The European Union has opened a second formal investigation into TikTok under its Digital Services Act (DSA), an online governance and content moderation framework. The investigation centers around TikTok Lite's "Task and Reward" feature that may harm mental health, especially among minors, by promoting addictive behavior. TechCrunch reports: The Commission also said it's minded to impose interim measures that could force the company to suspend access to the TikTok Lite app in the EU while it investigates concerns the app poses mental health risks to users. Although the EU has given TikTok until April 24 to argue against the measure -- meaning the app remains accessible for now. Penalties for confirmed violations of the DSA can reach up to 6% of global annual turnover. So ByeDance, TikTok's parent, could face hefty fines if EU enforcers do end up deciding it has broken the law.

The EU's first TikTok probe covers multiple issues including the protection of minors, advertising transparency, data access for researchers, and the risk management of addictive design and harmful content. Hence it said the latest investigation will specifically focus on TikTok Lite, a version of the video sharing platform which launched earlier this month in France and Spain and includes a mechanism that allows users to earn points for doing things like watching or liking videos. Points earned through TikTok Lite can be exchanged for things like Amazon gift vouchers or TikTok's own digital currency for gifting to creators. The Commission is worried this so-called "task and reward" feature could negatively impact the mental health of young users by "stimulating addictive behavior."

The EU wrote that the second probe will focus on TikTok's compliance with the DSA obligation to conduct and submit a risk assessment report prior to the launch of the "Task and Reward Lite" program, with a particular focus on negative effects on mental health, including minors' mental health. It also said it will look into measures taken by TikTok to mitigate those risks. In a press release announcing the action, the EU said ByeDance failed to produce a risk assessment about the feature which it had asked to see last week -- when it gave the company 24 hours to produce the document. Since it failed to submit the risk assessment paperwork on April 18 the Commission wrote that it suspects a "prima facie infringement of the DSA."

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.
The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.
The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

Late Friday night the U.S. Senate "reauthorized the Foreign Intelligence Surveillance Act, a key. U.S. surveillance authority," reports Axios, "shortly after it expired in the early hours Saturday morning." The president then signed the bill into law. The reauthorization came despite bipartisan concerns about Section 702, which allows the government to collect communications from non-U.S. citizens overseas without a warrant. The legislation passed the Senate 60 to 34, with 17 Democrats, Sen. Bernie Sanders (I-Vt.) and 16 Republicans voting "nay." It extends the controversial Section 702 for two more years.
The bill had already passed last week in the U.S. House of Representatives, explains CNN: Under FISA's Section 702, the government hoovers up massive amounts of internet and cell phone data on foreign targets. Hundreds of thousands of Americans' information is incidentally collected during that process and then accessed each year without a warrant — down from millions of such queries the US government ran in past years. Critics refer to these queries as "backdoor" searches...

According to one assessment, it forms the basis of most of the intelligence the president views each morning and it has helped the U.S. keep tabs on Russia's intentions in Ukraine, identify foreign efforts to access US infrastructure, uncover foreign terror networks and thwart terror attacks in the U.S.
An interesting detail from The Verge: Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck language in the House bill that expanded the definition of "electronic communications service provider." Under the House's new provision, anyone "who has access to equipment that is being or may be used to transmit or store wire or electronic communications." The expansion, Wyden has claimed, would force "ordinary Americans and small businesses to conduct secret, warrantless spying." The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.
Saturday morning the U.S. House of Representatives passed a bill banning TikTok if its Chinese owner doesn't sell the app.

The Washington Post reports on a new situation in Virginia: There, massive data centers with computers processing nearly 70 percent of global digital traffic are gobbling up electricity at a rate officials overseeing the power grid say is unsustainable unless two things happen: Several hundred miles of new transmission lines must be built, slicing through neighborhoods and farms in Virginia and three neighboring states. And antiquated coal-powered electricity plants that had been scheduled to go offline will need to keep running to fuel the increasing need for more power, undermining clean energy goals...

The $5.2 billion effort has fueled a backlash against data centers through the region, prompting officials in Virginia to begin studying the deeper impacts of an industry they've long cultivated for the hundreds of millions of dollars in tax revenue it brings to their communities. Critics say it will force residents near the [West Virginia] coal plants to continue living with toxic pollution, ironically to help a state — Virginia — that has fully embraced clean energy. And utility ratepayers in the affected areas will be forced to pay for the plan in the form of higher bills, those critics say. But PJM Interconnection, the regional grid operator, says the plan is necessary to maintain grid reliability amid a wave of fossil fuel plant closures in recent years, prompted by the nation's transition to cleaner power. Power lines will be built across four states in a $5.2 billion effort that, relying on coal plants that were meant to be shuttered, is designed to keep the electric grid from failing amid spiking energy demands. Cutting through farms and neighborhoods, the plan converges on Northern Virginia, where a growing data center industry will need enough extra energy to power 6 million homes by 2030...

There are nearly 300 data centers now in Virginia. With Amazon Web Services pursuing a $35 billion data center expansion in Virginia, rural portions of the state are the industry's newest target for development. The growth means big revenue for the localities that host the football-field-size buildings. Loudoun [County] collects $600 million in annual taxes on the computer equipment inside the buildings, making it easier to fund schools and other services. Prince William [County], the second-largest market, collects $100 million per year.
The article adds that one data center "can require 50 times the electricity of a typical office building, according to the U.S. Department of Energy. "Multiple-building data center complexes, which have become the norm, require as much as 14 to 20 times that amount."

One small power company even told the grid operator that data centers were already consuming 59% of the power they produce...

An anonymous reader shared this report from the Washington Post: U.S. government officials were scrambling Friday night to prevent what they fear could be a significant loss of access to critical national security information, after two major U.S. communications providers said they would stop complying with orders under a controversial surveillance law that is set to expire at midnight, according to five people familiar with the matter.

One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas — including when they text or email people inside the United States. Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.

The companies' decisions, which were conveyed privately and have not previously been reported, have alarmed national security officials, who strongly disagree with their position and argue that the law requires the providers to continue complying with the government's surveillance orders even after the statute expires. That's because a federal court this month granted the government a one-year extension to continue intelligence collection.
UPDATE (4/20/2024): US Passes Bill Reauthorizing 'FISA' Surveillance for Two More Years.

An anonymous reader quotes a report from The Atlantic: In October 2003, Mark Zuckerberg created his first viral site: not Facebook, but FaceMash. Then a college freshman, he hacked into Harvard's online dorm directories, gathered a massive collection of students' headshots, and used them to create a website on which Harvard students could rate classmates by their attractiveness, literally and figuratively head-to-head. The site, a mean-spirited prank recounted in the opening scene of The Social Network, got so much traction so quickly that Harvard shut down his internet access within hours. The math that powered FaceMash -- and, by extension, set Zuckerberg on the path to building the world's dominant social-media empire -- was reportedly, of all things, a formula for ranking chess players: the Elo system.

Fundamentally, what an Elo rating does is predict the outcome of chess matches by assigning every player a number that fluctuates based purely on performance. If you beat a slightly higher-ranked player, your rating goes up a little, but if you beat a much higher-ranked player, your rating goes up a lot (and theirs, conversely, goes down a lot). The higher the rating, the more matches you should win. That is what Elo was designed for, at least. FaceMash and Zuckerberg aside, people have deployed Elo ratings for many sports -- soccer, football, basketball -- and for domains as varied as dating, finance, and primatology. If something can be turned into a competition, it has probably been Elo-ed. Somehow, a simple chess algorithm has become an all-purpose tool for rating everything. In other words, when it comes to the preferred way to rate things, Elo ratings have the highest Elo rating. [...]

Elo ratings don't inherently have anything to do with chess. They're based on a simple mathematical formula that works just as well for any one-on-one, zero-sum competition -- which is to say, pretty much all sports. In 1997, a statistician named Bob Runyan adapted the formula to rank national soccer teams -- a project so successful that FIFA eventually adopted an Elo system for its official rankings. Not long after, the statistician Jeff Sagarin applied Elo to rank NFL teams outside their official league standings. Things really took off when the new ESPN-owned version of Nate Silver's 538 launched in 2014 and began making Elo ratings for many different sports. Some sports proved trickier than others. NBA basketball in particular exposed some of the system's shortcomings, Neil Paine, a stats-focused sportswriter who used to work at 538, told me. It consistently underrated heavyweight teams, for example, in large part because it struggled to account for the meaninglessness of much of the regular season and the fact that either team might not be trying all that hard to win a given game. The system assumed uniform motivation across every team and every game. Pretty much anything, it turns out, can be framed as a one-on-one, zero-sum game. Arpad Emmerich Elo, creator of the Elo rating system, understood the limitations of his invention. "It is a measuring tool, not a device of reward or punishment," he once remarked. "It is a means to compare performances, assess relative strength, not a carrot waved before a rabbit, or a piece of candy given to a child for good behavior."

An anonymous reader quotes a report from Business Insider: If you think you've been seeing an awful lot more Reddit results lately when you search on Google, you're not imagining things. The internet is in upheaval, and for website owners the rules of "winning" Google Search have never been murkier. Google's generative AI search engine is coming from one direction. It's creeping closer to mainstream deployment and bringing an existential crisis for SEOs and website makers everywhere. Coming from the other direction is an influx of posts from Reddit, Quora, and other internet forums that have climbed up through the traditional set of Google links. Data analysis from Semrush, which predicts traffic based on search ranking, shows that traffic to Reddit has climbed at an impressive clip since August. Semrush estimated that Reddit had over 132 million visitors in August 2023. At the time of publishing, it was projected to have over 346 million visitors in April 2024.

None of this is accidental. For years, Google has been watching users tack on "Reddit" to the end of search queries and finally decided to do something about it. Google started dropping hints in 2022 when it promised to do a better job of promoting sites that weren't just chasing the top of search but were more helpful and human. Last August, Google rolled out a big update to Search that seemed to kick this into action. Reddit, Quora, and other forum sites started getting more visibility in Google, both within the traditional links and within a new "discussions and forums" section, which you may have spotted if you're US-based. The timing of this Reddit bump has led to some conspiracy theories. In February, Google and Reddit announced a blockbuster deal that would let Google train its AI models on Reddit content. Google said the deal, reportedly worth $60 million, would "facilitate more content-forward displays of Reddit information," leading to some speculation that Google promised Reddit better visibility in exchange for the valuable training data. A few weeks later, Reddit also went public.

Steve Paine, marketing manager at Sistrix, called the rise of Reddit "unprecedented." "There hasn't been a website that's grown so much search visibility so quickly in the US in at least the last five years," he told Business Insider. Right now, Reddit ranks high for product searches. Reddit's main competitors are Wikipedia, YouTube, and Fandom, Paine said, and it also competes in "high-value commercial searches," putting it up against Amazon. The "real competitors," he said, are the subreddits that compete with brands on the web. A Google spokesperson told Business Insider that the company is essentially just giving users what they want: "Our research has shown that people often want to learn from others' experiences with a topic, so we've continued to make it easier to find helpful perspectives on Search when it's relevant to a query. Our systems surface content from hundreds of forums and other communities across the web, and we conduct rigorous testing to ensure results are helpful and high quality."

U.S. telecom provider Frontier Communications shut down its systems after a cybercrime group breached some of its IT systems in a recent cyberattack. BleepingComputer reports: Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states. After discovering the incident, the company was forced to partially shut down some systems to prevent the threat actors from laterally moving through the network, which also led to some operational disruptions. Despite this, Frontier says the attackers could access some PII data, although it didn't disclose if it belonged to customers, employees, or both.

"On April 14, 2024, Frontier Communications Parent, Inc. [..] detected that a third party had gained unauthorized access to portions of its information technology environment," the company revealed in a filing with the U.S. Securities and Exchange Commission on Thursday. "Based on the Company's investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information." Frontier now believes that it has contained the breach, has since restored its core IT systems affected during the incident, and is working on restoring normal business operations.

Nigeria will criminalize the destruction of broadband fiber cables following repeated complaints by MTN Nigeria and other telecommunications companies that they are losing billions of naira, Bloomberg News reported, citing people familiar with the matter. From the report: Nigeria's works ministry, which supervises federal road constructors, is finalizing the regulation that will be signed as an executive order by President Bola Tinubu, said the people, asking not to be identified as they weren't authorized to comment. While there are presently laws against vandalism, the authorities are aiming to regulate construction firms more closely. The order will enforce stiff penalties on offenders, said the people, declining to provide more details or say when it will be signed. "Telecom assets are critical backbone that supports the economy across sectors," said Temitope Ajayi, a senior presidential aide, who noted that the Association of Telecommunications Companies has been demanding the classification for years. New rules will provide "further assurance that the Nigerian government will protect their investments against vandals and criminal elements."

An anonymous reader quotes a report from Ars Technica: Some net neutrality proponents are worried that soon-to-be-approved Federal Communications Commission rules will allow harmful fast lanes because the plan doesn't explicitly ban "positive" discrimination. FCC Chairwoman Jessica Rosenworcel's proposed rules for Internet service providers would prohibit blocking, throttling, and paid prioritization. The rules mirror the ones imposed by the FCC during the Obama era and repealed during Trump's presidency. But some advocates are criticizing a decision to let Internet service providers speed up certain types of applications as long as application providers don't have to pay for special treatment. Stanford Law Professor Barbara van Schewick, who has consistently argued for stricter net neutrality rules, wrote in a blog post on Thursday that "harmful 5G fast lanes are coming."

"T-Mobile, AT&T and Verizon are all testing ways to create these 5G fast lanes for apps such as video conferencing, games, and video where the ISP chooses and controls what gets boosted," van Schewick wrote. "They use a technical feature in 5G called network slicing, where part of their radio spectrum gets used as a special lane for the chosen app or apps, separated from the usual Internet traffic. The FCC's draft order opens the door to these fast lanes, so long as the app provider isn't charged for them." In an FCC filing yesterday, AT&T said that carriers will use network slicing "to better meet the needs of particular business applications and consumer preferences than they could over a best-efforts network that generally treats all traffic the same."

Van Schewick warns that carriers could charge consumers more for plans that speed up specific types of content. For example, a mobile operator could offer a basic plan alongside more expensive tiers that boost certain online games or a tier that boosts services like YouTube and TikTok. Ericsson, a telecommunications vendor that sells equipment to carriers including AT&T, Verizon, and T-Mobile, has pushed for exactly this type of service. In a report on how network slicing can be used commercially, Ericsson said that "many gamers are willing to pay for enhanced gaming experiences" and would "pay up to $10.99 more for a guaranteed gaming experience on top of their 5G monthly subscription."

According to Bloomberg's Mark Gurman, Apple's initial set of AI-related features in iOS 18 "will work entirely on device," and won't connect to cloud services. AppleInsider reports: In practice, these AI features would be able to function without an internet connection or any form of cloud-based processing. AppleInsider has received information from individuals familiar with the matter that suggest the report's claims are accurate. Apple is working on an in-house large language model, or LLM, known internally as "Ajax." While more advanced features will ultimately require an internet connection, basic text analysis and response generation features should be available offline. [...] Apple will reveal its AI plans during WWDC, which starts on June 10.

Microsoft's Beijing-based research group published a new open source AI model on Tuesday, only to remove it from the internet hours later after the company realized that the model hadn't gone through adequate safety testing. From a report: The team that published the model, which is comprised of China-based researchers in Microsoft Research Asia, said in a tweet on Tuesday that they "accidentally missed" the safety testing step that Microsoft requires before models can be published.

Microsoft's AI policies require that before any AI models can be published, they must be approved by the company's Deployment Safety Board, which tests whether the models can carry out harmful tasks such as creating violent or disturbing content, according to an employee familiar with the process. In a now-deleted blog post, the researchers behind the model, dubbed WizardLM-2, said that it could carry out tasks like generating text, suggesting code, translating between different languages, or solving some math problems.

AT&T, Charter, Comcast and Verizon are quietly trying to weaken a $42.5 billion federal program to improve internet access across the nation, aiming to block strict new rules that would require them to lower their poorest customers' monthly bills in exchange for a share of the federal aid. From a report: In state after state, the telecom firms have blasted the proposed price cuts as illegal -- forcing regulators in California, New York, South Carolina, Tennessee, Virginia and elsewhere to rethink, scale back or abandon their plans to condition the federal funds on financial relief for consumers. The lobbying campaign threatens to undermine the largest burst of money to upgrade the country's internet service in U.S. history. Enacted by President Biden as part of a sprawling 2021 infrastructure law, the funds are intended to deliver speedy and affordable broadband to the final unserved pockets of America by 2030 -- a goal that the White House likens to the federal campaign nearly a century ago to electrify the nation's heartland.

America's FCC votes on net neutrality April 25th. And the director of Stanford Law School's "Center for Internet and Society" (also a law professor) says mostly there's "much to celebrate" in the draft rules released earlier this month. Mobile carriers like T-Mobile, AT&T and Verizon that have been degrading video quality for mobile users will have to stop. The FCC kept in place state neutrality protections like California's net neutrality law, allowing for layers of enforcement. The FCC also made it harder for ISPs to evade net neutrality at the point where data enters their networks.
However, the draft rules also have "a huge problem." The proposed rules make it possible for mobile ISPs to start picking applications and putting them in a fast lane — where they'll perform better generally and much better if the network gets congested.

T-Mobile, AT&T and Verizon are all testing ways to create these 5G fast lanes for apps such as video conferencing, games, and video where the ISP chooses and controls what gets boosted. They use a technical feature in 5G called network slicing, where part of their radio spectrum gets used as a special lane for the chosen app or apps, separated from the usual internet traffic. The FCC's draft order opens the door to these fast lanes, so long as the app provider isn't charged for them.
They warn of things like cellphone plans "Optimized for YouTube and TikTok... Or we could see add-ons like Enhanced Video Conferencing for $10 a month, or one-time 24-hour passes to have Prioritized Online Gaming." This isn't imagination. The ISPs write about this in their blogs and press releases. They talk about these efforts and dreams openly at conferences, and their equipment vendors plainly lay out how ISPs can chop up internet service into all manner of fast lanes.

These kinds of ISP-controlled fast lanes violate core net neutrality principles and would limit user choice, distort competition, hamper startups, and help cement platform dominance. Even small differences in load times affect how long people stay on a site, how much they pay, and whether they'll come back. Those differences also affect how high up sites show in search results. Thus, letting ISPs choose which apps get to be in a fast lane lets them, not users, pick winners and losers online... [T]he biggest apps will end up in all the fast lanes, while most others would be left out. The ones left out would likely include messaging apps like Signal, local news sites, decentralized Fediverse apps like Mastodon and PeerTube, niche video sites like Dropout, indie music sites like Bandcamp, and the millions of other sites and apps in the long tail.
One subheading emphasizes that "This is not controversial," noting that "Even proposed Republican net neutrality bills prohibited ISPs from speeding up and slowing down apps and kinds of apps..." Yet "While draft order acknowledges that some speeding up of apps could violate the no-throttling rule, it added some unclear, nebulous language suggesting that the FCC would review any fast lanes case-by-case, without explaining how it would do that... Companies that do file complaints will waste years litigating the meaning of "unreasonably discriminatory," all the while going up against giant telecoms that stockpile lawyers and lobbyists."

"Net neutrality means that we, the people who use the internet, get to decide what we do online, without interference from ISPs. ISPs do not get to interfere with our choices by blocking, speeding up or slowing down apps or kinds of apps..."

They urge the FCC to edit their draft order before April 24 to clarify "that the no-throttling rule also prohibits ISPs from creating fast lanes for select apps or kinds of apps."

O'Reilly's "Tech Trends" newsletter included an interesting item this month: Want your own Klein Bottle? Made by Cliff Stoll, author of the cybersecurity classic The Cuckoo's Egg, who will autograph your bottle for you (and may include other surprises).
First described in 1882 by the mathematician Felix Klein, a Klein bottle (like a Mobius strip) has a one-side surface. ("Need a zero-volume bottle...?" asks Stoll's web site. "Want the ultimate in non-orientability...? A mathematician's delight, handcrafted in glass.")

But how the legendary cyberbreach detective started the company is explained in this 2016 article from a U.C. Berkeley alumni magazine. Its headline? "How a Berkeley Eccentric Beat the Russians — and Then Made Useless, Wondrous Objects." The reward for his cloak-and-dagger wizardry? A certificate of appreciation from the CIA, which is stashed somewhere in his attic... Stoll published a best-selling book, The Cuckoo's Egg, about his investigation. PBS followed it with a NOVA episode entitled "The KGB, the Computer, and Me," a docudrama starring Stoll playing himself and stepping through the "fourth wall" to double as narrator. Stoll had stepped through another wall, as well, into the numinous realm of fame, as the burgeoning tech world went wild with adulation... He was more famous than he ever could have dreamed, and he hated it. "After a few months, you realize how thin fame is, and how shallow. I'm not a software jockey; I'm an astronomer. But all people cared about was my computing."

Stoll's disenchantment also arose from what he perceived as the false religion of the Internet... Stoll articulated his disenchantment in his next book, Silicon Snake Oil, published in 1995, which urged readers to get out from behind their computer screens and get a life. "I was asking what I thought were reasonable questions: Is the electronic classroom an improvement? Does a computer help a student learn? Yes, but what it teaches you is to go to the computer whenever you have a question, rather than relying on yourself. Suppose I was an evil person and wanted to eliminate the curiosity of children. Give the kid a diet of Google, and pretty soon the child learns that every question he has is answered instantly. The coolest thing about being human is to learn, but you don't learn things by looking it up; you learn by figuring it out." It was not a popular message in the rise of the dot-com era, as Stoll soon learned...

Being a Voice in the Wilderness doesn't pay well, however, and by this time Stoll had taken his own advice and gotten a life; namely, marrying and having two children. So he looked around for a way to make some money. That ushered in his third — and current — career as President and Chief Bottle Washer of the aforementioned Acme Klein Bottle company... At first, Stoll had a hard time finding someone to make Klein bottles. He tried a bong peddler on Telegraph Avenue, but the guy took Cliff's money and disappeared. "I realized that the trouble with bong makers is that they're also bong users."

Then in 1994, two friends of his, Tom Adams and George Chittenden, opened a shop in West Berkeley that made glassware for science labs. "They needed help with their computer program and wanted to pay me," Stoll recalls. "I said, 'Nah, let's make Klein bottles instead.' And that's how Acme Klein Bottles was born."
UPDATE: Turns out Stoll is also a long-time Slashdot reader, and shared comments this weekend on everything from watching the eclipse to his VIP parking pass for CIA headquarters and "this CIA guy's rubber-stamp collection."

"I am honored by the attention and kindness of fellow nerds and online friends," Stoll added Saturday. "When I first started on that chase in 1986, I had no idea wrhere it would lead me... To all my friends: May you burdens be light and your purpose high. Stay curious!"

An anonymous reader quotes a report from The Guardian: Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today. Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals -- essentially traditional hospitals with emergency departments -- and their findings were that 96 percent of their websites transmitted user data to third parties. Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information.

The researchers' latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors' data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals' homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors' information. "In every study we've done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals," [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. "From there, it declines," he continued. "Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking."

Both Meta and Google's tracking technologies have been the subject of criminal complaints and lawsuits over the years -- as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. "Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division." Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there's also analytics firms including Hotjar and data brokers such as Acxiom. "And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn't even identify," he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.

According to Bloomberg, Adobe used images from its competitor Midjourney to train its own artificial intelligence image generator, Firefly -- contradicting the "commercially safe" ethical standards the company promotes. Tom's Guide reports: The startup has never declared the source of its training data but many suspect it is from images it scraped from the internet without licensing. Adobe says only about 5% of the millions of images used to train Firefly fell into this category and all of them were part of the Adobe Stock library, which meant they'd been through a "rigorous moderation process."

When Adobe first launched Firefly it offered an indemnity against copyright theft claims for its enterprise customers as a way to convince them it was safe. Adobe also sold Firefly as the safe alternative to the likes of Midjourney and DALL-E as all the data had been licensed and cleared for use in training the model. Not all artists were that keen at the time and felt they were coerced into agreeing to let their work be used by the creative tech giant -- but the sense was any image made with Firefly was safe to use without risk of being sued for copyright theft.

Despite the revelation some of the images came from potentially less reputable sources, Adobe says all of the non-human pictures are still safe. A spokesperson told Bloomberg: "Every image submitted to Adobe Stock, including a very small subset of images generated with AI, goes through a rigorous moderation process to ensure it does not include IP, trademarks, recognizable characters or logos, or reference artists' names." The company seems to be taking a slightly more rigorous step with its plans to build an AI video generator. Rumors suggest it is paying artists per minute for video clips.

An anonymous reader shares a report: Recent headlines have made clear: If AI is doing an impressively good job at a human task, there's a good chance that the task is actually being done by a human. When George Carlin's estate sued the creators of a podcast who said they used AI to create a standup routine in the late comedian's style, the podcasters claimed that the script had actually been generated by a human named Chad. (The two sides recently settled the suit.) A company making AI-powered voice interfaces for fast-food drive-thrus can only complete 30% of jobs without the help of a human reviewing its work. Amazon is dropping its automated "Just Walk Out" checkout systems from new stores -- a system that relied on far more human verification than it was hoping for.

We've seen this before -- though it may already be lost to Silicon Valley's pathologically short memory. Back in 2015, AI chatbots were the hot thing. Tech giants and startups alike pitched them as always-available, always-chipper, always-reliable assistants. One startup, x.ai, advertised an AI assistant who could read your emails and schedule your meetings. Another, GoButler, offered to book your flights or order your fries through a delivery app. Facebook also tested a do-anything concierge service called M, which could answer seemingly any question, do almost any task, and draw you pictures on demand. But for all of those services, the "AI assistant" was often just a person. Back in 2016, I wrote a story about this and interviewed workers whose job it was to be the human hiding behind the bot, making sure the bot never made a mistake or spoke nonsense.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that "certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)" In its alert, CISA said it was working with private industry partners to respond to a recent compromise discovered by independent security researchers involving Sisense.

Sisense declined to comment when asked about the veracity of information shared by two trusted sources with close knowledge of the breach investigation. Those sources said the breach appears to have started when the attackers somehow gained access to the company's code repository at Gitlab, and that in that repository was a token or credential that gave the bad guys access to Sisense's Amazon S3 buckets in the cloud. Both sources said the attackers used the S3 access to copy and exfiltrate several terabytes worth of Sisense customer data, which apparently included millions of access tokens, email account passwords, and even SSL certificates.

The incident raises questions about whether Sisense was doing enough to protect sensitive data entrusted to it by customers, such as whether the massive volume of stolen customer data was ever encrypted while at rest in these Amazon cloud servers. It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time -- sometimes indefinitely. And depending on which service we're talking about, it may be possible for attackers to re-use those access tokens to authenticate as the victim without ever having to present valid credentials. Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they've previously entrusted to Sisense. "If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted," said Nicholas Weaver, a researcher at University of California, Berkeley's International Computer Science Institute (ICSI) and lecturer at UC Davis. "If they are telling people to rest credentials, that means it was not encrypted. So mistake number one is leaving Amazon credentials in your Git archive. Mistake number two is using S3 without using encryption on top of it. The former is bad but forgivable, but the latter given their business is unforgivable."

Microsoft has started showing full screen warnings about the upcoming end of support date on Windows 10 PCs. From a report: Users on Reddit have reported seeing the prompt, which began appearing after this week's Patch Tuesday updates were installed, and encourages the user to learn more about how they can transition to Windows 11. Windows 10's end of support date is currently set for October 14, 2025. After that date, Windows 10 users will no longer receive critical security and bug fix updates, leaving any Windows 10 PC connected to the internet vulnerable to any newly discovered security exploits. The full screen prompt that is now appearing on some Windows 10 PCs thanks the user for their loyalty using Windows 10, and warns that this end of life (EOL) date is approaching. It also wastes no time advertising Windows 11, encouraging the user to learn more about how they can transition to a new Windows 11 PC. Notably, there's no button to tell the prompt to never show again.