The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

You Can Now Tell Google Which Websites You Prefer in Search Results

Posted on by

[…]If you frequently test features with Google Labs, you might remember trying this one out: Preferred Sources, as the name implies, lets you tell Google which websites you prefer to read news from. The goal, then, is to see pages from those sites in future Google searches about news stories, assuming those sites publish content related to your search.

Here’s how it works: When you search for something covered in the news, Google will display a “Top stories” section at the top of the search results page. While you can simply browse the stories that Google curates for you, you can also now click a new button to the right of the “Top stories” title. From here, you can search for any website, and click a checkbox next to its name to save it to your list of preferred sources.

[…]

Now, you can refresh your search results, which, with any luck, will populate with more of the sources you added to this list. Not only will they appear more frequently in the “Top stories” section going forward, Google may offer you a new “From your sources” section as well, which should only contain the websites you’ve added to your list.

[…]

Source: You Can Now Tell Google Which Websites You Prefer in Search Results

I am still using qwant.com

Israel is reportedly storing millions of Palestinian phone calls on Microsoft servers in the Netherlands and Ireland

Posted on by

Israel has allegedly been recording and storing millions of phone calls made by Palestinians in Gaza and the West Bank as part of a large surveillance effort dating back to 2022, according to reporting by The Guardian, +972 Magazine and Local Call. The report suggests that the country has been shuttling these recordings to Microsoft Azure cloud servers.

Company CEO Satya Nadella allegedly okayed the effort personally after meeting with a commander from Israel’s military surveillance agency, Unit 8200. He reportedly gave the country a customized and segregated area within the Azure platform to store millions of phone calls made each day without knowledge or consent from Palestinians.

According to sources within Unit 8200, these recordings have assisted in the preparation of deadly airstrikes and helped shape military operations throughout the region. Israel has long been intercepting calls in the occupied territories, as it basically controls the entire Palestinian telecommunications infrastructure.

This new method, however, reportedly captures the conversations of a large pool of regular civilians. The mantra when building out the project was to record “a million calls an hour.” Leaked Microsoft files suggest that the lion’s share of this data is being stored in Azure facilities in the Netherlands and Ireland.

Microsoft has been facing increased scrutiny regarding its role in Israel’s 22-month offensive in Gaza. CEO Nadella was interrupted by an employee at a keynote speech in May, with the worker pleading for the executive to “show how Israeli war crimes are powered by Azure.”

[…]

Microsoft isn’t the only company that has been accused of assisting Israel in what many are calling a genocide in Gaza. A report recently found that Google employees have repeatedly worked with the Israel Defense Forces (IDF) and Israel’s Defense Ministry (IDM) to expand the government’s access to AI tools.

Source: Israel is reportedly storing millions of Palestinian phone calls on Microsoft servers

Should Lyft and Uber Charge More if Your Battery Is Low? California May Soon Ban That

Posted on by

It’s late at night, and you badly need a ride. Your cellphone’s battery is dangerously low.

Should a ridehailing company such as Uber or Lyft be able to charge you more because its artificial intelligence programming thinks you’re desperate since it knows your phone is about to die?

Not if Hayward Democratic Sen. Aisha Wahab has her way.

Her Senate Bill 259 would prevent retailers from using artificial intelligence to jack up prices using the information stored on customers’ phones. That could include the phone’s battery life, whether it’s an older model, what apps are installed, what time of day it is, where its user is located and where they live.

“Our devices are being weaponized against us in order for large corporations to increase profits, and it has to stop,” Wahab told the Assembly Judiciary Committee last month.

[…]

Source: Should Lyft and Uber Charge More if Your Battery Is Low? California May Soon Ban That

Meta eavesdropped on period-tracker app’s users, SF jury rules

Posted on by

Meta lost a major privacy trial on Friday, with a jury in San Francisco ruling that the Menlo Park giant had eavesdropped on the users of the popular period-tracking app Flo. The plaintiff’s lawyers who sued Meta are calling this a “landmark” victory — the tech company contends that the jury got it all wrong.

The case goes back to 2021, when eight women sued Flo and a group of other tech companies, including Google and Facebook, now known as Meta. The stakes were extremely personal. Flo asked users about their sex lives, mental health and diets, and guided them through menstruation and pregnancy. Then, the women alleged, Flo shared pieces of that data with other companies. The claims were largely based on a 2019 Wall Street Journal story and a 2021 Federal Trade Commission investigation.

Google, Flo and the analytics company Flurry, which was also part of the lawsuit, reached settlements with the plaintiffs, as is common in class action lawsuits about tech privacy. But Meta stuck it out through the entire trial and lost.

[…]

Their complaint also pointed to Facebook’s terms for its business tools, which said the company used so-called “event data” to personalize ads and content.

In a 2022 filing, the tech giant admitted that Flo used Facebook’s kit during this period and that the app sent data connected to “App Events.” But Meta denied receiving intimate information about users’ health.

Nonetheless, the jury ruled against Meta. Along with the eavesdropping decision, the group determined that Flo’s users had a reasonable expectation they weren’t being overheard or recorded, as well as ruling that Meta didn’t have consent to eavesdrop or record. The unanimous verdict was that the massive company violated the California Invasion of Privacy Act.

The jury’s ruling could have far-reaching effects. Per a June filing about the case’s class action status, more than 3.7 million people in the United States registered for Flo between November 2016 and February 2019. Those potential claimants are expected to be updated via email and on a case website; it’s not yet clear what the remittance from the trial or settlements might be.

[…]

Source: Meta eavesdropped on period-tracker app’s users, SF jury rules

Meet Meschers, MIT’s Tool for Building Paradoxical Digital Objects

Posted on by

Meet “impossibagel,” a physically impossible bagel that mathematicians use to resolve intricate geometry problems. But impossibagel—and other “impossible objects” in mathematics—is notoriously difficult to replicate, and researchers haven’t been able to fully tap into their mathematical potential. That may no longer be a problem, thanks to a new tool.

On Monday, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) announced “Meschers,” software capable of visualizing an intricate, 2.5-dimensional representation of impossible objects. In addition to creating aesthetically quirky objects, Meschers could eventually assist in research across geometry, thermodynamics, and even art and architecture, according to the researchers. The paper, set for publication in ACM Transactions on Graphics, will be presented at the SIGGRAPH Conference next week.

[…]

Impawssible Dogs Meschers
Rendering of the “Impawssible Dog” using Meschers, demonstrating how some lighting conditions create a stronger illusory percept than others. © Ana Dodik/MIT CSAIL/Meschers
[…]

Meschers Heart Render
Laplacian smoothing of the per-vertex 2D positions of a mescher (left), per-edge depth differences (center), or both (right). © Ana Dodik/MIT CSAIL/Meschers

Source: Meet Meschers, MIT’s Tool for Building Paradoxical Digital Objects

KLM, Air France latest major orgs to have data looted

Posted on by

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org.

The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on an external platform we use for customer service,” which led to attackers accessing customer data.

“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access,” the statement read. “Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.

“No sensitive data such as passwords, travel details, Flying Blue miles, passport, or credit card information was stolen.”

The airlines did not publicly specify the types of data that were stolen, but the exclusion of sensitive data suggests basic personal information was involved.

However, customer notifications circulating online noted that first and family names, along with contact details, Flying Blue numbers and tier levels, and the subject lines of service request emails were accessed.

[…]

The attack marks the latest in a string of data lapses at major organizations that also blamed a third party.

In recent weeks, luxury retailers Dior, Chanel, and Pandora all reported similar leaks at third party providers, as did Google, Qantas, and Allianz.

All of the above declined to identify the third party in question except for Google, which said this week that one of its Salesforce instances was raided.

[…]

Source: KLM, Air France latest major orgs to have data looted • The Register

It’s pretty clear that the customer service portal was looted.

This vaccine uses dental floss instead of needles

Posted on by

Researchers have demonstrated a novel vaccine delivery method in an animal model, using dental floss to introduce vaccine via the tissue between the teeth and gums. The testing found that the new technique stimulates the production of antibodies in mucosal surfaces, such as the lining of the nose and lungs.

“Mucosal surfaces are important, because they are a source of entry for pathogens, such as influenza and COVID,” says Harvinder Singh Gill, corresponding author of a paper on the work. “However, if a vaccine is given by injection, antibodies are primarily produced in the bloodstream throughout the body, and relatively few antibodies are produced on mucosal surfaces.

“But we know that when a vaccine is given via the mucosal surface, antibodies are stimulated not only in the bloodstream, but also on mucosal surfaces,” says Gill, who is the Ronald B. and Cynthia J. McNeill Term Professor in Nanomedicine at North Carolina State University. “This improves the body’s ability to prevent infection, because there is an additional line of antibody defense before a pathogen enters the body.”

[…]

The junctional epithelium is a thin layer of tissue located in the deepest part of the pocket between the tooth and the gum, and it lacks the barrier features found in other epithelial tissues. The lack of a barrier allows the junctional epithelium to release immune cells to fight bacteria – you find these immune cells in your saliva, as well as between your teeth and gums.

“Because the junctional epithelium is more permeable than other epithelial tissues – and is a mucosal layer – it presents a unique opportunity for introducing vaccines to the body in a way that will stimulate enhanced antibody production across the body’s mucosal layers,” says Gill.

To determine the viability of delivering vaccines via the junctional epithelium, the researchers applied vaccine to unwaxed dental floss and then flossed the teeth of lab mice.

[…]

“We found that applying vaccine via the junctional epithelium produces far superior antibody response on mucosal surfaces than the current gold standard for vaccinating via the oral cavity, which involves placing vaccine under the tongue,” says Rohan Ingrole, first author of the paper, who was a Ph.D. student under Gill at Texas Tech University. “The flossing technique also provides comparable protection against flu virus as compared to the vaccine being given via the nasal epithelium.”

“This is extremely promising, because most vaccine formulations cannot be given via the nasal epithelium – the barrier features in that mucosal surface prevent efficient uptake of the vaccine,” Gill says. “Intranasal delivery also has the potential to cause the vaccine to reach the brain, which can pose safety concerns. However, vaccination via the junctional epithelium offers no such risk.

[…]

The researchers also tested whether the junctional epithelium delivery method worked for three other prominent classes of vaccines: proteins, inactivated viruses and mRNA. In all three cases, the epithelial junction delivery technique produced robust antibody responses in the bloodstream and across mucosal surfaces.

The researchers also found that, at least in the animal model, it didn’t matter whether food and water were consumed immediately after flossing with the vaccine – the immune response was the same.

But while regular floss serves as an adequate vaccine delivery method for lab mice, the researchers know it’s not practical to ask people to hold vaccine-coated floss in their fingers. To address that challenge the researchers used a floss pick. A floss pick consists of a piece of floss stretched between two prongs that can be held by a handle.

Specifically, the researchers coated the floss in floss picks with fluorescent food dye. The researchers then recruited 27 study participants, explained the concept of applying vaccine via floss, and asked the participants to try to deposit the food dye in their epithelial junction with a floss pick.

“We found that approximately 60% of the dye was deposited in the gum pocket, which suggests that floss picks may be a practical vaccine delivery method to the epithelial junction,” Ingrole says.

[…]

There are also some drawbacks. For example, this technique would not work on infants and toddlers who do not yet have teeth.

“In addition, we would need to know more about how or whether this approach would work for people who have gum disease or other oral infections,” Gill says.

[…]

Source: This vaccine uses dental floss instead of needles | ScienceDaily

Didn’t Take Long To Reveal The UK’s Online Safety Act Is Exactly The Privacy-Crushing Failure Everyone Warned About

Posted on by

[…]the real kicker is what content is now being gatekept behind invasive age verification systems. Users in the UK now need to submit a selfie or government ID to access:

Yes, you read that right. A law supposedly designed to protect children now requires victims of sexual assault to submit government IDs to access support communities. People struggling with addiction must undergo facial recognition scans to find help quitting drinking or smoking. The UK government has somehow concluded that access to basic health information and peer support networks poses such a grave threat to minors that it justifies creating a comprehensive surveillance infrastructure around it.

[…]

And this is all after a bunch of other smaller websites and forums shut down earlier this year when other parts of the law went into effect.

This is exactly what happens when you regulate the internet as if it’s all just Facebook and Google. The tech giants can absorb the compliance costs, but everyone else gets crushed.

The only websites with the financial capacity to work around the government’s new regulations are the ones causing the problems in the first place. And now Meta, which already has a monopoly on a number of near-essential online activities (from local sales to university group chats), is reaping the benefits.

[…]

The age verification process itself is a privacy nightmare wrapped in security theater. Users are being asked to upload selfies that get run through facial recognition algorithms, or hand over copies of their government-issued IDs to third-party companies. The facial recognition systems are so poorly implemented that people are easily fooling them with screenshots from video games—literally using images from the video game Death Stranding. This isn’t just embarrassing, it reveals the fundamental security flaw at the heart of the entire system. If these verification methods can’t distinguish between a real person and a video game character, what confidence should we have in their ability to protect the sensitive biometric data they’re collecting?

But here’s the thing: even when these systems “work,” they’re creating massive honeypots of personal data. As we’ve seen repeatedly, companies collecting biometric data and ID verification inevitably get breached, and suddenly intimate details about people’s online activity become public. Just ask the users of Tea, a women’s dating safety app that recently exposed thousands of users’ verification selfies after requiring facial recognition for “safety.”

The UK government’s response to widespread VPN usage has been predictably authoritarian. First, they insisted nothing would change:

“The Government has no plans to repeal the Online Safety Act, and is working closely with Ofcom to implement the Act as quickly and effectively as possible to enable UK users to benefit from its protections.”

But then, Tech Secretary Peter Kyle deployed the classic authoritarian playbook: dismissing all criticism as support for child predators. This isn’t just intellectually dishonest—it’s a deliberate attempt to shut down legitimate policy debate by smearing critics as complicit in child abuse. It’s particularly galling given that the law Kyle is defending will do absolutely nothing to stop actual predators, who will simply migrate to unregulated platforms or use the same VPNs that law-abiding citizens are now flocking to.

[…]

Meanwhile, the actual harms it purports to address? Those remain entirely unaddressed. Predators will simply move to unregulated platforms, encrypted messaging, or services that don’t comply. Or they’ll just use VPNs. The law creates the illusion of safety while actually making everyone less secure.

This is what happens when politicians decide to regulate technology they don’t understand, targeting problems they can’t define, with solutions that don’t work. The UK has managed to create a law so poorly designed that it simultaneously violates privacy, restricts freedom, harms small businesses, and completely fails at its stated goal of protecting children.

And all of this was predictable. Hell, it was predicted. Civil society groups, activists, legal experts, all warned of these results and were dismissed by the likes of Peter Kyle as supporting child predators.

[…]

A petition set up on the UK government’s website demanding a repeal of the entire OSA received many hundreds of thousands of signatures within days. The government has already brushed it off with more nonsense, promising that the enforcer of the law, Ofcom, “will take a sensible approach to enforcement with smaller services that present low risk to UK users, only taking action where it is proportionate and appropriate, and will focus on cases where the risk and impact of harm is highest.”

But that’s a bunch of vague nonsense that doesn’t take into account that no platform wants to be on the receiving end of such an investigation, and thus will take these overly aggressive steps to avoid scrutiny.

[…]

What makes this particularly tragic is that there were genuine alternatives. Real child safety measures—better funding for mental health support, improved education programs, stronger privacy protections that don’t require mass surveillance—were all on the table. Instead, the UK chose the path that maximizes government control while minimizing actual safety.

The rest of the world should take note.

Source: Didn’t Take Long To Reveal The UK’s Online Safety Act Is Exactly The Privacy-Crushing Failure Everyone Warned About

Project Hyperion | interstellar generation ship design competition winners

Posted on by

Project Hyperion explores the feasibility of crewed interstellar travel via generation ships, using current and near-future technologies. A generation ship is a hypothetical spacecraft designed for long-duration interstellar travel, where the journey may take centuries to complete. The idea behind a generation ship is that the initial crew would live, reproduce, and die on the ship, with their descendants continuing the journey until reaching the destination. These ships are often envisioned as self-sustaining ecosystems, featuring agriculture, habitation, and other necessary life-support systems to ensure survival across multiple generations. 

The Initiative for Interstellar Studies (i4is) is delighted to reveal the winners of the Project Hyperion Design Competition, a landmark global challenge that called upon interdisciplinary teams to envision a generation ship—a crewed interstellar spacecraft designed for a 250-year journey to a habitable planet. The teams designed habitats of such a spacecraft that would allow a society to sustain itself and flourish in a highly resource-constrained environment.

The Project Hyperion Design Competition required architectural designers, engineers, and social scientists to collaborate and address critical mission aspects that enable a spacecraft to function as a closed society over centuries. The collaboration between different disciplines is key to finding holistic solutions that do justice to the complexity of the requirements, in order to provide:

  • Habitability for 1,000 ± 500 people over centuries

  • Artificial gravity via rotation

  • A society that ensures good living conditions, including essential provisions such as shelter, clothing, and other basic needs.

  • Robust life support systems for food, water, waste, and the atmosphere

  • Knowledge transfer mechanisms to retain culture and technologies

Source: Project Hyperion | interstellar generation ship design competition

Microsoft Recall can still nab credit cards, passwords, info and share them remotely

Posted on by

Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that’s supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.

Recall was introduced in 2024 as an exclusive app on Copilot+ PCs, which are laptops that come with a dedicated Neural Processing Unit (NPU) to help with AI-related tasks. Initially, researchers found serious security issues with it, and Redmond pulled it in the spring before re-introducing an ostensibly more secure version in fall 2024. These days, a screen encouraging you to enable it is part of the Windows setup experience on many new PCs.

Microsoft's out of the box experience pushes you to enable Recall

Microsoft’s out of the box experience pushes you to enable Recall – Click to enlarge

Although Microsoft claims that Recall is safe and private, the software could be a goldmine of personal information if a miscreant manages to break into your system. The app has a “Filter sensitive information” setting enabled by default that’s supposed to exempt personal data such as credit card numbers and passwords from capture. However, according to our tests, that filter frequently fails. And there’s no way it would know to avoid potentially damaging entries in your web history that you’d rather keep private (such as things related to your medical history or personal life). Just as bad, the screenshots Recall takes are available to anyone who has your PIN number, even via remote access.

[…]

Source: Microsoft Recall can still nab credit cards, passwords, info • The Register

Belgium Targets Internet Archive’s ‘Open Library’ in Sweeping Site Blocking Order

Posted on by

The Business Court in Brussels, Belgium, has issued a broad site-blocking order that aims to restrict access to shadow libraries including Anna’s Archive, Libgen, OceanofPDF, Z-Library, and the Internet Archive’s Open Library. In addition to ISP blocks, the order also directs search engines, DNS resolvers, advertisers, domain name services, CDNs and hosting companies to take action. For now, Open Library doesn’t appear to be actively blocked.

booksTraditional site-blocking measures that require local ISPs to block subscriber access to popular pirate sites are in common use around the world.

Note: this article was updated to add that Open Library does not appear to be actively blocked. More details here.

[…]

A few months ago DNS blocking arrived in Belgium, where several orders required both ISPs and DNS resolvers to restrict access to pirate sites. This prompted significant pushback, most notably Cisco’s OpenDNS ceasing operations in the country.

Broad Blocking Order Targets Internet Archive’s ‘Open Library’

A new order, issued by the Brussels Business Court in mid-July, targets an even broader set of intermediaries and stands out for other reasons as well.

[…]

Open Library was created by the late Aaron Swartz and Internet Archive’s founder Brewster Kahle, among others. As an open library its goal is to archive all published books, allowing patrons to borrow copies of them online.

The library aims to operate similarly to other libraries, loaning only one copy per book at a time. Instead of licensing digital copies, however, it has an in-house scanning operation to create and archive its own copies.

 

Open Library
 

open library
 

The Open Library project was previously sued by publishers in the United States, where the Internet Archive ultimately losing the case. As a result, over 500,000 books were made unavailable.

[…]

According to the publishers, the operators of the Open Library are not easily identified, while legally required information is allegedly missing from the site, which they see as an indication that the site is meant to operate illegally.

This description seems at odds with the fact that Open Library is part of the Internet Archive, which is a U.S.-registered 501(c)(3) non-profit.

[…]

Internet Archive was not heard in this case, as the blocking order was issued ex parte, without its knowledge. This is remarkable, as the organization is a legal entity in the United States, which receives support from many American libraries.

The broad nature of the order doesn’t stop there either. In addition to requiring ISPs, including Elon Musk’s Starlink, to block the library’s domain names, it also directs a broad range of other intermediaries to take action.

This includes search engines, DNS resolvers, advertisers, domain name services, CDNs, and hosting companies. An abbreviated overview of the requested measures is as follows;

[…]

Update: After publication, a representative from Internet Archive informed us that they are not aware of any disruption to their services at this time.

The Open Library domain (openlibrary.org) doesn’t appear on the master blacklist of FOD Economie either, while several domains of the other four ‘target sites’ are included. We have reached out to the responsible authority in Belgium to get clarification on this discrepancy and will update the article if we hear back.

A copy of the order from the Business Court in Brussels (in Dutch) is available here (pdf)

Source: Belgium Targets Internet Archive’s ‘Open Library’ in Sweeping Site Blocking Order (Update) * TorrentFreak

So this decision is totally unenforceable by Belgium, but does show how corrupt and in the pocket of big businesses the system in Belgium actually is.

Google had just two weeks to begin cracking open Android Play Store, it admits in emergency filing, manages to stay to three weeks

Posted on by

Yesterday, when Epic won its Google antitrust lawsuit for a second time, it wasn’t quite clear how soon Google would need to start dismantling its affirmed illegal monopoly.

Today, Google admitted the answer was: 14 days. Google had just 14 days to enact major changes to its Google Play app store, and the way it does business with phonemakers, cellular carriers, and app developers, unless it won an emergency stay (pause) from the Ninth Circuit Court of Appeals as it continues to appeal. It must stop forcing apps to use Google Play Billing, allow app developers to freely steer their users to other platforms, and limit the perks it can offer in exchange for preinstalled apps, among other changes.

Those changes would not yet include Epic’s biggest wins. They don’t yet force Google to carry rival app stores within the Google Play Store, or to share its full app catalog with those rival stores, so don’t expect the Epic Games Store or the Microsoft Xbox Store to appear inside Google Play quite yet.

And as of Friday afternoon, all of this may take even longer. Hours after we published our story, Google won its emergency stay, and now has at least three weeks before it has to change Android app store policy.

When he issued the permanent injunction to begin cracking open Android, Judge James Donato gave Google eight months to come up with a “narrowly tailored” system of safety and security procedures before it would be forced to carry rival app stores, so Google has seven and a half months left once the stays have been lifted. Rival app stores won’t appear inside Google Play until 2026 at the earliest.

[…]

Source: Google has just two weeks to begin cracking open Android, it admits in emergency filing | The Verge

A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats

Posted on by

[…] Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US.

[…]

Airportr’s CEO Randel Darby confirmed CyberX9’s findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site’s backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. “The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr’s security, and our prompt response and mitigation ensured no further risk,” Darby wrote in a statement. “We take our responsibilities to protect customer data very seriously.”
CyberX9’s researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there’s no guarantee other hackers didn’t access Airportr’s data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user’s email address—and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers’ names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures.
[…]

Source: A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats | WIRED

Ore Energy makes history with first grid-connected iron-air battery system

Posted on by

“Rust battery” now operational in the Netherlands; first multi-day long-term energy storage system, designed to be implemented using exclusively European production and materials

Ore Energy , the Dutch iron-air long-term energy storage startup, today announced that it has successfully connected its flagship iron-air battery to the Delft electricity grid – the world’s first known fully grid-connected iron-air system. The pilot system is also the first multi-day long-term energy storage (LDES) system designed, built, and installed entirely within the European Union using materials exclusively sourced within Europe. This unique deployment represents a significant technological milestone in long-term energy storage and marks a defining moment in European energy sovereignty and resilience.

Ore Energy’s pilot system—which uses iron, air, and water to store clean energy for up to 100 hours—was deployed at The Green Village, a testing ground for next-generation climate and energy innovations at Delft University of Technology (TU Delft). The system charges by using electricity to convert iron oxides (such as rust) back into metallic iron. During discharge, the metallic iron reacts with oxygen in the air to form iron oxides again, releasing electrical energy. The installation is now collecting real-world operational data and will serve as a testbed for multi-day energy shifting, a key milestone on the road to full integration of renewable energy grids. Ore Energy’s entire system will utilize modular 12-meter containers, each providing several MWh of multi-day energy storage, optimized for low-cost and compact deployment.

“This achievement proves that Europe can lead the world in energy innovation and energy resilience. We’ve shown that breakthrough solutions like iron-air can be brought from the lab to the grid in just two years and can be built entirely within a European supply chain,” said Aytaç Yilmaz, co-founder and CEO of Ore Energy. “Our battery not only stores clean energy, but also solves three of the biggest problems facing the grid: it reduces renewables’ downtime, replaces fossil fuel backups, and reduces the need to overbuild wind and solar power. Long-term storage like ours makes renewable energy reliable, affordable, and sovereign. And now it’s ready.”

“The Green Village aims to bring bold ideas from the lab to the real world. Ore Energy’s iron-air battery is just such a breakthrough,” says Lidewij van Trigt, Energy Transition Project Manager at The Green Village. “The connection of the first grid-ready iron-air system here in Delft demonstrates what’s possible when research, regulations, and industry are aligned. We’re proud to offer a testing ground for technologies that will shape the future of the European energy system.”

 

Source: Ore Energy makes history with first grid-connected iron-air battery system – Energy Storage NL (translated from Dutch)

Lying increases trust in science – because people are taught that science is infallible, instead of that it can (and is) improved with time and knowledge

Posted on by

This study begins by outlining the transparency paradox: that trust in science requires transparency, but being transparent about science, medicine and government reduces trust in science. A solution to the paradox is then advanced here: it is argued that, rather than just thinking in terms of transparency and opacity, it is important to think about what institutions are being transparent about. By attending to the particulars of transparency – especially with respect to whether good or bad news is disclosed – it is revealed that transparency about good news increases trust whereas transparency about bad news decreases it, thus explaining the apparent paradox. The apparent solution: to ensure that there is always only good news to report, which might require lying. This study concludes by emphasizing how problematic it is that, currently, the best way to increase public trust is to lie, suggesting that a better way forward (and the real solution to the transparency paradox) would be to resolve the problem of the public overidealizing science through science education and communication to eliminate the naïve view of science as infallible.

Source: Lying increases trust in science | Theory and Society

Public ChatGPT Queries Are Getting Indexed By Google and Other Search Engines (update: fixed!)

Posted on by

An anonymous reader quotes a report from TechCrunch: It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT. Sometimes, these shared conversation links are pretty dull — people ask for help renovating their bathroom, understanding astrophysics, and finding recipe ideas. In another case, one user asks ChatGPT to rewrite their resume for a particular job application (judging by this person’s LinkedIn, which was easy to find based on the details in the chat log, they did not get the job). Someone else is asking questions that sound like they came out of an incel forum. Another person asks the snarky, hostile AI assistant if they can microwave a metal fork (for the record: no), but they continue to ask the AI increasingly absurd and trollish questions, eventually leading it to create a guide called “How to Use a Microwave Without Summoning Satan: A Beginner’s Guide.”

ChatGPT does not make these conversations public by default. A conversation would be appended with a “/share” URL only if the user deliberately clicks the “share” button on their own chat and then clicks a second “create link” button. The service also declares that “your name, custom instructions, and any messages you add after sharing stay private.” After clicking through to create a link, users can toggle whether or not they want that link to be discoverable. However, users may not anticipate that other search engines will index their shared ChatGPT links, potentially betraying personal information (my apologies to the person whose LinkedIn I discovered). According to ChatGPT, these chats were indexed as part of an experiment. “ChatGPT chats are not public unless you choose to share them,” an OpenAI spokesperson told TechCrunch. “We’ve been testing ways to make it easier to share helpful conversations, while keeping users in control, and we recently ended an experiment to have chats appear in search engine results if you explicitly opted in when sharing.”

A Google spokesperson also weighed in, telling TechCrunch that the company has no control over what gets indexed. “Neither Google nor any other search engine controls what pages are made public on the web. Publishers of these pages have full control over whether they are indexed by search engines.”

Source: Public ChatGPT Queries Are Getting Indexed By Google and Other Search Engines

Mastercard Denies Pressuring Steam To Censor ‘NSFW’ Games… except it does.

Posted on by

Mastercard has broken its silence after being thrust into the middle of a gaming culture war between anti-porn advocates and anti-censorship activists. While Valve previously laid blame for a recent purge of adult sex games from Steam at the feet of “payment processors and their related card networks and banks,” Mastercard released a statement on Friday denying any responsibility for a new wave of censorship that’s recently led some gamers to flood payment company call centers with complaints.

“Mastercard has not evaluated any game or required restrictions of any activity on game creator sites and platforms, contrary to media reports and allegations,” the company wrote in a statement published on its website on August 1. “Our payment network follows standards based on the rule of law. Put simply, we allow all lawful purchases on our network. At the same time, we require merchants to have appropriate controls to ensure Mastercard cards cannot be used for unlawful purchases, including illegal adult content.”

Mastercard and Visa have been on the receiving end of an anti-game censorship backlash after anti-porn group Collective Shout claimed victory in a write-in campaign targeting payment company CEOs for allegedly profiting off of what the group called “violent pornography.” Critics of the move recently told Kotaku they’ve been calling the companies multiple times over the last week to complain about Valve and indie game shop itch.io purging seemingly legal NSFW content from their platforms over fears of reportedly being dropped by Mastercard and others.

To be clear, Mastercard doesn’t say it hasn’t been involved at all, just that it’s gone no further than enforcing its existing guidelines against “unlawful purchases, including illegal adult content.” But a renewed crackdown on those requirements, which can be vague in practice, has resulted in Valve and itch.io delisting anywhere from hundreds to thousands of games they worry could get it in trouble with Mastercard and others.

Earlier today, itch.io founder Leaf Corcoran announced the indie storefront is bringing back delisted NSFW games that were free, but is “still in ongoing discussions with payment processors” over paid content which will be reintroduced “slowly.” It could suggest the recent call-in campaigns castigating the credit card companies have changed the calculus for the companies involved. It certainly sounds like Mastercard regrets ever being dragged into this fight, even though it’s the one in the driver’s seat.

Updated: 8/1/2025 4:18 p.m. ET: In a statement to Kotaku, a spokesperson for Valve said that while Mastercard did not communicate with it directly, concerns did come through payment processor and banking intermediaries. They said payment processors rejected Valve’s current guidelines for moderating illegal content on Steam, citing Mastercard’s Rule 5.12.7.

“Mastercard did not communicate with Valve directly, despite our request to do so,” Valve’s statement sent over email to Kotaku reads. “Mastercard communicated with payment processors and their acquiring banks.  Payment processors communicated this with Valve, and we replied by outlining Steam’s policy since 2018 of attempting to distribute games that are legal for distribution.  Payment processors rejected this, and specifically cited Mastercard’s Rule 5.12.7 and risk to the Mastercard brand.”

Rule 5.12.7 states, “A Merchant must not submit to its Acquirer, and a Customer must not submit to the Interchange System, any Transaction that is illegal, or in the sole discretion of the Corporation, may damage the goodwill of the Corporation or reflect negatively on the Marks.”

It goes on, “The sale of a product or service, including an image, which is patently offensive and lacks serious artistic value (such as, by way of example and not limitation, images of nonconsensual sexual behavior, sexual exploitation of a minor, nonconsensual mutilation of a person or body part, and bestiality), or any other material that the Corporation deems unacceptable to sell in connection with a Mark.”

Violations of rule 5.12.7 can result in fines, audits, or companies being dropped by the payment processors.

Source: Mastercard Denies Pressuring Steam To Censor ‘NSFW’ Games

Posted in Sex

UK’s most tattooed man blocked from accessing porn online by new rules

Posted on by

Britain’s most tattooed man has a lot more time on his hands and not a lot else thanks to new porn laws.

The King of Ink says facial recognition tech has made it harder to chat to webcam girls, after sites started mistaking his tattooed face for a mask.

The new rules came into force last week, introducing stricter checks under Ofcom’s children’s codes.

The King of Ink, as he’s legally known, said: ‘Some of the websites are asking for picture verification, like selfies, and it’s not recognising my face.

‘It’s saying “remove your mask” because the technology is made so you can’t hold up a picture to the camera or wear a mask.

‘Would this also be the case for someone who is disfigured? They should have thought of this from day one.’

The businessman and entrepreneur, from Stechford, Birmingham, feels discriminated against on the basis of his permanent identity.

Britain's most tattooed man can't watch porn under new rules because it doesn't recognise his face King Of Ink Land King Body Art The Extreme Ink-ite (Mathew Whelan)
The tattoo enthusiast says his heavily tattooed face is a permanent part of his identity (Picture: @kingofinklandkingbodyart)

‘It’s as important as the name really and I changed my name legally,’ he said

‘Without a name you haven’t got an identity, and it’s the same with a face.

[…]

Source: UK’s most tattooed man blocked from accessing porn online by new rules | News UK | Metro News

So many ways to circumvent it, so many ways it break and really, age verification’s only winners are the tech companies that people are forced to pay money to.

Tiny, fast spectrometer

Posted on by

[…]”Spectrometers are critical tools for helping us understand the chemical and physical properties of various materials based on how light changes when it interacts with those materials,” says Brendan O’Connor, corresponding author of a paper on the work and a professor of mechanical and aerospace engineering at North Carolina State University. “They are used in applications that range from manufacturing to biomedical diagnostics. However, the smallest spectrometers on the market are still fairly bulky.

“We’ve created a spectrometer that operates quickly, at low voltage, and that is sensitive to a wide spectrum of light,” O’Connor says. “Our demonstration prototype is only a few square millimeters in size – it could fit on your phone. You could make it as small as a pixel, if you wanted to.”

The technology makes use of a tiny photodetector capable of sensing wavelengths of light after the light interacts with a target material. By applying different voltages to the photodetector, you can manipulate which wavelengths of light the photodetector is most sensitive to.

“If you rapidly apply a range of voltages to the photodetector, and measure all of the wavelengths of light being captured at each voltage, you have enough data that a simple computational program can recreate an accurate signature of the light that is passing through or reflecting off of the target material,” O’Connor says. “The range of voltages is less than one volt, and the entire process can take place in less than a millisecond.”

[…]

“In the long term, our goal is to bring spectrometers to the consumer market,” O’Connor says. “The size and energy demand of the technology make it feasible to incorporate into a smartphone, and we think this makes some exciting applications possible. From a research standpoint, this also paves the way for improved access to imaging spectroscopy, microscopic spectroscopy, and other applications that would be useful in the lab.”

[…]

Source: This spectrometer is smaller than a pixel, and it sees what we can’t | ScienceDaily

Scientists finally solve the mystery of what triggers lightning

Posted on by

In the study published on July 28 in the Journal of Geophysical Research, the authors described how they determined strong electric fields in thunderclouds accelerate electrons that crash into molecules like nitrogen and oxygen, producing X-rays and initiating a deluge of additional electrons and high-energy photons — the perfect storm from which lightning bolts are born.

“Our findings provide the first precise, quantitative explanation for how lightning initiates in nature,” Pasko said. “It connects the dots between X-rays, electric fields and the physics of electron avalanches.”

The team used mathematical modeling to confirm and explain field observations of photoelectric phenomena in Earth’s atmosphere — when relativistic energy electrons, which are seeded by cosmic rays entering the atmosphere from outer space, multiply in thunderstorm electric fields and emit brief high-energy photon bursts. This phenomenon, known as a terrestrial gamma-ray flash, comprises the invisible, naturally occurring bursts of X-rays and accompanying radio emissions.

“By simulating conditions with our model that replicated the conditions observed in the field, we offered a complete explanation for the X-rays and radio emissions that are present within thunderclouds,” Pasko said. “We demonstrated how electrons, accelerated by strong electric fields in thunderclouds, produce X-rays as they collide with air molecules like nitrogen and oxygen, and create an avalanche of electrons that produce high-energy photons that initiate lightning.”

[…]

In addition to uncovering lightning initiation, the researchers explained why terrestrial gamma-ray flashes are often produced without flashes of light and radio bursts, which are familiar signatures of lightning during stormy weather.

“In our modeling, the high-energy X-rays produced by relativistic electron avalanches generate new seed electrons driven by the photoelectric effect in air, rapidly amplifying these avalanches,” Pasko said. “In addition to being produced in very compact volumes, this runaway chain reaction can occur with highly variable strength, often leading to detectable levels of X-rays, while accompanied by very weak optical and radio emissions. This explains why these gamma-ray flashes can emerge from source regions that appear optically dim and radio silent.”

[…]

Source: Scientists finally solve the mystery of what triggers lightning | ScienceDaily

Futurehome Breaks IoT Devices Unless A New Subscription Is Paid For

Posted on by

[…]It’s bad enough when a company goes fully kablooey, has to shut down all their backend servers and gear, and renders their products useless. That sucks, there are ways around it, and it shouldn’t be allowed, but it’s quite different than perfectly healthy companies selling a product that has features and capabilities out of the box, only to claw back those capabilities and either shut them down or stick them behind some subscription paywall.

And that latter of those examples is what is happening again, this time from Futurehome, which makes a series of smarthome IoT products.

Launched in 2016, Futurehome’s Smarthub is marketed as a central hub for controlling Internet-connected devices in smart homes. For years, the Norwegian company sold its products, which also include smart thermostats, smart lighting, and smart fire and carbon monoxide alarms, for a one-time fee that included access to its companion app and cloud platform for control and automation. As of June 26, though, those core features require a 1,188 NOK (about $116.56) annual subscription fee, turning the smart home devices into dumb ones if users don’t pay up.

“You lose access to controlling devices, configuring; automations, modes, shortcuts, and energy services,” a company FAQ page says.

You also can’t get support from Futurehome without a subscription. “Most” paid features are inaccessible without a subscription, too, the FAQ from Futurehome, which claims to be in 38,000 households, says.

That would be potentially nearly a decade of a bought product working one way, only to have its core functionality tucked behind a subscription paywall on the whim of the company. This is one of those situations that, and I don’t care what country you live in, should elicit the common sense reaction of: this shouldn’t be fucking legal. But, due to the apathy of government and the steady erosion of anything remotely representing true consumer protection, this sort of thing is happening more and more frequently.

And it’s not as though all of this functionality requires support from backend company assets, either. Some do, sure, but some of the features that suddenly don’t work appear to have nothing to do with centralized corporate servers or services.

[…]

As you’d expect, some people are attempting to figure out how to make Futurehome products work without the subscription. Perhaps as a result of that, Futurehome shut down its own user forum in June. In addition, the CEO is complaining about how the company now has to invest time and resources to fight its own customers’ attempts to make the products they bought work like they did at the time of purchase.

Futurehome has fought efforts to crack its firmware, with CEO Øyvind Fries telling Norwegian consumer tech website Tek.no, per a Google translation, “It is regrettable that we now have to spend time and resources strengthening the security of a popular service rather than further developing functionality for the benefit of our customers.”

But is it as regrettable as your own customers suddenly finding out the thing they bought won’t work anymore because your company didn’t business well enough?

Source: Smart Home Device Maker Renders Devices Dumb Unless A New Subscription Is Paid For | Techdirt

French city of Lyon ditching Microsoft for FOSS

Posted on by

The République’s third-largest city and second-largest economic hub on Tuesday cited a desire to reduce dependence on American software, extend the lifespan of its hardware and therefore reduce its environmental impact, and strengthen the technological sovereignty of its public service.

Achieving those goals will see Lyon’s government, which serves over a million people, replace Office with OnlyOffice, a package developed by Latvia-based Ascensio Systems and made available under version 3 of the GNU Affero General Public License.

The municipality also plans to adopt a collaboration suite called “Territoire Numerique Ouvert” – Open Digital Territory – for videoconferencing and office automation tasks.

France’s L’Agence nationale de la cohésion des territoires – an agency that promotes industry development in the country’s regions – awarded a €2 million ($2.3 million) grant to help develop the suite and get it running in local datacenters. Nine French communities already use the suite, which has several thousand individual users.

[…]

Lyon’s government employs almost 10,000 people, so losing it as a customer will briefly sting some regional Microsoft salespeople and partners but won’t make a noticeable dent in the software giant’s balance sheet.

However the city’s decision comes just weeks after Denmark’s’ Ministry for Digitalization decided to drop Microsoft and amid a European Union push to develop sovereign digital capabilities that has seen the likes of Microsoft and AWS try to reassure European customers that their cloudy continental outposts can’t be caught up in US claims to possess extraterritorial jurisdiction over data stored in facilities owned by American companies.

So maybe Lyon ditching Microsoft represents one more snowball in a growing avalanche. ®

Source: French city of Lyon ditching Microsoft for FOSS • The Register

FreeTube – The Private YouTube Client

Posted on by

FreeTube is a YouTube client for Windows (10 and later), Mac (macOS 11 and later), and Linux built around using YouTube more privately. You can enjoy your favorite content and creators without your habits being tracked. All of your user data is stored locally and never sent or published to the internet. FreeTube grabs data by scraping the information it needs (with either local methods or by optionally utilizing the Invidious API). With many features similar to YouTube, FreeTube has become one of the best methods to watch YouTube privately on desktop.

Source: FreeTube – The Private YouTube Client

Google AI is watching — how to turn off Gemini on Android

Posted on by

[…]Why you shouldn’t trust Gemini with your data

Gemini promises to simplify how you interact with your Android — fetching emails, summarizing meetings, pulling up files. But behind that helpful facade is an unprecedented level of centralized data collection, powered by a company known for privacy washing, (new window)misleadin(new window)g users(new window) about how their data is used, and that was hit with $2.9 billion in fines in 2024 alone, mostly for privacy violations and antitrust breaches.

Other people may see your sensitive information

Even more concerning, human reviewers may process your conversations. While Google claims these chats are disconnected from your Google account before review, that doesn’t mean much when a simple prompt like “Show me the email I sent yesterday” might return personal data like your name and phone number.

Your data may be shared beyond Google

Gemini may also share your data with third-party services. When Gemini interacts with other services, your data gets passed along and processed under their privacy policies, not just Google’s. Right now, Gemini mostly connects with Google services, but integrations with apps like WhatsApp and Spotify are already showing up. Once your data leaves Google, you cannot control where it goes or how long it’s kept.

The July 2025 update keeps Gemini connected without your consent

Before July, turning off Gemini Apps Activity automatically disabled all connected apps, so you couldn’t use Gemini to interact with other services unless you allowed data collection for AI training and human review. But Google’s July 7 update changed this behavior and now keeps Gemini connected to certain services — such as Phone, Messages, WhatsApp, and Utilities — even if activity tracking is off.

While this might sound like a privacy-conscious change — letting you use Gemini without contributing to AI training — it still raises serious concerns. Google has effectively preserved full functionality and ongoing access to your data, even after you’ve opted out.

Can you fully disable Gemini on Android?

No, and that’s by design.

[…]

How to turn off Gemini AI on Android

  1. Open the Gemini app on your Android.
  2. Tap your profile icon in the top-right corner.
  3. Go to Gemini Apps Activity*.
  1. Tap Turn offTurn off and delete activity, and follow the prompts.
  1. Select your profile icon again and go to Apps**.
  1. Tap the toggle switch to prevent Gemini from interacting with Google apps and third-party services.

*Gemini Apps Activity is a setting that controls whether your interactions with Gemini are saved to your Google account and used to improve Google’s AI systems. When it’s on, your conversations may be reviewed by humans, stored for up to 3 years, and used for AI training. When it’s off, your data isn’t used for AI training, but it’s still stored for up to 72 hours so Google can process your requests and feedback.

**Apps are the Google apps and third-party services that Gemini can access to perform tasks on your behalf — like reading your Gmail, checking your Google Calendar schedule, retrieving documents from Google Drive, playing music via Spotify, or sending messages on your behalf via WhatsApp. When Gemini is connected to these apps, it can access your personal content to fulfill prompts, and that data may be processed by Google or shared with the third-party app according to their own privacy policies.

Source: Google AI is watching — how to turn off Gemini on Android | Proton