Meta's Oversight Board "is spinning off a new appeals center," reports the Washington Post, "to handle content disputes from European social media users on multiple platforms".

It will operate under Europe's Digital Services Act, "which requires tech companies to allow users to appeal restrictions on their accounts before an independent group of experts." "I think this is really a game changer," Appeals Centre Europe CEO Thomas Hughes said in an interview. "It could really drive platform accountability and transparency."

The expansion arrives as the Oversight Board, an independent collection of academics, experts and lawyers funded by Meta, has been seeking to expand its influence beyond the social media giant... [The Board] has tried for years to court other major internet companies, offering to help them referee debates about content, The Post has reported...

Oversight Board members and Oversight Board Trust Chairman Stephen Neal said in statements that both the Appeals Centre Europe and the Oversight Board will play critical but complimentary roles in holding tech companies accountable for their decisions on content. "Both entities are committed to improving user redress, transparency and upholding users' rights online," Neal said...

Hughes, who used to be the Oversight Board's administration director, said that he was "proud" of what the Oversight Board is accomplishing but that it is different from what the Appeals Centre Europe will offer. When Facebook, YouTube or TikTok removes a post, European social media users will be able to appeal the decision to the center. Users also will also be able to flag the center with posts they think violate the rules but were not removed. While the Appeals Centre Europe's decisions will be nonbinding, the group will generate data that could power decisions by regulators, civil society groups and the general public, Hughes said. By contrast, the Oversight Board's decisions on Meta content are binding.
Last year the original Oversight Board completed more than 50 cases, "and is on track to exceed that number in 2024," according to the article. But this board is different, CEO Hughes told the Post. They'll have about two dozen staffers, with expertise in human rights and tech policy — or fluency in various languages.

And he added that though the center is funded by an initial grant, future operating costs will be covered by the fees social media companies pay the appeal center — roughly 90 euros ($100) per case.

In response to California's new law targeting "false advertising" of "digital goods," Valve has added the following language to its checkout page: "A purchase of a digital product grants a license for the product on Steam." Ars Technica reports: California's AB2426 law, signed by Gov. Gavin Newsom Sept. 26, excludes subscription-only services, free games, and digital goods that offer "permanent offline download to an external storage source to be used without a connection to the internet." Otherwise, sellers of digital goods cannot use the terms "buy, purchase," or related terms that would "confer an unrestricted ownership interest in the digital good." And they must explain, conspicuously, in plain language, that "the digital good is a license" and link to terms and conditions.

Which is what Valve has now added to its cart page before enforcement of these terms was due to start next year. The company has long made it clear, deeper inside its End User License Agreement (EULA), that a purchase is a license, and those licenses cannot be resold, which avoids issues of one's right to resell a game. Now it is something that every user sees on every purchase, however quickly they click-through to get to their download.

A new study suggests game piracy costs publishers 19% of revenue on average when digital rights management (DRM) protections are cracked. Research associate William Volckmann at UNC analyzed 86 games using Denuvo DRM on Steam between 2014-2022.

The study, published in Entertainment Computing, found cracks appearing in the first week after release led to 20% revenue loss, dropping to 5% for cracks after six weeks. Volckmann used Steam user reviews and player counts as proxies for sales data.

The European Union has delayed the introduction of a new biometric entry-check system for non-EU citizens, which was due to be introduced on Nov. 10, after Germany, France and the Netherlands said border computer systems were not yet ready. From a report: "Nov. 10 is no longer on the table," EU Home Affairs Commissioner Ylva Johansson told reporters. She said there was no new timetable, but that the possibility of a phased introduction was being looked at. The Entry/Exit System (EES) is supposed to create a digital record linking a travel document to biometric readings confirming a person's identity, removing the need to manually stamp passports at the EU's external border. It would require non-EU citizens arriving in the Schengen free-travel area to register their fingerprints, provide a facial scan and answer questions about their stay.

Boston-based engineer and photographer Wenting Zhang built his own full-frame camera and open-sourced the project on GitLab for anyone else to build upon. The camera, named Sitina S1, features a 10MP CCD sensor, custom electronics, and a 3D-printed body. Digital Photography Review reports: Zhang says he started the project in 2017, and it's not finished yet. "Engineers are usually bad at estimating how long things will take. I am probably particularly bad at that. I expected this project to be challenging, so it would take a bit longer, like probably one year. Turned out my estimation was off," he says. He makes clear to point out that this is a hobby project, purely for fun, and that his camera isn't going to achieve the level of image quality found in commercially available products from established companies. Despite that, his project provides a fascinating look into what's involved in building a camera from the ground up.

Although CMOS has become the dominant sensor technology in consumer cameras, owing to factors like speed, lower power consumption and cost, Zhang's camera is built around a 10MP Kodak KAI-11000CM CCD sensor with a global electronic shutter, which he selected for a rather pragmatic reason: it was easy to source. "Most manufacturers (like Sony) aren't going to just sell a sensor to a random hobbyist, so I have to buy whatever is available on eBay. This 10MP CCD turned out to be available," he explains. The choice of sensor has a useful benefit. As he explains in one of his videos, designing and building a mechanical shutter is complicated and beyond his area of expertise, so his DIY design is based on using an electronic shutter. For similar reasons, he chose to use an LCD screen as a viewfinder rather than a prism-based optical design, resulting in a mirrorless camera.

Zhang wanted his design to be compatible with existing lenses. His mirrorless design, with a short flange distance, provided a great deal of flexibility to adapt different lenses to the camera, and he's currently using E-mount with active electrical contacts. And that's just the start. Zhang also needed to integrate a CCD signal processor with an ADC (analog to digital converter), a CPU, battery, an LCD screen and buttons. He also designed and built his own circuit board with a power-only USB port, flash sync terminal, power button and SD card slot, and create the software and user interface to tie it all together. Finally, everything fits inside a 3D-printed enclosure that, to my eye, looks rather attractive.

The man identified as Bitcoin creator Satoshi Nakamoto in a new HBO documentary has something to say: Wrong again, world. From a report: In the just-released HBO film on the history of the world's biggest digital currency -- Money Electric: The Bitcoin Mystery -- documentary filmmaker Cullen Hoback comes to the conclusion that the anonymous creator of Bitcoin was none other than a long-time member of the community and early Bitcoin developer Peter Todd. Todd dismissed the claim in the documentary, released yesterday, and denied it again when asked by The Register.

"[Hoback's] evidence for me being Satoshi is the same kind of coincidence-based, circumstantial thinking that fuels conspiracies like QAnon," Todd told us in an email. "Which is ironic, given that [Hoback's] previous big project was a documentary on QAnon. He clearly didn't try to debunk his theories either." Hoback's previous project -- Q: Into the Storm -- aimed to unmask the person behind QAnon, perhaps giving him an interest in uncovering the identity of Satoshi Nakamoto. Todd, however, thinks Hoback was just trying to drum up interest in his new film.

"I think [Hoback] only included the Satoshi claim as a marketing ploy: he was really creating a documentary about Bitcoin, and needed a hook to get media attention," Todd said. "He picked me to accuse mainly because I was an unlikely candidate, which helped drum up even more attention. I don't think he had any interest in finding the real truth."

Zoom is getting one step closer to letting AI avatars attend meetings for you. As part of a broader AI expansion, Zoom announced it will soon let you create an AI avatar of yourself that you can use to send brief messages to your team. From a report: To create a digital avatar, you'll need to record an initial video of yourself that Zoom's AI will use to make an avatar that looks -- and even sounds -- like you. From there, you can write the message you want your AI avatar to say and then have it do all the talking for you. This feature will only work with Zoom's Clips feature, allowing you to record brief video updates for your colleagues.

A new HBO documentary claims Canadian developer Peter Todd is Satoshi Nakamoto, the pseudonymous founder of bitcoin. The documentary's director, Emmy-nominated filmmaker Cullen Hoback, "comes to the conclusion by stitching together old clues and new ones," reports Politico. In the film's finale, Hoback confronted Todd and said: "It seems like you had these deep insights into bitcoin at the time?" Todd replies: "Well, yeah, I'm Satoshi Nakamoto." From the report: The admission, however, is not necessarily a smoking gun. Todd, who is a vocal backer of Ukraine and Israel on his X feed, is known to invoke the claim "I am Satoshi" as an expression of solidarity with the creator's bid for privacy. In an email to CoinDesk prior to the documentary's release, Todd reportedly denied he was the bitcoin creator: "Of course I'm not Satoshi," he said. If Todd is widely accepted as bitcoin's creator, the revelation would end more than a decade of speculation over the identity of a person whose work spawned a global, multibillion-dollar craze for digital currencies: a mania that has pushed back the frontiers of finance but also enabled widespread fraud and other illicit activities.

Todd is not unknown to enthusiasts of the stateless money system. As a longstanding bitcoin core developer known for communicating publicly with "Satoshi" before his disappearance from crypto forums in 2010, his name has always carried weight in the community. But he was rarely considered a prime suspect. A 39-year-old graduate of Ontario College of Art and Design in Toronto, Todd would have been 23 when the famous bitcoin white paper that first laid out the vision for the decentralized money system was being completed. Todd previously told a podcast he was about 15 years old when he first started communicating with key crypto influencers, known as the cypherpunks. "In investigations like these, digital forensics can only take you so far; they're like a compass," Hoback told POLITICO before the documentary aired. "Real answers can only be found offline."

The District of Columbia and 13 states sued social media giant TikTok on Tuesday, accusing the company of knowingly creating an addictive product and getting children hooked with "digital nicotine." From a report: D.C. Attorney General Brian Schwalb brought Washington's suit in the Superior Court for the District of Columbia, asserting that the app's design -- including its algorithm, "infinite scroll," push notifications, filters and in-app currency -- boost the company's profits at the expense of children's health. "TikTok's platform, designed to be dangerously addictive, inflicts immense damage on an entire generation of young people," Schwalb said in a statement announcing the suit. "In addition to prioritizing its profits over the health of children, TikTok's unregulated and illegal virtual economy allows the darkest, most depraved corners of society to prey upon vulnerable victims." More than a dozen states brought similar suits against TikTok in their courts Tuesday, including New York, California, Kentucky and New Jersey. Each stems from a national investigation into the company that a bipartisan coalition of attorneys general launched in March 2022.

Wired: Last spring, At an event in New York City, Robert Triefus, then Gucci's CEO of Vault -- the brand's virtual marketplace -- argued the recent deflation in hype around the metaverse was just a brief hiccup. "I see it more as a correction," he told the crowd. "We're now at a much more sensible place, where you've got individuals [and] companies ... who are very serious about what they're doing." When asked how buying real estate in The Sandbox aligned with Gucci's broader goals as a brand, he responded with quasi-mystical language: "The metaverse is an opportunity to embrace the digital self."

The following month, Triefus left Gucci "abruptly," according to Vogue Business. He was off "to pursue other opportunities," the brand said at the time. A month later, Vogue Business revealed that Triefus was to be the new Stone Island CEO. Immediately there was speculation on whether Stone Island would enter the metaverse. So far it has not. Triefus' public zeal for all things virtual and his short-lived tenure as the head of Gucci's metaverse strategy are both part of a broader trend that briefly convulsed the private sector starting in late 2021: the hastily recruited "chief metaverse officer."

Following a wave of excitement around the metaverse as a golden new opportunity for commerce, a legion of brands rushed to launch their own virtual storefronts. Three quarters of CEOs surveyed by Russell Reynolds in 2022 said they were hiring dedicated talent to lead in the space, or expanding current roles to cover it. While the actual titles varied, their main role seemed to involve helping their respective brands devise new strategies with then-buzzy technologies such as NFTs and crypto. Meta CEO Mark Zuckerberg has quietly shifted focus from virtual reality to augmented reality, signaling a retreat from the company's ambitious metaverse plans. At Meta's recent developer conference, Zuckerberg mentioned "metaverse" only three times in his hour-long keynote, instead highlighting AR innovations like smart glasses.

The move follows a broader cooling of corporate enthusiasm for the metaverse. Luxury brands that once rushed to establish virtual presences have scaled back efforts, with some chief metaverse officers pivoting to AI-focused roles. "Many brands were quick to experiment -- there was a sense of a land grab," said Matthew Ball, tech investor and author. "They didn't want to be last, and they were excited to try and be first." Wired notes that the shift reflects disappointing user engagement with existing metaverse platforms and growing interest in more accessible AR technologies.

An anonymous reader shares a report: The companies behind the streaming industry, including smart TV and streaming stick manufacturers and streaming service providers, have developed a "surveillance system" that has "long undermined privacy and consumer protection," according to a report from the Center for Digital Democracy (CDD) published today and sent to the Federal Trade Commission (FTC). Unprecedented tracking techniques aimed at pleasing advertisers have resulted in connected TVs (CTVs) being a "privacy nightmare," according to Jeffrey Chester, report co-author and CDD executive director, resulting in calls for stronger regulation.

The 48-page report, How TV Watches Us: Commercial Surveillance in the Streaming Era [PDF], cites Ars Technica, other news publications, trade publications, blog posts, and statements from big players in streaming -- from Amazon to NBCUniversal and Tubi, to LG, Samsung, and Vizio. It provides a detailed overview of the various ways that streaming services and streaming hardware target viewers in newfound ways that the CDD argues pose severe privacy risks. The nonprofit composed the report as part of efforts to encourage regulation. Today, the CDD sent letters to the FTC [PDF], Federal Communications Commission (FCC), California attorney general [PDF], and California Privacy Protection Agency (CPPA) [PDF], regarding its concerns. "Not only does CTV operate in ways that are unfair to consumers, it is also putting them and their families at risk as it gathers and uses sensitive data about health, children, race, and political interests,â Chester said in a statement.

An anonymous reader shares a report: The arrival of energy-assisted magnetic recording (EAMR) technologies like Seagate's HAMR will play a crucial role in accelerating HDD capacity growth in the coming years. According to the new IEEE International Roadmap for Devices and Systems Mass Data Storage, we will see 60 TB hard disk drives in 2028. If the prediction is accurate, we will see HDD storage capacity doubling in just four years, something that did not happen for a while. Also, IEEE believes that HDD unit sales will increase.

IEEE's latest HDD development roadmap spans 2022 to 2037 and covers 15 years of hard drive evolution. The arrival of HAMR in 2024 will play a pivotal role in the increase in HDD capacity (even though Western Digital has managed to stay competitive with Seagate's HAMR HDDs using a set of its technologies) over the next few years. IEEE engineers expect HDDs to leapfrog to 40TB in 2025 and 60TB in 2028, doubling capacity from 30TB in 2024. By 2037, there will be 100TB of storage space, according to IEEE.

To get to those extreme capacities, HDD makers will have to increase the areal density of their platters steadily. To get to 40TB per drive, they will have to get to 2 TB/inch^2 in 2025 and then to over 4 TB/inch^2 in 2028 to build 60TB HDDs. By 2037, areal density will grow to over 10 Tb/inch^2. Increasing areal density will necessitate the use of new media, magnetic films, and all-new write and read heads.

"The Fight to Repair Newsletter is reporting that U.S. Senator Elizabeth Warren is calling out agricultural equipment giant John Deere for possible violations of the federal Clean Air Act and a years-long pattern of thwarting owners' ability to repair their farm equipment," writes longtime Slashdot reader chicksdaddy. From the report: Deere "appears to be evading its responsibilities under the Clean Air Act to grant customers the right to repair their own agricultural equipment." That is costing farmers an estimated $4.2 billion annually "causing them to miss key crop windows on which their businesses and livelihoods rely," Warren wrote in a letter (https://www.theverge.com/2024/10/3/24260513/john-deere-right-to-repair-elizabeth-warren-clean-air-act) dated October 2nd. The letter from Warren (PDF), a Senator from Massachusetts and strong repair advocate, is just the latest volley lobbed at Illinois-based Deere, an iconic American brand and the largest supplier of agricultural equipment to farms in the U.S. Deere controls an estimated 53 percent of the U.S. market for large tractors and 60 percent of the U.S. market for farm combines.

In recent weeks, Deere faced criticism, including from Republican presidential candidate Donald Trump, after laying off close to 2,000 U.S. based employees at facilities in Iowa and Illinois, moving many of those jobs to facilities in Mexico. The company has also been repeatedly called out for complicating repair and service of its farm equipment -- often relying on software locks and digital rights management to force farmers to use Deere dealers and authorized service providers for even the simplest repairs.

Microsoft gives its Edge web browser an unfair advantage and EU antitrust regulators should subject it to tough EU tech rules, three rival browsers and a group of web developers said in a letter to the European Commission. From a report: The move by Vivaldi, Waterfox, Wavebox and the Open Web Advocacy could boost Norwegian browser company Opera which in July took the European Commission to court for exempting Edge from the Digital Markets Act (DMA). [...] "Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile," they said, pointing to Edge set as the default browser on all Windows computers. "No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs."

PayPal completed its first business payment using its proprietary stablecoin as a way to demonstrate how digital currencies can be used to improve often-clunky commercial transactions. From a report: PayPal paid an invoice to Ernst & Young LLP on Sept. 23 using PYUSD, the stablecoin the firm launched last year, relying on an SAP SE platform to complete the transaction. SAP's platform, known as the digital currency hub, allows enterprises to send and receive digital payments instantly, around the clock. The invoice amount wasn't disclosed.

Stablecoins are cryptocurrencies usually designed to track traditional currencies one-to-one. PYUSD, which has a current market capitalization of almost $700 million, tracks the US dollar. While the consumer-facing benefits of stablecoins often dominate conversations, this payment demonstrates other use cases for the digital currency, according to Jose Fernandez da Ponte, PayPal's senior vice president of its blockchain, cryptocurrency and digital currency group.

An anonymous reader shares a report: Songs by Adele, Bob Dylan, Green Day, R.E.M., Burna Boy, Rush and many others are currently unplayable on YouTube in the U.S. due to a legal dispute between the platform and the performing rights organization SESAC. Attempts to play many, but not all, songs by those artists on Saturday met with the following message: "This video contains content from SESAC. It is not available in your country."

A similar dispute between Universal Music Group and TikTok raged on for several months earlier this year before being resolved. In a statement to Variety, a YouTube rep said: "We have held good faith negotiations with SESAC to renew our existing deal. Unfortunately, despite our best efforts, we were unable to reach an equitable agreement before its expiration. We take copyright very seriously and as a result, content represented by SESAC is no longer available on YouTube in the US. We are in active conversations with SESAC and are hoping to reach a new deal as soon as possible." A source close to the situation tells Variety that the previous deal actually does not expire until next week, and suggests that YouTube's move is a negotiating tactic. SESAC is far smaller than ASCAP and BMI -- with approximately 30,000 members and 1.5 million compositions while ASCAP has nearly 800,000 members -- but as the caliber of artists affected by the block shows, it represents a comparatively large percentage of the marketplace.

SpzToid shares a report: Today, a group of independent security researchers revealed that they'd found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the Internet-connected features of most modern Kia vehicles -- dozens of models representing millions of cars on the road -- from the smartphone of a car's owner to the hackers' own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any Internet-connected Kia vehicle's license plate and within seconds gain the ability to track that car's location, unlock the car, honk its horn, or start its ignition at will.

After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group's findings and hasn't responded to WIRED's emails since then. But Kia's patch is far from the end of the car industry's web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they've reported to the Hyundai-owned company; they found a similar technique for hijacking Kias' digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they've discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.

The United Nations is set to vote on a treaty later this year intended to create norms for fighting cybercrime -- and the Biden administration is fretting over whether to sign on. Politico: The uncertainty over the treaty stems from fears that countries including Russia, Iran and China could use the text as a guise for U.N. approval of their widespread surveillance measures and suppression of the digital rights of their citizens. If the United States chooses not to vote in favor of the treaty, it could become easier for these adversarial nations -- named by the Cybersecurity and Infrastructure Security Agency as the biggest state sponsors of cybercrime -- to take the lead on cyber issues in the future. And if the U.S. walks away from the negotiating table now, it could upset other nations that spent several years trying to nail down the global treaty with competing interests in mind.

While the treaty is not set for a vote during the U.N. General Assembly this week, it's a key topic of debate on the sidelines, following meetings in New York City last week, and committee meetings set for next month once the world's leaders depart. The treaty was troubled from its inception. A cybercrime convention was originally proposed by Russia, and the U.N. voted in late 2019 to start the process to draft it -- overruling objections by the U.S. and other Western nations. Those countries were worried Russia would use the agreement as an alternative to the Budapest Convention -- an existing accord on cybercrime administered by the Council of Europe, which Russia, China and Iran have not joined.

Ars Technica's Dan Goodin reports: Last week, NIST released its second public draft of SP 800-63-4, the latest version of its Digital Identity Guidelines. At roughly 35,000 words and filled with jargon and bureaucratic terms, the document is nearly impossible to read all the way through and just as hard to understand fully. It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance. A section devoted to passwords injects a large helping of badly needed common sense practices that challenge common policies. An example: The new rules bar the requirement that end users periodically change their passwords. This requirement came into being decades ago when password security was poorly understood, and it was common for people to choose common names, dictionary words, and other secrets that were easily guessed.

Since then, most services require the use of stronger passwords made up of randomly generated characters or phrases. When passwords are chosen properly, the requirement to periodically change them, typically every one to three months, can actually diminish security because the added burden incentivizes weaker passwords that are easier for people to set and remember. Another requirement that often does more harm than good is the required use of certain characters, such as at least one number, one special character, and one upper- and lowercase letter. When passwords are sufficiently long and random, there's no benefit from requiring or restricting the use of certain characters. And again, rules governing composition can actually lead to people choosing weaker passcodes.

The latest NIST guidelines now state that:
- Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
- Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. ("Verifiers" is bureaucrat speak for the entity that verifies an account holder's identity by corroborating the holder's authentication credentials. Short for credential service provider, "CSPs" are a trusted entity that assigns or registers authenticators to the account holder.) In previous versions of the guidelines, some of the rules used the words "should not," which means the practice is not recommended as a best practice. "Shall not," by contrast, means the practice must be barred for an organization to be in compliance. Several other common sense practices mentioned in the document include: 1. Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a single character when evaluating password length.
5. Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
6. Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
7. Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
8. Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., "What was the name of your first pet?") or security questions when choosing passwords.
9. Verifiers SHALL verify the entire submitted password (i.e., not truncate it).

Google has restricted the creation of new accounts for Russian users, state news agencies cited Russia's digital ministry as saying on Thursday. Reuters: Google has been under pressure in Russia for several years, particularly for not taking down content Moscow considers illegal and for blocking the YouTube channels of Russian media and public figures since Moscow's invasion of Ukraine. "The ministry confirms that Google has restricted the creation of new accounts," Interfax quoted the digital ministry as saying. "Telecom operators have also recorded a significant reduction in the number of SMS messages sent by the company to Russian users."