The Linkielist

Linking ideas with the world

The Linkielist

Google introduces personalised shopping ads to AI tools as all GPT makers push shopping through their chatbots

Posted on by
The enshittification of GPT didn’t take long, did it?
Google is introducing new personalised advertising into its AI shopping tools, as it seeks to make money from the hundreds of millions of people who use its chatbot for free and gain market share from rival OpenAI.
Advertisers will be able to present exclusive offers to shoppers who are preparing to buy an item through Google’s AI mode, which is powered by its Gemini model, the Alphabet-owned tech giant announced on Sunday.
[…]
It also represents a move away from the tech giant’s traditional ‘sponsored’ ad placements in search results, which generate tens of billions of dollars for the company but has come under threat by the rise of AI chatbots.
[…]
“It essentially gives retailers the flexibility to deliver value to people shopping in AI mode, whether that’s a lower price, a special bundle or free shipping. In the moment, it matters most . . . to just close the sale,”
[…]
AI groups, including OpenAI, Microsoft and Perplexity, have rushed to launch ecommerce features in their chatbots over the past year as they hunt for new ways to generate revenue from their popular but costly AI products.
OpenAI has been rolling out its checkout feature, first reported by the FT, which sees the AI start-up take a cut of the sales made on ChatGPT.
Microsoft launched its Copilot Checkout on Thursday, which also provides users with recommendations and checkout in its AI chats. The group said shopping through Copilot led to 53 per cent more purchases within 30 minutes of interaction compared to those without.
Google also introduced a “universal commerce protocol”, which it said would enable shopping agents to research products and make purchases without leaving its platform. The protocol was developed with large retailers and marketplaces including Walmart, Target and Shopify.
[…]
Google’s new ads feature will make use of the contextual information from peoples’ conversation with the chatbot in AI mode, and trigger offers on relevant products that user have clicked on.
Retailers can set up offers they want to be available, with Google then using AI to determine when it is best to display the deal to a potential customer.
Srinivasan said Google was “initially focusing on discounts for the pilot and will expand to support the creation of offers with other attributes that help shoppers prioritise value over price alone, such as bundles and free shipping”.
[…]

Source: Google introduces personalised shopping ads to AI tools

EU seeks feedback on Open Digital Ecosystems

Posted on by

It’s important you give your feedback on this:

The European Open Digital Ecosystem Strategy will set out:

  • a strategic approach to the open source sector in the EU that addresses the importance of open source as a crucial contribution to EU technological sovereignty, security and competitiveness
  • a strategic and operational framework to strengthen the use, development and reuse of open digital assets within the Commission, building on the results achieved under the 2020-2023 Commission Open Source Software Strategy.

Source: Call for evidence: European Open Digital Ecosystems

The US muscled the EU into adopting Article 6 of the EU Copyright Directive, preventing reverse engineering in return for free trade. By implementing tariffs, the US broke that agreement. Theres no reason not to delete Article 6 of the EUCD, and all the other laws that prevent European companies from jailbreaking iPhones and making their own App Stores (minus Apples 30% commission), as well as ad-blockers for Facebook and Instagrams apps (which would zero out EU revenue for Meta), and, of course, jailbreaking tools for Xboxes, Teslas, and every make and model of every American car, so European companies could offer service, parts, apps, and add-ons for them. Video games need to be able to be run after official support shuts down and servers close down. We need to get out from under the high tech lock-in scams, we need to get rid of e-waste. We need to get back to ownership of the products we buy. This is an important part of digital sovereignity and in an uncertain world with unreliable partners, the importance of being able to follow EU values needs to be underscored. FOSS and allowing FOSS to develop is an important lynchpin of this.

Plug Into USB, Read Hostname And IP Address | Hackaday

Posted on by

Ever wanted to just plug something in and conveniently read the hostname and IP addresses of a headless board like a Raspberry Pi? Chances are, a free USB port is more accessible than digging up a monitor and keyboard, and that’s where [C4KEW4LK]’s rpi_usb_ip_display comes in. Plug it into a free USB port, and a few moments later, read the built-in display. Handy!

The device is an RP2350 board and a 1.47″ Waveshare LCD, with a simple 3D-printed enclosure. It displays hostname, WiFi interface, Ethernet interface, and whatever others it can identify. There isn’t even a button to push; just plug it in and let it run.

Here’s how it works: once plugged in, the board identifies itself as a USB keyboard and a USB serial port. Then it launches a terminal with Ctrl-Alt-T, and from there it types and runs commands to do the following:

  1. Find the serial port that the RP2350 board just created.
  2. Get the parsed outputs of hostname, ip -o -4 addr show dev wlan0, ip -o -4 addr show dev eth0, and ip -o -4 addr show to gather up data on active interfaces.
  3. Send that information out the serial port to the RP2350 board.
  4. Display the information on the LCD.
  5. Update periodically.

The only catch is that the host system must be able to respond to launching a new terminal with Ctrl-Alt-T, which typically means the host must have someone logged in.

It’s a pretty nifty little tool, and its operation might remind you, in concept, of how BadUSB attacks happen: a piece of hardware, once plugged into a host, identifies itself to the host as something other than what it appears to be. Then it proceeds to input and execute actions. But in this case, it’s not at all malicious, just convenient and awfully cute.

Source: Plug Into USB, Read Hostname And IP Address | Hackaday

A Starlink satellite just exploded and left ‘trackable’ debris

Posted on by

SpaceX said it experienced an anomaly with one if its Starlink satellites that was likely caused by a small explosion. “The anomaly led to venting of the propulsion tank, a rapid decay in semi-major axis by about 4 km [2.5 miles] and the release of a small number of trackable low relatively velocity objects,” Starlink wrote in a post on X. Orbital tracking company LeoLabs assessed that the issue was caused by an “internal energetic source rather than a collision with space debris or another object.”

SpaceX said it’s working with NASA and the US Space Force to track the remains of the object. “The satellite is largely intact, tumbling and will reenter the Earth’s atmosphere and fully demise within weeks,” the company said. It’s trajectory is well below the International Space Station (ISS) so it poses no risk to the lab or its crew. Starlink has yet to say how many pieces it’s tracking.

The incident happened just days after a Starlink satellite narrowly avoided a collision with a rival Chinese satellite from CAS Space last week. Starlink vice president Michael Nicholls said that the incident happened due to a lack of coordination between the two companies. “When satellite operators do not share emphemeris for their satellites, dangerously close approaches can occur in space,” he wrote on X.

Starlink’s constellation consists of almost 9,300 active satellites making up around 65 percent of all orbiting spacecraft, not including defunct units. That number grew by more than 3,000 this year alone, launched aboard 121 separate SpaceX missions — around one every three days.

Source: A Starlink satellite just exploded and left ‘trackable’ debris

US bans new foreign-made drones and components

Posted on by

The Federal Communications Commission has added foreign-made drones and their critical components to the agency’s “Covered List,” making them prohibited to import into the US. In a public notice published by the FCC, it said several national security agencies have determined that umanned aircraft systems (UAS) and their critical components produced in foreign countries pose an unacceptable risk to the national security of the United States.

“UAS and UAS critical components must be produced in the United States,” the agency said. “UAS are inherently dual-use: they are both commercial platforms and potentially military or paramilitary sensors and weapons. UAS and UAS critical components, including data transmission devices, communications systems, flight controllers, ground control stations, controllers, navigation systems, batteries, smart batteries, and motors produced in a foreign country could enable persistent surveillance, data exfiltration, and destructive operations over U.S. territory, including over World Cup and Olympic venues and other mass gathering events.”

[…]

Source: US bans new foreign-made drones and components

So how are they going to reverse engineer all the great drones out there? None of them are being made in the US.

Anna’s Archive Backs up Spotify and analyses the data

Posted on by

Anna’s Archive normally focuses on text (e.g. books and papers). We explained in “The critical window of shadow libraries” that we do this because text has the highest information density. But our mission (preserving humanity’s knowledge and culture) doesn’t distinguish among media types. Sometimes an opportunity comes along outside of text. This is such a case.

A while ago, we discovered a way to scrape Spotify at scale. We saw a role for us here to build a music archive primarily aimed at preservation.

Generally speaking, music is already fairly well preserved. There are many music enthusiasts in the world who digitized their CD and LP collections, shared them through torrents or other digital means, and meticulously catalogued them.

However, these existing efforts have some major issues:

  1. Over-focus on the most popular artists. There is a long tail of music which only gets preserved when a single person cares enough to share it. And such files are often poorly seeded.
  2. Over-focus on the highest possible quality. Since these are created by audiophiles with high end equipment and fans of a particular artist, they chase the highest possible file quality (e.g. lossless FLAC). This inflates the file size and makes it hard to keep a full archive of all music that humanity has ever produced.
  3. No authoritative list of torrents aiming to represent all music ever produced. An equivalent of our book torrent list (which aggregate torrents from LibGen, Sci-Hub, Z-Lib, and many more) does not exist for music.

This Spotify scrape is our humble attempt to start such a “preservation archive” for music. Of course Spotify doesn’t have all the music in the world, but it’s a great start.

Before we dive into the details of this collection, here is a quick overview:

  • Spotify has around 256 million tracks. This collection contains metadata for an estimated 99.9% of tracks.
  • We archived around 86 million music files, representing around 99.6% of listens. It’s a little under 300TB in total size.
  • We primarily used Spotify’s “popularity” metric to prioritize tracks. View the top 10,000 most popular songs in this HTML file (13.8MB gzipped).

[…]

Source: Backing up Spotify – Anna’s Blog

Belkin announces a wireless HDMI dongle that doesn’t need Wi-Fi access

Posted on by

Belkin has announced a plug-and-play casting system at CES 2026 that allows for screen sharing from a laptop, tablet or smartphone to another display without Wi-Fi or Bluetooth. The $150 ConnectAir Wireless HDMI Display Adapter comes with a USB-C transmitter dongle and a USB-A to HDMI receiver that can be connected to a TV, monitor or projector to wirelessly cast over a range of up to 131 feet (40 meters).

Belkin's ConnectAir Wireless USB-C transmitter and HDMI receiver
Belkin’s ConnectAir Wireless USB-C transmitter and HDMI receiver (Belkin)

The ConnectAir Wireless casts in 1080p at 60Hz, with latency under 80ms according to Belkin. It’s compatible with USB-C devices that support DisplayPort Alt Mode, including Windows, macOS and ChromeOS laptops, tablets such as the M1 and M2 iPad Pro and iPad Air, and smartphones with video output. Belkin also says it supports multi-user screen sharing at up to 8 transmitters. The dongle comes in black and while it’s not available to purchase just yet, it’s expected to be released early this year.

Source: Belkin announces a wireless HDMI dongle that doesn’t need Wi-Fi access

iPolish brings color-changing press-on smart nails to CES

Posted on by

press-on acrylic nails that, when you apply an electric charge, change color almost like magic.

In order to enjoy kaleidoscopic nails, you’ll need to charge the wand, which then connects to your phone. Once you’ve selected your color of choice, you just put the tip of the nail into the wand, and it’ll pass a short charge into the nail to change it.

[…]

All in all, it took around five seconds to change the color of a single nail, so it’s not a big deal in the grand scheme of things.

iPolish
iPolish (Daniel Cooper for Engadget)

iPolish says that each nail can display 400 colors, and can be changed as many times as the user would like. So, if you’re coordinating your nails with your outfits, you’re not bound to a single color palette in the weeks between salon visits. They’re also surprisingly affordable, with the starter set costing $95  [NB by the time you pay for shipping (EUR 29!) and taxes, they come to Europe for EUR 141 which is a bit much less affordable] which contains two sets of nails, one in Ballerina cut, one in Squoval. The Ballerinas are relatively short, while the Sqovals are longer.

[…]

When it comes time to replace your nails when one breaks or you lose it in some nailbed mishap, you’ll be able to pick up spares for $6.50.

Source: iPolish brings color-changing press-on smart nails to CES

Would have bought these for around EUR 100,- but EUR 141,- is just too much.

Bose made the consumer friendly move to open source its SoundTouch speakers just before End of Life

Posted on by

Bose recently announced the pending end of cloud support for its SoundTouch line of home speakers. This will, in effect, turn the smart speakers into dumb speakers as they will no longer have access to many features and any related software updates. Well, there’s a spot of good news for SoundTouch owners. The company is turning to an open source model for the software, allowing third parties to keep the music playing.

The company has already begun mailing out the API documentation to customers so “independent developers can create their own SoundTouch-compatible tools and features.” This will take some time, so Bose is also extending the end-of-life (EoL) date for the SoundTouch speakers. They were set to stop receiving cloud updates in February, but that has been moved to May 6.

It made a couple of other changes to make life a bit easier for SoundTouch owners. The speakers will still be able to use AirPlay and Spotify Connect after EoL, which was something that had been in doubt. The app will also continue to work in a stripped-down format. That app was originally set to stop working altogether, so all of those angry customer comments on Reddit must have done the job.

The SoundTouch speakers were introduced in 2013 and were on the expensive side, starting at $600. Nobody likes spending hundreds of dollars on something only to have it become a useless brick several years later. Good on Bose for listening to their customers on this.

Source: Bose made the consumer friendly move to open source its SoundTouch speakers

Finally, a company that isn’t turning it’s goods into e-junk bricks after they stop support.

IXI’s autofocusing lenses are almost ready to replace multifocal glasses

Posted on by

IXI’s glasses are designed for age-related farsightedness, a condition that affects many, if not most people over 45. They combine cameraless eye tracking with liquid crystal lenses that automatically activate when the glasses detect the user’s focus shifting. This means that, instead of having two separate prescriptions, as in multifocal or bifocal lenses, IXI’s lenses automatically switch between each prescription. Crucially — like most modern smartglasses — the frames themselves are lightweight and look like just another pair of normal glasses.

IXI autofocus lenses
Mat Smith for Engadget

With a row of prototype frames and lenses laid out in front of him, CEO and co-founder Niko Eiden explained the technology, which can be separated into two parts. First, the IXI glasses track the movement of your eyes using a system of LEDs and photodiodes, dotted around the edges of where the lenses sit. The LEDs bounce invisible infrared light off the eyes and then measure the reflection, detecting the subtle movements of your eye and how both eyes converge when focusing on something close.

Using infrared with just a “handful of analog channels” takes far less power than the millions of pixels and 60-times-per-second processing required by camera-based systems. IXI’s system not only tracks eye movements, but also blinking and gaze direction, while consuming only 4 milliwatts of power.

IXI autofocus lenses
Mat Smith for Engadget

Most of the technology, including memory, sensors, driving electronics and eye tracker, is in the front frame of the glasses and part of the arms closest to the hinge. The IXI prototype apparently uses batteries similar in size to those found in AirPods, which gives some sense of the size and weight of the tech being used. The charging port is integrated into the glasses’ left arm hinge. Naturally, this does mean they can’t be worn while charging. IXI says that a single charge should cover a whole day’s usage.

The prototype frames I saw this week appeared to be roughly the same weight as my traditional chunky specs.

[…]

Autofocus lenses could eliminate the need for multiple pairs of glasses, such as bifocals and progressives. Even if the glasses were to run out of power, they’d still function as a pair of traditional specs with your standard prescription, just lacking the near-sighted boost. IXI’s sensor sensitivity can also offer insight into other health conditions, detect dry eyes, estimate attentiveness and, by tracking where you’re looking, even posture and neck movement. According to Eiden, blink rate changes with focus, daydreaming and anxiety, and all that generates data that can be shown in the companion app.

IXI autofocus lenses
Mat Smith for Engadget

Hypothetically, the product could even potentially adapt prescriptions dynamically, going beyond the simple vision correction of Gen 1. For example, it could offer stronger corrections as your eyes get fatigued through the day.

[…]

Source: IXI’s autofocusing lenses are almost ready to replace multifocal glasses

17.5 million Instagram accounts data stolen in 2024 now being exploited

Posted on by
This week, Malwarebytes discovered that hackers stole the sensitive information of 17.5 million Instagram accounts. Complete with usernames, physical addresses, phone numbers, email addresses, and more, this data can be abused by cybercriminals to impersonate trusted brands, trick users, and steal their passwords.
Critically, this data is already being offered on the dark web, with individual users also receiving legitimate password reset notifications from Instagram.
Instagram breach notice image
What to do:
  • Beware of emails and messages that claim to come from Instagram, as they could be sent by malicious hackers trying to trick you into handing over your password.
  • If you’re concerned, sign into your Instagram account and reset your password to a new, strong, unique password.

Source: See if you’re at risk

Forum Breachforums Breached

Posted on by

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.

Source: BreachForums (2025) Data Breach

Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS – won’t cave to media cabal. Well done.

Posted on by

Italy fined Cloudflare 14.2 million euros for refusing to block access to pirate sites on its 1.1.1.1 DNS service, the country’s communications regulatory agency, AGCOM, announced yesterday. Cloudflare said it will fight the penalty and threatened to remove all of its servers from Italian cities.

AGCOM issued the fine under Italy’s controversial Piracy Shield law, saying that Cloudflare was required to disable DNS resolution of domain names and routing of traffic to IP addresses reported by copyright holders. The law provides for fines up to 2 percent of a company’s annual turnover, and the agency said it applied a fine equal to 1 percent.

The fine relates to a blocking order issued to Cloudflare in February 2025. Cloudflare argued that installing a filter applying to the roughly 200 billion daily requests to its DNS system would significantly increase latency and negatively affect DNS resolution for sites that aren’t subject to the dispute over piracy.

AGCOM rejected Cloudflare’s arguments. The agency said the required blocking would impose no risk on legitimate websites because the targeted IP addresses were all uniquely intended for copyright infringement.

In a September 2025 report on Piracy Shield, researchers said they found “hundreds of legitimate websites unknowingly affected by blocking, unknown operators experiencing service disruption, and illegal streamers continuing to evade enforcement by exploiting the abundance of address space online, leaving behind unusable and polluted address ranges.” This is “a conservative lower-bound estimate,” the report said.

The Piracy Shield law was adopted in 2024. “To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes,” TorrentFreak wrote in an article today about the Cloudflare fine.

Cloudflare to fight fine, may withhold services

Cloudflare co-founder and CEO Matthew Prince wrote today that Cloudflare already “had multiple legal challenges pending against the underlying scheme” and will “fight the unjust fine.”

“Yesterday a quasi-judicial body in Italy fined Cloudflare $17 million for failing to go along with their scheme to censor the Internet,” Prince wrote. He continued:

The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification to fully censor from the Internet any sites a shadowy cabal of European media elites deemed against their interests. No judicial oversight. No due process. No appeal. No transparency. It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online.

Prince said he will discuss the matter with US government officials next week and that Cloudflare is “happy to discuss this with Italian government officials who, so far, have been unwilling to engage beyond issuing fines.” In addition to challenging the fine, Prince said Cloudflare is “considering the following actions: 1) discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics; 2) discontinuing Cloudflare’s Free cyber security services for any Italy-based users; 3) removing all servers from Italian cities; and 4) terminating all plans to build an Italian Cloudflare office or make any investments in the country.”

“Play stupid games, win stupid prizes,” Prince wrote.

Google also in Piracy Shield crosshairs

AGCOM said today that in the past two years, the Piracy Shield law disabled over 65,000 domain names and about 14,000 IP addresses. Italian authorities also previously ordered Google to block pirate sites at the DNS level.

The Computer & Communications Industry Association (CCIA), a trade group that represents tech companies including Cloudflare and Google, has criticized the Piracy Shield law. “Italian authorities have included virtual private networks (VPN) and public DNS resolvers in the Piracy Shield, which are services fundamental to the protection of free expression and not appropriate tools for blocking,” the CCIA said in a January 2025 letter to European Commission officials.

The CCIA added that “the Piracy Shield raises a significant number of concerns which can inadvertently affect legitimate online services, primarily due to the potential for overblocking.” The letter said that in October 2024, “Google Drive was mistakenly blocked by the Piracy Shield system, causing a three-hour blackout for all Italian users, while 13.5 percent of users were still blocked at the IP level, and 3 percent were blocked at the DNS level after 12 hours.”

The Italian system “aims to automate the blocking process by allowing rights holders to submit IP addresses directly through the platform, following which ISPs have to implement a block,” the CCIA said. “Verification procedures between submission and blocking are not clear, and indeed seem to be lacking. Additionally, there is a total lack of redress mechanisms for affected parties, in case a wrong domain or IP address is submitted and blocked.”

30-minute blocking prevents “careful verification”

The 30-minute blocking window “leaves extremely limited time for careful verification by ISPs that the submitted destination is indeed being used for piracy purposes,” the CCIA said. The trade group also questioned the piracy-reporting system’s ties to the organization that runs Italy’s top football league.

“Additionally, the fact that the Piracy Shield platform was developed for AGCOM by a company affiliated with Lega Serie A, which is one of the very few entities authorized to report, raises serious questions about the potential conflict of interest exacerbating the lack of transparency issue,” the letter said.

A trade group for Italian ISPs has argued that the law requires “filtering and tasks that collide with individual freedoms” and is contrary to European legislation that classifies broadband network services as mere conduits that are exempt from liability.

“On the contrary, in Italy criminal liability has been expressly established for ISPs,” Dalia Coffetti, head of regulatory and EU affairs at the Association of Italian Internet Providers, wrote in April 2025. Coffetti argued, “There are better tools to fight piracy, including criminal Law, cooperation between States, and digital solutions that downgrade the quality of the signal broadcast via illegal streaming websites or IPtv. European ISPs are ready to play their part in the battle against piracy, but the solution certainly does not lie in filtering and blocking IP addresses.”

Source: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS – Ars Technica

For more articles on how Piracy Shield has gone wrong, read here

Italy Fines Cloudflare €14 Million for Refusing to Filter Sites on Public 1.1.1.1 DNS

Posted on by

Italy’s communications regulator AGCOM imposed a record-breaking €14.2 million fine on Cloudflare after the company failed to implement the required piracy blocking measures. Cloudflare argued that filtering its global 1.1.1.1 DNS resolver would be “impossible” without hurting overall performance. AGCOM disagreed, noting that Cloudflare is not necessarily a neutral intermediary either.

italy flagLaunched in 2024, Italy’s elaborate ‘Piracy Shield‘ blocking scheme was billed as the future of anti-piracy efforts.

To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes.

While many pirate sources have indeed been blocked, the Piracy Shield is not without controversy. There have been multiple reports of overblocking, where the anti-piracy system blocked access to legitimate sites and services.

Many of these overblocking instances involved the American Internet infrastructure company Cloudflare, which has been particularly critical of Italy’s Piracy Shield. In addition to protesting the measures in public, Cloudflare allegedly refused to filter pirate sites through its public 1.1.1.1 DNS.

1.1.1.1: Too Big to Block?

This refusal prompted an investigation by AGCOM, which now concluded that Cloudflare openly violated its legal requirements in the country. Following an amendment, the Piracy Shield also requires DNS providers and VPNs to block websites.

The dispute centers specifically on the refusal to comply with AGCOM Order 49/25/CONS, which was issued in February 2025. The order required Cloudflare to block DNS resolution and traffic to a list of domains and IP addresses linked to copyright infringement.

Cloudflare reportedly refused to enforce these blocking requirements through its public DNS resolver. Among other things, Cloudflare countered that filtering its DNS would be unreasonable and disproportionate.

 

Cloudflare’s arguments (translated)

cloud
 

The company warned that doing so would affect billions of daily queries and have an “extremely negative impact on latency,” slowing down the service for legitimate users worldwide.

AGCOM was unmoved by this “too big to block” argument.

The regulator countered that Cloudflare has all the technological expertise and resources to implement the blocking measures. AGCOM argued the company is known for its complex traffic management and rejected the suggestion that complying with the blocking order would break its service.

€14,247,698 Fine

After weighing all arguments, AGCOM imposed a €14,247,698 (USD $16.7m) fine against Cloudflare, concluding that the company failed to comply with the required anti-piracy measures. The fine represents 1% of the company’s global revenue, where the law allows for a maximum of 2%.

 

AGCOM’s conclusion (translated)

14m
 

According to AGCOM, this is the first fine of this type, both in scope and size. This is fitting, as the regulator argued that Cloudflare plays a central role.

“The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare” AGCOM notes, adding that Cloudflare is linked to roughly 70% of the pirate sites targeted under its regime.

In its detailed analysis, the regulator further highlighted that Cloudflare’s cooperation is “essential” for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.

What’s Next?

Cloudflare has strongly contested the accusations throughout AGCOM’s proceedings and previously criticized the Piracy Shield system for lacking transparency and due process.

While the company did not immediately respond to our request for comment, it will almost certainly appeal the fine. This appeal may also draw the interest of other public DNS resolvers, such as Google and OpenDNS.

AGCOM, meanwhile, says that it remains fully committed to enforcing the local piracy law. The regulator notes that since the Piracy Shield started in February 2024, 65,000 domain names and 14,000 IP addresses were blocked.

A copy of AGCOM’s detailed analysis and the associated order (N. 333/25/CONS) available here (pdf).

Source: Italy Fines Cloudflare €14 Million for Refusing to Filter Pirate Sites on Public 1.1.1.1 DNS * TorrentFreak

The sites are not necessarily pirate sites – as noted above (and here), many many legitimate sites are blocked by Italy’s privacy shield, with little to no recourse.

China crew abused ESXi VM escape zero-days a year before disclosure

Posted on by

Chinese-linked cybercriminals were sitting on a working VMware ESXi hypervisor escape kit more than a year before the bugs it relied on were made public.

That’s according to researchers at Huntress, who this week published a breakdown of an intrusion they observed in December 2025 in which a “sophisticated” toolkit was used to break out of virtual machines and target the ESXi hypervisor itself. The security firm says parts of the code point to development starting as early as February 2024 – a full year before VMware disclosed the bugs in March 2025.

The incident began in a very unglamorous way – with a compromised SonicWall VPN appliance. From there, the attackers were able to commandeer a Domain Admin account, pivot across the network, and eventually deploy a suite of tools that Huntress says exploited multiple flaws to escape a guest VM and reach the underlying ESXi hypervisor.

VM escape bugs are particularly serious because they break a promise virtualization is built on: that a hacked VM stays in its own box. In this case, the attackers appear to have stitched together ESXi-specific tricks that enabled them to jump the fence and execute code on the hypervisor itself.

Huntress’s analysis of the binaries revealed development paths with simplified Chinese strings and folders labeled with Chinese text meaning “All version escape – delivery,” hinting at the region and intent behind the work. What’s more, the researchers say the code carried timestamps showing it was put together well before VMware acknowledged or fixed the vulnerabilities.

Those flaws – tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 – were flagged by VMware in March 2025 as critical and high-severity bugs that could be chained to compromise the hypervisor from a guest VM. At the time, the company warned it had “information to suggest that exploitation [of all three CVEs] has occurred in the wild.”

While organizations scrambled to patch their ESXi hosts once the advisory dropped, Huntress’s findings suggest at least some skilled actors were already weaponizing those issues long before IT teams were even aware they existed.

This wasn’t just a smash-and-grab. Huntress says the attackers disabled VMware’s own drivers, loaded unsigned kernel modules, and phoned home in ways designed to go unnoticed. The toolkit supported a wide range of ESXi versions, spanning over 150 builds, which would have let the attackers hit a broad swath of environments had they not been stopped, it added.

[…]

Source: China crew abused ESXi zero-days a year before disclosure • The Register

French Court Orders Google to block swathes of the internet through DNS for … sports TV

Posted on by

The Paris Judicial Court has ordered Google to block nineteen additional pirate site domains through its public DNS resolver. The blockade was requested by Canal+ and aims to stop pirate streams of Champions League games. In its defense, Google argued that rightsholders should target intermediaries higher up the chain first, such as Cloudflare’s CDN, but the court rejected that.

champions leagueThe frontline of online piracy liability keeps moving, and core internet infrastructure providers are increasingly finding themselves in the crosshairs.

Since 2024, the Paris Judicial Court has ordered Cloudflare, Google and other intermediaries to actively block access to pirate sites through their DNS resolvers, confirming that third-party intermediaries can be required to take responsibility.

These blockades are requested by sports rights holders, covering Formula 1, football, and MotoGP, among others. They argue that public DNS resolvers help users to bypass existing ISP blockades, so these intermediaries should be ordered to block domains too.

Google DNS Blocks Expand

These blocking efforts didn’t stop. After the first blocking requests were granted, the Paris Court issued various additional blocking orders. Most recently, Google was compelled to take action following a complaint from French broadcaster Canal+ and its subsidiaries regarding Champions League piracy..

Like previous blocking cases, the request is grounded in Article L. 333-10 of the French Sports Code, which enables rightsholders to seek court orders against any entity that can help to stop ‘serious and repeated’ sports piracy.

After reviewing the evidence and hearing arguments from both sides, the Paris Court granted the blocking request, ordering Google to block nineteen domain names, including antenashop.site, daddylive3.com, livetv860.me, streamysport.org and vavoo.to.

The latest blocking order covers the entire 2025/2026 Champions League series, which ends on May 30, 2026. It’s a dynamic order too, which means that if these sites switch to new domains, as verified by ARCOM, these have to be blocked as well.

Cloudflare-First Defense Fails

Google objected to the blocking request. Among other things, it argued that several domains were linked to Cloudflare’s CDN. Therefore, suspending the sites on the CDN level would be more effective, as that would render them inaccessible.

Based on the subsidiarity principle, Google argued that blocking measures should only be ordered if attempts to block the pirate sites through more direct means have failed.

The court dismissed these arguments, noting that intermediaries cannot dictate the enforcement strategy or blocking order. Intermediaries cannot require “prior steps” against other technical intermediaries, especially given the “irremediable” character of live sports piracy.

The judge found the block proportional because Google remains free to choose the technical method, even if the result is mandated. Internet providers, search engines, CDNs, and DNS resolvers can all be required to block, irrespective of what other measures were taken previously.

Proportional

Google further argued that the blocking measures were disproportionate because they were complex, costly, easily bypassed, and had effects beyond the borders of France.

The Paris court rejected these claims. It argued that Google failed to demonstrate that implementing these blocking measures would result in “important costs” or technical impossibilities.

[…]

A copy of the order issued by the Tribunal Judiciaire de Paris (RG nº 25/11816) is available here (pdf). The order specifically excludes New Caledonia, Wallis and Futuna, and French Polynesia due to specific local legal frameworks.

1. antenashop.site
2. antenawest.store
3. daddylive3.com
4. hesgoal-tv.me
5. livetv860.me
6. streamysport.org
7. vavoo.to
8. witv.soccer
9. veplay.top
10. jxoxkplay.xyz
11. andrenalynrushplay.cfd
12. marbleagree.net
13. emb.apl375.me
14. hornpot.net
15. td3wb1bchdvsahp.ngolpdkyoctjcddxshli469r.org
16. ott-premium.com
17. rex43.premium-ott.xyz
18. smartersiptvpro.fr
19. eta.play-cdn.vip:80

Source: French Court Orders Google DNS to Block Pirate Sites, Dismisses ‘Cloudflare-First’ Defense * TorrentFreak

These blocks can (and do) go horribly wrong. And, should you have another DNS provider, they give you a handy list of where to go to watch the Champions League 🙂

I Played Switch Games in 3D on XReal’s New Smart Glasses, and It’s Wild (and Weird) 

Posted on by

XReal is at CES, unveiling two new pairs of AR smart glasses. The XReal 1S builds on the XReal One, adding Real 3D technology that converts any video or game into a 3D experience. It also introduces an ultrawide mode, a standout feature carried over from the excellent XReal One Pro. The second model, the ROG XReal R1, is the result of XReal’s partnership with Asus’ Republic of Gamers (ROG) and is billed by both companies as the first pair of smart glasses to support a 240Hz refresh rate.

Real 3D on the XReal 1S is surprisingly effective, especially with video games. Mario Kart World and Yooka-Replaylee both have a compelling sense of depth with the mode enabled, and even 2D platformers like Hollow Knight Silksong and Rogue Legacy 2 get a neat pop-out effect that makes the games seem like you’re playing them in a diorama. Considering none of those games are built for 3D displays, it’s impressive how the Real 3D processing handles them in the glasses.

Video converted to 3D is less impressive. I watched some of Fallout on the glasses, and while some shots showed a bit of depth, it was more subtle and less consistent than the games. One shot of a shade-darkened Lucy against the brightly lit wasteland was outright disorienting, because the Real 3D seemed to assume Lucy was the background and the wasteland was the foreground.

Even with games, I turned off Real 3D after 10 minutes or so. It did a number on the framerate, causing some stuttering and flickering. I also saw regular processing artifacts, and across the board, the general picture just looked less sharp than it did in 2D. I started getting a headache, which usually doesn’t happen with smart glasses. (I have experienced that with 3D glasses in theaters, and with TVs during the 3D TV fad of the early 2010s, though.)

There’s a lot of potential here, and XReal will probably improve Real 3D in future firmware updates. If the company can stabilize the framerate and reduce the video artifacts that come from the 3D processing, it could become a must-have feature. In fact, even though I got a headache, the Real 3D processing I tried on the S1 seems to be a bit less stuttery than an earlier version I tried during a demo a few months ago.

Source: I Played Switch Games in 3D on XReal’s New Smart Glasses, and It’s Wild (and Weird) | PCMag

Report: Microsoft quietly kills official way to activate Windows 11/10 without internet

Posted on by

In November last year, we reported on the removal of an unofficial KMS-related Windows activation, something which the company was planning to do for a while. The method worked by helping to activate Windows without an internet connection.

If you are wondering about official ways, offline Windows activation has been possible to do using the phone. However, it looks like Microsoft has quietly killed off that method as users online have found that they are no longer able to activate the OS using it.

[…]

Now when trying to activate the OS by attempting to call the phone number for Microsoft Product Activation, an automated voice response says the following: “Support for product activation has moved online. For the fastest and most convenient way to activate your product, please visit our online product activation portal at aka.ms/aoh”

If you are wondering, that link takes users to the Microsoft Product Activation Portal for online activation.

[…]

Source: Report: Microsoft quietly kills official way to activate Windows 11/10 without internet – Neowin

Together with Windows more and more requiring a Microsoft account to install / log in to windows, this reflects a growing need by Microsoft to peer into your computer.

A self-cleaning, bio-inspired high retention filter for a major entry path of microplastics | npj Emerging Contaminants

Posted on by

Microplastic (MP) fibres from washing machines are a major source of environmental pollution, yet, existing domestic filtration solutions are prone to clogging and have limited retention. Inspired by the gill arch system of ram-feeding fishes, we developed a bio-inspired filter that employs semi-cross-flow filtration with a conical filter element geometry, periodic self-cleaning and optimised inflow. Laboratory tests show that the fish-inspired filter (FiF) retains up to 99.6% of MP test fibres. Clogging is reduced by collecting up to 85% of the fibres outside the FiF through a periodic cleaning mechanism.

[…]

The FiF achieves a low concentrate volume (5%), increasing yield and minimising post-treatment. Our findings highlight the potential of bio-inspired filtration mechanisms for engineering applications such as washing machines[…]

Source: A self-cleaning, bio-inspired high retention filter for a major entry path of microplastics | npj Emerging Contaminants

Your smart TV is watching you and nobody’s stopping it

Posted on by

At the end of last year, Texas Attorney General Ken Paxton sued five of the largest TV companies, accusing them of excessive and deceptive surveillance of their customers.

Paxton reserved special venom for the two China-based members of the quintet. His argument is that unlike Sony, Samsung, and LG, if Hisense and TCL have conducted surveillance in the way the lawsuits accuse them of, they’d potentially be required to share all data with the Chinese Communist Party.

It is a rare pleasure to state that legal action against tech companies is cogent, timely, focused, and – if the allegations are true – deserves to succeed. It is less pleasant to predict that even if one, several, or all of these manufacturers did what they’re accused of, and were sanctioned for it, it would not put the safeguards in place to stop such practices from recurring.

At the heart of the cases is the fact that most smart TVs use Automatic Content Recognition (ACR) to send rapid-fire screenshots back to company servers, where they are analyzed to finely detail your TV usage. This sometimes covers not just streaming video, but whatever apps or external devices are displaying, and the allegations are that every other bit of personal data the set can scry is also pulled in. Installed apps can have trackers, data from other devices can be swept up.

These lawsuits aside, smart TV companies more generally boast of their prying prowess to the ecosystem of data exploiters from which they make their money. The companies are much less open about the mechanisms and amount of data collection, and deploy a barrage of defenses to entice customers into turning the stuff on and stop them from turning it off. You may have already seen massive on-screen Ts&Cs with only ACCEPT as an option, ACR controls buried in labyrinthine menu jails, features that stop working even if you complete the obstacle course – all this is old news.

How old are these practices? TV maker Vizio got hit by multiple suits between 2015 and 2017, and collected $2.2 million in fines from the Federal Trade Commission and the state of New Jersey, as well as settling related class actions to the tune of $17 million. The FTC said the fines settled claims the maker had used installed software on its TVs to collect viewing data on 11 million TVs without their owners’ knowledge or consent. A court order said the manufacturer had to delete data collected before 2016 and promise to “prominently disclose and obtain affirmative express consent” for data collection and sharing from then on.

Yet ten years on, the problem has only got worse. There is no law against data collection, and companies often eat the fines, adjust their behavior to the barest minimum compliance, and set about finding new ways to entomb your digital twin in their datacenters.

It’s not even as if more regulation helps. The European GDPR data protection and privacy regs give consumers powerful rights and companies strict obligations, which smart TV makers do not rush to observe. Researchers claim the problem is growing no matter which side of the Atlantic your TV is watching you on.

[…]

Source: Your smart TV is watching you and nobody’s stopping it • The Register

GNOME and Firefox Consider Disabling Middle Click Paste By Default

Posted on by

Both GNOME and Firefox are considering disabling middle-click paste by default, arguing it’s a confusing, accident-prone X11 relic that dumps clipboard contents without warning. Phoronix reports: A merge request for GNOME’s gsettings-desktop-schemas was opened this weekend to disable the primary-paste functionality by default that allows using the middle mouse button for pasting. Jordan Petridis argued in that GNOME pull request that middle-click paste is an “X11’ism” and that the setting could remain for those wanting to opt-in to enabling the functionality […].

The gsettings set org.gnome.desktop.interface gtk-enable-primary-paste true command would be a way of restoring the primary paste (middle click paste) for those desiring the functionality. The decision over the default has been tasked to GNOME’s design team for consideration.

Separately, Mozilla is also considering disabling middle mouse button paste by default too. […] Another option being considered is having the option to enable/disable it at either the GTK toolkit level or Wayland compositor level.

Looking at the comments, this is a hugely controversial move being pushed by the authors without any recognition that many people actually love having 2 clipboards. It may have been around for a long time, but this is a well used feature. The keyboard has been around for a long time, but no reason to say: hey, it’s old. Let’s sets a chorded keyboard as the default.

HP PC-in-a-keyboard for business

Posted on by

Announced on Monday at CES 2026, the HP EliteBoard G1a looks like a standard desktop keyboard, complete with 93 keys, including a number pad. Its keys have a solid 2 mm of travel, more than most laptops, and felt OK to type on during our brief hands-on, but it’s not mechanical so isn’t the best keyboard money can buy. However, look at the back surface and you’ll notice a small vent where air comes out and either two USB-C ports, or, on some SKus, a single port with a built-in USB-C cable that hangs off it like a tail.

HP EliteBoard G1a

HP EliteBoard G1a

The idea is that you plug the EliteBoard G1a into a monitor that has USB-C video input and allow it to send data and get power over a single wire. Connect a wireless mouse and you’ve got your workstation covered. Maintain a similar monitor and mouse setup at home and you can carry just the keyboard back and forth.

If your monitor, like the majority on the market, doesn’t have a USB-C input, you can use an included USB-to-HDMI adapter to connect. You can use a 65 W USB-C power adapter to juice the G1a if it’s not getting electricity directly from the monitor.

The G1a weighs between 1.49 and 1.69 pounds, depending on config, and measures 14.1 in x 4.7 in x 0.7 inches, so it is more portable than most laptops, though it is longer and thicker than some. At its CES preview, HP showed off a long, thin envelope you can use to carry it and said it would also fit into any laptop bag that holds a 16-inch or larger laptop.

HP EliteBoard G1a

HP EliteBoard G1a

The G1a comes powered by an AMD Ryzen AI 5 or 7 (330, 340, or 350 Pro) with integrated AMD Radeon 800 graphics and an NPU that runs at up to 50 TOPS (Trillion Operations Per Second). Those specs make it a Copilot+ PC by Microsoft’s standards, which means you get certain offline AI features like Microsoft Recall, Click to Do, and Windows Studio Effects. You can get it with up to 64 GB of DDR5 5600 MT/s RAM and up to 2 TB of SSD storage, along with Wi-Fi 6E or 7 connectivity.

[…]

You’ll also be able to configure the G1a with or without a 32 Wh battery that HP claims can offer up to 3.5 hours of unplugged use or two days in sleep. It’s difficult to imagine a scenario where you’d need to use the keyboard without a power source, but having it be asleep while you carry it from one destination to another would be a huge plus.

[…]

Source: HP pushes PC-in-a-keyboard for businesses with hot desks • The Register

This is an absolutely brilliant idea.

One criminal stole info from 50 orgs thanks to no MFA

Posted on by

If you don’t say “yes way” to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan’s homebuilding giant Sekisui House; and Spain’s largest airline Iberia.

The thief, who goes by the moniker Zestix or Sentap, steals data from corporate file-sharing portals by using compromised cloud credentials obtained from information-stealing malware. And none of the purported victims enforced multi-factor authentication (MFA), according to Hudson Rock, an Israeli cybersecurity company that specializes in infostealers.

Stolen credentials combined with a lack of MFA are always a recipe for disaster, as we have seen in earlier big breaches such as Change Healthcare, British Library, and Snowflake customers’ database hacks.

“Because the organizations listed below did not enforce MFA, the attacker walks right in through the front door,” the cybersecurity shop said in a Monday report. “No exploits, no cookies – just a password.”

We’re told Zestix gains access after employees inadvertently download infostealer-laden files to their devices. The stealer malware, such as RedLine, Lumma, or Vidar, then snarfs up saved credentials and browser history.

The cybercriminal, who has been operating as an initial access broker and extortionist since at least 2021, specifically targets enterprise file synchronization and sharing (EFSS) platforms like Progress Software’s ShareFile, Nextcloud, and OwnCloud.

[…]

Credential hygiene

The report illustrates the growing problem with infostealers, a favorite method of ransomware gangs and other financially motivated criminals.

It also highlights the growing trend of criminals simply logging in – not breaking in – to cloud accounts, which security experts have been warning about for the past couple of years.

Plus, as Hudson Rock reports, “while some credentials were harvested from recently infected machines, others had been sitting in logs for years, waiting for an actor like Zestix to exploit them.” This, the team adds, shows a “pervasive failure” in corporate credential hygiene with organizations neglecting to rotate passwords and invalidate sessions.

“It is time for organizations to enforce MFA and monitor their employees’ compromised credentials,” the security firm notes. We couldn’t agree more. ®

Source: One criminal stole info from 50 orgs thanks to no MFA • The Register

VW’s New Year’s Resolution Is to Bring Back Physical Buttons

Posted on by
  • Volkswagen revealed a new generation of cockpit design with the refreshed ID. Polo.
  • The new design marks a big departure for VW and features a plethora of physical controls rather than the capacitive buttons on current models.
  • While the switchgear is currently only found on the new ID. Polo, which isn’t sold in the United States, it could debut on the soon-to-be-refreshed ID.4.

Volkswagen is making a drastic change to its interiors, or at least the interiors of its electric vehicles. The automaker recently unveiled a new cockpit generation with the refreshed ID. Polo—the diminutive electric hatchback that the brand sells in Europe—that now comes with physical buttons.

2027 volkswagen id polo

Volkswagen

While VW certainly isn’t the only automaker that pushed the envelope with haptic controls and digital buttons, it was a particularly egregious offender. Now, the company is doing a complete 180-degree shift, adding a full suite of physical buttons and switchgear to the Polo’s interior.

The steering wheel gets new clusters of buttons for cruise control and interacting with music playback, while switches for the temperature and fan speed now live in a row along the dashboard. The move back to buttons doesn’t come out of nowhere. Volkswagen already started the shift with the new versions of the Golf and Tiguan models in the United States. Unfortunately, some climate controls, such as those for the rear defrost and the heated seats, are still accessed through the touchscreen. Thankfully, they look to retain their dedicated spot at the bottom of the display.

2027 volkswagen id polo

Volkswagen

Volkswagen hasn’t announced which models will receive the new cockpit design. The redesigned interior also may be limited to the brand’s electric vehicles, which would limit it to the upcoming refresh for the ID.4 SUV (and potentially the ID.Buzz), as the only VW EV models currently sold in America.

Source: VW’s New Year’s Resolution Is to Bring Back Physical Buttons

Also unfortunately, the music control buttons seem to be limited to the steering wheel. Having your passenger reach out to select a radio station on your steering wheel feels suboptimal to me. But it’s a start.

Vietnam forces video ads to be shorter than 5 seconds and easy to close

Posted on by

The Government has just issued Decree No. 342 detailing a number of articles of the Advertising Law, which for the first time set strict requirements for advertising on the network environment. Notably, platforms are not forced users to view ads for more than 5 seconds and must allow to turn off ads with just 1 touch.

[…] Do not “force” users to watch ads for more than 5 seconds

One of the notable new points of the Decree is the specific regulation of non-positional advertising – the type of ad appears at the location, the time is not fixed, can obscure the whole or part of the main content and interrupt the user experience.

According to the new decree from February 15, social media users will not be disturbed with long promotional videos, uncensored content. Illustration: lectnews
From February 12, according to the new Decree, users will not be bothered with long promotional videos, uncensored content – Illustration

Article 17 of the Decree requires platforms to design features, clear ad-off icons, ensuring users only need one interaction to be able to turn off ads. It is strictly forbidden to use the symbol to turn off fake ads, confusing or difficult to recognize.

In particular, the Decree stipulates that there is no waiting time to turn off ads for stilltomers. With moving or video image-chain ads, the maximum standby time to turn off ads is only 5 seconds.

In addition, platforms must be clearly arranged and guided by users of advertising reports that violate the law, while also allowing the choice of rejection, turning or not continuing to view inappropriate ads. These reflections must be received, promptly processed and notified to the user in accordance with regulations.

[…]

Source: From 15/2, video ads are not forced users to watch for more than 5 seconds – Women’s Newspaper