The Federal Trade Commission on Tuesday announced sweeping action against some of the most important companies in the location data industry, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship. From a report: Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself.

Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics. The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in "limited circumstances" involving national security or law enforcement.

The cyber risks facing the United Kingdom are being "widely underestimated," the country's new cyber chief will warn on Tuesday as he launches the National Cyber Security Centre's (NCSC) annual review. From a report: In his first major speech since joining the NCSC -- part of the signals and cyber intelligence agency GCHQ -- Richard Horne will drive a shift in tone in how the cybersecurity agency communicates these risks. Despite some evidence showing cyberattacks growing year-on-year for half a decade, the NCSC has not previously confirmed the trend nor expressed alarm about it.

"What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us," Horne will say, according to an advance preview of his speech on Tuesday. Citing the intelligence that NCSC has access to as an agency within GCHQ, Horne will warn that "hostile activity in UK cyberspace has increased in frequency, sophistication and intensity," adding that despite growing activity from Russian and Chinese threat actors, the agency believes British society as a whole is failing to appreciate the severity of the risk. The annual review reveals that the agency's incident management team handled a record number of cyber incidents over the past 12 months -- 430 compared to 371 last year -- 89 of which were considered nationally significant incidents.

Oxford University Press: Following a public vote in which more than 37,000 people had their say, we're pleased to announce that the Oxford Word of the Year for 2024 is 'brain rot.'

Our language experts created a shortlist of six words to reflect the moods and conversations that have helped shape the past year. After two weeks of public voting and widespread conversation, our experts came together to consider the public's input, voting results, and our language data, before declaring 'brain rot' as the definitive Word of the Year for 2024.

'Brain rot' is defined as "the supposed deterioration of a person's mental or intellectual state, especially viewed as the result of overconsumption of material (now particularly online content) considered to be trivial or unchallenging. Also: something characterized as likely to lead to such deterioration."

Our experts noticed that 'brain rot' gained new prominence this year as a term used to capture concerns about the impact of consuming excessive amounts of low-quality online content, especially on social media. The term increased in usage frequency by 230% between 2023 and 2024.

Bluesky says it will never train generative AI on its users' data. But despite that, "one million public Bluesky posts — complete with identifying user information — were crawled and then uploaded to AI company Hugging Face," reports Mashable (citing an article by 404 Media).

"Shortly after the article's publication, the dataset was removed from Hugging Face," the article notes, with the scraper at Hugging Face posting an apology. "While I wanted to support tool development for the platform, I recognize this approach violated principles of transparency and consent in data collection. I apologize for this mistake." But TechCrunch noted the incident's real lesson. "Bluesky's open API means anyone can scrape your data for AI training," calling it a timely reminder that everything you post on Bluesky is public. Bluesky might not be training AI systems on user content as other social networks are doing, but there's little stopping third parties from doing so...

Bluesky said that it's looking at ways to enable users to communicate their consent preferences externally, [but] the company posted: "Bluesky won't be able to enforce this consent outside of our systems. It will be up to outside developers to respect these settings. We're having ongoing conversations with engineers & lawyers and we hope to have more updates to share on this shortly!"
Mashable notes Bluesky's response to 404Media — that Bluesky is like a website, and "Just as robots.txt files don't always prevent outside companies from crawling those sites, the same applies here."

So "While many commentators said that data collection should be opt in, others argued that Bluesky data is publicly available anyway and so the dataset is fair use," according to SiliconRepublic.com.

America's FBI "has been investigating a longtime Exxon Mobil consultant," reports Reuters, "over the contractor's alleged role in a hack-and-leak operation that targeted hundreds of the oil company's biggest critics, according to three people familiar with the matter." The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. The scheme allegedly began in late 2015, when U.S. authorities contend that the names of the hacking targets were compiled by the DCI Group, a public affairs and lobbying company working for Exxon at the time, one of the sources said. DCI provided the names to an Israeli private detective, who then outsourced the hacking, according to the source.

In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said. Some environmental activists interviewed by Reuters say the hacking operation disrupted preparations for lawsuits by cities and state attorneys general against Exxon and other energy companies... The stolen material continues to be used today to counter litigation claiming the oil giant misled the public and its investors about the risks of climate change...

The investigation into the hack-and-leak operation comes amid growing concern among law enforcement agencies worldwide about how such cyberespionage schemes threaten to taint judicial proceedings. The FBI has been investigating the broader use of mercenary hackers to tamper with lawsuits since early 2018, Reuters has previously reported. The Israeli private detective hired by DCI, Amit Forlit, was arrested this year at London's Heathrow Airport and is fighting extradition to the United States on charges of hacking and wire fraud... Federal prosecutors have secured a related conviction: that of Forlit's former business associate, private investigator Aviram Azari. Azari pleaded guilty in 2022 to wire fraud, conspiracy to commit hacking and aggravated identity theft, which included targeting the environmental activists.

"Are you spending hours scrolling mindlessly on Instagram reels and TikTok?" asks the BBC. "If so, you might be suffering from brain rot, which has become the Oxford word of the year." It is a term that captures concerns about the impact of consuming excessive amounts of low-quality online content, especially on social media. The word's usage saw an increase of 230% in its frequency from 2023 to 2024. Psychologist and Oxford University Professor, Andrew Przybylski says the popularity of the word is a "symptom of the time we're living in". Brain rot beat five other shortlisted words including demure, Romantasy and dynamic pricing... [And "slop".]

The first recorded use of brain rot dates much before the creation of the internet — it was written down in 1854 by Henry David Thoreau in his book Walden. He criticises society's tendency to devalue complex ideas and how this is part of a general decline in mental and intellectual effort. It leads him to ask: "While England endeavours to cure the potato rot, will not any endeavour to cure the brain-rot — which prevails so much more widely and fatally?" The word initially gained traction on social media among Gen Z and Gen Alpha communities, but it's now being used in the mainstream as a way to describe low-quality, low-value content found on social media.

Prof Przybylski says "there's no evidence of brain rot actually being a thing. Instead it describes our dissatisfaction with the online world and it's a word that we can use to bundle our anxieties that we have around social media."
The New York Times points out that Oxford's past "word of the year" selections included "podcast" and "selfie" [Casper Grathwohl, the president of Oxford Languages, the company's dictionary division] noted the finalists were heavy on old-fashioned words that young people had repurposed in semi-ironic ways — the linguistic equivalent, he said, of "bell-bottoms coming back into fashion...."

"Slop" has undergone a similar update. There was a spike of more than 300 percent over the past year in references not to pig feed, but to "art, writing or other content generated using artificial intelligence, shared and distributed online in an indiscriminate or intrusive way, and characterized as being of low quality, inauthentic or inaccurate," according to Oxford. Like "brain rot," it "represents the underbelly of today's linguistic churn," Grathwohl said. "There's a sense that we are drowning in mediocre experiences as digital lives get clogged."

Bluesky (Slashdot is on Bluesky here and Threads here) now has more active website users than Threads in the U.S., according to a graph from the Financial Times. And though Threads still leads in app usage, "Prior to November 5 Threads had five times more daily active users in the U.S. than Bluesky... Now, Threads is only 1.5 times larger than its rival, Similarweb said."

But "the influx of new users has opened up new opportunities for scammers and impersonators," Engadget reported this week: A recent analysis by Alexios Mantzarlis, director of the Security Trust and Safety Initiative at Cornell Tech found that 44 percent of the top 100 most-followed accounts on Bluesky had at least one "doppelganger," with most looking like "cheap knock-offs of the bigger account, down to the same bio and profile picture," Mantzarlis wrote in his newsletter Faked Up.
The article highlighted issues with Bluesky's loose account verification policies. And then, Bluesky announced a new change-of-policy Friday. Engadget reports: The Bluesky Safety account said that the social media service is removing accounts that are impersonating other people and those squatting on handles... Bluesky now requires parody, satire or fan accounts to label themselves as such in both their handles and their bio. If they don't, or if they only indicate the nature of their account in one of those elements, then they'll be treated as an impersonator and will be removed from the platform. Bluesky now explicitly prohibits identity churning, as well. Accounts that start as impersonators with the purpose of gaining new users, and who then switch to a different identity in an attempt to circumvent the ban, will still get booted off the app. Finally, it says it's exploring "additional options to enhance account verification," though they're not quite ready for rollout.
Bluesky says they've "quadrupled the size of our moderation team, in part to action impersonation reports more quickly. We still have a large backlog of moderation reports due to the influx of new users as we shared previously, though we are making progress." And in addition, "We are working behind the scenes to help many organizations and high-profile individuals set up their verified domain handles."

And there's another problem. "The EU's executive arm on Monday said Bluesky didn't provide information it was required to share under the bloc's Digital Services Act," reports Bloomberg. Bluesky responded that it's working to comply, " consulting with its lawyer to follow the EU's information disclosure rules, a Bluesky spokesperson wrote on Tuesday in an email." "All platforms in the EU have to have a dedicated page on their websites where it says how many user numbers they have in the EU and where they are legally established," Thomas Regnier, the commission's spokesperson on digital matters, told reporters. "This is not the case with Bluesky, so this is not followed...."

Under the DSA, platforms with more than 45 million users in the bloc qualify as "very large online platforms" and need to follow stricter content moderation rules under the commission's supervision. Breaches can result in fines of up to 6% of their global annual sales... Smaller platforms are still required to comply with the law, but are regulated by the EU country where they have a legal presence. That's so far unclear in the case of Bluesky, which was created expressly to avoid a centralized ownership structure.

The commission asked EU member countries' national authorities to investigate "and see if they can find any trace of Bluesky" in their jurisdictions, Regnier said

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

Nonprofit Code.org has posted this year's cartoon for "Hour of Code," their annual learn-to-code event for schoolchildren.

Long-time Slashdot reader theodp notes its animated pigeon gives a shout-out to the AI that could ultimately replace programmers: In an Instagram post introducing the video, Code.org explains: "Bartlett the Pigeon just learned how to code and now thinks he's smarter than us. Honestly...he might be. Meet the face (and feathers) of this year's #HourOfCode." In the video, Bartlett wows a social media influencer with his coding skills. "Is this pigeon typing code?" she asks in disbelief. "I'm going to film this for my socials!" Bartlett goes on to explain that the song he remixes with coding blocks — Aloe Blacc's "I Need a Dollar" — could have instead been generated by simply using AI, which he says is "like having a personal DJ assistant who never misses a beat!"

Interestingly, Blacc noted in a 2011 interview that he wrote "I Need a Dollar" after being made redundant in his career as a business consultant by Ernst & Young. That multinational company is now advising global business leaders on how they can harness the power of GenAI "to achieve more with fewer resources" by disrupting professions — like programming — that "involve a high degree of repetitive and data-driven tasks that AI can automate."

From a new web project called IMG_0001: Between 2009 and 2012, iPhones had a built-in "Send to YouTube" button in the Photos app. Many of these uploads kept their default IMG_XXXX filenames, creating a time capsule of raw, unedited moments from random lives. Inspired by Ben Wallace, I made a bot that crawled YouTube and found 5 million of these videos! Watch them below, ordered randomly.
The Washington Post reports that it's the same 22-year-old software engineer who created Bop Spotter — that phone on a telephone pole using the Shazam app to identify songs people play in public.

And his new site includes only videos "posted before 2015, with fewer than 150 views each and durations shorter than 150 seconds." In about 12 hours total, Walz said, he coded a website that takes millions of these unedited, raw videos from more than nine years ago and serves them to viewers at random. The resulting project, titled IMG_0001 and hosted on his personal website, plays out like a glimpse into different worlds: Hit play and your first video may show teenagers practicing a dance in a high school hallway. That wraps up, and it rolls into footage of a dog frolicking in a snowy backyard...

Viewers were gripped by the videos' unfiltered nature, a contrast to the heavily produced and camera-aware content found on TikTok and YouTube today. Writer Ryan Broderick wrote in his newsletter Garbage Day that the project is "beautiful, haunting, funny, and sort of magical. Like staring into a security camera of the past." Mashable's Tim Marcin called it "the kind of authenticity that's all too rare online these days."

The website has more than 280,000 views and millions of video plays, Walz said — meaning plenty of viewers are sticking around to watch many of the videos.
The article includes an intesting observation from Christian Sandvig, a digital media professor at the University of Michigan. "The people who made the video might not even remember that they shared them!"

The New York Post writes that "After the COVID-19 pandemic upended mom-and-pops around the city and resulted in thousands shuttering for good, it is important — now more than ever — to shop local."

America's Small Business Administration issued their own statement urging shoppers to "champion small businesses nationwide and #ShopSmall on Saturday, linking to a site mapping small businesses in your area. (And there's also a directory listing online small businesses.) Small Business Saturday was founded by American Express in 2010 and officially cosponsored by the U.S. Small Business Administration since 2011. It is an important part of small businesses' busiest shopping season.

- In 2023, the reported projected spending in the U.S. from those who shopped at small businesses on Small Business Saturday was around $17 billion

- Since 2010, the total reported U.S. spending at small businesses during the annual Small Business Saturday is an estimated $201 billion
"Let's keep the Shop Small tradition going," urges the American Express web site — encouraging shoppers to also use the #ShopSmall hashtag on social media.

Riot Games has announced sweeping changes to its terms of service, expanding penalties for player misconduct beyond in-game behavior to include content creation and social media activities.

The new rules, Engadget reports, enable "Riot-wide bans" for violations across platforms where players discuss or stream Riot games. The company will not actively monitor social media but will respond to reported violations, particularly during game livestreams.

A broad coalition of Canada's major news organizations, including the Toronto Star, Metroland Media, Postmedia, The Globe and Mail, The Canadian Press and CBC, is suing tech giant OpenAI, saying the company is illegally using news articles to train its ChatGPT software. From a report: It's the first time all of a country's major news publishers have come together in litigation against OpenAI. The suit, filed in Ontario's Superior Court of Justice Friday morning, seeks punitive damages, disgorgement of any profits made by OpenAI from using the news organizations' articles, and an injunction barring OpenAI from using any of the news articles in the future.

"Journalism is in the public interest. OpenAI using other companies' journalism for their own commercial gain is not. It's illegal," said a joint statement from the media organizations, which are represented by law firm Lenczner Slaght.

Meta plans to build a $10 billion private, "mother of all" undersea fiber-optic cable network spanning over 40,000 kilometers around the world, according to TechCrunch. The project, dubbed "W" for its shape, would run from the U.S. east coast to the west coast via India, South Africa and Australia, avoiding regions prone to cable sabotage including the Red Sea and South China Sea.

The social media giant, which co-owns 16 existing cable networks, aims to gain full control over traffic prioritization for its services. The project mirrors Google's strategy of private cable ownership. The construction could take 5-10 years to complete.

Major technology companies criticized Australia's new law banning social media access for users under 16, which passed parliament on Thursday with bipartisan support. The legislation threatens fines up to $32 million for platforms failing to block minors. TikTok warned the ban could drive young users to riskier online spaces, while Meta called it a "predetermined process," questioning the rushed parliamentary review that gave stakeholders only 24 hours for submissions. Reuters adds: Snapchat parent Snap said it leaves many questions unanswered. [...] Sunita Bose, managing director of Digital Industry Group, which has most social media companies as members, said no one can confidently explain how the law will work in practice. "The community and platforms are in the dark about what exactly is required of them," she said.

Panasonic has created an AI clone of its late founder Konosuke Matsushita based on his writings, speeches, and over 3,000 voice recordings. From a local media report: Known as Japan's "god of management," the Panasonic icon is one of the most respected by the Japanese business community, and comes back to life in digital form to impart wisdom directly to those he never met in person.

"As the number of people who received training directly from Matsushita has been on the decline, we decided to use generative AI technology to pass down our group's founding vision to the next generation," the company said in a statement. Codeveloped with the University of Tokyo-affiliated Matsuo Institute, the model can reproduce how a person thinks or talks. The company aims to further develop the digital clone to help make business decisions in the future.

Australia will ban children under 16 from using social media after its senate approved what will become a world-first law. From a report: Children will be blocked from using platforms including TikTok, Instagram, Snapchat and Facebook, a move the Australian government argue is necessary to protect their mental health and wellbeing.

The online safety amendment (social media minimum age) bill will impose fines of up to 50 million Australian dollars ($32.5 million) on platforms for systemic failures to prevent young children from holding accounts. It would take effect a year after the bill becomes law, allowing platforms time to work out technological solutions that would also protect users' privacy. The senate passed the bill 34 votes to 19. The house of representatives overwhelmingly approved the legislation 102 votes to 13 on Wednesday.

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

Wil Shipley, announcing the end of Delicious Library, a media cataloging app: Amazon has shut off the feed that allowed Delicious Library to look up items, unfortunately limiting the app to what users already have (or enter manually).

I wasn't contacted about this.

I've pulled it from the Mac App Store and shut down the website so nobody accidentally buys a non-functional app. John Gruber of DaringFireball adds: The end of an era, but it's kind of surprising it was still functional until now. (Shipley has been a full-time engineer at Apple for three years now.)

It's hard to describe just what a sensation Delicious Library was when it debuted, and how influential it was. Delicious Library was simultaneously very useful, in very practical ways, and obsessed with its exuberant UI in ways that served no purpose other than looking cool as shit. It was an app that demanded to be praised just for the way it looked, but also served a purpose that resonated with many users. For about a decade it seemed as though most popular new apps would be designed like Delicious Library. Then Apple dropped iOS 7 in 2013, and now, no apps look like this. Whatever it is that we, as an industry, have lost in the now decade-long trend of iOS 7-style flat design, Delicious Library epitomized it.

American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector.

This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident.

It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.