Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack

An update to OpenAI's ChatGPT app for macOS adds integration with third-party apps, including developer tools such as VS Code, Terminal, iTerm2 and Apple's Xcode. 9to5Mac reports: In a demo seen by 9to5Mac, ChatGPT was able to understand code from an Xcode project and then provide code suggestions without the user having to manually copy and paste content into the ChatGPT app. It can even read content from more than one app at the same time, which is very useful for working with developer tools. According to OpenAI, the idea is to expand integration to more apps in the future. For now, integration with third-party apps is coming exclusively to the Mac version of ChatGPT, but there's another catch. The feature requires a paid ChatGPT subscription, at least for now.

ChatGPT Plus and Team subscribers will receive access to integration with third-party apps on macOS starting today, while access for Enterprise and Education users will be rolled out "in the next few weeks." OpenAI told 9to5Mac that it wants to make the feature available to everyone in the future, although there's no estimate of when this will happen. For privacy reasons, users can control at any time when and which apps ChatGPT can read. The app can be downloaded here.

An anonymous reader shares a report: Officials inside the Secret Service clashed over whether they needed a warrant to use location data harvested from ordinary apps installed on smartphones, with some arguing that citizens have agreed to be tracked with such data by accepting app terms of service, despite those apps often not saying their data may end up with the authorities, according to hundreds of pages of internal Secret Service emails obtained by 404 Media.

The emails provide deeper insight into the agency's use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person's, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool. "If USSS [U.S. Secret Service] is using Locate X, that is most concerning to us," one of the internal emails said. 404 Media obtained them and other documents through a Freedom of Information Act (FOIA) request with the Secret Service.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Qwant, France's privacy-focused search engine, and Ecosia, a Berlin-based not-for-profit search engine that uses ad revenue to fund tree planting and other climate-focused initiatives, are joining forces on a joint venture to develop their own European search index. TechCrunch: The pair hopes this move will help drive innovation in their respective search engines -- including and especially around generative AI -- as well as reducing dependence on search indexes provided by tech giants Microsoft (Bing) and Google. Both currently rely on Bing's search APIs while Ecosia also uses Google's search results. Rising API costs are one clear motivator for the move to shrink this Big Tech dependency, with Microsoft massively hiking prices for Bing's search APIs last year.

Neither Ecosia nor Qwant will stop using Bing or Google altogether. However, they aim to diversify the core tech supporting their services with their own index. It will lower their operational costs, and serve as a technical base to fuel their own product development as GenAI technologies take up a more central role in many consumer-facing digital services. Both search engines have already dabbled in integrating GenAI features. Expect more on this front, although they aren't planning to develop AI model development themselves. They say they will continue to rely on API access to major platforms' large language models (LLMs) to power these additions. The pair is also open to other European firms joining in with their push for more tech stack sovereignty -- at least as fellow customers for the search index, as they plan to license access via an API. Other forms of partnership could be considered too, they told TechCrunch.

With iOS 18.2, Apple will allow you to share the location of a lost AirTag with other people and with more than 15 different airlines. The Verge reports: When using the feature, you can generate a Share Item Location link within the Find My app on an iPhone, iPad, or Mac. Once you share the link with someone, they can click on it to view an interactive map with the location of your lost item. Apple will update the website automatically when the lost item moves, and it will also display a timestamp when it moved last. Apple will turn off the feature once you find your lost item. You can also manually stop sharing the location of an AirTag at any time, or the link will "automatically expire after seven days." [...]

As part of the rollout, Apple is partnering with over 15 airlines, including Delta, United, Virgin Atlantic, Lufthansa, Air Canada, and more. All of these airlines will be able to "privately and securely" accept links to lost items, as "access to each link will be limited to a small number of people, and recipients will be required to authenticate in order to view the link through either their Apple Account or partner email address." This feature will be available to airlines in the "coming months." Additionally, SITA, a baggage tracing solution, will also implement Share Item Location into its luggage tracker.

A new article at Reason.com argues that U.S. courts "are coming for digital libraries." In September, a federal appeals court dealt a major blow to the Internet Archive — one of the largest online repositories of free books, media, and software — in a copyright case with significant implications for publishers, libraries, and readers. The U.S. Court of Appeals for the 2nd Circuit upheld a lower court ruling that found the Internet Archive's huge, digitized lending library of copyrighted books was not covered by the "fair use" doctrine and infringed on the rights of publishers. Agreeing with the Archive's interpretation of fair use "would significantly narrow — if not entirely eviscerate — copyright owners' exclusive right to prepare derivative works," the 2nd Circuit ruled. "Were we to approve [Internet Archive's] use of the works, there would be little reason for consumers or libraries to pay publishers for content they could access for free."
Others disagree, according to some links shared in a recent email from the Internet Archive. Public Knowledge CEO Chris Lewis argues the court's logic renders the fair use doctrine "almost unusuable". And that's just the beginning... This decision harms libraries. It locks them into an e-book ecosystem designed to extract as much money as possible while harvesting (and reselling) reader data en masse. It leaves local communities' reading habits at the mercy of curatorial decisions made by four dominant publishing companies thousands of miles away. It steers Americans away from one of the few remaining bastions of privacy protection and funnels them into a surveillance ecosystem that, like Big Tech, becomes more dangerous with each passing data breach.
But lawyer/librarian Kyle K. Courtney writes that the case "is specific only to the parties, and does not impact the other existing versions of controlled digital lending." Additionally, this decision is limited to the 2nd Circuit and is not binding anywhere else — in other words, it does not apply to the 47 states outside the 2nd Circuit's jurisdiction. In talking with colleagues in the U.S. this week and last, many are continuing their programs because they believe their digital loaning programs fall outside the scope of this ruling... Moreover, the court's opinion focuses on digital books that the court said "are commercially available for sale or license in any electronic text format." Therefore, there remains a significant number of materials in library collections that have not made the jump to digital, nor are likely to, meaning that there is no ebook market to harm — nor is one likely to emerge for certain works, such as those that are no longer commercially viable...

This case represents just one instance in an ongoing conversation about library lending in the digital age, and the possibility of appeal to the U.S. Supreme Court means the final outcome is far from settled.
Some more quotes from links shared by Internet Archive:

• "It was clear that the only reason all the big publishers sued the Internet Archive was to put another nail in the coffin of libraries and push to keep this ebook licensing scheme grift going. Now the courts have helped." — TechDirt

• "The case against the Internet Archive is not just a story about the ruination of an online library, but a grander narrative of our times: how money facilitates the transference of knowledge away from the public, back towards the few." — blogger Hannah Williams

Thanks to Slashdot reader fjo3 for sharing the news.

On its 20th anniversary, Firefox "is still going strong, and it is a better browser today than it ever was," according to TechCrunch.

In an interview, Mozilla's interim CEO says one of the first things they did when was to "unlock a bunch of money towards Firefox product development... I've been in enough places where people tend to forget about the core business, and they stop investing in it, because they get distracted by shiny things — and then they regret it." "Firefox is incredibly important, and it is our core. We've actually put more investment into it this year and into connecting with our communities, into bringing out and testing features that are positive and creating good experiences for folks. That's been a huge priority for me and for the company this year, and it's showing up in the results."

She acknowledged that Mozilla doesn't have the device distribution that benefits many of Firefox's competitors, especially on mobile, but she did note that the Digital Marks Act (DMA) in Europe — which means Apple, for example, has to provide a browser choice screen on iOS — is working. "With the DMA, even though the implementation hasn't been outstanding, we're seeing a real shift. When people have the choice to choose Firefox, they're choosing Firefox," she said...

To kick-start some of this growth, Mozilla is looking at reaching new, and younger, users. Chambers noted that Mozilla is running a number of marketing campaigns to make people aware of Firefox, especially those who are only now starting to make their first browser choices. With them, she believes, Mozilla's messaging around privacy lands especially well.
In a future where browsers include AI agents that take actions on behalf of users, there might be more confidence in a browser designed for privacy and transparency, the interim CEO points out — as part of their larger mission. "What I love about Firefox is that it really provides users with an alternative choice of a browser that is just genuinely designed for them.

"We have, from its very inception and throughout, really wanted to create a browser that prioritizes people over profit, prioritizes privacy over anything else, and to have that option, the choice."

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

The FBI is warning that hackers are obtaining private user information -- including emails and phone numbers -- from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. From a report: The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property.

The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.

IBM is facing a new lawsuit alleging that its Weather Channel website shared users' personal data with third-party ad partners without consent, violating the Video Privacy Protection Act (VPPA). The Register reports: In the absence of a comprehensive federal privacy law, the complaint [PDF] claims Big Blue violated America's Video Privacy Protection Act (VPPA), enacted in 1988 in response to the disclosure of Supreme Court nominee Robert Bork's videotape rental records. IBM was sued in 2019 (PDF) by then Los Angeles City Attorney Mike Feuer over similar allegations: That its Weather Channel mobile app collected and shared location data without disclosure. The IT titan settled that claim in 2020. A separate civil action against IBM's Weather Channel was filed in 2020 and settled in 2023 (PDF).

This latest legal salvo against alleged Weather Channel-enabled data collection takes issue with the sensitive information made available through the company's website to third-party ad partners mParticle and AppNexus/Xandr (acquired by Microsoft in 2022). The former provides customer analytics, and the latter is an advertising and marketing platform. The complaint, filed on behalf of California plaintiff Ed Penning, contends that by watching videos on the Weather Channel website, those two marketing firms received Penning's full name, gender, email address, precise geolocation, the name, and the URLs of videos he watched, without his permission or knowledge.

It explains that the plaintiff's counsel retained a private research firm last year to analyze browser network traffic during video sessions on the Weather Channel website. The research firm is said to have confirmed that the website provided the third-party ad firms with information that could be used to identify people and the videos that they watched. The VPPA prohibits video providers from sharing "personally identifiable information" about clients without their consent. [...] The lawsuit aspires to be certified as a class action. Under the VPPA, a successful claim allows for actual damages (if any) and statutory damages of $2,500 for each violation of the law, as well as attorney's fees.

An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State. "Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."

Malwarebytes, in a blog post: We've acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure.

Malwarebytes has long been an advocate for user privacy (think Malwarebytes Privacy VPN and our free web extension Malwarebytes Browser Guard). Now, we're leaning even more on our mission to reimagine consumer cybersecurity to protect devices and data, no matter where users are located, how they work and play, or the size of their wallet. With AzireVPN's infrastructure and intellectual property, Malwarebytes is poised to develop more advanced VPN technologies and features, offering increased flexibility and enhanced security for our users.

An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.

Long-time Slashdot reader samj — also a long-time Debian developer — tells us there's some opposition to the newly-released Open Source AI definition. He calls it a "fork" that undermines the original Open Source definition (which was originally derived from Debian's Free Software Guidelines, written primarily by Bruce Perens), and points us to a new domain with a petition declaring that instead Open Source shall be defined "solely by the Open Source Definition version 1.9. Any amendments or new definitions shall only be recognized with clear community consensus via an open and transparent process."

This move follows some discussion on the Debian mailing list: Allowing "Open Source AI" to hide their training data is nothing but setting up a "data barrier" protecting the monopoly, disabling anybody other than the first party to reproduce or replicate an AI. Once passed, OSI is making a historical mistake towards the FOSS ecosystem.
They're not the only ones worried about data. This week TechCrunch noted an August study which "found that many 'open source' models are basically open source in name only. The data required to train the models is kept secret, the compute power needed to run them is beyond the reach of many developers, and the techniques to fine-tune them are intimidatingly complex. Instead of democratizing AI, these 'open source' projects tend to entrench and expand centralized power, the study's authors concluded."

samj shares the concern about training data, arguing that training data is the source code and that this new definition has real-world consequences. (On a personal note, he says it "poses an existential threat to our pAI-OS project at the non-profit Kwaai Open Source Lab I volunteer at, so we've been very active in pushing back past few weeks.")

And he also came up with a detailed response by asking ChatGPT. What would be the implications of a Debian disavowing the OSI's Open Source AI definition? ChatGPT composed a 7-point, 14-paragraph response, concluding that this level of opposition would "create challenges for AI developers regarding licensing. It might also lead to a fragmentation of the open-source community into factions with differing views on how AI should be governed under open-source rules." But "Ultimately, it could spur the creation of alternative definitions or movements aimed at maintaining stricter adherence to the traditional tenets of software freedom in the AI age."

However the official FAQ for the new Open Source AI definition argues that training data "does not equate to a software source code." Training data is important to study modern machine learning systems. But it is not what AI researchers and practitioners necessarily use as part of the preferred form for making modifications to a trained model.... [F]orks could include removing non-public or non-open data from the training dataset, in order to train a new Open Source AI system on fully public or open data...

[W]e want Open Source AI to exist also in fields where data cannot be legally shared, for example medical AI. Laws that permit training on data often limit the resharing of that same data to protect copyright or other interests. Privacy rules also give a person the rightful ability to control their most sensitive information — like decisions about their health. Similarly, much of the world's Indigenous knowledge is protected through mechanisms that are not compatible with later-developed frameworks for rights exclusivity and sharing.
Read on for the rest of their response...

The free face-image search engine PimEyes "scans through billions of images from the internet and finds matches of your photo that could have appeared in a church bulletin or a wedding photographer's website," -us/news/technology/they-made-a-public-rolodex-of-our-faces-here-s-how-i-tried-to-get-out/ar-AA1tlpPuwrites a Washington Post columnist.

So to find and delete themselves from "the PimEyes searchable Rolodex of faces," they "recently handed over a selfie and a digital copy of my driver's license to a company I don't trust." PimEyes says it empowers people to find their online images and try to get unwanted ones taken down. But PimEyes face searches are largely open to anyone with either good or malicious intent. People have used PimEyes to identify participants in the Jan. 6, 2021, attack on the Capitol, and creeps have used it to publicize strangers' personal information from just their image.

The company offers an opt-out form to remove your face from PimEyes searches. I did it and resented spending time and providing even more personal information to remove myself from the PimEyes repository, which we didn't consent to be part of in the first place. The increasing ease of potentially identifying your name, work history, children's school, home address and other sensitive information from one photo shows the absurdity of America's largely unrestrained data-harvesting economy.
While PimEyes' CEO said they don't keep the information you provide to opt-out, "you give PimEyes at least one photo of yourself plus a digital copy of a passport or ID with personal details obscured..." according to the article. (PimEyes' confirmation email "said I might need to repeat the opt-out with more photos...") Some digital privacy experts said it's worth opting out of PimEyes, even if it's imperfect, and that PimEyes probably legitimately needs a personal photo and proof of identity for the process. Others found it "absurd" to provide more information to PimEyes... or they weren't sure opting out was the best choice... Experts said the fundamental problem is how much information is harvested and accessible without your knowledge or consent from your phone, home speakers, your car and information-organizing middlemen like PimEyes and data brokers.

Nathan Freed Wessler, an American Civil Liberties Union attorney focused on privacy litigation, said laws need to change the assumption that companies can collect almost anything about you or your face unless you go through endless opt-outs. "These systems are scary and abusive," he said. "If they're going to exist, they should be based on an opt-in system."

For months, the Colorado Department of State inadvertently exposed partial passwords for voting machines in a public spreadsheet. "While the incident is embarrassing and already fueling accusations from the state's Republican party, the department said in a statement that it 'does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted,'" reports Gizmodo. From the report: Colorado NBC affiliate station 9NEWS reported that Hope Scheppelman, vice chair of the state's Republican party, revealed the error in a mass email sent Tuesday morning, which included an affidavit from a person who claimed to have downloaded the spreadsheet and discovered the passwords by clicking a button to reveal hidden tabs.

In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.

"The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country's] essential security infrastructure," The department said, adding that it is "working to remedy this situation where necessary." Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.

French newspaper Le Monde found that the fitness app Strava can easily track confidential movements of foreign leaders, including U.S. President Joe Biden, and presidential rivals Donald Trump and Kamala Harris. The Independent reports: Le Monde found that some U.S. Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English. Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community. Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin. In one example, Le Monde traced the Strava movements of Macron's bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn't listed on the president's official agenda.

Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards' Strava profiles. In a statement to Le Monde, the U.S. Secret Service said its staff aren't allowed to use personal electronic devices while on duty during protective assignments but "we do not prohibit an employee's personal use of social media off-duty." "Affected personnel has been notified," it said. "We will review this information to determine if any additional training or guidance is required." "We do not assess that there were any impacts to protective operations or threats to any protectees," it added. Locations "are regularly disclosed as part of public schedule releases."

In another example, Le Monde reported that a U.S. Secret Service agent's Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden's arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found. The newspaper's journalists say they identified 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.

"In the early hours of Thursday, March 23, 2023, residents in the German town of Kronberg were woken from their sleep by several explosions," reports CNN .

"Criminals had blown up an ATM located below a block of flats in the town center..." According to local media reports, witnesses saw people dressed in dark clothing fleeing in a black car towards a nearby highway. During the heist, thieves stole 130,000 euros in cash. They also caused an estimated half a million euros worth of collateral damage, according to a report by Germany's Federal Criminal Police Office, BKA.

Rather than staging dramatic and risky bank robberies, criminal groups in Europe have been targeting ATMs as an easier and more low-key target. In Germany — Europe's largest economy — thieves have been blowing up ATMs at a rate of more than one per day in recent years. In a country where cash is still a prevalent payment method, the thefts can prove incredibly lucrative, with criminals pocketing hundreds of thousands of euros in one attack.

Europol has been cracking down on the robberies, carrying out large cross-border operations aimed at taking down the highly-organized criminal gangs behind them. Earlier this month, authorities from Germany, France and the Netherlands arrested three members of a criminal network who have been carrying out attacks on cash machines using explosives, Europol said in a statement. Since 2022, the detainees are believed to have looted millions of euros and run up a similar amount in property damage, from 2022 to 2024, Europol said...

Unlike its European neighbors, who largely transitioned away from cash payments due to the Covid-19 pandemic, cash still plays a significant role in Germany. One half of all transactions in 2023 were made using banknotes and coins, according to Bundesbank. Germans have a cultural attachment to cash, traditionally viewing it as a safe method of payment. Some say it allows a greater level of privacy, and gives them more control over their expenses.