The Linkielist

Linking ideas with the world

The Linkielist

German court revives case that could threaten ad blockers

Posted on by

A recent ruling by the German Federal Court of Justice (BGH) has reopened the possibility that using ad blocking software could violate copyright law in Germany.

In a decision last month, the BGH – the final court of appeals on civil and criminal matters – partially overturned an appeals court decision in an 11-year copyright dispute brought by publisher Axel Springer against Adblock Plus maker Eyeo GmbH.

The ruling says that the appeals court erred when it determined that the use of ad blocking software does not infringe on a copyright holder’s exclusive right to modify a computer program.

Springer has argued – unsuccessfully so far – that its website code falls under the control of the German Copyright Act. So modifying the web page’s Document Object Model (DOM) or Cascading Style Sheets – a common way to alter or remove web page elements – represents copyright infringement under the company’s interpretation of the law.

The appellate court that initially heard and rejected that argument will now have to revisit the matter, a process likely to add several years to a case that Eyeo believed was settled seven years ago.

Eyeo did not immediately respond to a request for comment. While it offers ad blocking software, the company generates revenue from ads through its Acceptable Ads program – advertisers pay to have ads that are “respectful, nonintrusive and relevant” exempted from filtering. Non-commercial open source projects like uBlock Origin rely on community support.

Philipp-Christian Thomale, senior legal counsel for Axel Springer, celebrated the ruling in a post to LinkedIn, calling it “a true milestone in the copyright protection of software – especially with regard to cloud-based applications (SaaS).”

Among the implications, he argues, is that “software providers will be better equipped to defend against manipulation by third-party software.”

While the outcome remains undecided, Mozilla senior IP & product counsel Daniel Nazer worries that if the German courts ultimately uphold the copyright claim, that will hinder user choice on the internet.

“We sincerely hope that Germany does not become the second jurisdiction (after China) to ban ad blockers,” he wrote in a blog post on Thursday.

“This will significantly limit users’ ability to control their online environment and potentially open the door to similar restrictions elsewhere. Such a precedent could embolden legal challenges against other extensions that protect privacy, enhance accessibility, or improve security.”

Ad blocking, or more broadly content blocking, can save battery life on mobile devices, improve page load times, reduce bandwidth consumption, and protect against malicious ads and nation-states that use ads for offensive cyber operations. The US Federal Bureau of Investigation in 2022 advised, “Use an ad blocking extension when performing internet searches,” as a defense against malicious search ads.

And as Nazer observes, there are many reasons other than ad blocking that one might wish to alter a webpage, such as improving accessibility, evaluating accessibility, or protecting privacy.

[…]

“If the German Supreme Court rules that this is a copyright violation then they would be in direct breach of TFEU [Treaty on the Functioning of the European Union] as such a judgment would not comply with EU law,” he told The Register in an email, pointing to Recital 66 of 2009/136/EC.

Hanff said he was told in writing around 2016 by the EU Commission’s Legal Services that “ad blockers and other such tools absolutely fall into the category of ‘appropriate settings of a browser or other application’ as a means of providing or refusing consent for such technologies (adtech).”

[…]

Source: German court revives case that could threaten ad blockers • The Register

Philipp-Christian Thomale, you are an evil man. Internet without an ad blocker is a horrible horrible thing you should not force on anyone.

New Brain Device Is First to Read Out Inner Speech

Posted on by

[…]

on the cutting edge of this field, neuroscientists have more recently developed brain implants that can turn neural signals directly into whole words. These brain-computer interfaces (BCIs) largely require users to physically attempt to speak, however—and that can be a slow and tiring process. But now a new development in neural prosthetics changes that, allowing users to communicate by simply thinking what they want to say.

The new system relies on much of the same technology as the more common “attempted speech” devices. Both use sensors implanted in a part of the brain called the motor cortex, which sends motion commands to the vocal tract. The brain activation detected by these sensors is then fed into a machine-learning model to interpret which brain signals correspond to which sounds for an individual user. It then uses those data to predict which word the user is attempting to say.

But the motor cortex doesn’t only light up when we attempt to speak; it’s also involved, to a lesser extent, in imagined speech. The researchers took advantage of this to develop their “inner speech” decoding device and published the results on Thursday in Cell. The team studied three people with amyotrophic lateral sclerosis (ALS) and one with a brain stem stroke, all of whom had previously had the sensors implanted. Using this new “inner speech” system, the participants needed only to think a sentence they wanted to say and it would appear on a screen in real time. While previous inner speech decoders were limited to only a handful of words, the new device allowed participants to draw from a dictionary of 125,000 words.

[…]

“Largely, [there was] a lot of excitement about potentially being able to communicate fast again,” she says—adding that one participant was particularly thrilled by his newfound potential to interrupt a conversation—something he couldn’t do with the slower pace of an attempted speech device.

To ensure private thoughts remained private, the researchers implemented a code phrase: “chitty chitty bang bang.” When internally spoken by participants, this would prompt the BCI to start or stop transcribing.

[…]

Source: New Brain Device Is First to Read Out Inner Speech | Scientific American

Hair based toothpased could fix your tooth enamel

Posted on by

Keratin-based films guide biomimetic enamel remineralization by promoting organized hydroxyapatite growth under physiological conditions. Advanced biophysical characterization confirms keratin’s structural adaptability and mineral ions-binding affinity, supporting mineral nucleation and hierarchical crystal assembly. This study establishes keratin as a promising, sustainable platform for functional enamel regeneration, offering a clinically translatable approach for repairing demineralized dental enamel lesions and restoring enamel architecture.

[…]

This study establishes a pre-clinical framework for using water-based keratin platforms to repair enamel demineralization lesions, demonstrating keratin’s potential as a cheap, abundant, and biocompatible biomaterial for functional enamel regeneration. Keratin films self-assembled into β-sheet-rich spherulitic architectures, forming organized nucleation sites that directed the growth of enamel-like mineral layers with aligned apatite nanocrystals and fluoride incorporation. The transition from β-sheets to α-helix and β-turn structures upon mineralization underscores keratin’s dynamic role in orchestrating hierarchical mineralization, mimicking natural enamel formation. These newly formed crystals exhibited significant recovery in hardness and elastic modulus, restoring both surface and subsurface mechanical integrity beyond that achievable with resin infiltration, while preserving crystalline architecture. Importantly, keratin facilitated controlled mineral phase development, transitioning ACP to organized apatite, confirming its capacity to mediate biomineralization efficiently.

Collectively, these findings establish keratin as a clinically viable, sustainable biomaterial for enamel repair, enabling functional regeneration of enamel architecture with a simple, solvent-free fabrication process. Future studies should focus on optimizing keratin’s structural tuning and functionalizing it with additional acidic domains to enhance mineral binding affinity, while conducting systematic in vitro and in vivo cellular studies to evaluate cytocompatibility, bioactivity, and integration within hard tissue environments, thereby supporting its broader application in dental tissue engineering and regenerative medicine. Beyond enamel repair, keratin-based matrices hold promise for addressing bony defects, dentine hypersensitivity, and erosive tooth wear, with broad implications for dental and biomedical fields. The simplicity, scalability, and affordability of this system position keratin as a resourceful platform for advancing sustainable, clinically feasible regenerative strategies in tissue engineering and structural biomimetics.

Source: Biomimetic Mineralization of Keratin Scaffolds for Enamel Regeneration – Gamea – Advanced Healthcare Materials – Wiley Online Library

Pluralistic: “Privacy preserving age verification” is bullshit

Posted on by

[…]

when politicians are demanding that technologists NERD HARDER! to realize their cherished impossibilities.

That’s just happened, and in relation to one of the scariest, most destructive NERD HARDER! tech policies ever to be assayed (a stiff competition). I’m talking about the UK Online Safety Act, which imposes a duty on websites to verify the age of people they communicate with before serving them anything that could be construed as child-inappropriate (a category that includes, e.g., much of Wikipedia):

https://wikimediafoundation.org/news/2025/08/11/wikimedia-foundation-challenges-uk-online-safety-act-regulations/

The Starmer government has, incredibly, developed a passion for internet regulations that are even stupider than Tony Blair’s and David Cameron’s. Requiring people to identify themselves (generally, via their credit cards) in order to look at porn will create a giant database of every kink and fetish of every person in the UK, which will inevitably leak and provide criminals and foreign spies with a kompromat system they can sort by net worth of the people contained within.

This hasn’t deterred Starmer, who insists that if we just NERD HARDER!, we can use things like “zero-knowledge proofs” to create “privacy-preserving” age verification system, whereby a service can assure itself that it is communicating with an adult without ever being able to determine who it is communicating with.

In support of this idea, Starmer and co like to cite some genuinely exciting and cool cryptographic work on privacy-preserving credential schemes. Now, one of the principal authors of the key papers on these credential schemes, Steve Bellovin, has published a paper that is pithily summed up via its title, “Privacy-Preserving Age Verification—and Its Limitations”:

https://www.cs.columbia.edu/~smb/papers/age-verify.pdf

The tldr of this paper is that Starmer’s idea will not work and cannot work. The research he relies on to defend the technological feasibility of his cherished plan does not support his conclusion.

Bellovin starts off by looking at the different approaches various players have mooted for verifying their users’ age. For example, Google says it can deploy a “behavioral” system that relies on Google surveillance dossiers to make guesses about your age. Google refuses to explain how this would work, but Bellovin sums up several of the well-understood behavioral age estimation techniques and explains why they won’t work. It’s one thing to screw up age estimation when deciding which ad to show you; it’s another thing altogether to do this when deciding whether you can access the internet.

Others say they can estimate your age by using AI to analyze a picture of your face. This is a stupid idea for many reasons, not least of which is that biometric age estimation is notoriously unreliable when it comes to distinguishing, say, 16 or 17 year olds from 18 year olds. Nevertheless, there are sitting US Congressmen who not only think this would work – they labor under the misapprehension that this is already going on:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

So that just leaves the privacy-preserving credential schemes, especially the Camenisch-Lysyanskaya protocol. This involves an Identity Provider (IDP) that establishes a user’s identity and characteristics using careful document checks and other procedures. The IDP then hands the user a “primary credential” that can attest to everything the IDP knows about the user, and any number of “subcredentials” that only attest to specific facts about that user (such as their age).

These are used in zero-knowledge proofs (ZKP) – a way for two parties to validate that one of them asserts a fact without learning what that fact is in the process (this is super cool stuff). Users can send their subcredentials to a third party, who can use a ZKP to validate them without learning anything else about the user – so you could prove your age (or even just prove that you are over 18 without disclosing your age at all) without disclosing your identity.

There’s some good news for implementing CL on the web: rather than developing a transcendentally expensive and complex new system for these credential exchanges and checks, CL can piggyback on the existing Public Key Infrastructure (PKI) that powers your browser’s ability to have secure sessions when you visit a website with https:// in front of the address (instead of just http://).

However, doing so poses several difficulties, which Bellovin enumerates under a usefully frank section header: “INSURMOUNTABLE OBSTACLES.”

The most insurmountable of these obstacles is getting set up with an IDP in the first place – that is, proving who you are to some agency, but only one such agency (so you can’t create two primary credentials and share one of them with someone underage). Bellovin cites Supreme Court cases about voter ID laws and the burdens they impose on people who are poor, old, young, disabled, rural, etc.

Fundamentally, it can be insurmountably hard for a lot of people to get, say, a driver’s license, or any other singular piece of ID that they can provide to an IDP in order to get set up on the system.

The usual answer for this is for IDPs to allow multiple kinds of ID. This does ease the burden on users, but at the expense of creating fatal weaknesses in the system: if you can set up an identity with multiple kinds of ID, you can visit different IDPs and set up an ID with each (just as many Americans today have drivers licenses from more than one state).

The next obstacle is “user challenges,” like the problem of households with shared computers, or computers in libraries, hotels, community centers and other public places. The only effective way to do this is to create (expensive) online credential stores, which are likely to be out of reach of the poor and disadvantaged people who disproportionately rely on public or shared computers.

Next are the “economic issues”: this stuff is expensive to set up and maintain, and someone’s gotta pay for it. We could ask websites that offer kid-inappropriate content to pay for it, but that sets up an irreconcilable conflict of interest. These websites are going to want to minimize their costs, and everything they can do to reduce costs will make the system unacceptably worse. For example, they could choose only to set up accounts with IDPs that are local to the company that operates the server, meaning that anyone who lives somewhere else and wants to access that website is going to have to somehow get certified copies of e.g. their birth certificate and driver’s license to IDPs on the other side of the planet. The alternative to having websites foot the bill for this is asking users to pay for it – meaning that, once again, we exclude poor people from the internet.

Finally, there’s “governance”: who runs this thing? In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.

An IDP’s most important role is verifying documents and associating them with a specific person. But not all IDPs will be created equal, and people who wish to cheat the system will gravitate to the worst IDPs. However, lots of people who have no nefarious intent will also use these IDPs, merely because they are close by, or popular, or were selected at random. A decision to strike off an IDP and rescind its verifications will force lots of people – potentially millions of people – to start over with the whole business of identifying themselves, during which time they will be unable to access much of the web. There’s no practical way for the average person to judge whether an IDP they choose is likely to be found wanting in the future.

So we can regulate IDPs, but who will do the regulation? Age verification laws affect people outside of a government’s national territory – anyone seeking to access content on a webserver falls under age verification’s remit. Remember, IDPs handle all kinds of sensitive data: do you want Russia, say, to have a say in deciding who can be an IDP and what disclosure rules you will have to follow?

To regulate IDPs (and certificate authorities), these entities will have to keep logs, which further compromises the privacy guarantees of the CL protocol.

Looming all of this is a problem with the CL protocol as being built on regulated entities, which is that CL is envisioned as a way to do all kinds of business, from opening a bank account to proving your vaccination status or your right to work or receive welfare. Authoritarian governments who order primary credential revocations of their political opponents could thoroughly and terrifyingly “unperson” them at the stroke of a pen.

The paper’s conclusions provide a highly readable summary of these issues, which constitute a stinging rebuke to anyone contemplating age-verification schemes. These go well beyond the UK, and are in the works in Canada, Australia, the EU, Texas and Louisiana.

Age verification is an impossibility, and an impossibly terrible idea with impossibly vast consequences for privacy and the open web, as my EFF colleague Jason Kelley explained on the Malwarebytes podcast:

https://www.malwarebytes.com/blog/podcast/2025/08/the-worst-thing-for-online-rights-an-age-restricted-grey-web-lock-and-code-s06e16

Politicians – even nontechnical ones – can make good tech policy, provided they take expert feedback seriously (and distinguish it from self-interested industry lobbying).

When it comes to tech policy, wanting it badly is not enough. The fact that it would be really cool if we could get technology to do something has no bearing on whether we can actually get technology to do that thing. NERD HARDER! isn’t a policy, it’s a wish.

Wish in one hand and shit in the other and see which one will be full first:

https://www.reddit.com/r/etymology/comments/oqiic7/studying_the_origins_of_the_phrase_wish_in_one/

Source: Pluralistic: “Privacy preserving age verification” is bullshit (14 Aug 2025) – Pluralistic: Daily links from Cory Doctorow

This Is the New Pebble Smartwatch, and Yes, It’s Now Called Pebble Again

Posted on by

After more than a decade, the Pebble smartwatch is back, and it already looks enticing for those of us who can’t be bothered with today’s health data-obsessed, sensor-filled, and all-too-weighty wearables. The company behind the revitalized watch shared its final designs for what’s coming, and it may be the simple smartwatch we’ve been missing since 2016.

Last month, original Pebble designer Eric Migicovsky reported that his new company, Core Devices, was able to recover the Pebble trademark, meaning we no longer have to pretend the previous “Core 2 Duo” and “Core Time 2” weren’t an update to the older e-paper wearables. It’s a good thing the name’s back. Pebble is a brand name that fits the revitalized wearable’s identity so perfectly. It’s small and smooth, and anybody with fidgety hands can fiddle with it. On Wednesday, Migicovsky dropped pictures, renders, and specs for the upcoming smartwatches.

First on the list is the Pebble Time 2. The smartwatch has a small, 1.5-inch color e-paper touch display with a bottom heart rate monitor, step counter, and sleep tracker. The update showed off the new smartwatch face frame and buttons—now both made from stainless steel akin to the 2014 Pebble Steel. The back is screwed on in case you ever need to access the internals (though it may also require some glue to hold it together). The head of Core Devices also said the new smartwatch will have a compass and a second microphone that could allow for better noise cancellation for any kind of assistant feature.

“Nobody really uses the compass,” Migicovsky said in a video accompanying his most recent blog post. “90-something percent of people haven’t used the compass on a Pebble, so I wasn’t feeling inclined to put another chip on it. But we found a relatively inexpensive chip… no guarantees how good it’s going to be.”

Pebble Time 2 Design Reveal 2 3020a181 3a95 4c83 91d4 5b872c69e76a
The Pebble Time 2 sports a color e-paper display with an RGB backlight. © Core Devices

The Pebble Time 2 will potentially sport four colorways. Two of the color options are a silver or blackened shade of metal, but there may also be a blue and red polycarbonate option. The final colors haven’t been finalized, but Migicovsky said the company will email all customers with a preorder to finalize their selection. Similarly, anybody who wants to swap their preorder from a $150 Pebble 2 Duo to a $225 Pebble Time 2 can just wait for a survey that will let them choose the more expensive option. The cheaper, polycarbonate option is akin to a Pebble 2, with a 1.2-inch black and white non-touch e-paper display with a barometer and compass, though it also lacks a heart rate monitor.

Migicovsky has been regularly blogging his efforts in China to get the first Pebble units manufactured through his X account. The new images imply we’re getting closer to an actual launch. Core Devices still needs to finalize colors and polish, and the smartwatch shown in the video is still a “very early” rendition of the hardware. The smartwatch is running age-old PebbleOS with a few modern amenities, but there are still glitches to work out. The company still has to go through the process of engineering testing through design and production, so there’s no official word on a release date. Either way, it may be a more exciting wearable than the upcoming Apple Watch Series 11, which is likely to debut in little under a month’s time.

Source: This Is the New Pebble Smartwatch, and Yes, It’s Now Called Pebble Again

UK passport database images used in facial recognition scans

Posted on by

Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight.

Big Brother Watch says the UK government has allowed images from the country’s passport and immigration databases to be made available to facial recognition systems, without informing the public or parliament.

The group claims the passport database contains around 58 million headshots of Brits, plus a further 92 million made available from sources such as the immigration database, visa applications, and more.

By way of comparison, the Police National Database contains circa 20 million photos of those who have been arrested by, or are at least of interest to, the police.

In a joint statement, Big Brother Watch, its director Silkie Carlo, Privacy International, and its senior technologist Nuno Guerreiro de Sousa, described the databases and lack of transparency as “Orwellian.” They have also written to both the Home Office and the Metropolitan Police, calling for a ban on the practice.

The comments come after Big Brother Watch submitted Freedom of Information requests, which revealed a significant uptick in police scanning the databases in question as part of the force’s increasing facial recognition use.

The number of searches by 31 police forces against the passport databases rose from two in 2020 to 417 by 2023, and scans using the immigration database photos rose from 16 in 2023 to 102 the following year.

Carlo said: “This astonishing revelation shows both our privacy and democracy are at risk from secretive AI policing, and that members of the public are now subject to the inevitable risk of misidentifications and injustice. Police officers can secretly take photos from protests, social media, or indeed anywhere and seek to identify members of the public without suspecting us of having committed any crime.

“This is a historic breach of the right to privacy in Britain that must end. We’ve taken this legal action to defend the rights of tens of millions of innocent people in Britain.”

[…]

Recent data from the Met attempted to imbue a sense of confidence in facial recognition, as the number of arrests the technology facilitated passed the 1,000 mark, the force said in July.

However, privacy campaigners were quick to point out that this accounted for just 0.15 percent of the total arrests in London since 2020. They suggested that despite the shiny 1,000 number, this did not represent a valuable return on investment in the tech.

Alas, the UK has not given up on its pursuit of greater surveillance powers. Prime Minister Keir Starmer, a former human rights lawyer, is a big fan of FR, having said last year that it was the answer to preventing future riots like the ones that broke out across the UK last year following the Southport murders. ®

Source: UK passport database images used in facial recognition scans • The Register

Epic Games has another win over Apple and Google, in Oz

Posted on by

Australia’s Federal Court has given Epic Games another win in its global fight against the way Apple and Google run their app stores.

The Court yesterday delivered its oral decision in a long-running case that, like similar cases elsewhere, considered whether the tech giants abuse market power by preventing developers from pursuing distribution channels that cost less than using their app stores or alternative payment systems.

The Australian case also represented the first major test of a revised definition of abuse of market power under local law.

As explained by law firm Gilbert + Tobin, the court found that both Apple and Google abused market power. Justice Beach found Apple’s App Store and requirement to use only its payment systems for apps sold there “had the purpose, effect or likely effect of substantially lessening competition” and therefore breached Australian competition law.

The Court found Google also misused power it wields in the market for app stores and payment services on Android.

Epic Games hailed the result as a win for developers and consumers. The games developer interpreted the judgement as meaning Apple will be forced to allow it to sell its wares in the App Store, something Cupertino has declined to do after Epic started using external payment systems.

However Epic also noted that the written decision runs to over 2,000 pages, and its expectation it may therefore contain other matters it needs to consider. At the time of writing the Court had not published the judgment and it may be some time before it emerges, because Gilbert + Tobin says the full terms outlined in the decision “are currently embargoed pending resolution of confidentiality claims.”

The matter is therefore far from over, for several reasons. One is that Apple and Google can appeal and appear likely to do so as both already expressed their concerns with some aspects of the judgement. Another is that a class action seeking compensation for overcharging flowing from Apple and Google’s abuse of market power has scarcely begun.

Gilbert + Tobin does, however, note that Australia joins South Korea, India, and Japan in having found or decided that app store operators need to allow more competition, and that the UK is investigating the same issues. Epic, Apple, and Google have also fought over the same issues in the US, where the games developer scored important wins. ®

Source: Epic Games has another win over Apple and Google, in Oz • The Register

Wikipedia:Signs of AI writing – Wikipedia

Posted on by

This is a list of writing and formatting conventions typical of AI chatbots such as ChatGPT, with real examples taken from Wikipedia articles and drafts. Its purpose is to act as a field guide in helping detect undisclosed AI-generated content. Note that not all text featuring the following indicators is AI-generated; large language models (LLMs), which power AI-chatbots, have been trained on human writing, and humans might happen to have a writing style similar to that of an AI.

Source: Wikipedia:Signs of AI writing – Wikipedia

Be Warned: Lessons From Reddit’s Chaotic UK Age Verification Rollout

Posted on by

Age verification has officially arrived in the UK thanks to the Online Safety Act (OSA), a UK law requiring online platforms to check that all UK-based users are at least eighteen years old before allowing them to access broad categories of “harmful” content that go far beyond graphic sexual content. EFF has extensively criticized the OSA for eroding privacy, chilling speech, and undermining the safety of the children it aims to protect. Now that it’s gone into effect, these countless problems have begun to reveal themselves, and the absurd, disastrous outcome illustrates why we must work to avoid this age-verified future at all costs.

Perhaps you’ve seen the memes as large platforms like Spotify and YouTube attempt to comply with the OSA, while smaller sites—like forums focused on parenting, green living, and gaming on Linux—either shut down or cease some operations rather than face massive fines for not following the law’s vague, expensive, and complicated rules and risk assessments.

But even Reddit, a site that prizes anonymity and has regularly demonstrated its commitment to digital rights, was doomed to fail in its attempt to comply with the OSA. Though Reddit is not alone in bowing to the UK mandates, it provides a perfect case study and a particularly instructive glimpse of what the age-verified future would look like if we don’t take steps to stop it.

It’s Not Just Porn—LGBTQ+, Public Health, and Politics Forums All Behind Age Gates

On July 25, users in the UK were shocked and rightfully revolted to discover that their favorite Reddit communities were now locked behind age verification walls. Under the new policies, UK Redditors were asked to submit a photo of their government ID and/or a live selfie to Persona, the for-profit vendor that Reddit contracts with to provide age verification services.

"SUBMIT PHOTO ID" or "ESTIMATE AGE FROM SELFIE."

For many, this was the first time they realized what the OSA would actually mean in practice—and the outrage was immediate. As soon as the policy took effect, reports emerged from users that subreddits dedicated to LGBTQ+ identity and support, global journalism and conflict reporting, and even public health-related forums like r/periods, r/stopsmoking, and r/sexualassault were walled off to unverified users. A few more absurd examples of the communities that were blocked off, according to users, include: r/poker, r/vexillology (the study of flags), r/worldwar2, r/earwax, r/popping (the home of grossly satisfying pimple-popping content), and r/rickroll (yup). This is, again, exactly what digital rights advocates warned about.

The OSA defines “harmful” in multiple ways that go far beyond pornography, so the obstacles the UK users are experiencing are exactly what the law intended. Like other online age restrictions, the OSA obstructs way more than kids’ access to clearly adult sites. When fines are at stake, platforms will always default to overcensoring. So every user in the country is now faced with a choice: submit their most sensitive data for privacy-invasive analysis, or stay off of Reddit entirely. Which would you choose?

[…]

Rollout Chaos: The Tech Doesn’t Even Work! 

In the days after the OSA became effective, backlash to the new age verification measures spread across the internet like wildfire as UK users made their hatred of these new policies clear. VPN usage in the UK soared, over 500,000 people signed a petition to repeal the OSA, and some shrewd users even discovered that video game face filters and meme images could fool Persona’s verification software

[…]

age verification measures still will not achieve their singular goal of protecting kids from so-called “harmful” online content. Teenagers will, uh, find a way to access the content they want. Instead of going to a vetted site like Pornhub for explicit material, curious young people (and anyone else who does not or cannot submit to age checks) will be pushed to the sketchier corners of the internet—where there is less moderation, more safety risk, and no regulation to prevent things like CSAM or non-consensual sexual content. In effect, the OSA and other age verification mandates like it will increase the risk of harm, not reduce it.

If that weren’t enough, the slew of practical issues that have accompanied Reddit’s rollout also reveals the inadequacy of age verification technology to meet our current moment. For example, users reported various bugs in the age-checking process, like being locked out or asked repeatedly for ID despite complying.

[…]

it is excessively clear that age-gating the internet is not the solution to kids’ online safety. Whether due to issues with the discriminatory and error-prone technology, or simply because they lack either a government ID or personal device of their own, millions of UK internet users will be completely locked out of important social, political, and creative communities. If we allow age verification, we welcome new levels of censorship and surveillance with it—while further lining the pockets of big tech and the slew of for-profit age verification vendors that have popped up to fill this market void.

[…]

Source: Americans, Be Warned: Lessons From Reddit’s Chaotic UK Age Verification Rollout | Electronic Frontier Foundation

FDA Approval of Vizz Eye Drops Revolutionizes Presbyopia (inablity to read with age) Treatment

Posted on by

TL;DR: These are eyedrops which cure your growing inability to read as you age and last for 8 hours.

[…] presbyopia affects nearly one in two adults over 40, yet treatment options have remained largely static for decades, confined to optical corrections or surgical procedures. The FDA’s green light for Vizz — the first drop-based, aceclidine-containing ophthalmic formulation approved specifically for near vision correction — was driven by robust phase 3 trial data demonstrating consistent, clinically meaningful improvements in reading acuity without compromising distance vision.

[…]

Vizz’s mechanism pivots on aceclidine’s miotic action, gently constricting the pupil to enhance depth of focus—akin to a dynamic pinhole effect tailored for near tasks. Unlike lens-altering approaches that hinge on accommodation or optical overlays, this ophthalmic solution targets the iris sphincter muscle, inducing a 1.5–2 mm reduction in pupil diameter that sharpens close-range vision without distorting distance clarity. Pharmacologically, aceclidine acts as a selective cholinergic agonist, offering a predictable pharmacokinetic profile with onset of action within 30 minutes and sustained efficacy for up to 8 hours. This mechanism not only underpins clinical efficacy but also directly informs patient-centric dosing strategies. Device-based pupillometry studies confirm that the targeted miotic effect avoids excessive constriction that could impair scotopic performance. Clinicians can customize dosing to patient pupil response, initiating treatment with a classroom-based trial to fine-tune visual outcomes.

[…]

over 75% of participants achieving at least one line of near visual acuity gain on ETDRS charts […] At peak effect, 62% of subjects recorded two or more lines of improvement, and gains persisted through an eight-hour window sufficient for typical daytime activities, from mobile device reading to detailed crafts. Reported adverse effects were mild and transient, primarily limited to brief brow ache or slight dimming of ambient light, without significant impact on distance vision or ocular surface health.

[…]

High patient compliance with Vizz arises from its once-daily dosing schedule, rapid visual benefit, and elimination of cumbersome lens handling

[…]

Source: FDA Approval of Vizz Eye Drops Revolutionizes Presbyopia Treatment – Be part of the knowledge – ReachMD

This seems like a better alternative to Orthrokeratology, where you wear contact lenses at night to reshape your eyes and you can see properly for about a day for nearsightedness. Of course, you can’t use these eyedrops for farsignedness and you can use orthokeratolgoy for that.

UK F-35B Still Stranded In Japan Is Awaiting Spare Parts. The one in India was there for a month.

Posted on by

The U.K. Royal Air Force F-35B stealth fighter that was forced to make an emergency diversion to Japan last week is still there, the U.K. Ministry of Defense has told TWZ.

The F-35B in question, from the Royal Navy carrier HMS Prince of Wales, landed at Kagoshima Airport, in Kirishima City, southwest Japan, at around 11:30 a.m. local time on Aug. 10, following an in-flight malfunction. No injuries to the pilot were reported, and although six flights in and out of Kagoshima were said to be delayed, the airport was soon operating normally again. In the meantime, the F-35B was moved from the runway to a taxiway. Its exact location at the airfield is not currently known.

While the U.K. Ministry of Defense offered no further detail to TWZ about the nature of the technical issues affecting the aircraft now in Japan, it did say that it was completely unrelated to the fault encountered earlier in the cruise, which required a different F-35B to divert to an airfield in India, where it was left stranded for over a month.

The U.K. Ministry of Defense also confirmed that the aircraft in Japan has been assessed by Royal Navy and Royal Air Force engineers; it is now awaiting spares, after which it will be repaired. In the past, the global supply chain of F-35 parts has been questioned, although both the U.S. Marine Corps and Japan itself have F-35Bs based locally.

The two F-35B diversions come during what is one of the highest-profile cruises for the type in British service.

[…]

The two F-35B diversions during Highmast are, in themselves, nothing extraordinary. Such incidents are part and parcel of carrier-based aircraft operations. When not executing blue-water operations, a precautionary emergency landing is often the safest option, bearing in mind the many technical, human-factor, and ship-operational issues that make recovering on the carrier a higher risk. This can include low fuel states.

However, given the turbulent history of the F-35 program and persistent questions about the future of the procurement of this aircraft in the United Kingdom, they are subject to additional scrutiny.

The United Kingdom also lost an F-35B in a well-publicized accident during a previous cruise, when an example crashed in the Mediterranean after an aborted takeoff attempt from the carrier HMS Queen Elizabeth in November 2021

[…]

Source: UK F-35B Still Stranded In Japan Is Awaiting Spare Parts

And recently the UK has announced that they will be purchasing the A variant, exposing them to much larger logistics chains difficulties. And as TR03 is still not problem free (after several years), they won’t be able to fly it operationally for the foreseeable future either. The US must have some serious boot on the neck of the UK for them to keep using these lemons.

Even Volkswagen Is Doing Horsepower Subscriptions Now

Posted on by

[…]

we’re used to hearing about subscriptions for improved performance and creature comforts on luxury cars, but VW’s trialing BMW and Mercedes-Benz’s greatest hits of consumer-hostile policies and gating an additional 27 horsepower behind a $22.30 monthly payment on the ID.3. Alternatively, owners can shell out $878 to unlock that power permanently, for the life of the vehicle.

This news comes courtesy of AutoExpress, and it’s alarming for several reasons. First, again, the ID.3 isn’t exactly a bargain, starting at the equivalent of $41,770, but it’s also no Mercedes EQE. Second, as the article points out, the car is registered at 228 hp stock, which affects insurance rates, even though owners only get 201 hp before subscribing. So, you’re paying a penalty on your insurance premium based on power that you can only access if you give Volkswagen yet more money every month.

This monthly fee also lifts torque from the standard 195 lb-ft to 228 lb-ft, and VW says that the increase in output doesn’t impact range

[…]

The best outcome we can hope for in these cases is that the outcry against it becomes so loud that VW relents. That’s worked to some degree on this side of the pond, with BMW’s heated-seat policies. But the retractions don’t last forever, and automakers are pretty much set on biding their time until software-locking everything is normalized, and they can get away with all of it.

Source: Even Volkswagen Is Doing Horsepower Subscriptions Now

So… you paid for the hardware. It is sitting in the car you own, which is parked in front of your house. And they want to ask more for what you already bought? Absolutely ridiculous and I hope the car hacking scene finds a way to circumvent this.

EU Chat Control Plan Gains Support Again, Threatens Encryption, mass surveillance, age verification

Posted on by

A controversial European Union proposal dubbed “Chat Control” is regaining momentum, with 19 out of 27 EU member states reportedly backing the measure.

The plan would mandate that messaging platforms, including WhatsApp, Signal and Telegram, must scan every message, photo and video sent by users starting in October, even if end-to-end encryption is in place, popular French tech blogger Korben wrote on Monday.

Denmark reintroduced the proposal on July 1, the first day of its EU Council presidency. France, once opposed, is now in favor, Korben said, citing Patrick Breyer, a former member of the European Parliament for Germany and the European Pirate Party.

Belgium, Hungary, Sweden, Italy and Spain are also in favor, while Germany remains undecided. However, if Berlin joins the majority, a qualified council vote could push the plan through by mid-October, Korben said.

A qualified majority in the EU Council is achieved when two conditions are met. First, at least 55 percent of member states, meaning 15 out of 27, must vote in favor. Second, those countries must represent at least 65% of the EU’s total population.

EU Chat Control bill finds support. Source: Pavol Luptak

Pre-encryption scanning on devices

Instead of weakening encryption, the plan seeks to implement client-side scanning, meaning software embedded in users’ devices that inspects content before it is encrypted. “A bit like if the Post Office came to read all your letters in your living room before you put them in the envelope,” Korben said.

He added that the real target isn’t criminals, who use encrypted or decentralized channels, but ordinary users whose private conversations would now be open to algorithmic scrutiny.

The proposal cites the prevention of child sexual abuse material (CSAM) as its justification. However, it would result in “mass surveillance by means of fully automated real-time surveillance of messaging and chats and the end of privacy of digital correspondence,” Breyer wrote.

Beyond scanning, the package includes mandatory age verification, effectively removing anonymity from messaging platforms. Digital freedom groups are asking citizens to contact their MEPs, sign petitions and push back before the law becomes irreversible.

[…]

Source: EU Chat Control Plan Gains Support, Threatens Encryption

Age verification is going horribly wrong in the UK and mass surveillance threatens freedom of thought, something we fortunately still have in the EU. This must be stopped.

New electrolyte highway enables low-temperature hydrogen fuel cells

Posted on by

[…]Researchers at Kyushu University in Japan have developed a new type of solid-oxide fuel cell (SOFC) that operates at 300℃ (500°F) , a notable reduction from typical operating temperatures. “The team expects that their new findings will lead to the development of low-cost, low-temperature SOFCs and greatly accelerate the practical application of these devices,” said the researchers in a press release

….

Such heat requires costly, specialized heat-resistant materials, making the technology expensive for many applications. A lower operating temperature is expected to reduce these manufacturing costs

….

The implications of this work extend beyond this specific fuel cell. The design principle of creating efficient ion pathways in materials provides a basis for developing other energy technologies.Professor Yamazaki suggests the same concept could be applied to improve other tools for decarbonization. “Beyond fuel cells, the same principle can be applied to other technologies, such as low-temperature electrolyzes, hydrogen pumps, and reactors that convert CO₂ into valuable chemicals, thereby multiplying the impact of decarbonization,” he highlighted.

Source: New electrolyte highway enables low-temperature hydrogen fuel cells

You Can Now Tell Google Which Websites You Prefer in Search Results

Posted on by

[…]If you frequently test features with Google Labs, you might remember trying this one out: Preferred Sources, as the name implies, lets you tell Google which websites you prefer to read news from. The goal, then, is to see pages from those sites in future Google searches about news stories, assuming those sites publish content related to your search.

Here’s how it works: When you search for something covered in the news, Google will display a “Top stories” section at the top of the search results page. While you can simply browse the stories that Google curates for you, you can also now click a new button to the right of the “Top stories” title. From here, you can search for any website, and click a checkbox next to its name to save it to your list of preferred sources.

[…]

Now, you can refresh your search results, which, with any luck, will populate with more of the sources you added to this list. Not only will they appear more frequently in the “Top stories” section going forward, Google may offer you a new “From your sources” section as well, which should only contain the websites you’ve added to your list.

[…]

Source: You Can Now Tell Google Which Websites You Prefer in Search Results

I am still using qwant.com

Israel is reportedly storing millions of Palestinian phone calls on Microsoft servers in the Netherlands and Ireland

Posted on by

Israel has allegedly been recording and storing millions of phone calls made by Palestinians in Gaza and the West Bank as part of a large surveillance effort dating back to 2022, according to reporting by The Guardian, +972 Magazine and Local Call. The report suggests that the country has been shuttling these recordings to Microsoft Azure cloud servers.

Company CEO Satya Nadella allegedly okayed the effort personally after meeting with a commander from Israel’s military surveillance agency, Unit 8200. He reportedly gave the country a customized and segregated area within the Azure platform to store millions of phone calls made each day without knowledge or consent from Palestinians.

According to sources within Unit 8200, these recordings have assisted in the preparation of deadly airstrikes and helped shape military operations throughout the region. Israel has long been intercepting calls in the occupied territories, as it basically controls the entire Palestinian telecommunications infrastructure.

This new method, however, reportedly captures the conversations of a large pool of regular civilians. The mantra when building out the project was to record “a million calls an hour.” Leaked Microsoft files suggest that the lion’s share of this data is being stored in Azure facilities in the Netherlands and Ireland.

Microsoft has been facing increased scrutiny regarding its role in Israel’s 22-month offensive in Gaza. CEO Nadella was interrupted by an employee at a keynote speech in May, with the worker pleading for the executive to “show how Israeli war crimes are powered by Azure.”

[…]

Microsoft isn’t the only company that has been accused of assisting Israel in what many are calling a genocide in Gaza. A report recently found that Google employees have repeatedly worked with the Israel Defense Forces (IDF) and Israel’s Defense Ministry (IDM) to expand the government’s access to AI tools.

Source: Israel is reportedly storing millions of Palestinian phone calls on Microsoft servers

Should Lyft and Uber Charge More if Your Battery Is Low? California May Soon Ban That

Posted on by

It’s late at night, and you badly need a ride. Your cellphone’s battery is dangerously low.

Should a ridehailing company such as Uber or Lyft be able to charge you more because its artificial intelligence programming thinks you’re desperate since it knows your phone is about to die?

Not if Hayward Democratic Sen. Aisha Wahab has her way.

Her Senate Bill 259 would prevent retailers from using artificial intelligence to jack up prices using the information stored on customers’ phones. That could include the phone’s battery life, whether it’s an older model, what apps are installed, what time of day it is, where its user is located and where they live.

“Our devices are being weaponized against us in order for large corporations to increase profits, and it has to stop,” Wahab told the Assembly Judiciary Committee last month.

[…]

Source: Should Lyft and Uber Charge More if Your Battery Is Low? California May Soon Ban That

Meta eavesdropped on period-tracker app’s users, SF jury rules

Posted on by

Meta lost a major privacy trial on Friday, with a jury in San Francisco ruling that the Menlo Park giant had eavesdropped on the users of the popular period-tracking app Flo. The plaintiff’s lawyers who sued Meta are calling this a “landmark” victory — the tech company contends that the jury got it all wrong.

The case goes back to 2021, when eight women sued Flo and a group of other tech companies, including Google and Facebook, now known as Meta. The stakes were extremely personal. Flo asked users about their sex lives, mental health and diets, and guided them through menstruation and pregnancy. Then, the women alleged, Flo shared pieces of that data with other companies. The claims were largely based on a 2019 Wall Street Journal story and a 2021 Federal Trade Commission investigation.

Google, Flo and the analytics company Flurry, which was also part of the lawsuit, reached settlements with the plaintiffs, as is common in class action lawsuits about tech privacy. But Meta stuck it out through the entire trial and lost.

[…]

Their complaint also pointed to Facebook’s terms for its business tools, which said the company used so-called “event data” to personalize ads and content.

In a 2022 filing, the tech giant admitted that Flo used Facebook’s kit during this period and that the app sent data connected to “App Events.” But Meta denied receiving intimate information about users’ health.

Nonetheless, the jury ruled against Meta. Along with the eavesdropping decision, the group determined that Flo’s users had a reasonable expectation they weren’t being overheard or recorded, as well as ruling that Meta didn’t have consent to eavesdrop or record. The unanimous verdict was that the massive company violated the California Invasion of Privacy Act.

The jury’s ruling could have far-reaching effects. Per a June filing about the case’s class action status, more than 3.7 million people in the United States registered for Flo between November 2016 and February 2019. Those potential claimants are expected to be updated via email and on a case website; it’s not yet clear what the remittance from the trial or settlements might be.

[…]

Source: Meta eavesdropped on period-tracker app’s users, SF jury rules

Meet Meschers, MIT’s Tool for Building Paradoxical Digital Objects

Posted on by

Meet “impossibagel,” a physically impossible bagel that mathematicians use to resolve intricate geometry problems. But impossibagel—and other “impossible objects” in mathematics—is notoriously difficult to replicate, and researchers haven’t been able to fully tap into their mathematical potential. That may no longer be a problem, thanks to a new tool.

On Monday, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) announced “Meschers,” software capable of visualizing an intricate, 2.5-dimensional representation of impossible objects. In addition to creating aesthetically quirky objects, Meschers could eventually assist in research across geometry, thermodynamics, and even art and architecture, according to the researchers. The paper, set for publication in ACM Transactions on Graphics, will be presented at the SIGGRAPH Conference next week.

[…]

Impawssible Dogs Meschers
Rendering of the “Impawssible Dog” using Meschers, demonstrating how some lighting conditions create a stronger illusory percept than others. © Ana Dodik/MIT CSAIL/Meschers
[…]

Meschers Heart Render
Laplacian smoothing of the per-vertex 2D positions of a mescher (left), per-edge depth differences (center), or both (right). © Ana Dodik/MIT CSAIL/Meschers

Source: Meet Meschers, MIT’s Tool for Building Paradoxical Digital Objects

KLM, Air France latest major orgs to have data looted

Posted on by

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org.

The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on an external platform we use for customer service,” which led to attackers accessing customer data.

“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access,” the statement read. “Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.

“No sensitive data such as passwords, travel details, Flying Blue miles, passport, or credit card information was stolen.”

The airlines did not publicly specify the types of data that were stolen, but the exclusion of sensitive data suggests basic personal information was involved.

However, customer notifications circulating online noted that first and family names, along with contact details, Flying Blue numbers and tier levels, and the subject lines of service request emails were accessed.

[…]

The attack marks the latest in a string of data lapses at major organizations that also blamed a third party.

In recent weeks, luxury retailers Dior, Chanel, and Pandora all reported similar leaks at third party providers, as did Google, Qantas, and Allianz.

All of the above declined to identify the third party in question except for Google, which said this week that one of its Salesforce instances was raided.

[…]

Source: KLM, Air France latest major orgs to have data looted • The Register

It’s pretty clear that the customer service portal was looted.

This vaccine uses dental floss instead of needles

Posted on by

Researchers have demonstrated a novel vaccine delivery method in an animal model, using dental floss to introduce vaccine via the tissue between the teeth and gums. The testing found that the new technique stimulates the production of antibodies in mucosal surfaces, such as the lining of the nose and lungs.

“Mucosal surfaces are important, because they are a source of entry for pathogens, such as influenza and COVID,” says Harvinder Singh Gill, corresponding author of a paper on the work. “However, if a vaccine is given by injection, antibodies are primarily produced in the bloodstream throughout the body, and relatively few antibodies are produced on mucosal surfaces.

“But we know that when a vaccine is given via the mucosal surface, antibodies are stimulated not only in the bloodstream, but also on mucosal surfaces,” says Gill, who is the Ronald B. and Cynthia J. McNeill Term Professor in Nanomedicine at North Carolina State University. “This improves the body’s ability to prevent infection, because there is an additional line of antibody defense before a pathogen enters the body.”

[…]

The junctional epithelium is a thin layer of tissue located in the deepest part of the pocket between the tooth and the gum, and it lacks the barrier features found in other epithelial tissues. The lack of a barrier allows the junctional epithelium to release immune cells to fight bacteria – you find these immune cells in your saliva, as well as between your teeth and gums.

“Because the junctional epithelium is more permeable than other epithelial tissues – and is a mucosal layer – it presents a unique opportunity for introducing vaccines to the body in a way that will stimulate enhanced antibody production across the body’s mucosal layers,” says Gill.

To determine the viability of delivering vaccines via the junctional epithelium, the researchers applied vaccine to unwaxed dental floss and then flossed the teeth of lab mice.

[…]

“We found that applying vaccine via the junctional epithelium produces far superior antibody response on mucosal surfaces than the current gold standard for vaccinating via the oral cavity, which involves placing vaccine under the tongue,” says Rohan Ingrole, first author of the paper, who was a Ph.D. student under Gill at Texas Tech University. “The flossing technique also provides comparable protection against flu virus as compared to the vaccine being given via the nasal epithelium.”

“This is extremely promising, because most vaccine formulations cannot be given via the nasal epithelium – the barrier features in that mucosal surface prevent efficient uptake of the vaccine,” Gill says. “Intranasal delivery also has the potential to cause the vaccine to reach the brain, which can pose safety concerns. However, vaccination via the junctional epithelium offers no such risk.

[…]

The researchers also tested whether the junctional epithelium delivery method worked for three other prominent classes of vaccines: proteins, inactivated viruses and mRNA. In all three cases, the epithelial junction delivery technique produced robust antibody responses in the bloodstream and across mucosal surfaces.

The researchers also found that, at least in the animal model, it didn’t matter whether food and water were consumed immediately after flossing with the vaccine – the immune response was the same.

But while regular floss serves as an adequate vaccine delivery method for lab mice, the researchers know it’s not practical to ask people to hold vaccine-coated floss in their fingers. To address that challenge the researchers used a floss pick. A floss pick consists of a piece of floss stretched between two prongs that can be held by a handle.

Specifically, the researchers coated the floss in floss picks with fluorescent food dye. The researchers then recruited 27 study participants, explained the concept of applying vaccine via floss, and asked the participants to try to deposit the food dye in their epithelial junction with a floss pick.

“We found that approximately 60% of the dye was deposited in the gum pocket, which suggests that floss picks may be a practical vaccine delivery method to the epithelial junction,” Ingrole says.

[…]

There are also some drawbacks. For example, this technique would not work on infants and toddlers who do not yet have teeth.

“In addition, we would need to know more about how or whether this approach would work for people who have gum disease or other oral infections,” Gill says.

[…]

Source: This vaccine uses dental floss instead of needles | ScienceDaily

Didn’t Take Long To Reveal The UK’s Online Safety Act Is Exactly The Privacy-Crushing Failure Everyone Warned About

Posted on by

[…]the real kicker is what content is now being gatekept behind invasive age verification systems. Users in the UK now need to submit a selfie or government ID to access:

Yes, you read that right. A law supposedly designed to protect children now requires victims of sexual assault to submit government IDs to access support communities. People struggling with addiction must undergo facial recognition scans to find help quitting drinking or smoking. The UK government has somehow concluded that access to basic health information and peer support networks poses such a grave threat to minors that it justifies creating a comprehensive surveillance infrastructure around it.

[…]

And this is all after a bunch of other smaller websites and forums shut down earlier this year when other parts of the law went into effect.

This is exactly what happens when you regulate the internet as if it’s all just Facebook and Google. The tech giants can absorb the compliance costs, but everyone else gets crushed.

The only websites with the financial capacity to work around the government’s new regulations are the ones causing the problems in the first place. And now Meta, which already has a monopoly on a number of near-essential online activities (from local sales to university group chats), is reaping the benefits.

[…]

The age verification process itself is a privacy nightmare wrapped in security theater. Users are being asked to upload selfies that get run through facial recognition algorithms, or hand over copies of their government-issued IDs to third-party companies. The facial recognition systems are so poorly implemented that people are easily fooling them with screenshots from video games—literally using images from the video game Death Stranding. This isn’t just embarrassing, it reveals the fundamental security flaw at the heart of the entire system. If these verification methods can’t distinguish between a real person and a video game character, what confidence should we have in their ability to protect the sensitive biometric data they’re collecting?

But here’s the thing: even when these systems “work,” they’re creating massive honeypots of personal data. As we’ve seen repeatedly, companies collecting biometric data and ID verification inevitably get breached, and suddenly intimate details about people’s online activity become public. Just ask the users of Tea, a women’s dating safety app that recently exposed thousands of users’ verification selfies after requiring facial recognition for “safety.”

The UK government’s response to widespread VPN usage has been predictably authoritarian. First, they insisted nothing would change:

“The Government has no plans to repeal the Online Safety Act, and is working closely with Ofcom to implement the Act as quickly and effectively as possible to enable UK users to benefit from its protections.”

But then, Tech Secretary Peter Kyle deployed the classic authoritarian playbook: dismissing all criticism as support for child predators. This isn’t just intellectually dishonest—it’s a deliberate attempt to shut down legitimate policy debate by smearing critics as complicit in child abuse. It’s particularly galling given that the law Kyle is defending will do absolutely nothing to stop actual predators, who will simply migrate to unregulated platforms or use the same VPNs that law-abiding citizens are now flocking to.

[…]

Meanwhile, the actual harms it purports to address? Those remain entirely unaddressed. Predators will simply move to unregulated platforms, encrypted messaging, or services that don’t comply. Or they’ll just use VPNs. The law creates the illusion of safety while actually making everyone less secure.

This is what happens when politicians decide to regulate technology they don’t understand, targeting problems they can’t define, with solutions that don’t work. The UK has managed to create a law so poorly designed that it simultaneously violates privacy, restricts freedom, harms small businesses, and completely fails at its stated goal of protecting children.

And all of this was predictable. Hell, it was predicted. Civil society groups, activists, legal experts, all warned of these results and were dismissed by the likes of Peter Kyle as supporting child predators.

[…]

A petition set up on the UK government’s website demanding a repeal of the entire OSA received many hundreds of thousands of signatures within days. The government has already brushed it off with more nonsense, promising that the enforcer of the law, Ofcom, “will take a sensible approach to enforcement with smaller services that present low risk to UK users, only taking action where it is proportionate and appropriate, and will focus on cases where the risk and impact of harm is highest.”

But that’s a bunch of vague nonsense that doesn’t take into account that no platform wants to be on the receiving end of such an investigation, and thus will take these overly aggressive steps to avoid scrutiny.

[…]

What makes this particularly tragic is that there were genuine alternatives. Real child safety measures—better funding for mental health support, improved education programs, stronger privacy protections that don’t require mass surveillance—were all on the table. Instead, the UK chose the path that maximizes government control while minimizing actual safety.

The rest of the world should take note.

Source: Didn’t Take Long To Reveal The UK’s Online Safety Act Is Exactly The Privacy-Crushing Failure Everyone Warned About

Project Hyperion | interstellar generation ship design competition winners

Posted on by

Project Hyperion explores the feasibility of crewed interstellar travel via generation ships, using current and near-future technologies. A generation ship is a hypothetical spacecraft designed for long-duration interstellar travel, where the journey may take centuries to complete. The idea behind a generation ship is that the initial crew would live, reproduce, and die on the ship, with their descendants continuing the journey until reaching the destination. These ships are often envisioned as self-sustaining ecosystems, featuring agriculture, habitation, and other necessary life-support systems to ensure survival across multiple generations. 

The Initiative for Interstellar Studies (i4is) is delighted to reveal the winners of the Project Hyperion Design Competition, a landmark global challenge that called upon interdisciplinary teams to envision a generation ship—a crewed interstellar spacecraft designed for a 250-year journey to a habitable planet. The teams designed habitats of such a spacecraft that would allow a society to sustain itself and flourish in a highly resource-constrained environment.

The Project Hyperion Design Competition required architectural designers, engineers, and social scientists to collaborate and address critical mission aspects that enable a spacecraft to function as a closed society over centuries. The collaboration between different disciplines is key to finding holistic solutions that do justice to the complexity of the requirements, in order to provide:

  • Habitability for 1,000 ± 500 people over centuries

  • Artificial gravity via rotation

  • A society that ensures good living conditions, including essential provisions such as shelter, clothing, and other basic needs.

  • Robust life support systems for food, water, waste, and the atmosphere

  • Knowledge transfer mechanisms to retain culture and technologies

Source: Project Hyperion | interstellar generation ship design competition

Microsoft Recall can still nab credit cards, passwords, info and share them remotely

Posted on by

Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that’s supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.

Recall was introduced in 2024 as an exclusive app on Copilot+ PCs, which are laptops that come with a dedicated Neural Processing Unit (NPU) to help with AI-related tasks. Initially, researchers found serious security issues with it, and Redmond pulled it in the spring before re-introducing an ostensibly more secure version in fall 2024. These days, a screen encouraging you to enable it is part of the Windows setup experience on many new PCs.

Microsoft's out of the box experience pushes you to enable Recall

Microsoft’s out of the box experience pushes you to enable Recall – Click to enlarge

Although Microsoft claims that Recall is safe and private, the software could be a goldmine of personal information if a miscreant manages to break into your system. The app has a “Filter sensitive information” setting enabled by default that’s supposed to exempt personal data such as credit card numbers and passwords from capture. However, according to our tests, that filter frequently fails. And there’s no way it would know to avoid potentially damaging entries in your web history that you’d rather keep private (such as things related to your medical history or personal life). Just as bad, the screenshots Recall takes are available to anyone who has your PIN number, even via remote access.

[…]

Source: Microsoft Recall can still nab credit cards, passwords, info • The Register

Belgium Targets Internet Archive’s ‘Open Library’ in Sweeping Site Blocking Order

Posted on by

The Business Court in Brussels, Belgium, has issued a broad site-blocking order that aims to restrict access to shadow libraries including Anna’s Archive, Libgen, OceanofPDF, Z-Library, and the Internet Archive’s Open Library. In addition to ISP blocks, the order also directs search engines, DNS resolvers, advertisers, domain name services, CDNs and hosting companies to take action. For now, Open Library doesn’t appear to be actively blocked.

booksTraditional site-blocking measures that require local ISPs to block subscriber access to popular pirate sites are in common use around the world.

Note: this article was updated to add that Open Library does not appear to be actively blocked. More details here.

[…]

A few months ago DNS blocking arrived in Belgium, where several orders required both ISPs and DNS resolvers to restrict access to pirate sites. This prompted significant pushback, most notably Cisco’s OpenDNS ceasing operations in the country.

Broad Blocking Order Targets Internet Archive’s ‘Open Library’

A new order, issued by the Brussels Business Court in mid-July, targets an even broader set of intermediaries and stands out for other reasons as well.

[…]

Open Library was created by the late Aaron Swartz and Internet Archive’s founder Brewster Kahle, among others. As an open library its goal is to archive all published books, allowing patrons to borrow copies of them online.

The library aims to operate similarly to other libraries, loaning only one copy per book at a time. Instead of licensing digital copies, however, it has an in-house scanning operation to create and archive its own copies.

 

Open Library
 

open library
 

The Open Library project was previously sued by publishers in the United States, where the Internet Archive ultimately losing the case. As a result, over 500,000 books were made unavailable.

[…]

According to the publishers, the operators of the Open Library are not easily identified, while legally required information is allegedly missing from the site, which they see as an indication that the site is meant to operate illegally.

This description seems at odds with the fact that Open Library is part of the Internet Archive, which is a U.S.-registered 501(c)(3) non-profit.

[…]

Internet Archive was not heard in this case, as the blocking order was issued ex parte, without its knowledge. This is remarkable, as the organization is a legal entity in the United States, which receives support from many American libraries.

The broad nature of the order doesn’t stop there either. In addition to requiring ISPs, including Elon Musk’s Starlink, to block the library’s domain names, it also directs a broad range of other intermediaries to take action.

This includes search engines, DNS resolvers, advertisers, domain name services, CDNs, and hosting companies. An abbreviated overview of the requested measures is as follows;

[…]

Update: After publication, a representative from Internet Archive informed us that they are not aware of any disruption to their services at this time.

The Open Library domain (openlibrary.org) doesn’t appear on the master blacklist of FOD Economie either, while several domains of the other four ‘target sites’ are included. We have reached out to the responsible authority in Belgium to get clarification on this discrepancy and will update the article if we hear back.

A copy of the order from the Business Court in Brussels (in Dutch) is available here (pdf)

Source: Belgium Targets Internet Archive’s ‘Open Library’ in Sweeping Site Blocking Order (Update) * TorrentFreak

So this decision is totally unenforceable by Belgium, but does show how corrupt and in the pocket of big businesses the system in Belgium actually is.