Bluesky (Slashdot is on Bluesky here and Threads here) now has more active website users than Threads in the U.S., according to a graph from the Financial Times. And though Threads still leads in app usage, "Prior to November 5 Threads had five times more daily active users in the U.S. than Bluesky... Now, Threads is only 1.5 times larger than its rival, Similarweb said."

But "the influx of new users has opened up new opportunities for scammers and impersonators," Engadget reported this week: A recent analysis by Alexios Mantzarlis, director of the Security Trust and Safety Initiative at Cornell Tech found that 44 percent of the top 100 most-followed accounts on Bluesky had at least one "doppelganger," with most looking like "cheap knock-offs of the bigger account, down to the same bio and profile picture," Mantzarlis wrote in his newsletter Faked Up.
The article highlighted issues with Bluesky's loose account verification policies. And then, Bluesky announced a new change-of-policy Friday. Engadget reports: The Bluesky Safety account said that the social media service is removing accounts that are impersonating other people and those squatting on handles... Bluesky now requires parody, satire or fan accounts to label themselves as such in both their handles and their bio. If they don't, or if they only indicate the nature of their account in one of those elements, then they'll be treated as an impersonator and will be removed from the platform. Bluesky now explicitly prohibits identity churning, as well. Accounts that start as impersonators with the purpose of gaining new users, and who then switch to a different identity in an attempt to circumvent the ban, will still get booted off the app. Finally, it says it's exploring "additional options to enhance account verification," though they're not quite ready for rollout.
Bluesky says they've "quadrupled the size of our moderation team, in part to action impersonation reports more quickly. We still have a large backlog of moderation reports due to the influx of new users as we shared previously, though we are making progress." And in addition, "We are working behind the scenes to help many organizations and high-profile individuals set up their verified domain handles."

And there's another problem. "The EU's executive arm on Monday said Bluesky didn't provide information it was required to share under the bloc's Digital Services Act," reports Bloomberg. Bluesky responded that it's working to comply, " consulting with its lawyer to follow the EU's information disclosure rules, a Bluesky spokesperson wrote on Tuesday in an email." "All platforms in the EU have to have a dedicated page on their websites where it says how many user numbers they have in the EU and where they are legally established," Thomas Regnier, the commission's spokesperson on digital matters, told reporters. "This is not the case with Bluesky, so this is not followed...."

Under the DSA, platforms with more than 45 million users in the bloc qualify as "very large online platforms" and need to follow stricter content moderation rules under the commission's supervision. Breaches can result in fines of up to 6% of their global annual sales... Smaller platforms are still required to comply with the law, but are regulated by the EU country where they have a legal presence. That's so far unclear in the case of Bluesky, which was created expressly to avoid a centralized ownership structure.

The commission asked EU member countries' national authorities to investigate "and see if they can find any trace of Bluesky" in their jurisdictions, Regnier said

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

Nonprofit Code.org has posted this year's cartoon for "Hour of Code," their annual learn-to-code event for schoolchildren.

Long-time Slashdot reader theodp notes its animated pigeon gives a shout-out to the AI that could ultimately replace programmers: In an Instagram post introducing the video, Code.org explains: "Bartlett the Pigeon just learned how to code and now thinks he's smarter than us. Honestly...he might be. Meet the face (and feathers) of this year's #HourOfCode." In the video, Bartlett wows a social media influencer with his coding skills. "Is this pigeon typing code?" she asks in disbelief. "I'm going to film this for my socials!" Bartlett goes on to explain that the song he remixes with coding blocks — Aloe Blacc's "I Need a Dollar" — could have instead been generated by simply using AI, which he says is "like having a personal DJ assistant who never misses a beat!"

Interestingly, Blacc noted in a 2011 interview that he wrote "I Need a Dollar" after being made redundant in his career as a business consultant by Ernst & Young. That multinational company is now advising global business leaders on how they can harness the power of GenAI "to achieve more with fewer resources" by disrupting professions — like programming — that "involve a high degree of repetitive and data-driven tasks that AI can automate."

From a new web project called IMG_0001: Between 2009 and 2012, iPhones had a built-in "Send to YouTube" button in the Photos app. Many of these uploads kept their default IMG_XXXX filenames, creating a time capsule of raw, unedited moments from random lives. Inspired by Ben Wallace, I made a bot that crawled YouTube and found 5 million of these videos! Watch them below, ordered randomly.
The Washington Post reports that it's the same 22-year-old software engineer who created Bop Spotter — that phone on a telephone pole using the Shazam app to identify songs people play in public.

And his new site includes only videos "posted before 2015, with fewer than 150 views each and durations shorter than 150 seconds." In about 12 hours total, Walz said, he coded a website that takes millions of these unedited, raw videos from more than nine years ago and serves them to viewers at random. The resulting project, titled IMG_0001 and hosted on his personal website, plays out like a glimpse into different worlds: Hit play and your first video may show teenagers practicing a dance in a high school hallway. That wraps up, and it rolls into footage of a dog frolicking in a snowy backyard...

Viewers were gripped by the videos' unfiltered nature, a contrast to the heavily produced and camera-aware content found on TikTok and YouTube today. Writer Ryan Broderick wrote in his newsletter Garbage Day that the project is "beautiful, haunting, funny, and sort of magical. Like staring into a security camera of the past." Mashable's Tim Marcin called it "the kind of authenticity that's all too rare online these days."

The website has more than 280,000 views and millions of video plays, Walz said — meaning plenty of viewers are sticking around to watch many of the videos.
The article includes an intesting observation from Christian Sandvig, a digital media professor at the University of Michigan. "The people who made the video might not even remember that they shared them!"

The New York Post writes that "After the COVID-19 pandemic upended mom-and-pops around the city and resulted in thousands shuttering for good, it is important — now more than ever — to shop local."

America's Small Business Administration issued their own statement urging shoppers to "champion small businesses nationwide and #ShopSmall on Saturday, linking to a site mapping small businesses in your area. (And there's also a directory listing online small businesses.) Small Business Saturday was founded by American Express in 2010 and officially cosponsored by the U.S. Small Business Administration since 2011. It is an important part of small businesses' busiest shopping season.

- In 2023, the reported projected spending in the U.S. from those who shopped at small businesses on Small Business Saturday was around $17 billion

- Since 2010, the total reported U.S. spending at small businesses during the annual Small Business Saturday is an estimated $201 billion
"Let's keep the Shop Small tradition going," urges the American Express web site — encouraging shoppers to also use the #ShopSmall hashtag on social media.

Riot Games has announced sweeping changes to its terms of service, expanding penalties for player misconduct beyond in-game behavior to include content creation and social media activities.

The new rules, Engadget reports, enable "Riot-wide bans" for violations across platforms where players discuss or stream Riot games. The company will not actively monitor social media but will respond to reported violations, particularly during game livestreams.

A broad coalition of Canada's major news organizations, including the Toronto Star, Metroland Media, Postmedia, The Globe and Mail, The Canadian Press and CBC, is suing tech giant OpenAI, saying the company is illegally using news articles to train its ChatGPT software. From a report: It's the first time all of a country's major news publishers have come together in litigation against OpenAI. The suit, filed in Ontario's Superior Court of Justice Friday morning, seeks punitive damages, disgorgement of any profits made by OpenAI from using the news organizations' articles, and an injunction barring OpenAI from using any of the news articles in the future.

"Journalism is in the public interest. OpenAI using other companies' journalism for their own commercial gain is not. It's illegal," said a joint statement from the media organizations, which are represented by law firm Lenczner Slaght.

Meta plans to build a $10 billion private, "mother of all" undersea fiber-optic cable network spanning over 40,000 kilometers around the world, according to TechCrunch. The project, dubbed "W" for its shape, would run from the U.S. east coast to the west coast via India, South Africa and Australia, avoiding regions prone to cable sabotage including the Red Sea and South China Sea.

The social media giant, which co-owns 16 existing cable networks, aims to gain full control over traffic prioritization for its services. The project mirrors Google's strategy of private cable ownership. The construction could take 5-10 years to complete.

Major technology companies criticized Australia's new law banning social media access for users under 16, which passed parliament on Thursday with bipartisan support. The legislation threatens fines up to $32 million for platforms failing to block minors. TikTok warned the ban could drive young users to riskier online spaces, while Meta called it a "predetermined process," questioning the rushed parliamentary review that gave stakeholders only 24 hours for submissions. Reuters adds: Snapchat parent Snap said it leaves many questions unanswered. [...] Sunita Bose, managing director of Digital Industry Group, which has most social media companies as members, said no one can confidently explain how the law will work in practice. "The community and platforms are in the dark about what exactly is required of them," she said.

Panasonic has created an AI clone of its late founder Konosuke Matsushita based on his writings, speeches, and over 3,000 voice recordings. From a local media report: Known as Japan's "god of management," the Panasonic icon is one of the most respected by the Japanese business community, and comes back to life in digital form to impart wisdom directly to those he never met in person.

"As the number of people who received training directly from Matsushita has been on the decline, we decided to use generative AI technology to pass down our group's founding vision to the next generation," the company said in a statement. Codeveloped with the University of Tokyo-affiliated Matsuo Institute, the model can reproduce how a person thinks or talks. The company aims to further develop the digital clone to help make business decisions in the future.

Australia will ban children under 16 from using social media after its senate approved what will become a world-first law. From a report: Children will be blocked from using platforms including TikTok, Instagram, Snapchat and Facebook, a move the Australian government argue is necessary to protect their mental health and wellbeing.

The online safety amendment (social media minimum age) bill will impose fines of up to 50 million Australian dollars ($32.5 million) on platforms for systemic failures to prevent young children from holding accounts. It would take effect a year after the bill becomes law, allowing platforms time to work out technological solutions that would also protect users' privacy. The senate passed the bill 34 votes to 19. The house of representatives overwhelmingly approved the legislation 102 votes to 13 on Wednesday.

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

Wil Shipley, announcing the end of Delicious Library, a media cataloging app: Amazon has shut off the feed that allowed Delicious Library to look up items, unfortunately limiting the app to what users already have (or enter manually).

I wasn't contacted about this.

I've pulled it from the Mac App Store and shut down the website so nobody accidentally buys a non-functional app. John Gruber of DaringFireball adds: The end of an era, but it's kind of surprising it was still functional until now. (Shipley has been a full-time engineer at Apple for three years now.)

It's hard to describe just what a sensation Delicious Library was when it debuted, and how influential it was. Delicious Library was simultaneously very useful, in very practical ways, and obsessed with its exuberant UI in ways that served no purpose other than looking cool as shit. It was an app that demanded to be praised just for the way it looked, but also served a purpose that resonated with many users. For about a decade it seemed as though most popular new apps would be designed like Delicious Library. Then Apple dropped iOS 7 in 2013, and now, no apps look like this. Whatever it is that we, as an industry, have lost in the now decade-long trend of iOS 7-style flat design, Delicious Library epitomized it.

American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector.

This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident.

It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.

Blue Yonder, a Panasonic subsidiary specializing in AI-driven supply chain solutions, experienced a recent ransomware attack that impacted many of its customers. "Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven," reports BleepingComputer. From the report: On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21. "On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement. "Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols."

Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies. [...] As expected, this has impacted clients directly, as a spokesperson for UK grocery store chain Morrisons has confirmed to the media they have reverted to a slower backup process. Sainsbury told CNN that it had contingency plans in place to overcome the disruption. A Saturday update informed customers that the restoration of the impacted services continued, but no specific timelines for complete restoration could be shared yet. Another update published on Sunday reiterated the same, urging clients to monitor the customer update page on Blue Yonder's website over the coming days.

An anonymous reader quotes a report from Ars Technica: The Supreme Court signaled it may take up a case that could determine whether Internet service providers must terminate users who are accused of copyright infringement. In an order (PDF) issued today, the court invited the Department of Justice's solicitor general to file a brief "expressing the views of the United States."

In Sony Music Entertainment v. Cox Communications, the major record labels argue that cable provider Cox should be held liable for failing to terminate users who were repeatedly flagged for infringement based on their IP addresses being connected to torrent downloads. There was a mixed ruling at the US Court of Appeals for the 4th Circuit as the appeals court affirmed a jury's finding that Cox was guilty of willful contributory infringement but reversed a verdict on vicarious infringement "because Cox did not profit from its subscribers' acts of infringement." That ruling vacated a $1 billion damages award and ordered a new damages trial. Cox and Sony are both seeking a Supreme Court review. Cox wants to overturn the finding of willful contributory infringement, while Sony wants to reinstate the $1 billion verdict.

The Supreme Court asking for US input on Sony v. Cox could be a precursor to the high court taking up the case. For example, the court last year asked the solicitor general to weigh in on Texas and Florida laws that restricted how social media companies can moderate their platforms. The court subsequently took up the case and vacated lower-court rulings, making it clear that content moderation is protected by the First Amendment.

Some days more than half of California's available solar power goes to waste, according to research from the California Institute for Energy and Environment. "In the last 12 months, California's solar farms have curtailed production of more than 3 million megawatt hours of solar energy," according to a data analysis by the Los Angeles Times — enough to power 518,000 California homes for a year.

And it was curtailed "either on the orders of the state's grid operator or because prices had plummeted because of the glut. The waste would have been even larger if California had not paid utilities in other states to take the excess solar energy, documents from the state's grid operator show." That means green energy paid for by California electricity customers is sent away, lowering bills for residents of other states. Arizona's largest public utility reaped $69 million in savings last year by buying from the market California created to get rid of its excess solar power. The utility returned that money to its customers as a credit on their bills. Also reaping profits are electricity traders, including banks and hedge funds. The increasing oversupply of solar power has created a situation where energy traders can buy the excess at prices so low they become negative, said energy consultant Gary Ackerman, the former executive director of the Western Power Trading Forum. That means the solar plant is paying the traders to take it. "This is all being underwritten by California ratepayers," Ackerman said...

The solar glut also means higher electricity bills for Californians, since they are effectively paying to generate the power but not using it. California's electric rates are roughly twice the nation's average, with only Hawaii having higher rates. Rates at Southern California Edison and Pacific Gas & Electric increased by 51% over the last three years. "Ratepayers aren't getting the energy they've paid for," said Ron Miller, an energy industry consultant in Denver. He calculates that the retail value of the solar energy thrown away in a year would be more than $1 billion.

Gov. Gavin Newsom's advisors and those who manage the state's electric grid say they are working to reduce the curtailments, including by building more industrial-scale battery storage facilities that soak up the excess solar power during the day and then release it at night. Officials in the governor's office declined to be interviewed, but issued a statement saying the curtailments are often because of congestion on transmission lines, rather than a statewide oversupply of power. The state has been spending heavily to upgrade transmission lines to ease the congestion. "It's also important to have extra energy resources available that can help the state during periods of extreme weather and historic heatwaves when demand is particularly high, which have happened the past few years," the statement said...

The commercial solar industry contends that the expansion of storage capacity to bank solar power will eventually eliminate the glut.

June, 2023: "Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings."

November, 2024: "The Business-School Scandal That Just Keeps Getting Bigger." A senior editor at the Atlantic raises the possibility of systemic dishonesty-rewarding incentives where "a study must be even flashier than all the other flashy findings if its authors want to stand out," writing that "More than a year since all of this began, the evidence of fraud has only multiplied."

And the suspect isn't just Francesca Gino, a Harvard Business School professor. One person deeply affected by all this is Gino's co-author, a business school professor from the University of California at Berkeley — Juliana Schroeder — who launched an audit of all 138 studies conducted by Francesca Gino (called "The Many Coauthors Project"): Gino was accused of faking numbers in four published papers. Just days into her digging, Schroeder uncovered another paper that appeared to be affected — and it was one that she herself had helped write... The other main contributor was Alison Wood Brooks, a young professor and colleague of Gino's at Harvard Business School.... If Brooks did conduct this work and oversee its data, then Schroeder's audit had produced a dire twist. The Many Co-Authors Project was meant to suss out Gino's suspect work, and quarantine it from the rest... But now, to all appearances, Schroeder had uncovered crooked data that apparently weren't linked to Gino.... Like so many other scientific scandals, the one Schroeder had identified quickly sank into a swamp of closed-door reviews and taciturn committees. Schroeder says that Harvard Business School declined to investigate her evidence of data-tampering, citing a policy of not responding to allegations made more than six years after the misconduct is said to have occurred...

In the course of scouting out the edges of the cheating scandal in her field, Schroeder had uncovered yet another case of seeming science fraud. And this time, she'd blown the whistle on herself. That stunning revelation, unaccompanied by any posts on social media, had arrived in a muffled update to the Many Co-Authors Project website. Schroeder announced that she'd found "an issue" with one more paper that she'd produced with Gino... [Schroeder] said that the source of the error wasn't her. Her research assistants on the project may have caused the problem; Schroeder wonders if they got confused...

What feels out of reach is not so much the truth of any set of allegations, but their consequences. Gino has been placed on administrative leave, but in many other instances of suspected fraud, nothing happens. Both Brooks and Schroeder appear to be untouched. "The problem is that journal editors and institutions can be more concerned with their own prestige and reputation than finding out the truth," Dennis Tourish, at the University of Sussex Business School, told me. "It can be easier to hope that this all just goes away and blows over and that somebody else will deal with it...." [Tourish also published a 2019 book decrying "Fraud, Deception and Meaningless Research," which the article notes "cites a study finding that more than a third of surveyed editors at management journals say they've encountered fabricated or falsified data."] Maybe the situation in her field would eventually improve, [Schroeder] said. "The optimistic point is, in the long arc of things, we'll self-correct, even if we have no incentive to retract or take responsibility."

"Do you believe that?" I asked.

"On my optimistic days, I believe it."

"Is today an optimistic day?"

"Not really."

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress.

Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington.

That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads.
The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you."

Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips.

The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.