Stolen Salesforce Drift OAuth tokens expose Palo Alto customer data

Posted on by

Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to its Salesforce instance.

Marc Benoit, chief information security officer at PAN, confirmed in a note to clients – seen by The Register – that it was informed on August 25 that the “compromise of a third-party application, Salesloft’s Drift, resulted in the access and exfiltration of data stored in our Salesforce environment.”

It immediately disconnected the third-party application from its Salesforce CRM, he said. “The investigation [by the Unit 42 team] confirms that the event was isolated to our Salesforce environment and did not affect any Palo Alto Networks products, systems or services.”

Benoit said it “further confirmed that the data involved includes primarily customer business contact information, such as names and contact info, company attributes, and basic customer support case information. It is important to note that no tech support files or attachments to any customer support cases were part of the exfiltration.”

[…]

The breach of the Drift application has led to supply chain attacks at “hundreds” of organizations, including PAN, said Benoit in a blog post. He said the “incident” was “isolated to our CRM platform.”

Google said last week that it didn’t have enough signs to confirm that the recent spate of Salesforce data thefts claimed by ShinyHunters on Google itself, Workday, Allianz, Quantas and LVMH brand Dior were connected to the same group that masterminded the Salesloft attack.

The Unit 42 team at PAN advised organizations to monitor Salesforce and Salesloft updates, and take steps such as token revocation to secure platforms. It recommends conducting a review of all Drift integrations and all authentication activity with third-party systems for evidence of “suspicious connections, credential harvesting and data exfiltration.”

Unit 42 also recommends that you probe your Salesforce log-in history, audit trail, and API access logs from August 8 – when Salesloft says attackers first used “OAuth credentials to exfiltrate data from our customers’ Salesforce instances” – to the present day. It also advises combing over Identity Provider Logs and Network Logs. ®

Source: Stolen OAuth tokens expose Palo Alto customer data • The Register

So Spotify Public Links Now Show Your Personal Information. You Need to Disable Spotify DMs To Get Rid Of It.

Posted on by

Spotify wants to be yet another messaging platform, but its new DM system has a quirk that makes me hesitant to recommend it. Spotify used to be a non-identity based platform, but things changed once it added messaging. Now, the Spotify DM system is attaching account information to song links and putting it in front of users’ eyes. That means it can accidentally leak the name and profile picture of whoever shared a link, even if they didn’t intend to give out their account information, too. Thankfully there’s a way to make links more private, and to disable Spotify DMs altogether.

How Spotify is accidentally leaking users’ information

It all starts with tracking URLs. Many major companies on the web use these. They embed information at the end of a URL to track where clicks on it came from. Which website, which page, or in Spotify’s case, which user. If you’ve generated a Share link for a song or playlist in the past, it contained your user identity string at the end. And when someone accessed and acted on that link, by adding the song or playing it, your account information was saved in their account’s identity as a connection of sorts. Maybe a little invasive, but because users couldn’t do much with that information, it was mostly just a way for Spotify to track how often people were sharing music between each other.

Before, this happened in the background and no one really cared. But with the new Spotify DM feature, connections made via tracking links are suddenly being put front and center right before users’ eyes. As spotted by Reddit user u/sporoni122, these connections are now showing up in a “Suggested” section when using Spotify DMs, even if you just happened to click on a public link once and never heard of the person who shared it. Alternatively, you might have shared a link in the past, and could be shown account information for people who clicked on it.

Even if an account is public, I could see how this would be annoying. Imagine you share a song in a Discord server where you go by an anonymous name, but someone clicks on it and finds your Spotify account, where you might go by your real name. Bam, they suddenly know who you are.

Reddit user u/Reeceeboii added that Spotify is using this URL tracking behavior to populate a list of songs and playlists shared between two users even if they happened via third-party messaging services like WhatsApp.

So, if you don’t want others to find your Spotify account through your shared songs, what do you do? Well, before posting in anonymous communities like Discord or X, try cleaning up your links first.

My colleagues and I have previously written about how you can remove tracking information from a URL automatically on iPhone, how you can use a Mac app to clean links without any effort, or how you can use an all-in one extension to get the job done regardless of platform. You can also use a website like Link Cleaner to clean up your links.

Or you can take the manual approach. In your Spotify link, remove everything at the end starting with the question mark.

What do you think so far?

So this tracked link:

https://open.spotify.com/playlist/74BUi79BzFKW7IVJBShrFD?si=28575ba800324

Becomes this clean link:

https://open.spotify.com/playlist/74BUi79BzFKW7IVJBShrFD

Here, the part with “si=“ is your identifier. Of course, if it’s a playlist you’re sharing, it will still show your name and your profile picture—that’s how the platform has always worked. So if you want to stay truly anonymous, you’ll want to keep your playlists private.

How to disable Spotify DMs

If you don’t see yourself using Spotify DMs, it might also be a good idea to just get rid of them entirely. You’ll probably still want to remove tracking information from your URLs before sharing, just for due diligence. But if you don’t want to worry about getting DMs on Spotify or having your account show up as a Suggested contact to strangers, you should also go to Settings > Privacy and social > Social features and disable Messages. That’ll opt you out of the DM feature altogether.

Disable Spotify DM.
Credit: Michelle Ehrhardt

Source: If You’ve Ever Shared a Spotify Link Publicly, You Need to Disable Spotify DMs

Phonenstien Flips Broken Samsung Into QWERTY Slider but won’t share how

Posted on by

The phone ecosystem these days is horribly boring compared to the innovation of a couple decades back. Your options include flat rectangles, and flat rectangles that fold in half and then break. [Marcin Plaza] wanted to think outside the slab, without reinventing the wheel. In an inspired bout of hacking, he flipped a broken Samsung zFlip 5 into a “new” phone.

There’s really nothing new in it; the guts all come from the donor phone. That screen? It’s the front screen that was on the top half of the zFlip, as you might have guessed from the cameras. Normally that screen is only used for notifications, but with the Samsung’s fancy folding OLED dead as Disco that needed to change. Luckily for [Marcin] Samsung has an app called Good Lock that already takes care of that. A little digging about in the menus is all it takes to get a launcher and apps on the small screen.

Because this is a modern phone, the whole thing is glued together, but that’s not important since [Marcin] is only keeping the screen and internals from the Samsung. The new case with its chunky four-bar linkage is a custom design fabbed out in CNC’d aluminum. (After a number of 3D Printed prototypes, of course. Rapid prototyping FTW!)

The bottom half of the slider contains a Blackberry Q10 keyboard, along with a battery and Magsafe connector. The Q10 keyboard is connected to a custom flex PCB with an Arduino Micro Pro that is moonlighting as a Human Input Device. Sure, that means the phone’s USB port is used by the keyboard, but this unit has wireless charging,so that’s not a great sacrifice. We particularly like the use of magnets to create a satisfying “snap” when the slider opens and closes.

Unfortunately, as much as we might love this concept, [Marcin] doesn’t feel the design is solid enough to share the files. While that’s disappointing, we can certainly relate to his desire to change it up in an era of endless flat rectangles.  This project is a lot more work than just turning a broken phone into a server, but it also seems like a lot more fun.

 

Source: Phonenstien Flips Broken Samsung Into QWERTY Slider | Hackaday

EU Google antitrust penalty halted by low level commissioner amid Trump’s tariff threats

Posted on by

BRUSSELS — EU Trade Commissioner Maroš Šefčovič on Monday made an 11th-hour intervention to stop the European Commission from issuing a penalty against American tech giant Google for its search advertising practices, amid continued trade threats from U.S. President Donald Trump.

Late last week, Google was given a heads up to expect a decision on Monday in the EU’s four-year-old Adtech investigation, two people familiar with the case, granted anonymity to discuss a confidential process, told POLITICO. The case is especially sensitive as it hits at the heart of the company’s business model in placing online ads.

But the delivery of the decision was ultimately halted by Šefčovič against the wishes of Competition Commissioner Teresa Ribera.

MLex first reported the story.

The move to hold fire on hitting Google comes amid increasing fears in Europe that Trump is ramping up more pressure on Europe after striking a one-sided trade deal in July. The U.S. leader is now threatening to “impose substantial additional Tariffs” and stop selling tech and chips to countries with digital rules he deems discriminatory to American companies.

The EU executive’s antitrust decisions are led by Competition Commissioner Ribera but need to be signed off by the whole College of Commissioners to be formally adopted. It is unusual for a commissioner who is not in the lead of a file to stand in the way, particularly one like Šefčovič who is officially lower in the EU executive hierarchy.

The Commission’s preliminary view, detailed in a charge sheet sent to Google two years ago, is that the company breached EU antitrust rules by distorting competition in the advertising technology industry. Momentum has grown around a potential fine from the EU since the U.S. Department of Justice (DoJ) called for a breakup of the search giant earlier this year.

The Commission declined to go into detail when asked about the decision. “The investigation is ongoing,” a spokesperson said during the EU’s daily press briefing on Tuesday, adding: “The investigation is concluded once the decision is adopted.”

Ribera echoed this comment on the sidelines of an event at the European Parliament and said that relationships with her peers at the DoJ remained “good.”

Source: EU Google antitrust penalty halted amid Trump’s tariff threats – POLITICO

Age verification legislation is tanking traffic to sites that comply, and rewarding those that don’t

Posted on by

A new report suggests that the UK’s age verification measures may be having unforeseen knock-on effects on web traffic, with the real winners being sites that flout the law entirely.

[…]

Sure, there are ways around this if you’d rather not feed your personal data to a platform’s third-party age verification vendor. However, sites are seeing more significant consequences beyond just locking you out of your DMs. For a start, The Washington post reports web traffic to pornography sites implementing age verification has taken a totally predictable hit—but those flouting the new age check requirements have seen traffic as much as triple compared to the same time last year.

The Washington Post looked at the 90 most visited porn sites based on UK visitor data from Similarweb. Of the 90 total sites, 14 hadn’t yet deployed ‘scan your face’ age checks. The publication found that while traffic from British IP addresses to sites requiring age verification had cratered, the 14 sites without age checks “have been rewarded with a flood of traffic” from UK-based users.

It’s worth noting that VPN usage might distort the the location data of users. Still, such a surge of traffic likely brings with it a surge in income in the form of ad-revenue. Ofcom, the UK’s government-approved regulatory communications office overseeing everything from TV to the internet, may have something to say about that though. Meanwhile, sites that comply with the rules are not only losing out on ad-revenue, but are also expected to pay for the legally required age verification services on top.

[…]

Alright, stop snickering about the mental image of someone perusing porn sites professionally, and let me tell you why this is important. You may have already read that while a lot of Brits support the age verification measures broadly speaking, a sizable portion feels they’ve been implemented poorly. Indeed, a lot of the aforementioned sites that complied with the law also criticised it by linking to a petition seeking its repeal. The UK government has responded to this petition by saying it has “no plans to repeal the Online Safety Act” despite, at time of writing, over 500,000 signatures urging it to do just that.

[…]

Source: Age verification legislation is tanking traffic to sites that comply, and rewarding those that don’t | PC Gamer

Of course age verification isn’t just hitting porn sites. It is also hitting LGBTQ+ sites, public health forums, conflict reporting and global journalism and more.

And there is no way to do Age Verification privately.

Europol wants to keep all data forever for law  enforcement, says unnamed(!) official. E.U. Court of Human Rights backed encryption as basic to privacy rights in 2024 and now Big Brother Chat Control is on the agenda again (EU consultation feedback link at end)

Posted on by

While some American officials continue to attack strong encryption as an enabler of child abuse and other crimes, a key European court has upheld it as fundamental to the basic right to privacy.

[…]

While some American officials continue to attack strong encryption as an enabler of child abuse and other crimes, a key European court has upheld it as fundamental to the basic right to privacy.

[…]

In the Russian case, the users relied on Telegram’s optional “secret chat” functions, which are also end-to-end encrypted. Telegram had refused to break into chats of a handful of users, telling a Moscow court that it would have to install a back door that would work against everyone. It lost in Russian courts but did not comply, leaving it subject to a ban that has yet to be enforced.
The European court backed the Russian users, finding that law enforcement having such blanket access “impairs the very essence of the right to respect for private life” and therefore would violate Article 8 of the European Convention, which enshrines the right to privacy except when it conflicts with laws established “in the interests of national security, public safety or the economic well-being of the country.”
The court praised end-to-end encryption generally, noting that it “appears to help citizens and businesses to defend themselves against abuses of information technologies, such as hacking, identity and personal data theft, fraud and the improper disclosure of confidential information.”
In addition to prior cases, the judges cited work by the U.N. human rights commissioner, who came out strongly against encryption bans in 2022, saying that “the impact of most encryption restrictions on the right to privacy and associated rights are disproportionate, often affecting not only the targeted individuals but the general population.”
High Commissioner Volker Türk said he welcomed the ruling, which he promoted during a recent visit to tech companies in Silicon Valley. Türk told The Washington Post that“encryption is a key enabler of privacy and security online and is essential for safeguarding rights, including the rights to freedom of opinion and expression, freedom of association and peaceful assembly, security, health and nondiscrimination.”
[…]
Even as the fight over encryption continues in Europe, police officials there have talked about overriding end-to-end encryption to collect evidence of crimes other than child sexual abuse — or any crime at all, according to an investigative report by the Balkan Investigative Reporting Network, a consortium of journalists in Southern and Eastern Europe.
“All data is useful and should be passed on to law enforcement, there should be no filtering … because even an innocent image might contain information that could at some point be useful to law enforcement,” an unnamed Europol police official said in 2022 meeting minutes released under a freedom of information request by the consortium.

Source: E.U. Court of Human Rights backs encryption as basic to privacy rights – The Washington Post

An ‘unnamed’ Europol police official is peak irony in this context.

Remember to leave your feedback where you can, in this case: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14680-Impact-assessment-on-retention-of-data-by-service-providers-for-criminal-proceedings-/public-consultation_en

MS Azure mistake erroneously hikes costs 3x during internal migration, then tries to delete evidence from customer support portal

Posted on by

An alarmed Register reader got in touch after receiving warnings from Azure’s automated systems that they had significantly exceeded their budgets, and a glance at Microsoft’s support forums indicates their issue was not isolated.

The problem was that costs had suddenly ramped up. One user, with a budget threshold of £63 ($85), received an automated alert indicating that their spend was forecast to reach £758.71 ($1,027). Another said: “We’re actively seeing the same issue, costs have blown up by a crazy amount. No official notice or announcement from Microsoft either, it’s appalling.”

Suggestions from Microsoft that users should contact the support team did little to assuage concerns. A user (their caps) said: “AND I CANNOT CONTACT THE SUPPORT ANYHOW… Just automated ‘do this, do that’.”

According to messages seen by The Register, troubles appear to have stemmed from accounts being migrated from the Microsoft Online Subscription Program (MOSP) to the Microsoft Customer Agreement (MCA). The transition triggered incorrect cost calculations and, in some cases, resulted in retroactive charges affecting multiple customers.

Microsoft’s engineering team swung into action amid the cries of alarm, and a spokesperson told us: “We have addressed the underlying issue and impacted customers should now see the correct values in their portal.”

The Register understands that invoices and billing shouldn’t have been affected. However, that is likely of little comfort to administrators sent into a panic by an official alert from Microsoft warning that cloud forecasts were much higher than usual. We’d recommend keeping an eye on the portal and submitting a support request if the figures have gone awry.

One user reported that their comments in the support forum were being deleted. While Microsoft has a lengthy Code of Conduct, it wasn’t clear precisely what was causing comments to vanish. The user suggested that perhaps it was related to the words “customer” and “care.”

Source: Microsoft cloud customers hit by messed-up migration • The Register

Pluralistic: Darth Android – Altering Terms After the Fact

Posted on by


An Android robot standing atop a cracked mobile phone, wearing Darth Vader armor.

William Gibson famously said that “Cyberpunk was a warning, not a suggestion.” But for every tech leader fantasizing about lobotomizing their enemies with Black Ice, there are ten who wish they could be Darth Vader, force-choking you while grating out, “I’m altering the deal. Pray I don’t alter it any further.”

I call this business philosophy the “Darth Vader MBA.” The fact that tech products are permanently tethered to their manufacturers – by cloud connections backstopped by IP restrictions that stop you from disabling them – means that your devices can have features removed or altered on a corporate whim, and it’s literally a felony for you to restore the functionality you’ve had removed:

https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure

That presents an irresistible temptation to tech bosses. It means that you can spy on your users, figure out which features they rely on most heavily, disable those features, and then charge money to restore them:

https://restofworld.org/2021/loans-that-hijack-your-phone-are-coming-to-india/

It means that you can decide to stop paying a supplier the license fee for a critical feature that your customers rely on, take that feature away, and stick your customers with a monthly charge, forever, to go on using the product they already paid for:

https://pluralistic.net/2022/10/28/fade-to-black/#trust-the-process

It means that you can push “security updates” to devices in the field that take away your customers’ ability to use third-party apps, so they’re forced to use your shitty, expensive apps:

https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/

Or you can take away third-party app support and force your customers to use your shitty app that’s crammed full of ads, so they have to look at an ad every time they want to open their garage-doors:

https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain

Or you can break compatibility with generic consumables, like ink, and force your customers to buy the consumables you sell, at (literal) ten billion percent markups:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

Combine the “agreements” we must click through after we hand over our money, wherein we “consent” to having the terms altered at any time, in any way, forever, and surrender our right to sue:

https://pluralistic.net/2025/08/15/dogs-breakfast/#by-clicking-this-you-agree-on-behalf-of-your-employer-to-release-me-from-all-obligations-and-waivers-arising-from-any-and-all-NON-NEGOTIATED-agreements

With the fact that billions of digital tools can be neutered at a distance with a single mouse-click:

https://pluralistic.net/2023/02/19/twiddler/

With the fact that IP law makes it a literal felony to undo these changes or add legal features to your own property that the manufacturer doesn’t want you to have:

https://pluralistic.net/2024/05/24/record-scratch/#autoenshittification

And you’ve created the conditions for a perfect Darth Vader MBA dystopia.

Tech bosses are fundamentally at war with the idea that our digital devices contain “general purpose computers.” The general-purposeness of computers – the fact that they are all Turing-complete, universal von Neumann machines – has created tech bosses’ fortunes, but now that these fortunes have been attained, the tech sector would like to abolish that general-purposeness; specifically, they would like to make it impossible to run programs that erode their profits or frustrate their attempts at rent-seeking.

This has been a growing trend in computing since the mid-2000s, when tech bosses realized that the “digital rights management” that the entertainment industry had fallen in love with could provide even bigger dividends for tech companies themselves.

Since the Napster era, media companies have demanded that tech platforms figure out how to limit the use and copying of media files after they were delivered to our computers. They believed that there was some practical way to make a computer that would refuse to take orders from its owner, such that you could (for example) “stream” a movie to a user without that being a “download.” The truth, of course is that all streams are downloads, because the only way to cause my screen to display a video file that is on your server is for your server to send that file to my computer.

“Streaming” is a consensus hallucination, and when a company claims to be giving you a “stream” that’s not a “download,” they really mean that they believe that the program that’s rendering the file on your screen doesn’t have a “save as” button.

But of course, even if the program doesn’t have a “save as” button, someone could easily make a “save as” plugin that adds that functionality to your streaming program. So “streaming” isn’t just “a video playback program without a ‘save as’ button,” it’s also “a video playback program that no one can add a ‘save as’ button to.”

At the turn of the millennium, tech companies selling this stuff hoodwinked media companies by claiming that they used technical means to prevent someone from adding the “save as” button after the fact. But tech companies knew that there was no technical means to prevent this, because computers are general purpose, and can run every program, which means that every 10-foot fence you build around a program immediately summons up an 11-foot ladder.

When a tech company says “it’s impossible to change the programs and devices we ship to our users,” they mean, “it’s illegal to change the programs and devices we ship to our users.” That’s thanks to a cluster of laws we colloquially call “IP law”; a label we apply to any law that lets a firm exert control on the conduct of users, critics and competitors:

https://locusmag.com/2020/09/cory-doctorow-ip/

Law, not technology, is the true battlefield in the War on General Purpose Computing, a subject I’ve been raising the alarm about for decades now:

https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/

When I say that this is a legal fight and not a technical one, I mean that, but for the legal restrictions on reverse-engineering and “adversarial interoperability,” none of these extractive tactics would be viable. Every time a company enshittified its products, it would create an opportunity for a rival to swoop in, disenshittify the enshittification, and steal your customers out from under you.

The fact that there’s no technical way to enforce these restrictions means that the companies that benefit from them have to pitch their arguments to lawmakers, not customers. If you have something that works, you use it in your sales pitch, like Signal, whose actual, working security is a big part of its appeal to users.

If you have something that doesn’t work, you use it in your lobbying pitch, like Apple, who justify their 30% ripoff app tax – which they can only charge because it’s a felony to reverse-engineer your iPhone so you can use a different app store – by telling lawmakers that locking down their platform is essential to the security and privacy of iPhone owners:

https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones

Apple and Google have a duopoly over mobile computing. Both companies use legal tactics to lock users into getting their apps from the companies’ own app stores, where they take 30 cents out of every dollar you spend, and where it’s against the rules to include any payment methods other than Google/Apple’s own payment systems.

This is a massive racket. It lets the companies extract hundreds of billions of dollars in rents. This drives up costs for their users and drives down profits for their suppliers. It lets the duopoly structure the entire mobile economy, acting as de facto market regulators. For example, the fact that Apple/Google exempt Uber and Lyft from the 30% app tax means that they – and they alone – can provide competitive ride-hailing services.

But though both companies extract the 30% app tax, they use very different mechanisms to maintain their lock on their users and on app makers. Apple uses digital locks, which lets it invoke IP law to criminalize anyone who reverse-engineers its systems and provides an easy way to install a better app store.

Google, on the other hand, uses a wide variety of contractual tactics to maintain its control, arm-twisting Android device makers and carriers into bundling its app store with every device, often with a locked bootloader that prevents users from adding new app stores after they pay for their devices.

But despite this, Google has always claimed that Android is the “open” alternative to the Apple “ecosystem,” principally on the strength that you can “sideload” an app. “Sideload” is a weird euphemism that the mobile duopoly came up with; it means “installing software without our permission,” which we used to just call “installing software” (because you don’t need a manufacturer’s permission to install software on your computer).

Now, Google has pulled a Darth Vader, changing the deal after the fact. They’ve announced that henceforth, you will only be able to sideload apps that come from developers who pay to be validated by Google and certified as good eggs. This has got people really angry, and justifiably so.

Last week, the repair hero Louis Rossmann posted a scorching video excoriating Google for the change:

https://www.youtube.com/watch?v=QBEKlIV_70E

In the video, Rossmann – who is now running an anti-enshittification group called Fulu – reminds us that our mobile devices aren’t phones, they’re computers and urges us not to use the term “sideloading,” because that’s conceding that there’s something about the fact that this computer can fit in your pocket that means that you shouldn’t be able to, you know, just install software.

Rossmann thinks that this is a cash grab, and he’s right – partially. He thinks that this is a way for Google to make money from forcing developers to join its certification program.

But that’s just small potatoes. The real cash grab is the hundreds of billions of dollars that Google stands to lose if we switch to third-party app stores and choke off the app tax.

That is an issue that is very much on Google’s mind right now, because Google lost a brutal antitrust case brought by Epic Games, makers of Fortnite:

https://pluralistic.net/2023/12/12/im-feeling-lucky/#hugger-mugger

Epic’s suit contended that Google had violated antitrust law by creating exclusivity deals with carriers and device makers that locked Android users into Google’s app store, which meant that Epic had to surrender 30% of its mobile earnings to Google.

Google lost that case – badly. It turns out that judges don’t like it when you deliberately destroy evidence:

https://www.legaldive.com/news/deleted-messages-google-antitrust-case-epic-games-deliberate-spoliation-donato/702306/

They say that when you find yourself in a hole, you should stop digging, but Google can’t put down the shovel. After the court ordered Google to open up its app store, the company just ignored the order, which is a thing that judges hate even more than destroying evidence:

https://www.justice.gov/atr/case/epic-games-inc-v-google-llc

So it was that last month, Google found itself with just two weeks to comply with the open app store order, or else:

https://www.theverge.com/news/717440/google-epic-open-play-store-emergency-stay

Google was ordered to make it possible to install new app stores as apps, so you could go into Google Play, search for a different app store, and, with a single click, install it on your phone, and switch to getting your apps from that store, rather than Google’s.

That’s what’s behind Google’s new ban on “sideloading”: this is a form of malicious compliance with the court orders stemming from its losses to Epic Games. In fact, it’s not even malicious compliance – it’s malicious noncompliance, a move that so obviously fails to satisfy the court order that I think it’s only a matter of time until Google gets hit with fines so large that they’ll actually affect Google’s operations.

In the meantime, Google’s story that this move is motivated by security it obviously bullshit. First of all, the argument that preventing users from installing software of their choosing is the only way to safeguard their privacy and security is bullshit when Apple uses it, and it’s bullshit when Google trots it out:

https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

But even if you stipulate that Google is doing this to keep you safe, the story falls apart. After all, Google isn’t certifying apps, they’re certifying developers. This implies that the company can somehow predict whether a developer will do something malicious in the future.

This is obviously wrong. Indeed, Google itself is proof that this doesn’t work: the fact that a company has a “don’t be evil” motto at its outset is no guarantee that it won’t turn evil in the future.

There’s a long track record of merchants behaving in innocuous and beneficial ways to amass reputation capital, before blitzing the people who trust them with depraved criminality. This is a well-understood problem with reputation scores, dating back to the early days of eBay, when crooked sellers invented the tactic of listing and delivering a series of low-value items in order to amass a high reputation score, only to post a bunch of high-ticket scams, like dozens laptops at $1,000 each, which are never delivered, even as the seller walks away with tens of thousands of dollars.

More recently, we’ve seen this in supply chain attacks on open source software, where malicious actors spend a long time serving as helpful contributors, pushing out a string of minor, high-quality patches before one day pushing a backdoor or a ransomware package into widely used code:

https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/

So the idea that Google can improve Android’s safety by certifying developers, rather than code, is obvious bullshit. No, this is just a pretext, a way to avoid complying with the court order in Epic and milking a few more billions of dollars in app taxes.

Google is no friend of the general purpose computer. They keep coming up with ways to invoke the law to punish people who install code that makes their Android devices serve their owners’ interests, at the expense of Google’s shareholders. It was just a couple years ago that we had to bully Google out of a plan to lock down browsers so they’d be as enshittified as apps, something Google sold as “feature parity”:

https://pluralistic.net/2023/08/02/self-incrimination/

Epic Games didn’t just sue Google, either. They also sued Apple – but Apple won, because it didn’t destroy evidence and make the judge angry at it. But Apple didn’t walk away unscathed – they were also ordered to loosen up control over their App Store, and they also failed to do so, with the effect that last spring, a federal judge threatened to imprison Apple executives:

https://pluralistic.net/2025/05/01/its-not-the-crime/#its-the-coverup

Neither Apple nor Google would exist without the modern miracle that is the general purpose computer. Both companies want to make sure no one else ever reaps the benefit of the Turing complete, universal von Neumann machine. Both companies are capable of coming up with endless narratives about how Turing completeness is incompatible with your privacy and security.

But it’s Google and Apple that stand in the way of our security and privacy. Though they may sometimes protects us against external threats, neither Google nor Apple will ever protect us from their own predatory instincts.

Source: Pluralistic: Darth Android (01 Sep 2025) – Pluralistic: Daily links from Cory Doctorow

The EU wants to know what you think about it keeping all your data for *cough* crime stuff.

Posted on by

The EU wants to save all your data, or as much as possible for as long as possible. To insult the victims of crime, they say that they want to do this to fight crime. How do you feel about the EU being turned into a surveillance society? Leave your voice in the link below.

Source: Data retention by service providers for criminal proceedings – impact assessment

Futurehome smart hub owners must pay new $117 subscription or lose access. Or use a different app (link on bottom) 

Posted on by

Smart home device maker Futurehome is forcing its customers’ hands by suddenly requiring a subscription for basic functionality of its products.

Launched in 2016, Futurehome’s Smarthub is marketed as a central hub for controlling Internet-connected devices in smart homes. For years, the Norwegian company sold its products, which also include smart thermostats, smart lighting, and smart fire and carbon monoxide alarms, for a one-time fee that included access to its companion app and cloud platform for control and automation. As of June 26, though, those core features require a 1,188 NOK (about $116.56) annual subscription fee, turning the smart home devices into dumb ones if users don’t pay up.

“You lose access to controlling devices, configuring; automations, modes, shortcuts, and energy services,” a company FAQ page says.

You also can’t get support from Futurehome without a subscription. “Most” paid features are inaccessible without a subscription, too, the FAQ from Futurehome, which claims to be in 38,000 households, says.

After June 26, customers had four weeks to continue using their devices as normal without a subscription. That grace period recently ended, and users now need a subscription for their smart devices to work properly.

[…]

The indebted company promised customers that the subscription fee would allow it to provide customers “better functionality, more security, and higher value in the solution you have already invested in,” reported Elektro247, a Norwegian news site covering the electrical industry, according to a Google-provided translation.

The problem is that customers expected a certain level of service and functionality when they bought Futurehome devices. And as of press time, Futurehome’s product pages don’t make the newfound subscription requirements apparent. Futurehome’s recent bankruptcy is also a reminder of the company’s instability, making further investments questionable.

[…]

Futurehome has fought efforts to crack its firmware, with CEO Øyvind Fries telling Norwegian consumer tech website Tek.no, per a Google translation, “It is regrettable that we now have to spend time and resources strengthening the security of a popular service rather than further developing functionality for the benefit of our customers.”

Futurehome’s move has become a common strategy among Internet of Things companies, including smart home hub maker Wink. These companies are still struggling to build sustainable businesses that work long-term without killing features or upcharging customers.

Source: Futurehome smart hub owners must pay new $117 subscription or lose access – Ars Technica

And you see this happening a lot with all kinds of companies. The thing is, these products are supposed to work without contacting a central server – the company selling you this is not supposed to be seeing or handling your data at all. They don’t need to, as it’s all in your home and the functionalities don’t require huge compute power.

Fortunately, the Futurehome Home Assistant add-on (on Github) is a complete drop-in replacement for the official Futurehome app, with support for all device types compatible with the Futurehome hub. See the FAQ for more details. – which means you can operate the stuff you bought without the subscription

TransUnion says hackers stole 4.4 million customers’ personal information (breached AGAIN!!!)

Posted on by

Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information.

In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations.

TransUnion claimed “no credit information was accessed,” but provided no immediate evidence for its claim. The data breach notice did not specify what specific types of personal data were stolen.

In a separate data breach disclosure filed later on Thursday with Texas’ attorney general’s office, TransUnion confirmed that the stolen personal information includes customers’ names, dates of birth, and Social Security numbers.

[…]

TransUnion is one of the largest credit reporting agencies in the United States, and stores the financial data of more than 260 million Americans. It’s the latest U.S. corporate giant to have been hacked in recent weeks following a wave of hacks targeting the insurance, retail, and transportation and airline industries.

[…]

Source: TransUnion says hackers stole 4.4 million customers’ personal information | TechCrunch

Well done Transunion. In 2023 it lost a massive data dump (which they accept and then say no, wasn’t us) and in 2017 it got it’s customers to download malware (and again said, yes it was us but it wasn’t). You would think that at some point they would learn, but the penalties are apparently too small to care.

And considering it actually says that they verify personal identities, and sell identity protection services – and who knows if those “customers” actually know that that they are customers – the quantity and scale of these breaches is simply unacceptable. The company can obviously not handle it’s tasking and should by now be broken down.

Antarctica Is Unraveling

Posted on by

A new paper in the journal Nature catalogs how several “abrupt changes,” like the precipitous loss of sea ice over the last decade, are unfolding in Antarctica and its surrounding waters, reinforcing one another and threatening to send the continent past the point of no return—and flood coastal cities everywhere as the sea rises several feet.

[…]

Scientists define abrupt change as a bit of the environment changing much faster than expected. In Antarctica these can occur on a range of time scales, from days or weeks for an ice shelf collapse to centuries and beyond for the ice sheets. Unfortunately, these abrupt changes can self-perpetuate and become unstoppable as humans continue to warm the planet.

[…]

A major driver of Antarctica’s cascading crises is the loss of floating sea ice, which forms during winter. In 2014, it hit a peak extent (at least since satellite observations began in 1978) around Antarctica of 20.11 million square kilometers, or 7.76 million square miles. But since then, the coverage of sea ice has fallen not just precipitously but almost unbelievably, contracting by 75 miles closer to the coast. During winters, when sea ice reaches its maximum coverage, it has declined 4.4 times faster around Antarctica than it has in the Arctic in the last decade.

Put another way: The loss of winter sea ice in Antarctica over just the past decade is similar to what the Arctic has lost over the last 46 years.

[…]

While scientists need to collect more data to determine if this is the beginning of a fundamental shift in Antarctica, the signals so far are ominous. “We’re starting to see the pieces of the picture begin to emerge that we very well might be in this new state of dramatic loss of Antarctic sea ice,” said Zachary M. Labe, a climate scientist who studies the region at the research group Climate Central, which wasn’t involved in the new paper.

This extraordinary decline is kicking off a climatic feedback loop. The Arctic is warming around four times faster than the rest of the planet in large part because its reflectivity is changing. Sea ice is white and bright, so it bounces the sun’s energy back into space to cool the region. But when it disappears, it exposes darker ocean waters, which absorb that energy. So less reflectivity begets more warming, and more warming melts more sea ice, which begets more warming, and on and on. “We now expect that that same process is going to become a factor in the Southern Hemisphere, because we’ve lost this equivalent amount of sea ice,” Abram said.

Bigger and irreversible consequences

Around Antarctica, however, the consequences could be even bigger and more complex than in the Arctic and might even be irreversible. Models predict that if the global climate were to stabilize, so too would Arctic sea ice. “We don’t see that same behavior in Antarctica,” Abram said. “When you stabilize the climate and let these climate model simulations run for hundreds of years, Antarctic sea ice still continues to decline because the Southern Ocean is continuing to take up extra heat from the atmosphere.”

This could spell major trouble for the continent’s enormous cap of ice. That consists of two main parts: the ice sheets, which rest on land, and the ice shelves, which extend from the sheets and float on the sea. The problem isn’t so much about the sun beating down on the sheets, but increasingly warm water lapping at the bottom of the shelves. And the more the surrounding sea ice disappears, the more those waters are warming. Additionally, sea ice acts as a sort of shield, absorbing wave energy that would normally pound these edges of the ice shelves, breaking them apart.

So sea ice supports the ice shelves, which support the ice sheets on land. “When we melt ice shelves, they have a buttressing effect on the ice sheets behind them, so we get an enhanced flow of ice sheets into the ocean,” said Matthew England, an oceanographer at the University of New South Wales and coauthor of the paper. One of these, the West Antarctic Ice Sheet, could collapse if global temperatures reach 2 degrees Celsius above pre-industrial levels, raising sea levels by more than three meters, or about 10 feet. And it could still partially collapse before that.

As ice shelves melt, they’re also borking a critical ocean system known as the Antarctic Overturning Circulation. When sea ice forms, it rejects salt, creating salty, extra cold seawater that’s denser and therefore sinks to the seafloor, creating circulation. But as ice shelves melt, they dilute the cold salty water, slowing the circulation and bringing more warm water in contact with ice shelves and sea ice. “This amplifying feedback that we’re talking about now is across systems,” England said. “It’s from the ocean back to the ice, and then back into the ocean again, that can trigger a runaway change where we do see the overturning potentially collapse altogether.”

When this circulation brings deeper waters back to the surface, it transports critical nutrients for phytoplankton—tiny photosynthetic organisms that absorb carbon and expel oxygen. Not only are these organisms responsible for sequestering half of the carbon from photosynthesis worldwide, but they also make up the base of the food web, feeding small animals known as zooplankton, which in turn feed bigger organisms like fishes and crustaceans. Sea ice is also a critical habitat for phytoplankton, so they stand to lose both their home and their nutrients.

A chronic sickness for the far south

Emperor penguins, too, establish their breeding colonies on stable sea ice, where their chicks grow up and develop the waterproof feathers they need to glide through the ocean. “That ice is being lost before the emperor penguins have been able to fledge, and when that happens, you have a complete breeding failure for the colony in that season,” Abram said. “We’re seeing those catastrophic breeding failure events happening right around the Antarctic continent.”

[…]

Source: Antarctica Is Unraveling

FBI cyber cop: Salt Typhoon pwned ‘nearly every American’

Posted on by

China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.

“There’s a good chance this espionage campaign has stolen information from nearly every American,” Michael Machtinger, deputy assistant director for the FBI’s cyber division, told The Register.

[…]

The Beijing-backed spying campaign began at least in 2019 but wasn’t uncovered by US authorities until last fall. On Wednesday, US law enforcement and intelligence agencies along with those from 12 other countries warned the ongoing espionage activity expanded far beyond nine American telcos and government networks. According to Machtinger, at least 80 countries were hit by the digital intrusions.

Around 200 American organizations were compromised by the espionage activity, Machtinger said, including the previously disclosed telecommunications firms such as Verizon and AT&T.

Yesterday’s joint security alert also pointed the allies’ collective finger at three China-based entities affiliated with Salt Typhoon: Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology. These companies, and likely others, provide cyber products and services to China’s Ministry of State Security and People’s Liberation Army, the governments said.

[…]

This indiscriminate targeting, as the FBI and White House security officials have previously noted, allowed Beijing’s snoops to geo-locate millions of mobile phone users, monitor their internet traffic, and, in some cases, record their phone calls. Victims reportedly included President Donald Trump and Vice President JD Vance.

Machtinger declined to confirm whether Trump and Vance were among those surveilled, but did say that victims included more than 100 current and former presidential administration officials.

[…]

Source: FBI cyber cop: Salt Typhoon pwned ‘nearly every American’ • The Register

It’s quite telling that you only have to breach 200 organisations to gain information on 350 million Americans.

Collapse of critical Atlantic current is no longer low-likelihood, study finds

Posted on by

The collapse of a critical Atlantic current can no longer be considered a low-likelihood event, a study has concluded, making deep cuts to fossil fuel emissions even more urgent to avoid the catastrophic impact.

The Atlantic meridional overturning circulation (Amoc) is a major part of the global climate system. It brings sun-warmed tropical water to Europe and the Arctic, where it cools and sinks to form a deep return current. The Amoc was already known to be at its weakest in 1,600 years as a result of the climate crisis.

Climate models recently indicated that a collapse before 2100 was unlikely but the new analysis examined models that were run for longer, to 2300 and 2500. These show the tipping point that makes an Amoc shutdown inevitable is likely to be passed within a few decades, but that the collapse itself may not happen until 50 to 100 years later.

The research found that if carbon emissions continued to rise, 70% of the model runs led to collapse, while an intermediate level of emissions resulted in collapse in 37% of the models. Even in the case of low future emissions, an Amoc shutdown happened in 25% of the models.

Scientists have warned previously that Amoc collapse must be avoided “at all costs”. It would shift the tropical rainfall belt on which many millions of people rely to grow their food, plunge western Europe into extreme cold winters and summer droughts, and add 50cm to already rising sea levels.

The new results are “quite shocking, because I used to say that the chance of Amoc collapsing as a result of global warming was less than 10%”, said Prof Stefan Rahmstorf, at the Potsdam Institute for Climate Impact Research in Germany, who was part of the study team. “Now even in a low-emission scenario, sticking to the Paris agreement, it looks like it may be more like 25%.

“These numbers are not very certain, but we are talking about a matter of risk assessment where even a 10% chance of an Amoc collapse would be far too high. We found that the tipping point where the shutdown becomes inevitable is probably in the next 10 to 20 years or so. That is quite a shocking finding as well and why we have to act really fast in cutting down emissions.”

Scientists spotted warning signs of a tipping point in 2021 and know that the Amoc has collapsed in the Earth’s past. “Observations in the deep [far North Atlantic] already show a downward trend over the past five to 10 years, consistent with the models’ projections,” said Prof Sybren Drijfhout, at the Royal Netherlands Meteorological Institute, who was also part of the team.

“Even in some intermediate and low-emission scenarios, the Amoc slows drastically by 2100 and completely shuts off thereafter. That shows the shutdown risk is more serious than many people realise.”

The study, published in the journal Environmental Research Letters, analysed the standard models used by the Intergovernmental Panel on Climate Change (IPCC). The scientists were particularly concerned to find that in many models the tipping point is reached in the next decade or two, after which the shutdown of the Amoc becomes inevitable owing to a self-amplifying feedback.

[…]

Source: Collapse of critical Atlantic current is no longer low-likelihood, study finds | Oceans | The Guardian

Apple pulls torrenting app from a third-party store (one that it should not be able to control!) in the EU

Posted on by

As first reported by TorrentFreak, Apple is preventing downloads of the iTorrent app on iPhones in the EU. Developer Daniil “XITRIX” Vinogradov’s app was a popular BitTorrent client available from AltStore PAL, which is among the most popular third-party iOS app stores overseas. The company revoked the app developer’s ability to distribute apps on such third-party marketplaces. While Apple has historically banned torrent clients from iOS devices in the United States, the EU’s Digital Markets Act that went into effect last year requires Apple to allow apps from third-party stores to be installed by users.

According to TorrentFreak‘s reporting, the motivation behind the revocation of XITRIX’s alternative distribution rights is not yet certain. The publisher spoke directly with TorrentFreak and said that Apple never reached out to him about the matter. “I still have no idea if it was my fault or Apple’s, and their responses make no sense,” Vinogradov told TorrentFreak. Apple has responded to Vinogradov with a generic message about app store issues.

Shane Gill, the co-founder of AltStore PAL, told TorrentFreak that the company’s request for information from Apple has not resulted in it explaining its justification for the takedown. “I can confirm that we are in communication with Apple about this issue. We’ve told them what’s going wrong, and they said they’re looking into it, but we haven’t gotten any further information as of yet,” said Gill.

Source: Apple pulls torrenting app from a third-party store in the EU

New self-assembling material could be the key to recyclable EV batteries

Posted on by

Today’s electric vehicle boom is tomorrow’s mountain of electronic waste. And while myriad efforts are underway to improve battery recycling, many EV batteries still end up in landfills.

A research team from MIT wants to help change that with a new kind of self-assembling battery material that quickly breaks apart when submerged in a simple organic liquid. In a new paper published in Nature Chemistry, the researchers showed the material can work as the electrolyte in a functioning, solid-state battery cell and then revert back to its original molecular components in minutes.

The approach offers an alternative to shredding the battery into a mixed, hard-to-recycle mass. Instead, because the electrolyte serves as the battery’s connecting layer, when the new material returns to its original molecular form, the entire battery disassembles to accelerate the recycling process.

[…]

To simplify the recycling process, the researchers decided to make a more sustainable electrolyte. For that, they turned to a class of molecules that self-assemble in water, named aramid amphiphiles (AAs), whose chemical structures and stability mimic that of Kevlar. The researchers further designed the AAs to contain polyethylene glycol (PEG), which can conduct lithium ions, on one end of each molecule. When the molecules are exposed to water, they spontaneously form nanoribbons with ion-conducting PEG surfaces and bases that imitate the robustness of Kevlar through tight hydrogen bonding. The result is a mechanically stable nanoribbon structure that conducts ions across its surface.

“The material is composed of two parts,” Cho explains. “The first part is this flexible chain that gives us a nest, or host, for lithium ions to jump around. The second part is this strong organic material component that is used in the Kevlar, which is a bulletproof material. Those make the whole structure stable.”

When added to water, the nanoribbons self-assemble to form millions of nanoribbons that can be hot-pressed into a solid-state material.

“Within five minutes of being added to water, the solution becomes gel-like, indicating there are so many nanofibers formed in the liquid that they start to entangle each other,” Cho says. “What’s exciting is we can make this material at scale because of the self-assembly behavior.”

The team tested the material’s strength and toughness, finding it could endure the stresses associated with making and running the battery. They also constructed a solid-state battery cell that used lithium iron phosphate for the cathode and lithium titanium oxide as the anode, both common materials in today’s batteries. The nanoribbons moved lithium ions successfully between the electrodes, but a side-effect known as polarization limited the movement of lithium ions into the battery’s electrodes during fast bouts of charging and discharging, hampering its performance compared to today’s gold-standard commercial batteries.

“The lithium ions moved along the nanofiber all right, but getting the lithium ion from the nanofibers to the metal oxide seems to be the most sluggish point of the process,” Cho says.

When they immersed the battery cell into organic solvents, the material immediately dissolved, with each part of the battery falling away for easier recycling. Cho compared the materials’ reaction to cotton candy being submerged in water.

“The electrolyte holds the two battery electrodes together and provides the lithium-ion pathways,” Cho says. “So, when you want to recycle the battery, the entire electrolyte layer can fall off naturally and you can recycle the electrodes separately.”

Validating a new approach

Cho says the material is a proof of concept that demonstrates the recycle-first approach.

[…]

Cho also sees a lot of room for optimizing the material’s performance with further experiments.

Now, the researchers are exploring ways to integrate these kinds of materials into existing battery designs as well as implementing the ideas into new battery chemistries.

[…]

Source: New self-assembling material could be the key to recyclable EV batteries | MIT News | Massachusetts Institute of Technology

Croatians suddenly realise that EU CSAM rules include hidden pervasive chat control surveillance, turning the EU into Big Brother – dissaprove massively.

Posted on by

“The Prime Minister of the Republic of Croatia Andrej Plenkovic, at yesterday’s press conference, accused the opposition of upheld the proposal of a regulation of the European Parliament and the Council on the establishment of rules for the prevention and combating sexual abuse of children COM (2022) 209, which is (unpopularly referred to as ‘chat control’ because, in the case of the adoption of the proposal in its integral form, it would allow the bodies of criminal prosecution to be subject to the legal prosecution of the private communication of all citizens.

[…]

On June 17, the Bosnian MP, as well as colleagues from the SDP, HDZ and the vast majority of other European MPs supported the Proposal for Amendments to the Directive on combating the sexual abuse and sexual exploitation of children and child pornography from 2011. Although both legislative documents were adopted within the same package of EU strategies for a more effective fight against child abuse and have a similar name, two documents are intrinsically different – one is the regulation, the other directive, they have different rapporteurs and entered the procedure for as many as two years apart.”

‘We’ve already spoken about it’

“The basic difference, however, is that the proposal to amend the Directive does not contain any mention of ‘chat control’, i.e. the mass surveillance of citizens. MP Bosnian, as well as colleagues from the party We Can! They strongly oppose the proposal for a regulation that supports the monitoring of the content of private conversations of all citizens and which will only be voted on in the European Parliament. Such a proposal directly violates Article 7. The Charter of Fundamental Rights of the European Union, as confirmed by the Court of Justice of the European Union in the ruling “Schrems I” (paragraph 94), and the same position was confirmed by the Legal Service of the Council of the EU.

In the previous European Parliament, the Greens resisted mass surveillance, focusing on monitoring suspicious users – the security services must first identify suspicious users and then monitor them, not the other way around. People who abuse the internet to commit criminal acts must be recognized and isolated by the numerous services for whom it is a job, but not in a way of mass, but focused surveillance of individuals.

We all have the right to privacy, because privacy must remain a secure space for our human identity. Finally, the representative of Bosanac invites Prime Minister Plenković to oppose this harmful proposal at the European Council and protect the right to privacy of Croatian citizens,” Gordan Bosanca’s office said in a statement.

Source: Bosnian accuses Plenkovic of lying: ‘I urge him to counter that proposal’

Parliamentary questions are being asked as well

A review conducted under the Danish Presidency examining the proposal for a regulation on combatting online child sexual abuse material – dubbed the ‘Chat Control’ or CSAM regulation – has raised new, grave concerns about the respect of fundamental rights in the EU.

As it stands, the proposal envisages mass scanning of private communications, including encrypted conversations, raising serious issues of compliance with Article 7 of the Charter of Fundamental Rights by threatening to undermine the data security of citizens, businesses and institutions. A mandatory weakening of end-to-end encryption would create security gaps open to exploitation by cybercriminals, rival states and terrorist organisations, and would also harm the competitiveness of our digital economy.

At the same time, the proposed technical approach is based on automated content analysis tools which produce high rates of false positives, creating the risk that innocent users could be wrongly incriminated, while the effectiveness of this approach in protecting children has not been proven. Parliament and the Council have repeatedly rejected mass surveillance.

  • 1.Considering the mandatory scanning of all private communications, is the proposed regulation compatible with Article 7 of the Charter of Fundamental Rights?

  • 2.How will it ensure that child protection is achieved through targeted measures that are proven to be effective, without violating the fundamental rights of all citizens?

  • 3.How does it intend to prevent the negative impact on cybersecurity and economic competitiveness caused by weakening encryption?

Source: Proposed Chat Control law presents new blow for privacy

Samsung turns Tizen OS smartwatches into junk and won’t allow you to download the apps anymore soon.

Posted on by

Tizen OS is on track to lose full support by the end of 2025, Samsung has announced, marking the end of an era that began in 2018 with the original Galaxy Watch. And right now, Samsung is offering up to $100 in trade-in credit for your Tizen Galaxy Watch.

This includes the Galaxy Watch 3, Galaxy Watch Active 2, Galaxy Watch Active, and the original Galaxy Watch. Considering that most major retailers like Best Buy only offer between $5-15 dollars for these trade-ins, that’s a significant boost, as 9to5Google notes.

Samsung ditched Tizen OS, the company’s proprietary operating system, starting with the Galaxy Watch 4 in 2021 as it pivoted to Google’s Wear OS. Now, Samsung has outlined a termination schedule for Tizen watches, according to screenshots first shared by TechIssuesToday of a notice purportedly from a member of the Galaxy Store Operation. It looks like Samsung is gradually phasing out support for Tizen on its Galaxy Store, culminating in a full shutdown by September 2025. You can find the timeline below:

  • September 30, 2024: The Galaxy Store will cease sales of paid Tizen watch content, including apps, watch faces, and more.
  • May 31, 2025: The Galaxy Store will discontinue new downloads of free Tizen watch content.
  • September 30, 2025: The “My Apps” section in the Galaxy Store will stop allowing re-downloads, effectively shutting the door on accessing any further paid or free Tizen content.

The latest iteration of the Galaxy Watch is the Galaxy Watch 6. It runs Wear OS 4, the newest version of Google‘s Android smartwatch software that comes layered with Samsung’s One UI 5 Watch for Galaxy-specific experiences. In practice, that means the watch is loaded with familiar Google apps, but has built-in programs like Samsung Health and Bixby, too.

But a new Galaxy Watch 6 doesn’t come cheap. While you can often catch it on sale (just check out our best Galaxy Watch 6 deals), it’s sticker price of $300 can be a tough sell for some.

[…]

Source: Samsung’s phasing out its Tizen smartwatches — and boosting trade-ins to $100 for Galaxy Watch 3 and older | Tom’s Guide

Another product made broken by the manufacturer and turned into e-waste.

One Step method turns PVC plastic into fuel with 95% efficiency at room temperature

Posted on by

[…]One-step conversion and outputs

At the end of the process, the products include the main components of petrol (gasoline), chemical raw materials, and hydrochloric acid. The scientists say that means the output could feed into water treatment, metal processing, pharmaceuticals, food production, and the petroleum industry.

As the authors put it, “The method supports a circular economy by converting diverse plastic waste into valuable products in a single step.” To carry out the conversion, the team combines plastic waste with light isoalkanes, hydrocarbon byproducts available from refinery processes.

According to the paper, the process yields “gasoline range” hydrocarbons, mainly molecules with six to 12 carbons, which are the primary component of gasoline. The recovered hydrochloric acid can be safely neutralized and reused as a raw material, potentially displacing several high-temperature, energy-intensive production routes described in the paper.

Tackling PVC’s chlorine problem

The researchers frame the advance in the context of the plastics that dominate global waste streams. Most plastic waste consists of polyolefins, especially polyethylene and polypropylene, which account for roughly half of global output, while polyvinyl chloride (PVC) contributes about 10 percent.

These materials span packaging, containers, pipes, appliances, medical devices, and clothing. PVC, made using vinyl chloride (a colorless gas classed as a carcinogen by the US Environmental Protection Agency), is a particular challenge because traditional waste-to-energy methods, including incineration, require PVC to be dechlorinated before processing to avoid releasing toxic compounds.

Chemical upcycling pathways aiming to break plastic into high-grade components typically require high-temperature dechlorination as a separate step. Dechlorination, removing or neutralizing chlorine from chlorinated compounds, is necessary to prevent harmful effects and to prepare materials for sensitive applications.

The new study proposes combining these steps. “We present here a strategy for upgrading discarded PVC into chlorine-free fuel range hydrocarbons and [hydrochloric acid] in a single-stage process,” the researchers said.

Efficiency and real-world waste

Reported conversion efficiencies underscore the potential for real-world use. At 86 degrees Fahrenheit (30 degrees Celsius), the process reached 95 percent conversion for soft PVC pipes and 99 percent for rigid PVC pipes and PVC wires.

In tests that mixed PVC materials with polyolefin waste, the method achieved a 96 percent solid conversion efficiency at 80 degrees Celsius (176 degrees Fahrenheit). The team describes the approach as applicable beyond laboratory-clean samples.

“The process is suitable for handling real-world mixed and contaminated PVC and polyolefin waste streams,” the paper states. SCMP points to an ECNU social media post citing the study, which characterized the achievement as a first, efficiently converting difficult-to-degrade mixed plastic waste into premium petrol at ambient temperature and pressure in a single step.

Source: World’s first method turns plastic into fuel with 95% efficiency

The Threat Of Extreme Statutory Damages For Copyright Almost Certainly Made Anthropic Settle With Authors: Not the Use of Books for training, but the idiots used pirated books for training

Posted on by

In what may be the least surprising news in the world of copyright and the internet, Anthropic just agreed to settle the copyright lawsuit that everyone’s been watching, but not for the reasons most people think. This isn’t about AI training being found to infringe copyright—in fact, Anthropic won on that issue. Instead, it’s about how copyright’s broken statutory damages system can turn a narrow legal loss into a company-ending threat, forcing settlements even when the core dispute goes your way.

Anthropic had done something remarkably stupid beyond just training: they downloaded unauthorized copies of works and stored them in an internal “pirate library” for future reference. Judge Alsup was crystal clear that while the training itself was fair use, building and maintaining this library of unauthorized copies was straightforward infringement. This wasn’t some edge case—it was basic copyright violation that Anthropic should have known better than to engage in.

And while there were some defenses to this, it would likely be tough to succeed at trial with the position Judge Alsup had put them in.

The question then was about liability. Because of copyright’s absolutely ridiculous statutory damages (up to $150k per work if the infringement was found to be “willful”), which need not bear any relationship to the actual damages, Anthropic could have been on the hook for trillions of dollars in damages just in this one case. That’s not something any company is going to roll the dice on, and I’m sure that the conversation was more or less: if you win and we get hit with statutory damages, the company will shut down and you will get nothing. Instead, let’s come to some sort of deal and get the lawyers (and the named author plaintiffs) paid.

While the amount of the settlement hasn’t been revealed yet, the amount authors get paid is going to come out eventually, and… I guarantee that it will not be much.

[…]

Instead what will happen—what always happens with these collective licensing deals—is that a few of the bigger names will get wealthy, but mainly the middleman will get wealthy. These kinds of schemes only tend to enrich the middlemen (often leading to corruption).

So this result is hardly surprising. Anthropic had to settle rather than face shutting down. But my guess is that authors are going to be incredibly disappointed by how much they end up getting from the settlement. Judge Alsup still has to approve the settlement, and some people may protest it, but it would be a much bigger surprise if he somehow rejects it.

Source: The Threat Of Extreme Statutory Damages For Copyright Almost Certainly Made Anthropic Settle With Authors | Techdirt

Developer Unlocks Suddenly Paywalled Echelon Exercise Bikes But Thinks DMCA says He Can’t Legally Release His Software

Posted on by

An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it.

Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company’s servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.

[…]

App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use.

“It’s like picking a lock, and it’s a lock that I own in my own house. I bought this bike, it was unlocked when I bought it, why can’t I distribute this to people who don’t have the technical expertise I do?” Witherspoon told 404 Media. “It would be one thing if they sold the bike with this limitation up front, but that’s not the case. They reached into my house and forced this update on me without users knowing. It’s just really unfortunate.”

[…]

“A lot of people chose Echelon’s ecosystem because they didn’t want to be locked into using Echelon’s app. There was this third-party ecosystem. That was their draw to the bike in the first place,” O’Reilly said. “But now, if the manufacturer can come in and push a firmware update that requires you to pay for subscription features that you used to have on a device you bought in the first place, well, you don’t really own it.”

“I think this is part of the broader trend of enshittification, right?,” O’Reilly added. “Consumers are feeling this across the board, whether it’s devices we bought or apps we use—it’s clear that what we thought we were getting is not continuing to be provided to us.”

Witherspoon says that, basically, Echelon added an authentication layer to its products, where the piece of exercise equipment checks to make sure that it is online and connected to Echelon’s servers before it begins to send information from the equipment to an app over Bluetooth. “There’s this precondition where the bike offers an authentication challenge before it will stream those values. It is like a true digital lock,” he said. “Once you give the bike the key, it works like it used to. I had to insert this [authentication layer] into the code of my app, and now it works.”

[…]

Witherspoon has now essentially restored functionality that he used to have to his own bike, which he said he bought in the first place because of its ability to work offline and its ability to connect to third-party apps. But others will only be able to do it if they design similar software, or if they never update the bike’s firmware. Witherspoon said that he made the old version of his SyncSpin app free and has plastered it with a warning urging people to not open the official Echelon app, because it will update the firmware on their equipment and will break functionality. Roberto Viola, the developer of a popular third-party exercise app called QZ, wrote extensively about how Echelon has broken his popular app: “Without warning, Echelon pushed a firmware update. It didn’t just upgrade features—it locked down the entire device. From now on, bikes, treadmills, and rowers must connect to Echelon’s servers just to boot,” he wrote. “No internet? No workout. Even basic offline usage is impossible.

[…]

Witherspoon told me that he is willing to talk to other developers about how he did this, but that he is not willing to release the jailbreak on his own: “I don’t feel like going down a legal rabbit hole, so for now it’s just about spreading awareness that this is possible, and that there’s another example of egregious behavior from a company like this […] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to.”

Source: Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can’t Legally Release His Software

I do not think that this is the way the DMCA works, but if it is, it needs some serious revision.

German banks block EUR 10B in ‘unauthorized’ PayPal direct debits

Posted on by

Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal’s fraud-detection systems.

According to the Association of German Banks, the problem hit on Monday when banks noticed a slew of recent unauthorized direct debits from PayPal. The body said the banks responded in various ways, which is one way of putting it – the Süddeutsche Zeitung reported that some stopped all PayPal transactions, with the total number of frozen payments likely to be around €10 billion.

A spokesperson for the German Savings Banks Association (DSGV), which represents hundreds of regional banks across the country, confirmed the issue to The Register. The DSGV said PayPal had assured it the problem was resolved, adding that PayPal payments had been running smoothly since Tuesday morning and the US payments platform was informing affected customers “directly.”

The DSGV said the unauthorized payments had a “significant impact on transactions throughout Europe, particularly in Germany.” However, there have been no confirmed reports of the incident being felt outside Germany. Austrian media reported that the banks there had seen no problems.

[…]

PayPal’s reputational hit in Germany is likely to be exacerbated by last week’s reports of hackers offering millions of PayPal credentials that they claimed PayPal had recently exposed in plaintext. The hackers’ claims appear dubious, with PayPal denying any recent breach, but the reports gained significant traction in Germany.

“It’s possible that the data is incorrect or outdated,” read a Wednesday advisory from the German consumer organization Stiftung Warentest, which bundled the leak report with this week’s snafu. “Nonetheless, PayPal users should change their passwords as a precaution.” ®

Source: Euro banks block ‘unauthorized’ PayPal direct debits • The Register

Better than greenwashing, sustainability reporting boosts financials

Posted on by

As environmental responsibility and social ethics become increasingly important, a question might arise in the boardroom: does the company’s sustainability efforts materially affect the financial information on which investors rely?

Research in the International Journal of Business and Emerging Markets sets about answering that question. It does so by examining data from European firms over the course of a decade and providing that voluntary disclosure and strong performance in metrics improve the value relevance of .

The researchers focused on Environmental, Social, and Governance (ESG) criteria.

[…]

Ultimately, the research found, firms voluntarily reporting ESG information tended to present financial statements more aligned with market perceptions of their value.

Moreover, firms with higher ESG performance scores, indicating better sustainability practices, demonstrate even stronger correlations between their financial disclosures and market value. This suggests that sustainability efforts are not merely reputational or regulatory compliance exercises but contribute meaningfully to the transparency of financial reporting.

[…]

More information: Kyriakos Christofi et al, The impact of sustainability disclosure on financial statement value relevance: evidence from Europe, International Journal of Business and Emerging Markets (2025). DOI: 10.1504/IJBEM.2025.147883

Source: Better than greenwashing, sustainability reporting boosts financials

Rats walk again after spinal cord repair with 3D printing

Posted on by

[…] a groundbreaking process that combines 3D printing, stem cell biology, and lab-grown tissues for spinal cord injury recovery.

[…]

A major challenge is the death of nerve cells and the inability for nerve fibers to regrow across the injury site. This new research tackles this problem head-on.

The method involves creating a unique 3D-printed framework for lab-grown organs, called an organoid scaffold, with microscopic channels. These channels are then populated with regionally specific spinal neural progenitor cells (sNPCs), which are cells derived from human adult stem cells that have the capacity to divide and differentiate into specific types of mature cells.

“We use the 3D printed channels of the scaffold to direct the growth of the stem cells, which ensures the new nerve fibers grow in the desired way,

[…]

In their study, the researchers transplanted these scaffolds into rats with spinal cords that were completely severed. The cells successfully differentiated into neurons and extended their nerve fibers in both directions — rostral (toward the head) and caudal (toward the tail) — to form new connections with the host’s existing nerve circuits.

The new nerve cells integrated seamlessly into the host spinal cord tissue over time, leading to significant functional recovery in the rats.

[…]

Source: Rats walk again after breakthrough spinal cord repair with 3D printing | ScienceDaily