Apple has urged Australia not to follow the European Union in mandating iPhone app sideloading, warning that such policies pose serious privacy and security risks. "This communication comes as the Australian federal government considers new rules that could force Apple to open up its iOS ecosystem, much like what happened in Europe with recent legislation," notes Neowin. Apple claims that allowing alternative app stores has led to increased exposure to malware, scams, and harmful content. From the report: Apple, in its response to this Australian paper (PDF), stated that Australia should not use the EU's Digital Markets Act "as a blueprint". The company's core argument is that the changes mandated by the EU's DMA, which came into full effect in March 2024, introduce serious security and privacy risks for users. Apple claims that allowing sideloading and alternative app stores effectively opens the door for malware, fraud, scams, and other harmful content. The tech company also highlighted specific concerns from its European experience, alleging that its compliance there has led to users being able to install pornography apps and apps that facilitate copyright infringement, things its curated App Store aims to prevent. Apple maintains that its current review process is vital for user protection, and that its often criticized 30% commission applies mainly to the highest earning apps, with most developers paying a lower 15% rate or nothing.

Mirnotoriety shares a report from the Independent: Downing Street is exploring a proposal to introduce digital ID cards for every adult in Britain in a move to tackle the UK's illegal migration crisis, according to reports. The new "BritCard" would be used to check on an individual's right to live and work in Britain, with senior No 10 figures examining the proposal, The Times has reported.

The card, stored on a smartphone, would reportedly be linked to government records and could check entitlements to benefits and monitor welfare fraud. [...] ... it would cost up to 400 million pounds to build the system and around 10 million pounds a year to administer as a free-to-use phone app.

David Sacks, President Trump's AI policy advisor, has dismissed the prospect of implementing a universal basic income program, declaring "it's not going to happen" during his tenure. He said: The future of AI has become a Rorschach test where everyone sees what they want. The Left envisions a post-economic order in which people stop working and instead receive government benefits. In other words, everyone on welfare. This is their fantasy; it's not going to happen."

An anonymous reader quotes a report from Bloomberg: Corporate investigators found evidence that Chinese hackers broke into an American telecommunications company in the summer of 2023, indicating that Chinese attackers penetrated the US communications system earlier than publicly known. Investigators working for the telecommunications firm discovered last year that malware used by Chinese state-backed hacking groups was on the company's systems for seven months starting in the summer of 2023, according to two people familiar with the matter and a document seen by Bloomberg News. The document, an unclassified report sent to Western intelligence agencies, doesn't name the company where the malware was found and the people familiar with the matter declined to identify it.

The 2023 intrusion at an American telecommunications company, which hasn't been previously reported, came about a year before US government officials and cybersecurity companies said they began spotting clues that Chinese hackers had penetrated many of the country's largest phone and wireless firms. The US government has blamed the later breaches on a Chinese state-backed hacking group dubbed Salt Typhoon. It's unclear if the 2023 hack is related to that foreign espionage campaign and, if so, to what degree. Nonetheless, it raises questions about when Chinese intruders established a foothold in the American communications industry. "We've known for a long time that this infrastructure has been vulnerable and was likely subject to attack," said Marc Rogers, a cybersecurity and telecommunications expert. "What this shows us is that it was attacked, and that going as far back as 2023, the Chinese were compromising our telecom companies." Investigators linked the sophisticated rootkit malware Demodex to China's Ministry of State Security, noting it enabled deep, stealthy access to systems and remained undetected on a U.S. defense-linked company's network until early 2024.

A Chinese government spokesperson denied responsibility for cyberattacks and accused the U.S. and its allies of spreading disinformation and conducting cyber operations against China.

An anonymous reader shares a report: The IRS open sourced much of its incredibly popular Direct File software as the future of the free tax filing program is at risk of being killed by Intuit's lobbyists and Donald Trump's megabill. Meanwhile, several top developers who worked on the software have left the government and joined a project to explore the "future of tax filing" in the private sector.

Direct File is a piece of software created by developers at the US Digital Service and 18F, the former of which became DOGE and is now unrecognizable, and the latter of which was killed by DOGE. Direct File has been called a "free, easy, and trustworthy" piece of software that made tax filing "more efficient." About 300,000 people used it last year as part of a limited pilot program, and those who did gave it incredibly positive reviews, according to reporting by Federal News Network.

But because it is free and because it is an example of government working, Direct File and the IRS's Free File program more broadly have been the subject of years of lobbying efforts by financial technology giants like Intuit, which makes TurboTax. DOGE sought to kill Direct File, and currently, there is language in Trump's massive budget reconciliation bill that would kill Direct File. Experts say that "ending [the] Direct File program is a gift to the tax-prep industry that will cost taxpayers time and money."

An anonymous reader quotes a report from The Register: In a nod to European customers' growing mistrust of American hyperscalers, Amazon Web Services says it is establishing a new organization in the region "backed by strong technical controls, sovereign assurances, and legal protections." Ever since the Trump 2.0 administration assumed office and implemented an erratic and unprecedented foreign policy stance, including aggressive tariffs and threats to the national sovereignty of Greenland and Canada, customers in Europe have voiced unease about placing their data in the hands of big U.S. tech companies. The Register understands that data sovereignty is now one of the primary questions that customers at European businesses ask sales reps at hyperscalers when they have conversations about new services.

[...] AWS is forming a new European organization with a locally controlled parent company and three subsidiaries incorporated in Germany, as part of its European Sovereign Cloud (ESC) rollout, set to launch by the end of 2025. Kathrin Renz, an AWS Industries VP based in Munich, will lead the operation as the first managing director of the AWS ESC. The other leaders, we're told, include a government security official and a privacy official – all EU citizens. The cloud giant stated: "AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consist of four members, all EU citizens residing in the EU, including at least one independent board member who is not affiliated with Amazon. The advisory board will act as a source of expertise and provide accountability for AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption."

The AWS ESC allows the business to continue operations indefinitely, "even in the event of a connectivity interruption between the AWS European Sovereign Cloud and the rest of the world." Authorized ESC staff who are EU residents will have independent access to a replica of the source code needed to maintain services under "extreme circumstances." The services will have "no critical dependencies on non-EU infrastructure," with staff, tech, and leadership all based on the continent, AWS said. "The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services," the company said. "The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names," added AWS. "AWS will also launch a dedicated 'root' European Certificate Authority, so that the key material, certificates, and identity verification needed for Secure Sockets Layer/Transport Layer Security certificates can all run autonomously within the AWS European Sovereign Cloud."

The Register also notes that the sovereign cloud will be "supported by a dedicated European Security Operations Center (SOC), led by an EU citizen residing in the EU." That said, the parent company "remains under American ownership and may be subject to the Cloud Act, which requires U.S. companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored."

Longtime Slashdot reader schwit1 shares a report: A Romanian national pleaded guilty on Monday to charges related to his role in a "swatting" ring that targeted dozens of public officials, including a former US president. Going by the aliases "Plank," "Jonah" and "Cypher," 26-year-old Thomasz Szabo took part in a years-long conspiracy to place bogus 911 calls, claiming emergencies were taking place at the homes of top government officials, and make bomb threats against government buildings and houses of worship, according to the Justice Department.

Szabo and a co-conspirator, 21-year-old Serbian national Nemanja Radovanovic, allegedly targeted about 100 people, including members of Congress, governors, cabinet-level executive branch officials and state officials. Szabo, who was extradited from Romania last November, pleaded guilty to one count of conspiracy and one count of making bomb threats. He is slated to be sentenced in a Washington, DC, federal court in October. [...] Charges against Radovanovic are still pending.

Live-animal markets across Southeast Asia continue operating as natural laboratories for deadly pathogens despite warnings from public health experts about their role in disease transmission, according to new research published in Nature.

Scientists studying markets like Jakarta's Jatinegara found that coronavirus detection rates in trafficked animals increase dramatically along supply chains, with rats sold at Vietnamese markets testing positive at rates ten times higher than those caught in fields. Pangolins confiscated in Vietnam showed a seven-fold increase in coronavirus infections compared to animals seized earlier in the smuggling process.

The research comes as political headwinds have severely reduced funding for pandemic preparedness, with the Trump administration terminating a $125-million disease monitoring program and cutting all USAID functions. Scientists report growing reluctance from government officials to authorize publication of pathogen discoveries, fearing stigma and trade restrictions, while wildlife traders increasingly avoid participating in studies that could reveal new health risks.

Texas is poised to become the first state with a Republican-controlled government to pass a right to repair law, as its Senate unanimously approved HB 2963. The bill requires manufacturers to provide parts, manuals, and tools for equipment sold or used in the state. The Verge reports: A press release from the United States Public Interest Research Group (PIRG), which has pushed for repairability laws nationwide, noted that this would make Texas the ninth state with a right to repair rule, and the seventh with a version that includes consumer electronics. It follows New York, Colorado, Minnesota, California, Oregon, Maine, and most recently, Washington [...]. "More repair means less waste. Texas produces some 621,000 tons of electronic waste per year, which creates an expensive and toxic mess. Now, thanks to this bipartisan win, Texans can fix that," said Environment Texas executive director Luke Metzger.

Microsoft, CrowdStrike, Palo Alto Networks, and Google announced Monday they will create a public glossary standardizing the nicknames used for state-sponsored hacking groups and cybercriminals.

The initiative aims to reduce confusion caused by the proliferation of disparate naming conventions across cybersecurity firms, which have assigned everything from technical designations like "APT1" to colorful monikers like "Cozy Bear" and "Kryptonite Panda" to the same threat actors. The companies hope to bring additional industry partners and the U.S. government into the effort to streamline identification of digital espionage groups.

With over 200 million people, Brazil is the world's fifth-largest country by population. Now it's testing a program that will allow Brazilians "to manage, own, and profit from their digital footprint," according to RestOfWorld.org — "the first such nationwide initiative in the world."

The government says it's partnering with California-based data valuation/monetization firm DrumWave to create "data savings account" to "transform data into economic assets, with potential for monetization and participation in the benefits generated by investing in technologies such as AI LLMs." But all based on "conscious and authorized use of personal information." RestOfWorld reports: Today, "people get nothing from the data they share," Brittany Kaiser, co-founder of the Own Your Data Foundation and board adviser for DrumWave, told Rest of World. "Brazil has decided its citizens should have ownership rights over their data...." After a user accepts a company's offer on their data, payment is cashed in the data wallet, and can be immediately moved to a bank account. The project will be "a correction in the historical imbalance of the digital economy," said Kaiser. Through data monetization, the personal data that companies aggregate, classify, and filter to inform many aspects of their operations will become an asset for those providing the data...

Brazil's project stands out because it brings the private sector and the government together, "so it has a better chance of catching on," said Kaiser. In 2023, Brazil's Congress drafted a bill that classifies data as personal property. The country's current data protection law classifies data as a personal, inalienable right. The new legislation gives people full rights over their personal data — especially data created "through use and access of online platforms, apps, marketplaces, sites and devices of any kind connected to the web." The bill seeks to ensure companies offer their clients benefits and financial rewards, including payment as "compensation for the collecting, processing or sharing of data." It has garnered bipartisan support, and is currently being evaluated in Congress...

If approved, the bill will allow companies to collect data more quickly and precisely, while giving users more clarity over how their data will be used, according to Antonielle Freitas, data protection officer at Viseu Advogados, a law firm that specializes in digital and consumer laws. As data collection becomes centralized through regulated data brokers, the government can benefit by paying the public to gather anonymized, large-scale data, Freitas told Rest of World. These databases are the basis for more personalized public services, especially in sectors such as health care, urban transportation, public security, and education, she said.
This first pilot program involves "a small group of Brazilians who will use data wallets for payroll loans," according to the article — although Pedro Bastos, a researcher at Data Privacy Brazil, sees downsides. "Once you treat data as an economic asset, you are subverting the logic behind the protection of personal data," he told RestOfWorld. The data ecosystem "will no longer be defined by who can create more trust and integrity in their relationships, but instead, it will be defined by who's the richest."

Thanks to Slashdot reader applique for sharing the news.

Apple's end-to-end iCloud encryption product ("Advanced Data Protection") was famously removed in the U.K. after a government order demanded backdoors for accessing user data.

So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...

The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.

In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...

• Running protection servers. "This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups."
• Android client app. "And preferably tight integration with the platform as an alternate backup service."
• An iOS client app. (With the same tight integration with the platform as an alternate backup service.)
• Authentication. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret."

"Are you up for this challenge? Are you ready to plunge into this with me?"


In the comments he says anyone interested can ask to join the "OpenADP" project on GitHub — which is promising "Open source Advanced Data Protection for everyone."

In March an executive order directed America's treasury secretary to create two stockpiles of crypto assets (to accompany already-existing "strategic reserves"of gold and foreign currencies). And the Washington Post notes these new stockpiles would include "cryptocurrency seized by federal agencies in criminal or civil proceedings." But how big would America's "Strategic Bitcoin Reserve" be — and what other cryptocurrencies would the U.S. government hold in its "Digital Asset Stockpile"?

"New data on what crypto cash the U.S. government has seized may now provide some answers. It suggests the crypto reserves will together hold more than $21 billion in cryptocurrency... The stockpile will be funded with whatever crypto assets the Treasury holds other than bitcoin, leaving the stockpile's composition to be largely determined by a mixture of chance and criminal conduct. That unconventional method for selecting government financial holdings had the benefit of making the reserves cost-neutral for the taxpayer.

It also provided a way to estimate what exactly might go into the two pools before results are released from an official accounting of U.S. crypto holdings that is underway.Because government seizures are disclosed in court documents, news releases and other sources, crypto-tracking firms can use those notices to monitor which digital assets the U.S. government holds. Chainalysis, a blockchain analytics firm, reviewed cryptocurrency wallets that appear to be associated with the U.S. government for The Washington Post. The company estimated how much bitcoin it holds, and the other crypto tokens in its top 20 digital holdings as of May 13, by tracking transactions involving those wallets.

The United States' top 20 crypto holdings according to Chainalysis are worth about $20.9 billion as of 3 p.m. Eastern on May 28, with $20.4 billion in bitcoin and about $493 million in other digital assets. It has been scooped up from crimes such as stolen funds, scams and sales on dark net markets. Those estimates put the U.S. government's top crypto holdings at less than the approximately $25 billion worth of oil held in the U.S. Strategic Petroleum Reserve. Their value is nearly double the Fed's listing for U.S. gold holdings, although that figure uses outdated pricing and would be over $850 billion at current prices...

The crypto tokens headed for the U.S. Digital Asset Stockpile according to the Chainalysis list include ethereum, the world's second-largest digital asset, and a string of other crypto tokens with punier name recognition. They include derivatives of bitcoin and ethereum that mirror those cryptocurrencies' prices, several stable coins designed to be pegged in value to the U.S. dollar, and 10 tokens tied to specific companies, including the cryptocurrency exchanges FTX, which imploded in 2022 after defrauding customers, and Binance.
Two U.S. states have already passed legislation creating their own cryptocurrency reserve funds, the article points out. But ethereum co-founder Vitalik Buterin complained to the Post in March that crypto's "original spirit...is about counterbalancing power" — including government and corporate power, and getting too close to "one particular government team" could conflict with its mission of decentralization and openness. And he's not the only one concerned: Austin Campbell, a professor at New York University's business school and a principal at crypto advisory firm Zero Knowledge, sees hypocrisy in crypto enthusiasts cheering the government's strategic reserves. The bitcoin community in particular "has historically been about freedom from sovereign interference," he said.

"More than 200 climate and weather scientists from across the U.S. are taking part in a marathon livestream on YouTube," according to this report from Space.com. For 100 hours (that started Wednesday) they're sharing their scientific work and answering questions from viewers, "to prove the value of climate science," according to the article.

The event is being stated in protest of recent government funding cuts at NASA, the National Oceanic and Atmospheric Administration, the United States Geological Survey, and the National Science Foundation. (The event began with "scientists documenting their last few hours at NASA's Goddard Institute for Space Studies as the office was shuttered.") The marathon stream features mini-lectures, panels and question-and-answer sessions with hundreds of scientists, each speaking in their capacity as private citizens rather than on behalf of any institution. These include talks from former National Weather Service directors, Britney Schmidt, a groundbreaking glacier researcher, and legendary meteorologist John Morales.

In its first 30 hours, the stream got over 77,000 views.

Ultimately, the goal of the event is to give members of the public the chance to learn more about meteorology and climate science in an informal setting — and for free. "We really felt like the American public deserves to know what we do," Duffy said. However, many of the speakers and organizers also hope the transference of this knowledge will spur people to take action. The event's website features a link to 5 Calls, an organization that makes it easy for folks to contact their representatives in Congress about the importance of funding climate and weather research.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."

The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

sinij shares a report from the BBC: France's National Assembly has voted to abolish low-emission zones, a key measure introduced during President Emmanuel Macron's first term to reduce city pollution. So-called ZFEs (zones a faibles emissions) have been criticized for hitting those who cannot afford less-polluting vehicles the hardest. A handful of MPs from Macron's party joined opposition parties from the right and far right in voting 98-51 to scrap the zones, which have gradually been extended across French cities since 2019. [...]

The low-emission zones began with 15 of France's most polluted cities in 2019 and by the start of this year had been extended to every urban area with a population of more than 150,000, with a ban on cars registered before 1997. Those produced after 1997 need a round "Crit'Air" sticker to drive in low-emission zones, and there are six categories that correspond to various types of vehicle. The biggest restrictions have been applied in the most polluted cities, Paris and Lyon, as well as Montpellier and Grenoble. The BBC notes that while the abolition is expected to pass France's Senate, it must still be included in a broader bill approved by the lower house in June and cleared by the Constitutional Council, which isn't guaranteed.

The SEC on Thursday voluntarily dismissed its lawsuit against Binance, the world's largest cryptocurrency exchange. It brings an end to one of the last remaining crypto enforcement actions brought by the agency. Reuters reports: The SEC had accused the defendants in 2023 of artificially inflating trading volumes, diverting customer funds, failing to restrict U.S. customers from Binance's platform, and misleading investors about its market surveillance controls. It also accused Binance of unlawfully facilitating trading of several tokens that prior SEC leadership deemed unregistered securities. Developing...

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.

The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.

GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

Anthropic co-founder and CEO Dario Amodei is warning that AI could eliminate half of all entry-level white-collar jobs within the next five years -- and overall unemployment potentially spiking between 10 and 20% during that period.

The prediction comes as new data from venture capital firm SignalFire shows Big Tech companies have already reduced their hiring of new graduates by approximately 50% compared to pre-pandemic levels, with AI adoption cited as a contributing factor. Amodei told Axios that AI companies and government officials are "sugarcoating" the risks of mass job displacement in technology, finance, law, and consulting sectors.

A security researcher has discovered an exposed database containing 184 million login credentials for major services including Apple, Facebook, and Google accounts, along with credentials linked to government agencies across 29 countries. Jeremiah Fowler found the 47-gigabyte trove in early May, but the database contained no identifying information about its owner or origins.

The records included plaintext passwords and usernames for accounts spanning Netflix, PayPal, Discord, and other major platforms. A sample analysis revealed 220 email addresses with government domains from countries including the United States, China, and Israel. Fowler told Wired he suspects the data was compiled by cybercriminals using infostealer malware. World Host Group, which hosted the database, shut down access after Fowler's report and described it as content uploaded by a "fraudulent user." The company said it would cooperate with law enforcement authorities.