO of cryptocurrency exchange FTX, Bankman-Fried was convicted on seven charges with a combined maximum sentence of 110 years after a monthlong trial in US District Court for the Southern District of New York. The charges included wire fraud and conspiracy to commit wire fraud, securities fraud, commodities fraud, and money laundering. US government prosecutors are required to make a sentencing recommendation by March 15, and US District Judge Lewis Kaplan is scheduled to issue a sentence on March 28.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=SBF+Asks+For+5-Year+Prison+Sentence%2C+Calls+100-Year+Recommendation+'Grotesque'%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F2129221%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F2129221%2Fsbf-asks-for-5-year-prison-sentence-calls-100-year-recommendation-grotesque%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/28/2129221/sbf-asks-for-5-year-prison-sentence-calls-100-year-recommendation-grotesque?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

EU lawmakers on Wednesday approved draft rules governing patents key to technologies for telecom equipment and connected cars in the face of criticism from Nokia, Ericsson and other patent holders. From a report: The draft rules proposed by the European Commission in April last year seek to end costly and lengthy litigation over patents used in technologies for telecom equipment, mobile phones, computers, connected cars and smart devices. The European Parliament will now have to thrash out the details of the proposed rules with EU countries before it can become law. Nokia, Ericsson and Siemens in a letter to EU lawmakers in January, highlighted concerns from the European Patent Office, standard-setting body ETSI and other bodies on the draft rules. Lobbying group IP Europe, which counts Nokia, Ericsson and Qualcomm as its members, reiterated its opposition to the draft rules. "The beneficiaries would not be SMEs as claimed but big tech," IP Europe's managing director Patrick McCutcheon said ahead of the lawmakers' vote.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=EU+Lawmakers+Back+Draft+Rules+on+Patents+for+Connected+Cars%2C+Telecom+Equipment%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F2023242%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F2023242%2Feu-lawmakers-back-draft-rules-on-patents-for-connected-cars-telecom-equipment%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/28/2023242/eu-lawmakers-back-draft-rules-on-patents-for-connected-cars-telecom-equipment?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

President Joe Biden will issue an executive order on Wednesday aimed at curbing foreign governments' ability to buy Americans' sensitive personal information such as heath and geolocation data, according to senior US officials. From a report: The move marks a rare policy effort to address a longstanding US national security concern: the ease with which anyone, including a foreign intelligence services, can legally buy Americans' data and then use the information for espionage, hacking and blackmail. The issue, a senior Justice Department official told reporters this week, is a "growing threat to our national security." The executive order will give the Justice Department the authority to regulate commercial transactions that "pose an unacceptable risk" to national security by, for example, giving a foreign power large-scale access to Americans' personal data, the Justice Department official said. The department will also issue regulations that require better protection of sensitive government information, including geolocation data on US military members, according to US officials. A lot of the online trade in personal information runs through so-called data brokers, which buy information on people's Social Security numbers, names, addresses, income, employment history and criminal background, as well as other items. "Countries of concern, such as China and Russia, are buying Americans' sensitive personal data from data brokers," a separate senior administration official told reporters. In addition to health and location data, the executive order is expected to cover other sensitive information like genomic and financial data. Administration officials told reporters the new executive order would be applied narrowly so as not to hurt business transactions that do not pose a national security risk. The White House's press release.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=White+House+Looks+To+Curb+Foreign+Powers'+Ability+To+Buy+Americans'+Sensitive+Personal+Data+With+Executive+Order%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F1639246%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F28%2F1639246%2Fwhite-house-looks-to-curb-foreign-powers-ability-to-buy-americans-sensitive-personal-data-with-executive-order%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/28/1639246/white-house-looks-to-curb-foreign-powers-ability-to-buy-americans-sensitive-personal-data-with-executive-order?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Nintendo has filed a 41-page lawsuit against the makers of Yuzu, an open-source Nintendo Switch emulator, accusing them of "facilitating piracy at a colossal scale." Polygon reports: Yuzu is a free emulator that was released in 2018 months after the Nintendo Switch originally launched. The same folks who made Citra, a Nintendo 3DS emulator, made this one. Basically, it's a piece of software that lets people play Nintendo Switch games on Windows PC, Linux, and Android devices. (It also runs on Steam Deck, which Valve showed -- then wiped -- in a Steam Deck video clip.) Emulators aren't necessarily illegal, but pirating games to play on them is. But Nintendo said in its lawsuit that there's no way to legal way to use Yuzu. Nintendo argued that Yuzu executes codes that "defeat" Nintendo's security measures, including decryption using "an illegally-obtained copy of prod.keys." "In other words, without Yuzu's decryption of Nintendo's encryption, unauthorized copies of games could not be played on PCs or Android devices," Nintendo wrote in the lawsuit. As to the alleged damages created by Yuzu, Nintendo pointed to the release of The Legend of Zelda: Tears of the Kingdom. Tears of the Kingdom leaked almost two weeks earlier than the game's May 12 release date. The pirated version of the game spread quickly; Nintendo said it was downloaded more than 1 million times before Tears of the Kingdom's release date. People used Yuzu to play the game; Nintendo said more than 20% of download links pointed people to Yuzu. Though Yuzu doesn't give out pirated copies of games, Nintendo repeatedly said that most ROM sites point people toward Yuzu to play whatever games they've downloaded. Nintendo said its "expended significant resources to stop the illegal copying, marketing, sale, and distribution" of its Nintendo Switch games. It says that Yuzu earns the team $30,000 per month on its Patreon from more than 7,000 patrons. Nintendo said the company has earned at least $50,000 in paid Yuzu downloads. Nintendo said that Yuzu's Patreon doubled its paid members in the period between May 1 and May 12, when Tears of the Kingdom was released. Nintendo is asking the court to shut down the emulator, and for damages.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Nintendo+Suing+Makers+of+Open-Source+Switch+Emulator+Yuzu%3A+https%3A%2F%2Fgames.slashdot.org%2Fstory%2F24%2F02%2F28%2F0517251%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fgames.slashdot.org%2Fstory%2F24%2F02%2F28%2F0517251%2Fnintendo-suing-makers-of-open-source-switch-emulator-yuzu%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://games.slashdot.org/story/24/02/28/0517251/nintendo-suing-makers-of-open-source-switch-emulator-yuzu?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses. "In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices. On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises." Those actions include: - Perform a hardware factory reset to remove all malicious files - Upgrade to the latest firmware version - Change any default usernames and passwords - Implement firewall rules to restrict outside access to remote management servicespdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Hackers+Backed+By+Russia+and+China+Are+Infecting+SOHO+Routers+Like+Yours%2C+FBI+Warns%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F02%2F27%2F2147247%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F24%2F02%2F27%2F2147247%2Fhackers-backed-by-russia-and-china-are-infecting-soho-routers-like-yours-fbi-warns%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://it.slashdot.org/story/24/02/27/2147247/hackers-backed-by-russia-and-china-are-infecting-soho-routers-like-yours-fbi-warns?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Apple has filed a lawsuit against the U.S. Patent and Trademark Office for refusing to grant trademarks covering the company's augmented-reality software development tools "Reality Composer" and "Reality Converter." Reuters reports: Apple, whose augmented-reality technology is a centerpiece of its newly released Vision Pro headset, asked the court (PDF) on Friday to reverse the USPTO's decision that the phrases were not distinctive enough to receive federal trademark protection. "Consumers must exercise imagination to understand how the nonsensical phrases 'reality composer' and 'reality converter' -- which sound like science fiction impossibilities -- relate to Apple's products," the complaint said. "They are suggestive, just as Burger King is a fast-food chain, not an actual monarch." Apple's Reality Composer and Reality Converter allow developers to create and alter 3-D augmented-reality content for Apple apps. The content is compatible with Apple devices including the Vision Pro mixed-reality headset, which the tech giant began selling earlier this month. Turkish visual-effects company ZeroDensity challenged Apple's trademark applications at the USPTO, arguing that the phrases could not receive federal trademarks because they merely describe what the software does. ZeroDensity also said Apple's trademarks would cause confusion with its own "Reality"-related marks. ZeroDensity, the named defendant in the case, said in a statement on Monday that it was "surprised and concerned by [Apple's] misinterpretation and misrepresentation of our company" and is "resolute in defending our 'Reality' trademarks." A USPTO tribunal agreed with ZeroDensity that Apple's marks were descriptive without addressing whether they would confuse consumers. Apple said in Friday's complaint that its phrases were "made-up terms coined by Apple that do not describe the underlying software development tools." "In contrast, descriptive terms like Raisin Bran or American Airlines straightforwardly describe the goods and services offered under the brand name," Apple said. "As innovative as Apple is, it cannot 'compose' or 'convert' reality." Apple argued that its marks would not cause consumer confusion and accused ZeroDensity of trying to "claim broad rights in the word 'reality,' which no one entity can monopolize."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Apple+Sues+To+Win+Trademarks+For+Augmented-Reality+Software%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F2123239%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F2123239%2Fapple-sues-to-win-trademarks-for-augmented-reality-software%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/27/2123239/apple-sues-to-win-trademarks-for-augmented-reality-software?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from Ars Technica: Meta will soon begin "collecting anonymized data" from users of its Quest headsets, a move that could see the company aggregating information about hand, body, and eye tracking; camera information; "information about your physical environment"; and information about "the virtual reality events you attend." In an email sent to Quest users Monday, Meta notes that it currently collects "the data required for your Meta Quest to work properly." Starting with the next software update, though, the company will begin collecting and aggregating "anonymized data about... device usage" from Quest users. That anonymized data will be used "for things like building better experiences and improving Meta Quest products for everyone," the company writes. A linked help page on data sharing clarifies that Meta can collect anonymized versions of any of the usage data included in the "Supplemental Meta Platforms Technologies Privacy Policy," which was last updated in October. That document lists a host of personal information that Meta can collect from your headset, including: - "Your audio data, when your microphone preferences are enabled, to animate your avatar's lip and face movement" - "Certain data" about hand, body, and eye tracking, "such as tracking quality and the amount of time it takes to detect your hands and body" - Fitness-related information such as the "number of calories you burned, how long you've been physically active, [and] your fitness goals and achievements" - "Information about your physical environment and its dimensions" such as "the size of walls, surfaces, and objects in your room and the distances between them and your headset" - "Voice interactions" used when making audio commands or dictations, including audio recordings and transcripts that might include "any background sound that happens when you use those services" (these recordings and transcriptions are deleted "immediately" in most cases, Meta writes) - Information about "your activity in virtual reality," including "the virtual reality events you attend" The anonymized collection data is used in part to "analyz[e] device performance and reliability" to "improve the hardware and software that powers your experiences with Meta VR Products." Meta's help page also lists a small subset of "additional data" that headset users can opt out of sharing with Meta. But there's no indication that Quest users can opt out of the new anonymized data collection policies entirely. These policies only seem to apply to users who make use of a Meta account to access their Quest headsets, and those users are also subject to Meta's wider data-collection policies. Those who use a legacy Oculus account are subject to a separate privacy policy that describes a similar but more limited set of data-collection practices.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Meta+Will+Start+Collecting+'Anonymized'+Data+About+Quest+Headset+Usage%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F2116258%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F2116258%2Fmeta-will-start-collecting-anonymized-data-about-quest-headset-usage%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/27/2116258/meta-will-start-collecting-anonymized-data-about-quest-headset-usage?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

Tumblr and Wordpress are preparing to sell user data to Midjourney and OpenAI, 404Media reported Tuesday, citing a source with internal knowledge about the deals and internal documents. From the report: The exact types of data from each platform going to each company are not spelled out in documentation we've reviewed, but internal communications reviewed by 404 Media make clear that deals between Automattic, the platforms' parent company, and OpenAI and Midjourney are imminent. The internal documentation details a messy and controversial process within Tumblr itself. One internal post made by Cyle Gage, a product manager at Tumblr, states that a query made to prepare data for OpenAI and Midjourney compiled a huge number of user posts that it wasn't supposed to. It is not clear from Gage's post whether this data has already been sent to OpenAI and Midjourney, or whether Gage was detailing a process for scrubbing the data before it was to be sent.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Tumblr+and+Wordpress+Are+Preparing+To+Sell+User+Data+To+OpenAI+and+Midjourney%2C+Report+Says%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F02%2F27%2F191230%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F02%2F27%2F191230%2Ftumblr-and-wordpress-are-preparing-to-sell-user-data-to-openai-and-midjourney-report-says%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://news.slashdot.org/story/24/02/27/191230/tumblr-and-wordpress-are-preparing-to-sell-user-data-to-openai-and-midjourney-report-says?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

OpenAI has asked a federal judge to dismiss parts of the New York Times' copyright lawsuit against it, arguing that the newspaper "hacked" its chatbot ChatGPT and other AI systems to generate misleading evidence for the case. From a report: OpenAI said in a filing in Manhattan federal court on Monday that the Times caused the technology to reproduce its material through "deceptive prompts that blatantly violate OpenAI's terms of use." "The allegations in the Times's complaint do not meet its famously rigorous journalistic standards," OpenAI said. "The truth, which will come out in the course of this case, is that the Times paid someone to hack OpenAI's products." OpenAI did not name the "hired gun" who it said the Times used to manipulate its systems and did not accuse the newspaper of breaking any anti-hacking laws.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=OpenAI+Says+New+York+Times+'Hacked'+ChatGPT+To+Build+Copyright+Lawsuit%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F1817208%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F24%2F02%2F27%2F1817208%2Fopenai-says-new-york-times-hacked-chatgpt-to-build-copyright-lawsuit%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://yro.slashdot.org/story/24/02/27/1817208/openai-says-new-york-times-hacked-chatgpt-to-build-copyright-lawsuit?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from The Register: A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application. The motion for a TRO follows AG's Ford announcement of civil lawsuits on January 30, 2024 against five social media companies, including Meta [PDF], alleging the companies deceptively marketed their services to young people through algorithms that were designed to promote addiction. Nevada was not a party to the two multi-district lawsuits filed against Meta last October by 42 State Attorney General over claims that the social media company knowingly ignored evidence that its Facebook and Instagram services contribute to the mental harm of children and teens. Meta, which lately has been investing in virtual reality and large language models, is also being sued by hundreds of school districts around the US. The Nevada court filing to obtain a TRO follows from AG Ford's initial complaint. The legal claim cites a statement from the National Center for Missing and Exploited Children that argues Meta's provision of end-to-end encryption in Messenger "without exceptions for child sexual abuse material placed millions of children in grave danger." The initial complaint's presumably supporting claims, however, have been redacted in the publicly viewable copy of the document. The motion for a TRO, which also contains redactions, contends that Meta -- by encrypting Messenger -- has thwarted state officials from enforcing the Nevada Unfair and Deceptive Trade Practices Act. "With this Motion, the State seeks to enjoin Meta from using end-to-end encryption (also called 'E2EE') on Young Users' Messenger communications within the State of Nevada," the court filing says. "This conduct -- which renders it impossible for anyone other than a private message's sender and recipient to know what information the message contains -- serves as an essential tool of child predators and drastically impedes law enforcement efforts to protect children from heinous online crimes, including human trafficking, predation, and other forms of dangerous exploitation." Meta enabled E2EE by default for all users of Messenger in December 2023. But according to the motion for a TRO, "Meta's end-to-end-encryption stymies efforts by Nevada law enforcement, causing needless delay and even risking the spoliation of critical pieces of necessary evidence in criminal prosecutions." The injunction, if granted, would require Meta to disable E2EE for all Messenger users under 18 in Nevada. Presumably that would also affect minors using Messenger who are visiting the Silver State.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=Nevada+Sues+To+Deny+Kids+Access+To+Meta's+Messenger+Encryption%3A+https%3A%2F%2Fmeta.slashdot.org%2Fstory%2F24%2F02%2F27%2F0037240%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fmeta.slashdot.org%2Fstory%2F24%2F02%2F27%2F0037240%2Fnevada-sues-to-deny-kids-access-to-metas-messenger-encryption%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://meta.slashdot.org/story/24/02/27/0037240/nevada-sues-to-deny-kids-access-to-metas-messenger-encryption?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p

An anonymous reader quotes a report from The Guardian: A global coalition of democracies is being formed to protect their societies from disinformation campaigns by foreign governments, the US special envoy on the issue has said. James Rubin, the special envoy for non-state propaganda and disinformation efforts at the US state department's global engagement centre (GEC), said the coalition hoped to agree on "definitions for information manipulation versus plain old opinions that other governments are entitled to have even if we disagree with them." The US, UK and Canada have already signed up to a formal framework agreement, and Washington hopes more countries will join. The GEC focuses solely on disinformation by foreign powers. Apart from trying to develop global strategies, it works to expose specific covert disinformation operations, such as a Russian operation in Africa to discredit US health services. The US, UK and Canada signed the framework to counter foreign state manipulation this month with the aim of addressing disinformation as a national security threat that requires coordinated government and civil society responses. "Now is the time for a collective approach to the foreign information manipulation threat that builds a coalition of like-minded countries committed to strengthening resilience and response to information manipulation," the framework says. It also encourages information-sharing and joint data analysis tools to identify covert foreign disinformation. A hugely experienced US official and journalist who has worked with diplomats such as Madeleine Albright in the past, Rubin admitted his first year as special envoy had been one of his most intellectually taxing because of the complex definitions surrounding disinformation. In the continuum between hostile opinion and disinformation, he has tried to identify where and how governments can intervene without limiting free speech. The principle on which he has alighted is deception by foreign powers. "In principle every government should be free to convey their views, but they should have to admit who they are," he said an interview. "We want to promote more fact-based information, but at the same time find ways to label those information operations that are generated by the Chinese government or the Kremlin but to which they don't admit. "In the end that is all I know we can do right now without interfering with a free press. We are not asking for such covert disinformation to be taken down but a way to be found for the source to be labelled."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="http://twitter.com/home?status=US+Leading+Global+Alliance+To+Counter+Foreign+Government+Disinformation%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F02%2F26%2F2216240%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"img src="https://a.fsdn.com/sd/twitter_icon_large.png"/a a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F24%2F02%2F26%2F2216240%2Fus-leading-global-alliance-to-counter-foreign-government-disinformation%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"img src="https://a.fsdn.com/sd/facebook_icon_large.png"/a /div/ppa href="https://news.slashdot.org/story/24/02/26/2216240/us-leading-global-alliance-to-counter-foreign-government-disinformation?utm_source=rss1.0moreanonamp;utm_medium=feed"Read more of this story/a at Slashdot./p