The Linkielist – Linking ideas with the world

Minnesota to ban prediction markets like Kalshi, Polymarket (and shhh also VPNs in this ruling… it’s to protect the /kids/)

May 19, 2026

Prediction markets are an absolute blight, with people being threatened and the only winners being insider traders, so I am absolutely in favour of killing them. But to then silently hide a VPN ban inside this ruling is disingenuous at best. Which goes to show – as soon as they start saying it’s for the kids, take a look at how your freedom is being restricted.

Minnesota Gov. Tim Walz has signed the nation’s first law banning prediction market sites from operating in the state, and in response, the Trump administration has sued, teeing up a legal battle over the most far-reaching crackdown on popular services like Kalshi and Polymarket.

It comes as states confront a growing standoff with the Trump administration over how to regulate the industry, which allows people to bet on virtually anything.

The new state law makes it a crime to host or advertise a prediction market, which it defines as a system that lets consumers place a wager on a future outcome, like sports, elections, live entertainment, someone’s word choice and world affairs.

The prohibition extends to services supporting prediction markets, like virtual private networks, that could allow consumers to disguise their location and get around the ban.

It would force prediction market sites like Kalshi and Polymarket to leave the state, or face possible felony charges. The law takes effect in August.

“We as a state should decide how best and what regulations we think should attach to gambling, to protect public safety, to protect our kids,” said Minnesota Rep. Emma Greenman, the Democrat who introduced the measure.

[…]

Source: Minnesota to ban prediction markets like Kalshi, Polymarket : NPR
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

May 19, 2026

An npm account compromise infected 314 npm packages with malware, including size-sensor, echarts-for-react, timeago.js, and packages scoped to @antv, in a 22-minute burst of activity in the early hours of Tuesday morning.

The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million).

The compromised account, i@hust.cc, belongs to a developer based in Hangzhou, China. Security researcher Nicholas Carlini reported the malware on GitHub, and the the hust.cc account closed the issues and marked them as “fixed” within an hour. This means the malware report on this and other repositories is hidden unless a developer looks for closed issues.

Some malicious package versions have been deprecated on npm with the message “this version was published in error, please use the latest version instead,” while others have been removed.

Security biz SafeDep reported on the malware and analyzed the payload, which uses the same structure as that used to compromise SAP packages three weeks ago.

The malware reads environment variables and scans files to find credentials for GitHub, npm, cloud platforms including AWS, Microsoft Azure, and Google Cloud, Docker, Stripe, and more. The code also attempts to escape container boundaries. Stolen secrets are exfiltrated to a new GitHub repository.

The malware injects settings files into other local projects on a developer machine, for execution by Claude Code or Codex, and further abuses GitHub as a C2 (command-and-control) backdoor via malicious repositories and Python code that downloads and executes content from them.

According to SafeDep, “the attacker automated the entire wave using a stolen token.”

Developers who have installed compromised package versions are advised to rotate all credentials accessible from the build environment, check for unauthorized GitHub repositories, and remove malicious systemd services on Linux. Maintainers and package publishers are at greatest risk as they may find further malicious packages published via their own credentials.

This attack comes shortly after another Shai-Hulud incident reported yesterday, and more can be expected.

Although other package repositories such as PyPI and RubyGems have also seen malware published to them, npm remains the biggest target and, for now, appears to be the worst affected. npm, owned by Microsoft subsidiary GitHub, has said little about the current wave.

In September last year, a post outlining a plan for a more secure npm supply chain was intended to “address a surge in package registry attacks,” during what now looks like the early phase of Shai-Hulud, but the actions taken so far have not prevented further incidents.

Source: Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
This Security Pro’s Toyota RAV4 Can’t Spy on Him Anymore. Here’s How He Did It

May 19, 2026

Researchers have spilled tons of ink about connected cars and the dangers associated with them. Still, many people don’t know that their daily drivers are sending personal information to insurers and advertisers alike. Even those who do know often choose to take their chances—but not security professional Arkadiy Tetelman. He recently took all the data senders out of his 2024 Toyota RAV4, and he published the process so others know how to unplug, too.

Tetelman prefaced his walkthrough with a series of warnings. He pointed to past instances like Tesla employees sharing footage of naked customers in 2023, as well as a more recent vulnerability in Subarus that allowed anyone to remotely unlock cars while accessing real-time and historical GPS location. Paranoia is pretty well justified when the track record looks like that.

I won’t retell Tetelman’s blog blow-for-blow, but the gist is this: It’s an involved process, though that shouldn’t stop you. He lays out all of the necessary tools required to do the job on a RAV4 like his, and in 13 steps, he explains how to remove the data communication model. He also instructs folks on how to remove the Toyota’s GPS antenna in five steps. Again, you need a few hours to complete all this, but you don’t have to be a mechanic of any kind.

With both the DCM and GPS antenna removed, Tetelman’s crossover no longer sends location or telemetry data to third parties. It loses connected features like over-the-air updates and SOS calling—a safety feature that he willingly disabled—but that’s mostly it. Confirming that it worked is pretty easy, since all you have to do is check that the car has no internet connection while ensuring that the SOS calling light is off. You should still be able to make and receive phone calls through CarPlay, too, as the DCM bypass kit enables the in-car mic to remain operational for functions like that.

You have to take off the trim that surrounds the shifter, as well as disconnect the infotainment screen, to get to these data senders. Toyota

Now, if you want these changes to achieve their intended purpose, you can’t use Bluetooth. Should you connect to your car wirelessly, then your phone will simply send your data to Toyota instead. The solution is simple, as you can still connect your mobile device with a USB cable.

And if you have concerns about your car’s warranty after these modifications, just know that they can’t deny claims for components in the powertrain or other unrelated systems because you removed the DCM or GPS antenna. Tetelman makes this clear while citing the Magnuson-Moss Warranty Act.

Most people won’t want to pick their car apart to remove these components, but for those who are willing, it’s practically their best bet for data privacy. Tetelman warns, however, that it’s likely to become increasingly difficult as manufacturers adopt new tricks.

“Unfortunately, I think it’s only a matter of time before the modem and GPS become more deeply integrated into the car (making this blog post infeasible), or cars have more drastic failure modes when the modem/GPS is removed, or anti-right-to-repair laws get passed to further clamp down on this behavior,” he wrote. “For now, the win stands—no telemetry leaves the car. Strong federal privacy laws would make posts like this unnecessary; that’s the world I’d rather live in.”

Source: This Security Pro’s Toyota RAV4 Can’t Spy on Him Anymore. Here’s How He Did It
Almost half of everything orbiting Earth is space junk | Popular Science

May 18, 2026

Nearly half of all known objects currently orbiting Earth technically classify as space junk, but the true amount may be even higher. Not only that, the debris continues amassing faster than it’s being removed.

The latest red alert report comes from the engineering components company, Accu, and is based on information compiled from the U.S. Space Surveillance Network and its Space-Track database. According to their assessment, there are at least 12,550 tracked orbital debris fragments circling the planet “with no control or purpose.” That’s around 47 percent of the 33,269 known objects, which includes almost 17,690 satellites. But with many of those satellites now inactive along with nearly 2,400 jettisoned rocket bodies, the total space junk is likely worse than the current numbers suggest.

[…]

Crunching the numbers further, Accu calculated that there are seven debris objects for every 10 satellites orbiting Earth. The responsibility almost entirely falls on three contributors—China has generated 34 percent of the junk, while the United States and the Russian-aligned Commonwealth of Independent States (CIS) have both provided about 31 percent of the debris.

Most abandoned objects revolving around Earth follow a decaying orbit due to the planet’s gravity and will burn up during atmospheric re-entry. But that often takes years to occur, and as Accu points out, it doesn’t always erase the issue. Material like aluminum, copper, and lithium may vaporize before they hit the ground, but their particulates remain in the upper atmosphere. More research is needed to understand the full impact, but evidence already suggests harmful effects on the ozone.

So what’s being done to address the issue? Not much, unfortunately.

[…]

Source: Almost half of everything orbiting Earth is space junk | Popular Science
Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess

May 18, 2026

Aside from the arguments presented by Mozilla, VPNs are an essential part of corporate IT infrastructure, which is why so much broke down when Russia tried to ban them.

Mozilla has warned Britain not to turn VPNs into collateral damage in the government’s increasingly desperate hunt for ways to stop kids dodging Online Safety Act age checks.

In a submission to the Department for Science, Innovation and Technology’s “Growing up in the online world” consultation, Mozilla argued that VPNs are “essential privacy and security tools” used by millions of ordinary people, from those securing public Wi-Fi and remote work traffic to journalists, activists, and other vulnerable users.

“VPNs serve as critical privacy and security tools for users across all ages,” said Svea Windwehr, policy manager at Mozilla. “By hiding users’ IP addresses, VPNs help protect users’ location, reduce tracking and avoid IP-based profiling.” Windwehr added that people rely on VPNs for everything from connecting remotely to school or work networks to avoiding censorship and “simply protecting their privacy and security online.”

The filing lands in the middle of an increasingly strange UK debate where privacy tools are being recast as a threat to online safety enforcement.

VPN usage in the UK surged almost immediately after Online Safety Act age checks started rolling out last year, as users scrambled to avoid handing sensitive identity data to adult websites and platforms demanding facial scans or ID verification. Child safety advocates and officials then turned their attention to VPNs themselves, with the Children’s Commissioner for England even suggesting the government should explore ways to stop children from using them altogether.

Mozilla’s response argues the government is chasing the wrong target.

The company pointed to research from Internet Matters suggesting that relatively few children use VPNs in the first place, and that only a small minority use them specifically to bypass age restrictions. Mozilla instead argued that most successful workarounds involve fake birth dates, borrowed accounts, weak age assurance systems, or laughably fragile facial estimation tools that children have reportedly fooled with drawn-on facial hair.

Mozilla also pointed out a central problem with age-gating VPNs: users would first need to hand over personal information before accessing software intended to reduce tracking and data collection.

Britain is not the only country suddenly developing strong opinions about VPNs. Denmark recently floated anti-piracy legislation broad enough to trigger fears that VPN usage itself could become legally risky, before ministers hurriedly insisted nobody was trying to ban VPNs. Across Europe, VPNs are being treated less like routine security software and more like an obstacle to enforcement as users turn to them to bypass restrictions.

Unfortunately for regulators, the technology industry appears to be moving in the opposite direction. Mozilla has already been testing built-in VPN functionality directly inside Firefox, joining a wider browser trend toward integrating privacy features that previously required separate software.

Blocking standalone VPN apps is one thing, but trying to untangle VPN functionality from modern browsers is a much bigger problem.

Mozilla’s submission repeatedly argues Britain is drifting toward “safety through surveillance” instead of addressing the recommendation systems, engagement algorithms, and platform incentives that actually drive online harms. ®

Source: Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
‘Big AI’ is subverting regulations in the same way tobacco, gmo, oil firms do

May 18, 2026

The AI industry is copying techniques used by tobacco firms, big pharma and oil companies to influence governmental policy and regulation of itself, according to an academic study.

Researchers at the University of Edinburgh, Trinity College Dublin, Delft University of Technology, and Carnegie Mellon University claim they identified patterns of “corporate capture” by which regulations and public bodies come to act in the interest of industry rather than the citizens they are meant to protect.

Their paper, “Big AI’s Regulatory Capture: Mapping Industry Interference and Government Complicity,” details various mechanisms of capture and how these work.

The most frequent include what the researchers identify as Discourse & Epistemic influence (D&EI), Elusion of law, or Direct influence on policy.

For evidence, the researchers analyzed 100 news stories covering four global AI events between 2023 and 2025; the EU AI Act negotiations, and the global AI summits held in the UK, South Korea, and France. They report finding numerous cases fitting capture patterns.

One of the most prevalent here was “narrative capture,” which is when an industry or company attempts to steer discussion in a direction that benefits them, and influences the position or decisions of public officials and official regulations.

As an example, it cites how the European Commission has uncritically followed the industry’s call to “simplify” the AI Act (alongside other digital regulation) even before it has been fully implemented.

Earlier this month, The Register reported how enforcement of the rules was delayed, while the rules themselves were cut back after months of angry complaints from AI companies.

Narratives deployed emphasized how “regulation stifles innovation” and centered on “red tape,” where regulation is portrayed as unnecessary or excessive, setting the stage for later calls explicitly advocating for “deregulation.”

The researchers found that “elusion of law” (using legal loopholes) is the most recurring after narrative-framing activity. This may comprise violations, such as disregarding existing laws, or contentious interpretations of laws governing areas including antitrust, privacy, copyright and labor laws.

Reg readers will be familiar with AI developers’ efforts to exempt themselves from copyright laws, for example, by arguing that requiring permission or payment for training data would stifle progress or even destroy the industry entirely.

This position has been championed by the Tony Blair Institute and by the UK’s former deputy PM and erstwhile Meta apologist Sir Nick Clegg, who now works for neocloud biz Nscale.

The study also identified lobbying and “Revolving Door” as common tools for shaping policy, the latter referring to public officials moving into private sector roles or industry figures securing influential government posts.

The UK government’s flagship AI Opportunities Action Plan – for example – was authored by entrepreneur Matt Clifford, who it turns out happens to have financial interests in nearly 500 tech firms, including a number involved with AI.

The paper concludes that while it is only right that government regulators attend to the concerns of industry, regulation should always prioritize protecting and promoting the core public values for which governments bear responsibility.

It warns that the AI industry’s power, wealth and influence have “far-reaching implications” in terms of impact on the rule of law, the labor market, the environment, knowledge production, and, ultimately, on the functioning of democracy itself.

The level of power held by the AI industry is “so corrosive” that policymakers ought to treat it as an emergency, the paper says. Government complicity is detrimental to ensuring the rule of law and to restoring trust in public interest technologies, it points out. ®

Source: ‘Big AI’ is subverting regulations just like tobacco and oil firms
France’s top film producer says it will blacklist figures who petitioned against rightwing billionaire | Film | The Guardian

May 18, 2026

The head of France’s biggest film producer, Canal+, has said the group will no longer work with hundreds of cinema figures who signed a petition voicing concern over the growing influence of the rightwing billionaire owner Vincent Bolloré.

The open letter, published earlier this week to coincide with the opening of the Cannes film festival, was signed by more than 600 figures, including the actor-director Juliette Binoche, the director and photographer Raymond Depardon, the French-Iranian film-maker Sepideh Farsi and the director Arthur Harari, who co-wrote the Oscar-winning Anatomy of a Fall and is premiering his film The Unknown in the main competition in Cannes.

They said that “leaving French cinema in the hands of a far-right owner” risked “not only the standardisation of films, but a fascist takeover of the collective imagination”.

Bolloré, a conservative industrialist, has a powerful media empire, which includes Canal+ and its in-house production operation, StudioCanal, which is Europe’s leading film and television production and distribution group. StudioCanal’s recent films include the Amy Winehouse biopic Back to Black and Paddington in Peru.

Vincent Bolloré at a French senate hearing into public broadcasting neutrality and financing in March. Photograph: Gonzalo Fuentes/Reuters

He also owns the channel CNews, the radio station Europe 1 and the Sunday paper Le Journal du Dimanche.

Speaking in Cannes on Sunday, the Canal+ chief executive, Maxime Saada, called the petition “an injustice toward the Canal+ teams, who are committed to defending the independence of Canal+ and the full diversity of its choices”.

He added: “I will no longer work with and I no longer want Canal to work with the people who signed that petition.”

In the open letter, the film industry figures said they were alarmed that Canal+ had taken a stake in UGC, the third-biggest network of French cinemas, with a view to fully owning it in 2028. They said Bolloré would be “in the position of controlling the entire fabrication chain of films from their financing to their distribution and their release on the big and small screen”.

They said that “behind his business suit”, Bolloré was promoting a reactionary, far-right project for society “through his TV stations like CNews and his publishing houses” and they feared this could extend to film.

“The influence of [his] ideological offensive on the content of films has so far been discreet, but we are under no illusion: this won’t last,” they wrote.

The tumult mirrors similar upheaval in the publishing industry. In an unprecedented move last month, more than 100 writers quit the publishing house Grasset in protest at Bolloré’s control of its parent company, Hachette. “We refuse to be hostages in an ideological war that seeks to impose authoritarianism everywhere in culture and the media,” the authors wrote.

In a sign of Bollore’s divisive reputation, the Canal+ logo was booed in Cannes at some screenings this year, including for the opening film, The Electric Kiss.

In a senate hearing in 2022, Bolloré denied political or ideological interventionism, saying his interest in acquiring media was purely financial and his cultural empire was about promoting French soft power.

Isn’t promoting soft power both political and ideological?

After last month’s authors’ revolt over his publishing business, Bolloré wrote in Le Journal du Dimanche that those who had quit were “a tiny caste who think themselves above everyone else”. He said: “As for the attacks concerning my ‘ideology’, I’m a Christian democrat.”

Source: France’s top film producer says it will blacklist figures who petitioned against rightwing billionaire | Film | The Guardian
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

May 18, 2026

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems.

The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after claiming that Microsoft failed to properly patch a previously reported 2020 vulnerability.

According to the researcher, the flaw impacts the ‘cldflt.sys‘ Cloud Filter driver and its ‘HsmOsBlockPlaceholderAccess‘ routine, which was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.

At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020.

“After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched,” explains Chaotic Eclipse.

“I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.”

[…]

Researcher behind the recent string of Windows zero-days

MiniPlasma is the latest in a string of Windows zero-day disclosures published by the researcher over the past several weeks.

The disclosure spree began in April with BlueHammer, a Windows local privilege escalation flaw tracked as CVE-2026-33825, followed by another privilege escalation vulnerability, RedSun, and a Windows Defender DoS tool, UnDefend.

After their disclosure, all three vulnerabilities were spotted being exploited in attacks. According to the researcher, Microsoft silently patched the RedSun issue without assigning it a CVE identifier.

This month, the researcher also released two additional exploits named YellowKey and GreenPlasma.

YellowKey is a BitLocker bypass affecting Windows 11 and Windows Server 2022/2025 that spawns a command shell that gives access to unlocked drives protected by TPM-only BitLocker configurations.

Chaotic Eclipse has previously stated that they are publicly disclosing these Windows zero-days in protest of Microsoft’s bug bounty and vulnerability-handling process.

“Normally, I would go through the process of begging them to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did and I’m not sure if I was the only who had this horride experience or few people did but I think most would just eat it and cut their losses but for me, they took away everything,” alleged the researcher.

“They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.”

[…]

Source: New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
World’s rivers are running out of oxygen

May 18, 2026

Climate change is steadily stripping oxygen from rivers around the world, according to a new study published May 15 in Science Advances. Researchers found that this long-term oxygen decline is happening across most river systems, with tropical rivers emerging as the most vulnerable. The findings point to an urgent need for strategies aimed at slowing oxygen loss in freshwater ecosystems.
The study was led by Prof. Kun Shi of the Nanjing Institute of Geography and Limnology (NIGLAS) at the Chinese Academy of Sciences. Dr. Qi Guan served as the first author, and the project also involved a researcher from Tongji University.
Rivers Losing a Vital Ingredient for Life
Dissolved oxygen plays a critical role in maintaining healthy river ecosystems. It supports aquatic organisms, helps sustain biodiversity, and influences important biogeochemical processes. When oxygen levels fall, river health can deteriorate, putting fish and other freshwater species at risk.
To examine how river oxygen levels have changed over time, the researchers used a machine-learning stacking algorithm to analyze observations from 21,439 river reaches worldwide collected over nearly four decades (1985-2023).
Their analysis revealed a clear global trend. River oxygen levels declined at an average rate of -0.045 mg L-1 decade-1, and 78.8% of the rivers included in the study showed signs of deoxygenation.
Tropical Rivers Hit Hardest
The strongest oxygen losses were found in tropical rivers located between 20°S and 20°N, including rivers in India. This result surprised researchers because scientists had previously expected rivers at higher latitudes, where warming is often more intense, to face the greatest deoxygenation risks.

Instead, the study showed that tropical rivers already tend to have lower oxygen concentrations, making them especially vulnerable when oxygen levels continue to drop. Combined with faster deoxygenation rates, these conditions increase the likelihood of hypoxia events, when oxygen becomes too scarce to support many forms of aquatic life.
River Flow and Dams Influence Oxygen Loss
The researchers also examined how river flow patterns and dam impoundment affect oxygen decline.
Both low-flow and high-flow conditions appeared to partially reduce deoxygenation compared with normal-flow conditions. Rivers experiencing low-flow conditions had an 18.6% lower deoxygenation rate, while high-flow conditions were associated with a 7.0% lower rate.
Dam impoundment produced different effects depending on reservoir depth. In shallow reservoirs, impoundment accelerated oxygen loss. In deeper reservoirs, however, it helped reduce deoxygenation in the impounded area.
Heatwaves Accelerate River Deoxygenation
Further analysis showed that declining oxygen solubility caused by climate warming was the primary driver behind the global oxygen decline, accounting for 62.7% of the observed changes.

Ecosystem metabolism, influenced by factors such as temperature, light, and water flow, contributed 12% of the deoxygenation.
The team also investigated the role of heatwaves. Their results showed that heatwave events accounted for 22.7% of global river deoxygenation. Heatwaves increased the deoxygenation rate by 0.01 mg L-1 decade-1 compared with conditions under average climatological temperatures.
Overall, the findings highlight the growing impact of climate warming on flowing freshwater ecosystems, also known as lotic ecosystems. The researchers say tropical rivers should be considered a top priority for mitigation efforts aimed at preventing worsening oxygen depletion. The study also provides a scientific foundation that policymakers can use when developing strategies to address river deoxygenation worldwide.

Story Source:
Materials provided by Chinese Academy of Sciences Headquarters. Note: Content may be edited for style and length.

Journal Reference:
Qi Guan, Kun Shi, Xuehui Pi. Sustained deoxygenation in global flowing waters under climate warming. Science Advances, 2026; 12 (20) DOI: 10.1126/sciadv.aef3132

Source: Scientists warn that the world’s rivers are running out of oxygen | ScienceDaily
We look at expertise – until we find out what politics the expert has

May 18, 2026

Most Americans know what a real expert’s credentials look like: relevant degree, years of experience, and respect from peers. The problem, according to a study recently published in Scientific Reports, is that none of it matters as much once we find out their politics.

That’s the central finding of the research led by Mertcan Güngör, Ph.D. candidate in psychology at UC Irvine. Their paper, titled “Politics matter more than credentials in laypeople’s judgments of expertise,” put more than 2,400 participants through a series of experiments designed to test how ordinary people decide who to trust—and under what conditions that judgment breaks down.

How people say they judge experts

The study unfolded in three parts.

In the first part, 208 participants were asked which factors they considered important when evaluating an expert on topics ranging from skincare and nutrition to abortion and police brutality. Respondents ranked attributes like relevant degrees, research experience, peer recognition, and moral character as the most important signals of expertise, found Güngör and his co-authors Nathan Ballantyne and Jared B. Celniker of Arizona State University.

Superficial traits like height, looks, race, and sexual orientation ranked at the bottom. So far, so rational.

What happens in practice with credentials

The second experiment, with 498 participants, tested whether those stated preferences actually matched real behavior.

Using fictional expert biographies in which credentials were systematically varied, the researchers confirmed that people genuinely did trust experts more when they had relevant academic backgrounds, more experience, and peer-recognized accomplishments. Weaker signals, like an Ivy League diploma or a large social media following, also influenced trust, but to a lesser degree.

Through the first two studies, the picture was cautiously optimistic: People generally know what good expertise looks like, and they respond to it accordingly.

When political agreement overrides expertise

Then came Study 3.

In the most revealing experiment, 1,776 participants read biographies of a fictional researcher who had written a best-selling book on abortion. The researcher was either highly qualified, a physician with years of research and publications; or underqualified, holding a mechanical engineering degree with minimal relevant experience.

The researcher’s views on abortion were also varied: pro-choice, pro-life, or left unstated.

While people still paid attention to credentials, what mattered more was their agreement with the expert’s views, Güngör noted.

“The effect of whether the expert agreed with them politically was more than twice as large as the effect of credentials, such that agreement made up for the lack of credentials and disagreement wiped out the benefit of credentials,” he explained. “A mechanical engineer who shared a participant’s views on abortion was trusted just as much as a medical doctor whose views were unknown. Conversely, a medical doctor who held the ‘wrong’ political opinion was trusted no more than a mechanical engineer with little relevant experience.”

That bias toward like-minded experts, he said, was equally strong among pro-choice and pro-life participants.

What the findings mean for expertise

The findings add important nuance to the popular narrative of an ongoing “death of expertise,” the idea that people have broadly stopped trusting scientists, doctors, and other credentialed authorities, Güngör said. “The data don’t fully support that bleak diagnosis, but they don’t offer much comfort either.”

People aren’t abandoning the concept of expertise, he said; they’re shopping for experts who already agree with them.

“When no legitimate, credentialed expert is available to validate a particular political position, some people turn to podcasters, influencers, and other media personalities to fill the void,” Güngör noted.

The researchers also documented a troubling “halo effect,” when participants trusted an expert because of shared politics, they retroactively inflated their assessment of that expert’s credentials, rating their academic background as more relevant and their experience as more extensive than the biographical facts warranted.

“People can create their preferred experts not because they don’t care about expertise, but because they know what a good expert should look like,” Güngör said.

[…]

Source: When politics enter the picture, credentials take a back seat
Surprise AI bills leave AWS and Google Cloud users aghast

May 18, 2026

Hopefully you haven’t had reason to notice yet, but there’s a rising problem with AI services on Google Cloud, AWS, and other platforms sticking their customers with bills in the tens of thousands of dollars.

This week’s episode of the Kettle focuses on two such stories that The Register published this week, one concerning Google and another involving AWS. In both cases, cloud customers using AI incurred massive bills without any prior notification from their provider and not a lot of help to resolve the matter with any sense of urgency.

[…]

So if you’re a developer and you’ve created an API key for your projects, if your project uses Maps, you’ll create an API key. And for years, the advice from Google was put that API key on the front end of that, make it public so that when users are using your site, it links back to your project.

The problem was a couple years ago, they allowed those API keys, if they were configured correctly, to also access Gemini. And a lot of folks who were early adopters of AI went in and said, okay, I want to use Gemini with my project. And not really connecting the dots that their API key on the front end that was publicly available would now also allow anybody to inference Google’s Gemini platform.

And it wasn’t a big deal, I think, for a lot of years because I don’t think the platform was really that amazing.

Brandon (02:01)

Yeah, because you said this is a three year old change, right?

O’Ryan Johnson (02:22)

But recently…Nano Banana and the Veo 3 models came out. And that’s when I think we started to see a lot of this. This great security company named Truffle wrote something about this in February saying, look, be careful because if you’ve put your API key out according to Google’s instructions, and if you’ve also been working with Gemini models, there’s a chance that you may have inadvertently opened up your API key to anybody to be able to inference [Veo] and NanoBanana to their heart’s content.

Brandon (02:40)

And specifically a Maps API key, right? Okay,

O’Ryan Johnson (02:51)

Correct. Which again was, was Google had told everybody for quite a while was safe. And so, what happened kind of inevitably is folks were bad actors were in fact using that for for those purposes So you’d have these you know sort of like horror stories of waking up in the morning and seeing your Google account Which you maybe you never spent more than fifty dollars a month, all of a sudden you have a $3,000 bill, $5,000 bill.

[…]

how you figure this out, is kind of buried, right? It’s hard to find, right? So as he’s looking, trying to frantically figure out what’s happening, more charges are being added.

[…]

that’s the first part. The second part is that, you know, this happened to people who had spending caps in place. And Google has only recently put spending caps in place, but they’re really loose caps. I talked to a developer in Australia who said, “Look, I put a $250 spending cap in place. And when I woke up, I had a $10,000 bill.” …And he said, “When I was going to going through afterwards, I looked and I said my spending tier was at the $100,000 limit. And I said, how does it happen?”

Well, if you look like Google was actually very upfront about this. In March, they put out a blog and said, “Hey, we’re going to help you out. If you’ve only got a $250 spending cap, if you spent $1,000 in the lifetime of your account and you’ve been a Google member for 30 days or more, a Google Cloud developer for 30 days or more, you can spend $100,000.”

Brandon (04:47)

And there’s no notification to the user accounts that this is being done?

O’Ryan Johnson (04:50)

Except for the emails that say this is how much you owe us, which is all after the fact.

Brandon (04:57)

And if you’re less than 30 days, right, it’s moving to tier two is, I think, what’s the cap on that?

O’Ryan Johnson (05:01)

Two thousand dollars.

Brandon (05:04)

But even then, it’s spend a hundred bucks in the lifetime of your account?

O’Ryan Johnson (05:06)

A hundred dollars and be three days old, and Google will give you a $2,000 cap to spend. Those are the most generous terms – you guys have been around IT for years, what distributor would ever give you terms like that like if you went to TD Synnex or if you went to Ingram Micro and said, “Hey, I’m 30 days old and I’ve spent $1,000. I would like $100,000 in credit with you.” They would laugh .

[…]

And then of course the problem is trying to get that money … trying to get your account restored. like in two of the cases, the money had already been spent. So the credit cards, one was $17,000, one was $10,000. The money was already out of their account and they have this project. If they charge it back, they’re afraid that Google’s going to shut down their project and delete it. If they stick with the bill, then they’re stuck with this debt that is obviously outside the bounds of any budget that they had set for their Google Cloud project.

[…]

The automatic tier upgrades are obviously a problem, but are all these cases that you’re seeing, are they tied back to the Truffle notice? I mean, these are all Maps API keys?

O’Ryan Johnson (07:02)

Not all of them.

Some people say like, “Look, I never put my API key out publicly.” And I talked to a guy yesterday who said, “Look, my API key has been hidden from everybody. I think I got brute forced.” ….I don’t possibility or the probability of being able to brute force an API key, they’re huge, long chains of numbers and texts. Probably not impossible…But this guy, his bill was $127,000, which is just a huge, huge amount.

[…]

You wrote a story this week about an AWS customer who was billed $30,000 despite supposedly having a setting enabled to prevent this. So what’s this all about?

[…]

a user who was using AWS Bedrock. He wanted to take Claude Opus out for a spin, try it out. He had some startup credits fired by Activate. All great. Now he was using a tool called the AWS Cost Anomaly Detection Tool. What that does, that actually sends you alerts if you’re doing some odd things and your account is incurring additional costs, and as well as using AI machine learning, you can also set some custom thresholds… “If I spend more than this then stop or shout at me or whatever

Brandon (09:39)

Yeah, cut me off. Yeah.

Richard Speed (09:45)

So he thought, “Great, I’ve got that, what could possibly go wrong?”

And so he began to use his AWS Bedrock and no alerts were fired, all was good until about a month after he began using it he got a bill for $30,000 or $38,000 through where he was expecting hundreds. And the reason being was that AWS Bedrock apparently bills through AWS Marketplace, and that is not compatible with the cost anomaly detection.

Brandon (10:06)

So Marketplace is where you can pick up third party integrations for AWS, right?

Richard Speed (10:17)

Right, and that’s where AWS Bedrock was being billed, was basically invoiced through. And to be completely fair to AWS, that is documented. It is in the documentation, “This will happen.” So, hence the cautionary tale aspect. But again, I’ve had a few people say, actually it’s pretty unintuitive, this. You kind of would assume it’s being caught and it wasn’t caught.

[…]

So does Cost Anomaly Detection function only with first-party Amazon products then basically? Anything in the Marketplace that you’re pulling from a third-party provider doesn’t get included in this?

Richard Speed (11:59)

Yeah, I believe so. Yeah, it’s just through AWS services except for Marketplace stuff. But there are other checks and things in place in AWS. It’s just in this instance, the expectation was if I’m using Cost Anomaly Detection, it should stop me running up a massive invoice or running up a massive bill using AWS Bedrock. In this case, it didn’t. It was completely silent as the thousands and thousands and thousands began to rack up on the account.

Brandon (12:05)

And even, I think you wrote, even when his credits ran out. Like, he ran out of credits and switched to cash billing and there was no notice.

Richard Speed (12:29)

Exactly. It suddenly went from from credits to cash billing again with no notification or warning.

[…]

One thing that is kind of universal across this that one of these users pointed out, is that the most frustrating part is that they have the information. They can see what you’re doing in your account and they don’t stop it. All this information that we’re talking about, whether it’s your usage, whether it’s your billing, all that stuff is within the four walls of, whether it’s Google or AWS

[…]

Like if a user could shut off – if there was a notification that came in and said, “Hey, did you know that you’re on Veo right now and you’re generating videos? Would you like to shut that off?” Think about your credit card company. If I go one county over and I spend $10 at a Target, I’ll get an alert from my card company. “Hey, are you sure?” Are you telling me, Google and AWS, that you can’t do that?

[…]

There’s no way, there’s no way that ⁓ Google and AWS don’t see this usage or can’t monitor it. Can’t pop a large language model on there to keep an eye out for ⁓ unusual billing and notify people. Like you said, if you never use [Veo] or never use NanoBanana and all of a sudden your account’s racking up thousands of dollars of charges on it, Google should probably say, “Hey, is this you?”

[…]

Richard Speed (18:11)

There have been some issues on Azure. I read a piece, oh crikey, several weeks, maybe even months ago now, regarding a similar thing to what’s happened with AWS with a user who had, he hadn’t realized that his startup credits didn’t count towards AI usage. And then he found himself hit with a massive invoice because again, Microsoft just quietly said, “Yeah, sure. You want that service? No problem. Here you go. Use it.” And so he used it and then the huge invoice came through. I think… I think it’s important to point out that these companies, they’re not doing anything wrong legally. Ethically, I’m with O’Ryan, they should be warning you to say, “Hey, you know, you’re spending way more now than you ever used to before. These services that you’ve never used before, are you sure you want to be doing that? Are you sure about that?”

[…]

it looks like the AWS user might be a little bit hosed on getting a refund. Do you know is Amazon – did you talk to Amazon for the story? Do they have any intention to change the marketplace versus non-marketplace CAD policy?

Richard Speed (xx:xx)

They did respond, and at the moment there’s no plans to change it.

O’Ryan Johnson (xx:xx)

Google is also, they’re sticking by their automatic tier upgrades. They like the flexibility that it gives to developers. Flexibility, of course, meaning that developers can spend a lot more than they initially wanted to, or agreed to.

Brandon (xx:xx)

It’s a very one-sided flexibility, really, when you think about it.

[…]

Source: Surprise AI bills leave AWS and Google Cloud users aghast
Europe built sovereign clouds to escape US control. Then forgot about the processors

May 17, 2026

Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach. The EU’s IPCEI-CIS program funds infrastructure development. France qualifies operators under SecNumCloud, a framework with nearly 1,200 technical requirements promising “immunity from extraterritorial laws.”

But most datacenters and qualified cloud operators still rely heavily on Intel or AMD processors. And inside those processors sits a computer beneath the computer: management engines operating at Ring -3, below the operating system, outside the control of host security software, persistent even when the machine appears powered off. Under the US Reforming Intelligence and Securing America Act (RISAA) 2024, hardware manufacturers count as “electronic communications service providers” subject to secret government orders.

Europe’s frameworks certify the clouds. They don’t assess the silicon.

The computer your OS can’t see

That computer beneath the computer has a name. On Intel processors, it is the Management Engine (ME), or more precisely the Converged Security and Management Engine (CSME). On AMD, it is the Platform Security Processor (PSP). Both run at what security researchers call Ring -3, below the operating system, below the hypervisor, in a privilege level the host cannot see or log.

“It’s a computer inside your computer,” explains John Goodacre, Professor of Computer Architectures and former director of the UK’s £200 million Digital Security by Design program. He is clear about what that means in practice. The ME has its own memory, its own clock, and its own network stack, and because it can share the host’s MAC and IP addresses, any traffic it generates is indistinguishable from the host’s own traffic to the firewall.

The architecture is not theoretical. Embedded in the Platform Controller Hub, the CSME is a separate microcontroller that operates independently of the host, with direct memory, device access, and network connectivity the host operating system cannot monitor. AMD’s PSP works the same way.

Intel’s Active Management Technology (AMT), the remote management feature the ME enables, exposes at least TCP ports 16992, 16993, 16994, and 16995 on provisioned devices. Goodacre notes that an attack surface exists on unprovisioned hardware too. These ports deliver keyboard-video-mouse redirection, storage redirection, Serial-over-LAN, and power control to administrators managing fleets of devices remotely. The capability has legitimate uses. It also provides a channel that operates at a level below what European sovereignty frameworks can attest.

Microsoft documented in 2017 that the PLATINUM nation state actor used Intel’s Serial-over-LAN (SOL) as a covert exfiltration channel. SOL traffic transits the Management Engine and the NIC sideband path, delivered to the ME before the host TCP/IP stack runs. The host firewall and endpoint detection saw nothing, and any security tooling running on the compromised machine itself was equally blind. PLATINUM did not exploit a vulnerability. It exploited a feature, requiring only that AMT be enabled and credentials obtained. In documented cases, those credentials were the factory default: admin, with no password set.

Goodacre catalogues this and related scenarios in a 37-page risk assessment prepared for CISOs evaluating Intel vPro hardware connected to corporate networks. Its conclusion is blunt: connecting an untouched-ME device to corporate resources “exposes the organization to a class of compromise that defeats the host security stack in its entirety.”

The ME does not stop when the machine appears to. Users recognize the symptom: a laptop powered off and stored for weeks is found, on next boot, to have a depleted battery. On modern thin and light platforms, what Microsoft documents as Modern Standby means “off” does not correspond to “all subsystems unpowered.” The system-on-chip components the Management Engine runs on remain in low-power states, drawing enough to drain a 55 Wh battery over weeks, on the order of 100-200 mW continuous draw.

The implication is documented in Goodacre’s risk assessment: “Whether the radio is in a Wake-on-Wireless-LAN listening state is firmware policy. On a device whose firmware has been tampered with during transit through the supply chain, the answer cannot be inferred from the visible power state.” A laptop that appears off, in a bag, can associate with a hostile network the user has no knowledge of.

Professor Aurélien Francillon, a security researcher at French engineering school EURECOM, has spent years studying exactly this class of problem. Working with colleagues, he built a fully functional backdoor in hard disk drive firmware [PDF], a proof of concept demonstrating how storage devices could silently exfiltrate data through covert channels. Three months after presenting it at an academic conference, the Snowden disclosures revealed the NSA’s ANT catalogue, which documented an identical capability already deployed in the field.

“The NSA were already doing it,” Francillon says flatly. “Quite amazing.” That background informs his assessment of the ME. “Yes, it can probably be used as a backdoor, like many other things, including BMC [baseboard management controller] and many other firmwares,” he says. The question, he argues, is not whether the backdoor exists but whether operational controls make it unreachable in practice.

AMD faces the same architectural question. On April 14, 2026, researchers demonstrated the Fabricked attack against AMD’s SEV-SNP confidential computing technology, achieving a 100 percent success rate with a software-only exploit. The Platform Security Processor proved vulnerable to the same class of compromise.

On server hardware, the picture is the same. Intel ME runs on servers under a different name, Server Platform Services or SPS, and the BMC, the remote administration controller standard in datacenter hardware, relies on it. “More or less the same,” Francillon says of the server variant. For datacenter operators, he sharpens the focus further: “If I look at cloud systems, servers, I would be more concerned with the BMC,” pointing to published research demonstrating remote exploitation of BMC vulnerabilities that could allow an attacker to reinstall or fully compromise a server. The BMC is not a separate concern from the ME: on server hardware, it is the primary network entry point into the SPS, making it both the most exposed interface and the most consequential.

Both Intel and AMD processors contain management engines that operate below the operating system. The silicon is designed by American companies and subject to American legal process.

The backdoor the CLOUD Act doesn’t use

That legal process has teeth that most European policymakers underestimate. The CLOUD Act, passed in 2018, gave US authorities extraterritorial reach to data held by American companies. FISA Section 702 allows intelligence agencies to compel US persons and companies to provide access to communications. Both are well known in European sovereignty discussions. They operate through the front door: a legal order served on a company that controls data. Less well known is RISAA 2024, a law that opens a different entrance entirely.

RISAA amended FISA’s definition of “electronic communications service provider” in ways that go beyond cloud operators and platform companies, and beyond the bilateral agreements that European policymakers have built their legal defenses around. Hardware manufacturers now fall within scope. Intel and AMD can be compelled, via secret orders with gag clauses, to cooperate with US intelligence access.

The mechanism through which that access could be exercised is the management engine: a persistent, privileged, network-connected runtime that operates below anything the host operating system can see or block. A SecNumCloud-certified operator can be legally isolated from American data demands. The processor inside its servers cannot. “You’ve actually got a policy mechanism by which any such machine anywhere can deliver any of its information,” Goodacre says.

RISAA’s two-year term expired on April 20, 2026, but Congress extended it by 45 days while debating reforms. Whether it is renewed, amended or allowed to lapse, the architecture it targets does not change.

SecNumCloud’s blind spot

France’s SecNumCloud is Europe’s most rigorous attempt to build a cloud certification that is legally immune to American law. It did not emerge from nowhere. ANSSI, France’s national cybersecurity agency, was established in 2009 as part of a broader effort to build institutional muscle on digital sovereignty long before the term became fashionable. When Edward Snowden revealed the scale of NSA surveillance in 2013, France’s response was technical rather than rhetorical: ANSSI published the first SecNumCloud framework in July 2014. A decade later, that framework has grown to nearly 1,200 technical requirements.

[…]

Source: Europe built sovereign clouds to escape US control. Then forgot about the processors
The World’s First 240Hz Video Smart Glasses for Gaming Aren’t Cheap – and aren’t 4k either

May 16, 2026

It’s really nice to see more and more products in this space with a much smaller and easier form factor, but the displays are still not as good as the years old HP G2 v2, which you can buy second hand for much less. High resolution really does make a huge difference in the experience.

Asus ROG’s Xreal R1, the world’s first pair of AR smart glasses capable of projecting a virtual screen before your eyes with a blistering 240Hz rate, finally has… a price and preorder dates.

Ahead of Google I/O 2026, Asus ROG has announced the Xreal R1 costs $849—$200 more than the $650 MSRP for the Xreal One Pro, which top out at a 120Hz refresh rate. The gaming-focused AR smart glasses can be ordered from Best Buy starting today, May 15. The Xreal store will accept preorders on May 17 at 3 a.m. ET / 12 a.m. PT.

© Xreal

Spec for spec, the Xreal R1 and the Xreal One Pro are the same, except for that refresh rate and the slightly more gamer-y design. You get the same 171-inch (1,920 x 1,080) virtual display through the micro OLED panel, 57-degree field of view, Bose-tuned sound, 3DoF (three degrees of freedom) tracking technology used for anchoring virtual windows, and more. Asus ROG is hoping the 240Hz refresh rate will be worth the additional cost.

[…]

Source: The World’s First 240Hz Video Smart Glasses for Gaming Aren’t Cheap
DOJ Is Asking Apple and Google to Hand Over Data on 100,000 Users of a Car App

May 16, 2026

Invading the privacy of the masses to spam them.

The U.S. Department of Justice is seeking the identities, addresses, and purchase histories of at least 100,000 people who used a car app tied to alleged Clean Air Act violations.

Forbes reports that the DOJ issued subpoenas in March and April to Google, Apple, Amazon, and Walmart seeking user records connected to EZ Lynk, the maker of the Auto Agent app and a related car diagnostic tool.

The subpoenas are part of an ongoing case against EZ Lynk. The company was first sued in 2021 for allegedly manufacturing and selling a device designed to bypass computerized emissions controls on cars.

“Emissions controls on cars and trucks protect the public from harmful effects of air pollution. EZ Lynk has put the public’s health at risk by manufacturing and selling devices intended to disable those emissions controls,” U.S. Attorney Audrey Strauss said at the time. “Through our lawsuit, we will prevent Defendants from continuing to sell this product and impose civil penalties to hold them to account.”

Now, the government is trying to force major tech and retail companies to hand over information on people who downloaded the app or bought the EZ Lynk devices, in hopes of finding witnesses to testify in the case.

In a joint letter from EZ Lynk and the DOJ filed in court earlier this month, the government argued that its requests are fair and appropriate because lawyers want to interview witnesses about their use of EZ Lynk’s products.

The DOJ also argued that when EZ Lynk users provided their personal information to the company and agreed to its terms and conditions, they lost “a cognizable privacy interest as to that information.”

EZ Lynk, however, disagrees.

“These requests for potentially hundreds of thousands of people’s PII go well beyond the needs of this case and create serious privacy concerns,” EZ Lynk’s lawyers wrote in the letter, according to Forbes. “Investigating this claim does not require identifying each person who has used the product.”

The letter also claims that Google and Apple plan to challenge the subpoenas.

[…]

Source: DOJ Is Asking Apple and Google to Hand Over Data on 100,000 Users of a Car App
Waymo self driving cars herding around roundabout

May 16, 2026

[…] Channel 2 Action News in Atlanta reports that the self-driving Waymo cars that are typically used for Uber rides were gathering in a northwest Atlanta neighborhood and circling a cul-de-sac. One citizen says they estimated that around 50 cars drive through their neighborhoods on a dead-end street, typically in the mornings from 6 to 7 a.m.

According to folks living on Battleview Drive, this odd, but consistent parade of driverless cars started around March, and the aimless circling around the cul-de-sac began in recent weeks. When one person put a Step2Kid sign in the street and blocked the Waymos from entering the cul-de-sac, it resulted in eight automated cars getting stuck as they tried to “figure out how to turn around.”

Waymo didn’t respond to the neighborhood’s attempts to find out what was going on, with several worried that automated cars could hurt some of the kids and animals who live in the area.

[…]

Source: A Cyberpunk 2077 Sidequest Is Happening In Atlanta
Man Finds Robot Dog Is Bad at Protecting His Chickens, But Might Be Good at Sending Data to China

May 15, 2026

It’s not every day you see a video that starts with chickens and ends with a genuine national security concern, but then, these are strange times. The story starts with YouTuber, musician, and increasingly influential amateur cybersecurity researcher Benn Jordan’s attempt to get a robot dog from Chinese firm Unitree—also responsible for the questionable Gundam and the kung-fu deathbots—to guard his chicken coop. The robot proves an abject failure at doing this, and at anything else remotely useful. What it does turn out to be good at, according to Jordan, is sending data back to China.

While the robot’s general uselessness is amusing, the really interesting part of the video comes once Jordan starts to look into the robot’s information security features—or, more specifically, the alleged lack thereof. This section of the video starts strong with the revelation that Jordan was able to obtain root access to the dog—yes, that’s a phrase I just typed—by adding Curl commands to the end of his wifi password.

This allows full access to the dog, which, as Jordan says, involves “not only controlling their movement, but also recording, downloading, and livestreaming audio and video information from the robot’s surroundings without an authenticated connection through the app.” (At this point, it’s probably worth noting that police departments across the country are merrily spending tax revenue on these robots like it’s Monopoly money.)

There are also other fun little pieces of information, like the dog’s weird built-in ChatGPT implementation, through which Jordan was able to convince it to “disable its safety functions and give up API info”; the fact that the dog’s radio control frequency is easily replicable; and most of all, the fact that while the robot’s firmware doesn’t take your security seriously in the slightest, it takes the security of the data it’s sending home—and the location to which it’s sending that data—very seriously indeed.

The last part of the video catalogs Jordan’s attempts to figure out exactly what information the robot is collecting and where it’s being sent. The ins and outs of it are really worth watching for yourself, but the tl;dr is that, as Jordan puts it, “some, if not all, Unitree robots are intentionally and secretly sending heavily encrypted information to Chinese servers and going to great lengths to prevent anyone from finding out about it.”

On a completely unrelated note, hey, did we mention that the US military has been buying these robodogs? As Jordan says, “If we were living in a time when the Federal Government would take this type of thing seriously, this would be something I would report privately.” But, of course, we are living in the most stupid of all possible worlds, so instead, we’re watching this on YouTube.

Source: Man Finds Robot Dog Is Bad at Protecting His Chickens, But Might Be Good at Sending Data to China
And this is how the EU and UK are drawn into the mess the US and Israel made to try to clean it up a bit

May 15, 2026

Joint statement from the United Kingdom, France, Albania, Australia, Bahrain, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, Finland, Germany, Greece, Japan, Kosovo, Latvia, Lithuania, Montenegro, Netherlands, Portugal, Qatar, Republic of Korea, Slovakia, Sweden.

Following the Leaders’ Level Summit co-chaired by the UK and France on 17 April, the UK, France, and partners affirm their commitment to using collective diplomatic, economic, and military capabilities to support freedom of navigation through the Strait of Hormuz. Navigation must be free, as per the provisions of the United Nations Convention on the Law of the Sea (UNCLOS), and international law.

On 12 May 2026, the United Kingdom and France convened Defence Ministers and representatives from 38 nations to announce their political support to an independent and strictly defensive multinational military mission.

In consultation with relevant states and the maritime industry, this mission will support civilian shipping, provide reassurance to commercial shipping operators, and conduct mine clearance operations. Operations will only commence in a permissive environment and in full accordance with international law and national constitutions.

The mission will be distinct from any other military campaign and will maintain clear channels of communication and deconfliction with all relevant states and partners. The mission will complement ongoing diplomatic engagement and de-escalation efforts – which remain the primary focus – while demonstrating a tangible commitment to the security of international trade.

In readiness for operations commencing when the environment is permissive we, the undersigned states, announce our political support for the Mission. Noting there will be necessary national caveats and parliamentary procedures. We encourage further contributions.

Source: Joint statement on the Multinational Military Mission for the Strait of Hormuz: 12 May 2026 – GOV.UK
Google’s new reCAPTCHA system restricts access to the web to iPhones and Official Androids

May 15, 2026

reCaptcha is an absolute travesty anyway, with the solving of recaptchas being used to train AI’s for free and not working without enabling javascript, which allows a lot of other data to be harvested from the browser.

Google’s latest reCAPTCHA changes are drawing backlash from privacy advocates and developers of alternative mobile operating systems, who argue the system effectively locks users out of websites unless they use Google-approved devices and software.

[…]

Critics say the problem is that scanning those QR codes requires either Google Play Services on Android or a modern iPhone capable of Apple’s equivalent attestation mechanisms. Users running privacy-focused Android operating systems such as GrapheneOS, CalyxOS, and /e/OS, which intentionally remove Google services, may be unable to complete verification and therefore lose access to websites protected by reCAPTCHA.

[…]

users without a “certified device” could no longer verify via the QR workflow and warned that Google may eventually remove the remaining fallback methods accessible via small icons beneath the verification prompt.

GrapheneOS, a hardened Android operating system widely recommended by privacy and digital rights organizations, including the Electronic Frontier Foundation (EFF), described the change as part of a broader industry push toward hardware-based attestation. The project argued that both Google and Apple are gradually building systems that allow websites and apps to verify whether users are running approved hardware and operating systems before granting access.

According to GrapheneOS developers, Google’s Play Integrity API and Apple’s App Attest framework are increasingly being integrated into online services under the banner of fraud prevention and security. While the systems are marketed as anti-abuse tools, critics argue they also provide Apple and Google with powerful control over which devices can access large portions of the internet.

The developers also linked the new reCAPTCHA verification flow to Google’s abandoned Web Environment Integrity (WEI) proposal from 2023. That proposal would have introduced browser-level attestation APIs capable of determining whether a device and browser environment met specific trust requirements. Following strong criticism from browser vendors, privacy advocates, and standards groups, Google shelved the initiative. They now argue that reCAPTCHA Mobile Verification achieves a similar outcome indirectly through QR-based device checks.

[…]

Source: Google’s new reCAPTCHA system restricts access to the open web
Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

May 14, 2026

Linux admins hoping Dirty Frag was a one-off horror from the kernel networking stack are about to have a considerably worse week. Researchers at Wiz have published an analysis of “Fragnesia,” a Linux kernel local privilege escalation flaw discovered by William Bowling of the V12 security team that allows unprivileged users to gain root by corrupting page cache memory. The bug, tracked as CVE-2026-46300, has public proof-of-concept exploit code documented by V12 on GitHub that demonstrates the vulnerability being used against /usr/bin/su to spawn a root shell. According to Google-owned Wiz, the flaw sits in the Linux kernel’s XFRM subsystem, specifically ESP-in-TCP processing tied to IPsec support. By carefully triggering the bug, attackers can modify protected file data in memory without changing the original files stored on disk. Wiz describes Fragnesia as part of the broader “Dirty Frag” bug family rather than a completely separate class of issue. Dirty Frag itself only surfaced days ago and was already attracting attention thanks to public exploit code, incomplete patch coverage, and unusually reliable privilege escalation. According to researcher Hyunwoo Kim, who uncovered Dirty Frag, “Fragnesia” emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities, adding yet another entry to the long tradition of security fixes accidentally creating new security problems. As The Register previously reported, Dirty Frag followed hot on the heels of Copy Fail, another Linux kernel privilege escalation flaw that abused page cache handling to overwrite supposedly read-only files. MORE CONTEXT Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos Half of exposed React servers remain unpatched amid active exploitation Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator AI bug reports went from junk to legit overnight, says Linux kernel czar Historically, local Linux privilege escalation bugs had a reputation for being unreliable, crash-prone, or fiddly enough that attackers needed good timing and a fair bit of luck to pull them off cleanly. Fragnesia looks different, as Wiz and V12 both say the exploit avoids race conditions entirely, making it far more predictable than older Linux root exploits like Dirty COW. That makes the bug much more useful after an initial compromise. An attacker who gains access to a system through phishing, stolen credentials, or a vulnerable cloud workload suddenly has a cleaner path to full root access.

Source: Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
Spotify Has Recovered From An Outage That Lasted Hours

May 14, 2026

Not a bad plan to have your mp3 files then I guess

You may have been stymied when trying to cue up your afternoon work playlists today. Spotify posted on X that it was aware of “some issues right now for the app.” Shortly before 5PM ET, the company’s support page posted again to say the outages were “all clear now.” However, it did not elaborate on what the problem was that left many listeners unable to log into the service. A spike in issues began around noon ET, according to user reports sent to DownDetector. It didn’t appear to be a total outage. I was eventually able to get tunes playing while writing this initial story, but it took several minutes of the screen staying blank before my playlist loaded in. Your mileage may still vary even after the issues have mostly been resolved. Spotify recommends anyone still unable to access the platform to contact its support team.

Source: Spotify Has Recovered From An Outage That Lasted Hours
AI customer service bots get rolled back at 74% of firms

May 14, 2026

If you’re thinking you can replace your human call center staff with a server farm of bots, think again. Nearly three-quarters of enterprises that deploy AI customer communications agents later roll them back or shut them down, according to new research suggesting the systems are far harder to manage reliably in production than the AI hype implied.

Swedish comms-as-a-service firm Sinch surveyed more than 2,500 AI decision makers from various countries and industries for its AI Production Paradox study. The starkest finding is undoubtedly the 74 percent rollback or shutdown rate for deployed AI customer communications agents tied to governance failures, but that’s not the only sign enterprise AI deployments are falling short of expectations.

AI rollback rates, which Sinch told us specifically refer to AI projects that were deployed and pulled from live service rather than projects that failed before launch, actually rise to 81 percent among organizations that it describes as having “fully mature guardrails.” That, says Sinch Chief Product Officer Daniel Morris, suggests governance alone is not fixing the problem.

“The most advanced organizations aren’t failing less; they’re seeing failures sooner. Higher rollback rates reflect better monitoring and control, not weaker performance,” Morris said in a press release. “If governance was the fix, the most mature teams would roll back less, not more. Our data points to a deeper issue.”

According to the findings, 84 percent of AI engineering teams are spending at least half their time on safety infrastructure, leaving little time to develop AI. This is exacerbated by the fact that most firms said spending on AI trust, security, and compliance ranks ahead of AI development itself.

“When 75% put trust, security, and compliance in that top three — ahead of AI development itself at 63% — that’s a finding about where the priority sits within their AI customer communications programs,” a Sinch spokesperson told us in an email. In other words, it seems like most organizations realize that their biggest issue with AI isn’t getting it working properly – it’s getting it to just work safely in the first place.

“The operational cost of running AI safely at scale is much larger than most organizations expect,” the Sinch representative explained.

The numbers don’t change based on organizational size or budget, either, Sinch told us.

“The rollback rate holds consistently across every region and every industry in the study, which suggests size isn’t a meaningful protective factor,” the company said. “Rollback isn’t a symptom of under-investment or being too small to afford proper guardrails.”

Of course, as a business communications service provider, Sinch linked its results back to AI customer service agents not being properly deployed on comms infrastructure designed for AI agents, a problem it’s naturally positioned to offer a fix for.

Regardless, that three-quarter rollback figure doesn’t seem too out of place when you consider recent customer service automation news.

As we’ve reported on multiple occasions, replacing customer service staff with AI hasn’t gone to plan for many businesses. Gartner said in June 2025 that half of organizations expecting AI to significantly reduce customer service headcount would abandon those plans by 2027. Sinch’s numbers suggest the problem may extend beyond staffing cuts to the AI agents themselves. Not that far-fetched when Gartner was already warning last year that fully agentless contact centers were not practical in the real world.

“Our vendor evaluations reveal that a agentless contact center is not yet technically feasible, nor is it operationally desirable,” Brian Weber, VP analyst in the Gartner Customer Service & Support practice, told The Register, adding that unexpected costs and unintended results were contributing to abandonment plans – just like what Sinch is reporting now. ®

Source: AI customer service bots get rolled back at 74% of firms
After Killing Encrypted DMs, Mark Zuckerberg Wants You to Trust His New Encrypted AI Chat

May 14, 2026

Just days after Meta pulled support for encrypted direct messages on Instagram, the tech giant is now rolling out a new private AI chat feature.

Meta announced on Wednesday that its new Incognito Chat feature will let users interact with its AI chatbot on WhatsApp and the Meta AI app in what the company describes as a secure environment. The social media giant is pitching the feature as a way for users to feel free to discuss sensitive topics like health, finance, or career advice with Meta AI without worrying that their conversations could be viewed by anyone else.

[…]

In the case of Incognito Chat, users can start a private, temporary conversation with Meta AI that encrypts their messages and then processes them in a secure environment that Meta claims it can’t access. The company adds that those conversations are not saved by default and that the messages disappear on their own.

[…]

Source: After Killing Encrypted DMs, Mark Zuckerberg Wants You to Trust His New Encrypted AI Chat
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor | Tom’s Hardware

May 13, 2026

There’s nothing more dangerous than a bored engineer with a screwdriver, and hell hath no fury like a security researcher scorned. Last month, Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) published two zero-day exploits, BlueHammer and RedSun, that made Windows Defender offer up system administrator privileges. They did this after their disclosure reports were allegedly dismissed by Microsoft’s security team, resulting in a vendetta of sorts. Eclipse has now done it again, posting two new zero-day exploits, the first one an extremely serious BitLocker exploit named Yellow Key that grants full access to a locked drive. The second one, GreenPlasma, doesn’t have a complete proof-of-concept (PoC), but it allegedly performs a local privilege escalation and gains system-level access. Given Eclipse’s track record, it’s a fair bet that it works as advertised.

YellowKey can be triggered simply by merely copying some files to a USB stick and rebooting to the Windows Recovery Environment. We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit’s files disappearing from the USB stick after it’s used once.

The process is dead simple: grab any USB stick, get write access to the “System Volume Information,” and copy into it the “FsTx” folder and its contents. Shift+click Restart to get Windows to the recovery environment, but then switch to holding down the Control key and don’t let go. The machine will reboot, and without asking any questions or showing any menus, will drop you in an elevated command line with full access to the formerly Bitlocked drive, without asking for any keys.

[…]

Source: Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor | Tom’s Hardware
No, your US “sovereign” cloud still gives data to the US Government

May 13, 2026

[…] In early 2025, the three largest cloud providers in the world — Microsoft, Amazon, and Google — launched coordinated campaigns across Europe under a shared banner. The campaigns had different names and different branding, but the same architecture: local data centers, European employees, compliance certifications, and the promise that your data stays yours. Microsoft called its offering the European Digital Sovereignty Commitments. Amazon and Google followed with variations on the same theme. The word ‘sovereign’ appeared in every press release.

[…]

On June 18, 2025, Anton Carniaux, Microsoft France’s director of public and legal affairs, appeared before a French Senate inquiry into public procurement and digital sovereignty. Senators asked whether he could guarantee that European data stored in Microsoft’s sovereign cloud would never reach US authorities. His answer, under oath, was a single word: no. The reason was structural and unavoidable. The US CLOUD Act, passed in 2018 with the active support of Amazon, Microsoft, and Google, obliges American companies to comply with valid US legal requests for data, regardless of where that data physically sits — and regardless of any contractual ‘sovereignty’ commitments made to European customers. Simon Uzenat, president of the Senate committee, noted that Microsoft’s transparency reports on data access requests were ‘purely declarative’ with no external verification or oversight mechanism. The product was called sovereign. The legal reality was not. The marketing campaign continued without revision.

This is not a story about a company that broke a promise. It is a story about a word that was emptied before it could be filled — and about the methods by which that emptying was accomplished.

[…]

[2019] the intention behind Gaia-X was good, but American companies lobbied successfully to be included. Once Microsoft, Google, and Amazon were inside the steering structure, the initiative lost its purpose […] the hyperscalers’ method as flooding the initiative with documents and compliance frameworks until no usable technology could emerge.

[…]

In April 2026, the European Commission awarded a €180 million tender for sovereign cloud services to four providers. One of them was S3NS — a joint venture between the French defence group Thales and Google Cloud. The Commission addressed the apparent contradiction directly: non-European technologies, it stated, can meet sovereignty requirements when operated within an appropriate framework. The definition had been quietly updated. Sovereignty no longer meant independence from the entities whose jurisdiction was the original concern

[…]

November 2025, the European Commission published the Digital Omnibus — a sweeping package of amendments to the EU’s core digital legislation, including the GDPR and the AI Act, framed as a ‘simplification’ measure. The Corporate Europe Observatory, an independent research organization that monitors corporate lobbying of EU institutions, performed a systematic comparison of the Commission’s proposed text against the documented lobbying positions of the five largest American tech companies. The match was specific enough to be documented article by article […] US Commerce Secretary Howard Lutnick made the leverage explicit, linking further weakening of the Digital Markets Act and the Digital Services Act to ongoing tariff negotiations.

[…]

Amazon alone spent €7 million on EU lobbying in 2025. The five largest American tech companies combined spent more than €35 million. In the first half of that year, Big Tech averaged more than one meeting per working day with senior European Commission staff. The Commission also ran what it called ‘Reality Checks’ — closed-door sessions with industry representatives in September 2025, conducted without public transcripts, whose conclusions fed directly into the Omnibus proposals.

[…]

There is a fourth method, and it is the quietest. When European organizations actually migrate to sovereign alternatives — when the lobbying and the language campaigns fail to prevent a real defection — those alternatives become acquisition targets. In November 2025, Kyndryl, an American IT services company spun out of IBM in 2021, announced its intention to acquire Solvinity, a Dutch managed cloud provider. What made the acquisition significant was what Solvinity operates: the hosting infrastructure for DigiD, the Dutch national digital identity system

[…]

The counter-examples exist, and they are worth examining closely, because they demonstrate that the alternative is not theoretical. Schleswig-Holstein is a German state of 2.9 million people and 30,000 government employees. In December 2025, its Ministry of Digitalisation announced that 80 percent of those employees had completed migration from Microsoft Office to LibreOffice, an open-source office suite. The email infrastructure — 40,000 accounts, more than 100 million messages and calendar entries — had moved to open-source alternatives. Annual savings: €15 million in licence costs. One-time investment required: €9 million. Payback period: under twelve months. The transition was not painless — emails landed in wrong folders, police and justice systems experienced brief connectivity failures, around 20 percent of specialist applications still require Microsoft compatibility. These are real problems. They are the problems of transition, not the problems of dependency.

[…]

In February 2025, the Trump administration imposed sanctions on Karim Khan, the chief prosecutor of the International Criminal Court, by executive order. Khan’s Microsoft email account was subsequently cut off. Microsoft’s president, Brad Smith, denied the company had ceased services to the ICC.

[…]

Frank Karlitschek, when asked what sovereignty actually means in practical terms, gave an answer that has become a reference point in the European open-source community: the absence of strong dependencies on overseas third parties. By that definition, the word has not merely been misused. It has been systematically hollowed out, rebranded, and sold back to the governments it was meant to protect. The technology required to achieve the real thing is available, proven, and in several cases already running at scale. What is consistently unavailable is the institutional decision to use it — because that decision is the one thing the lobbying campaign, the language campaign, and the acquisition campaign are all designed to prevent from ever being made.

Source: The Stolen Word – The Visible Invisible
Palantir to be granted ‘unlimited access’ to NHS patient data

May 12, 2026

The NHS is granting staff from companies including Palantir ‘unlimited access’ to identifiable patient data while working on its federated data platform (FDP), the Financial Times (FT) reported.

The change, outlined in an internal briefing note seen by the FT, relates to the National Data Integration Tenant (NDIT), described as a “safe haven for data” before it is “pseudonymised” and shared with other systems, the report said.

NHS England will create an “admin” role, granting Palantir staff “unlimited access” to the NDIT and identifiable patient data, the FT added.

As well as Palantir employees, this could include staff from consultancy firms who have been drafted in to work on the FDP. The change marks a clear shift from the current practice, which requires any individual working with the NDIT to apply for clear data access for specific data sets.

An NHS England spokesperson told Digital Health News: “The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance — including monitoring the work of engineers helping to set up the central data collection platform that will track NHS performance and help improve care for patients.

“Anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”

The briefing document, written by a senior NHS data official in April 2026, acknowledges that granting enhanced permissions could mean there is a “risk of loss of public confidence” when it comes to “safeguarding patient data and ensuring appropriate use and access to it”.

While broad access was originally intended only for NHSE employees with security clearance, the FT reported that the briefing noted that external workers had requested the same permissions “as it is too inconvenient to apply for all of the necessary individual CDAs”.

A Palantir spokesperson told the FT: “To the NHS, and all our customers, we are designated by law as a ‘data processor’, with our customers “data controllers”.

“That means that Palantir software can only be used to process data precisely in line with the instruction of the customer.

“Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS.”

“This is not only about Palantir, hence we have referred to non-NHSE staff, but there is currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have,” the briefing states.

The note recommends that a cap be placed on the number of external admins with access to the NDIT, which should also be time-limited and regularly reviewed.

Saif Abed, founding partner of cybersecurity advisory services at The AbedGraham Group, told Digital Health News: “I fear lessons have not been learnt from the recent UK Biobank incident which itself is a national scandal.

“Granting admin access should never be done lightly and certainly not at scale. We are one admin compromise, such as with an Infostealer malware, or insider threat away from a data breach of unseen proportions in terms of UK patient data.”

US data analytics firm Palantir signed a £330m contract in 2023 to provide the FDP, which connects data across NHS organisations.

The company’s involvement has been highly controversial, with ethical concerns around its links to the US Immigration and Customs Enforcement (ICE), leading to the government admitting that it could consider alternatives to Palantir’s FDP when the contract reaches its break clause.

Source: Palantir to be granted ‘unlimited access’ to NHS patient data