"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.

Lindsay Clark reports via The Register: The UK Information Commissioner's Office has received a complaint detailing the mismanagement of personal data at the Nursing and Midwifery Council (NMC), the regulator that oversees worker registration. Employment as a nurse or midwife depends on enrollment with the NMC in the UK. According to whistleblower evidence seen by The Register, the databases on which the personal information is held lack rudimentary technical standards and practices. The NMC said its data was secure with a high level of quality, allowing it to fulfill its regulatory role, although it was on "a journey of improvement." But without basic documentation, or the primary keys or foreign keys common in database management, the Microsoft SQL Server databases -- holding information about 800,000 registered professionals -- are difficult to query and manage, making assurances on governance nearly impossible, the whistleblower told us.

The databases have no version control systems. Important fields for identifying individuals were used inconsistently -- for example, containing junk data, test data, or null data. Although the tech team used workarounds to compensate for the lack of basic technical standards, they were ad hoc and known by only a handful of individuals, creating business continuity risks should they leave the organization, according to the whistleblower. Despite having been warned of the issues of basic technical practice internally, the NMC failed to acknowledge the problems. Only after exhausting other avenues did the whistleblower raise concern externally with the ICO and The Register. The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

The whistleblower's complaint claims the NMC falls well short of [the standards required under current UK law for data protection and the EU's General Data Protection Regulation (GDPR)]. The statement alleges that the NMC's "data management and data retrieval practices were completely unacceptable." "There is not even much by way of internal structure of the databases for self-documentation, such as primary keys, foreign keys (with a few honorable exceptions), check constraints and table constraints. Even fields that should not be null are nullable. This is frankly astonishing and not the practice of a mature, professional organization," the statement says. For example, the databases contain a unique ten-digit number (or PRN) to identify individuals registered to the NMC. However, the fields for PRNs sometimes contain individuals' names, start with a letter or other invalid data, or are simply null. The whistleblower's complaint says that the PRN problem, and other database design deficiencies, meant that it was nearly impossible to produce "accurate, correct, business critical reports ... because frankly no one knows where the correct data is to be found." A spokesperson for the NMC said the register was "organized and documented" in the SQL Server database. "For clarity, the register of all our nurses, midwives and nursing practitioners is held within Dynamics 365 which is our system of record. This solution and the data held within it, is secure and well documented. It does not rely on any SQL database. The SQL database referenced by the whistleblower relates to our data warehouse which we are in the process of modernizing as previously shared."

Instagram has been limiting recommended political content by default without notifying users. Ars Technica reports: Instead, Instagram rolled out the change in February, announcing in a blog that the platform doesn't "want to proactively recommend political content from accounts you don't follow." That post confirmed that Meta "won't proactively recommend content about politics on recommendation surfaces across Instagram and Threads," so that those platforms can remain "a great experience for everyone." "This change does not impact posts from accounts people choose to follow; it impacts what the system recommends, and people can control if they want more," Meta's spokesperson Dani Lever told Ars. "We have been working for years to show people less political content based on what they told us they want, and what posts they told us are political."

To change the setting, users can navigate to Instagram's menu for "settings and activity" in their profiles, where they can update their "content preferences." On this menu, "political content" is the last item under a list of "suggested content" controls that allow users to set preferences for what content is recommended in their feeds. There are currently two options for controlling what political content users see. Choosing "don't limit" means "you might see more political or social topics in your suggested content," the app says. By default, all users are set to "limit," which means "you might see less political or social topics." "This affects suggestions in Explore, Reels, Feed, Recommendations, and Suggested Users," Instagram's settings menu explains. "It does not affect content from accounts you follow. This setting also applies to Threads." "Did [y'all] know Instagram was actively limiting the reach of political content like this?!" an X user named Olayemi Olurin wrote in an X post. "I had no idea 'til I saw this comment and I checked my settings and sho nuff political content was limited."

"This is actually kinda wild that Instagram defaults everyone to this," another user wrote. "Obviously political content is toxic but during an election season it's a little weird to just hide it from everyone?"

An anonymous reader quotes a report from the New York Times: General Motors said Friday that it had stopped sharing details about how people drove its cars with two data brokers that created risk profiles for the insurance industry. The decision followed a New York Times report this month that G.M. had, for years, been sharing data about drivers' mileage, braking, acceleration and speed with the insurance industry. The drivers were enrolled -- some unknowingly, they said -- in OnStar Smart Driver, a feature in G.M.'s internet-connected cars that collected data about how the car had been driven and promised feedback and digital badges for good driving. Some drivers said their insurance rates had increased as a result of the captured data, which G.M. shared with two brokers, LexisNexis Risk Solutions and Verisk. The firms then sold the data to insurance companies. Since Wednesday, "OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk," a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. "Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies."

The Dutch pirate site blocklist has expanded with two new targets, shadow libraries Anna's Archive and Library Genesis. The court order was obtained by local anti-piracy group BREIN, acting on behalf of major publishers. Interestingly, Z-Library isn't listed in the blocking order, despite explicit warnings previously issued by BREIN. TorrentFreak reports: All blocking requests were submitted by local anti-piracy group BREIN, which acts on behalf of rightsholders. These include the major Hollywood studios but BREIN's purview is much broader. Last week, it obtained the latest blocking order, this time on behalf of the publishing industry. Issued by the Rotterdam District Court, the order requires a local Internet provider to block two well-known shadow libraries; "Anna's Archive" and "Library Genesis" (LibGen). News of this new court order was shared by BREIN which notes that both sites were found to make copyright infringing works available on a large scale. At the time of writing, a published copy is not available but, based on the covenant, all large Internet providers are expected to implement the blockades. "These types of illegal shadow libraries are very harmful. The only ones who benefit are the anonymous owners of these illegal services. Authors and publishers see no return on their efforts and investments," BREIN comments. "Copyright holders deserve an honest living. There are numerous legal ways to obtain ebooks. If desired, this can also be done very cheaply; through the library for example."

The Rotterdam court issued a so-called 'dynamic' blocking order, meaning that rightsholders can update the targeted domains and IP addresses if the sites switch to new ones in the future. This also applies to mirrors and increases the blockades' effectiveness, as there is no need to return to court. Previously, Internet provider KPN challenged these 'dynamic' orders, suggesting that they are too broad. The court rejected this argument, however, noting that the process hasn't led to any major problems thus far. BREIN further reports that Google is voluntarily offering a helping hand. As reported in detail previously, the search engine removes blocked domains from its local search results after being notified about an ISP blocking order. "The effectiveness of the blocking measure is increased because Google cooperates in combating these infringements and, at the request of BREIN, completely removes all references to websites that are blocked by order of the Dutch court from the search results," BREIN writes.

Boom Supersonic's first aircraft, the XB-1, completed its first flight today and met "all of its test objectives." From a report: This initial test only saw the aircraft 7,120 feet above sea level and fly at a top speed of 238 knots (274 mph) -- far from Mach 1, the speed of sound. The first flight of XB-1 took place at the Mojave Air & Space Port in California, in the same airspace where the X-1 broke the sound barrier, the X-15 conducted test flights for altitude and speed records, and the SR-71 Blackbird was also tested. According to Boom, the XB-1 will be testing, among other things:

Augmented reality vision system: Two nose-mounted cameras, digitally augmented with attitude and flight path indications, feed a high-resolution pilot display enabling excellent runway visibility. This system allows for improved aerodynamic efficiency without the weight and complexity of a movable nose.
Digitally-optimized aerodynamics: Engineers used computational fluid dynamics simulations to explore thousands of designs for XB-1. The result is an optimized design that combines safe and stable operation at takeoff and landing with efficiency at supersonic speeds.
Carbon fiber composites: XB-1 is almost entirely made from carbon fiber composite materials, enabling it to realize a sophisticated aerodynamic design in a strong, lightweight structure.
Supersonic intakes: XB-1's engine intakes slow supersonic air to subsonic speeds, efficiently converting kinetic energy into pressure energy and allowing conventional jet engines to power XB-1 from takeoff through supersonic flight. Another thing being tested by XB-1 is the construction of a safety culture.

With XB-1 now a flying test vehicle, there are many flights ahead before we get to Overture One's first flight, much less dramatically expanding access to supersonic flight. This work will require much engineering and a resilient safety culture. But the first flight of the first step was carried out by Boom Supersonic today, March 22, 2024.

An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

DOJ, in the court filing (PDF): Many prominent, well-financed companies have tried and failed to successfully enter the relevant markets because of these entry barriers. Past failures include Amazon (which released its Fire mobile phone in 2014 but could not profitably sustain its business and exited the following year); Microsoft (which discontinued its mobile business in 2017); HTC (which exited the market by selling its smartphone business to Google in September 2017); and LG (which exited the smartphone market in 2021). Today, only Samsung and Google remain as meaningful competitors in the U.S. performance smartphone market. Barriers are so high that Google is a distant third to Apple and Samsung despite the fact that Google controls development of the Android operating system.

An Internet service provider that admitted lying to the FCC about where it offers broadband will pay a $10,000 fine and implement a compliance plan to prevent future violations. ArsTechnica: Jefferson County Cable (JCC), a small ISP in Toronto, Ohio, admitted that it falsely claimed to offer fiber service in an area that it hadn't expanded to yet. A company executive also admitted that the firm submitted false coverage data to prevent other ISPs from obtaining government grants to serve the area. Ars helped expose the incident in a February 2023 article.

The FCC announced the outcome of its investigation on March 15, saying that Jefferson County Cable violated the Broadband Data Collection program requirements and the Broadband DATA Act, a US law, "in connection with reporting inaccurate information or data with respect to the Company's ability to provide broadband Internet access service." The FCC said: "To settle this matter, Jefferson County Cable agrees to pay a $10,000 civil penalty to the United States Treasury. Jefferson County Cable also agrees to implement enhanced compliance measures. This action will help further the Commission's efforts to bridge the digital divide by having accurate data of locations where broadband service is available."

Search Engine Land: Google is now testing AI overviews in the main Google Search results, even if you have not opted into the Google Search Generative Experience labs feature. Google said this is an experience on a "subset of queries, on a small percentage of search traffic in the U.S.," a Google spokesperson told Search Engine Land.

The U.S. Department of Transportation has announced it will conduct a review of the data practices of the country's ten largest airlines, amid concerns over potential misuse of customer information for upselling, overcharging, targeted advertising, and third-party data sales, as well as the security of systems handling sensitive data such as passport numbers. From a report: The probe will look at air carriers' policies and procedures to determine if they are safeguarding personal info properly, unfairly or deceptively monetizing it, or sharing it with third parties, the agency said yesterday. If they're indeed doing anything "problematic," they can look forward to scrutiny, fines, and new rules, says the DOT. "Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees," said US Transportation Secretary Pete Buttigieg.

"This review of airline practices is the beginning of a new initiative by DOT to ensure airlines are being good stewards of sensitive passenger data." The ten airlines going under the magnifying glass are Delta, United, American, Southwest, Alaska, JetBlue, Spirit, Frontier, Hawaiian and Allegiant.

In the shadow of a massive monument glorifying nuclear power, over 30 nations from around the world pledged to use the controversial energy source to help achieve a climate-neutral globe while providing countries with an added sense of strategic security. Associated Press: The idea of a Nuclear Energy Summit would have been unthinkable a dozen years ago after the 2011 Fukushima nuclear accident in Japan, but the tide has turned in recent years. A warming planet has made it necessary to phase out fossil fuels, while the war in Ukraine has laid bare Europe's dependence on Russian energy. "We have to do everything possible to facilitate the contribution of nuclear energy," said Rafael Grossi, the head of the International Atomic Energy Agency. "It is clear: Nuclear is there. It has an important role to play," he said.

In a solemn pledge, 34 nations, including the United States, China, France, Britain and Saudi Arabia, committed "to work to fully unlock the potential of nuclear energy by taking measures such as enabling conditions to support and competitively finance the lifetime extension of existing nuclear reactors, the construction of new nuclear power plants and the early deployment of advanced reactors." The statement adds: "We commit to support all countries, especially emerging nuclear ones, in their capacities and efforts to add nuclear energy to their energy mixes."

Switch emulator Suyu -- a fork of the Nintendo-targeted and now-defunct emulation project Yuzu -- has been taken down from GitLab following a DMCA request Thursday. But the emulation project's open source files remain available on a self-hosted git repo on the Suyu website, and recent compiled binaries remain available on an extant GitLab repo. From a report: While the DMCA takedown request has not yet appeared on GitLab's public repository of such requests, a GitLab spokesperson confirmed to The Verge that the project was taken down after the site received notice "from a representative of the rightsholder."

An anonymous reader shares a report: Thanks to the vaccination program that began in 1995, chickenpox is now relatively rare. Cases of the miserable, itchy condition have fallen more than 97 percent. But, while children have largely put the oatmeal baths and oven mitts behind them, doctors have apparently let their diagnostic skills get a little crusty. According to a study published Thursday, public health researchers in Minnesota found that 55 percent of people diagnosed with chickenpox based on their symptoms were actually negative for the varicella-zoster virus, the virus that causes chickenpox. The study noted that the people were all diagnosed in person by health care providers in medical facilities. But, instead of chickenpox, lab testing showed that some of the patients were actually infected with an enterovirus, which can cause a rash, or the herpes simplex virus 1, which causes cold sores.

The study, published in the Centers for Disease Control and Prevention's Morbidity and Mortality Weekly Report, supports expanding laboratory testing for suspected chickenpox cases in the state's program and highlights that diagnoses based on symptoms are "unreliable." For one thing, doctors simply see far fewer chickenpox cases these days because of the protection from vaccines. While chickenpox cases in the US previously reached 4 million each year, with 10,500 to 13,500 hospitalizations and 100 to 150 deaths, there are now fewer than 150,000 cases,1,400 hospitalizations, and 30 deaths each year, the CDC reports. Vaccination is more than 90 percent effective at preventing the disease. In the rare cases where a vaccinated person contracts chickenpox, the muted rashes are challenging to identify by eye. But even in unvaccinated children, chickenpox can be tricky to pick out; it can easily be confused with measles, insect bites, enterovirus, skin infections such as scabies and impetigo, herpes viruses, and hand, foot, and mouth disease.

The guardians of the world's official geological timescale have firmly rejected a proposal to declare an Anthropocene epoch, after an epic academic row. From a report: The proposal would have designated the period from 1952 as the Anthropocene to reflect the planet-changing impact of humanity. It would have ended the Holocene epoch, the 11,700 years of stable climate since the last ice age and during which human civilisation arose. The International Union of Geological Sciences (IUGS) has announced, however, that geologists have rejected the idea in a series of votes. Those objecting noted a much longer history of human impacts on Earth, including the dawn of agriculture and the industrial revolution, and unease about including a new unit in the geological timescale with a span of less than less than a single human lifetime, it said. Most units span thousands or millions of years.

It also acknowledged: "The Anthropocene as a concept will continue to be widely used not only by Earth and environmental scientists, but also by social scientists, politicians and economists, as well as by the public at large. As such, it will remain an invaluable descriptor in human-environment interactions." The Anthropocene working group (AWG), which was formed by the Subcommission on Quaternary Stratigraphy (SQS), in turn part of the IUGS, took 15 years to develop the proposal. It concluded that the radioactive isotopes spread worldwide by hydrogen bomb tests were the best marker of humanity's transformation of the planet. Geological time units also need a specific location to typify the unit and the Crawford sinkhole lake in Canada was chosen.

An anonymous reader shares a report: On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa. Now, some investors have announced that they too are committed to fighting spyware. But at least one of those investors, Paladin Capital Group, has previously invested in a company that developed malware, according to a leaked 2021-dated slide deck obtained by TechCrunch, although the firm tells TechCrunch it "got out" of the firm some time ago.

In the last couple of years, the U.S. government has led an effort to limit or at least restrain the use of spyware across the world by putting surveillance tech makers like NSO Group, Candiru, and Intellexa on blocklists, as well as imposing export controls on those companies and visa restrictions on people involved in the industry. More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa. These actions have put others in the spyware industry on alert. In a call with reporters on Monday that TechCrunch attended, a senior Biden administration official said that a representative from Paladin participated in meetings at the White House on March 7, as well as this week in Seoul, where governments gathered for the Summit for Democracy to discuss spyware.

Paladin, one of the biggest investors in cybersecurity startups, and several other venture firms published a set of voluntary investment principles, noting that they would invest in companies that "enhance the defense, national security, and foreign policy interests of free and open societies." "For us, it was an important first step in having an investor outline both recognition that investments should not be going towards companies that are undertaking selling products, and selling to clients that can undermine free and fair societies," the senior administration official said in the call, where journalists agreed not to quote the officials by name.

Food prices and overall inflation will rise as temperatures climb with climate change, a new study by an environmental scientist and the European Central Bank found. From a report: Looking at monthly price tags of food and other goods, temperatures and other climate factors in 121 nations since 1996, researchers calculate that "weather and climate shocks" will cause the cost of food to rise 1.5 to 1.8 percentage points annually within a decade or so, even higher in already hot places like the Middle East, according to a study in Thursday's journal Communications, Earth and the Environment.

And that translates to an increase in overall inflation of 0.8 to 0.9 percentage points by 2035, just caused by climate change extreme weather, the study said. Those numbers may look small, but to banks like the U.S. Federal Reserve that fight inflation, they are significant, said study lead author Max Kotz, a climate scientist at the Potsdam Institute for Climate Impact Research in Germany. "The physical impacts of climate change are going to have a persistent effect on inflation," Kotz said. "This is really from my perspective another example of one of the ways in which climate change can undermine human welfare, economic welfare."

An anonymous reader shares a report: The U.S. Department of Justice filed a lawsuit against Apple Thursday, accusing the company led by CEO Tim Cook of engaging in anti-competitive business practices. The allegations include claims that Apple prevents competitors from accessing certain iPhone features and that the company's actions impact the "flow of speech" through its streaming service, Apple TV+.

However, even if the DOJ proves any of the allegations, it is highly unlikely that Apple will face material changes for years, as history shows that such lawsuits often take a significant amount of time to reach the trial, let alone a resolution. The DOJ's ongoing case against Google, filed in 2020, only went to trial in 2023, with no remedies or financial implications expected for up to two more years.

This is not the first time Apple has faced legal action from the DOJ. In 2012, the agency sued Apple for conspiring with publishers to increase ebook prices, a lawsuit that was not settled until 2016. "Precedents suggest that resolution of the complaint will take three to five years, including appeals," Bernstein analysts wrote in a note.

Apple has held preliminary talks with Baidu about using the Chinese company's generative AI technology in its devices in China, the latest example of the iPhone maker's efforts to widen its AI capabilities. From a report: The U.S. tech giant has been exploring using external partners to help accelerate its AI ambitions. It has held discussions with companies including Google and OpenAI about using their technology to power its mobile features. In China, Apple has been looking for a local generative AI model provider, mainly because China requires such models to be vetted by its cyberspace regulator before being launched to the public, people familiar with the matter said.

An anonymous reader quotes a report from 404 Media: Texas Attorney General Ken Paxton just sued two more porn sites, xHamster and Chaturbate, alleging they aren't complying with age verification laws. As first reported by local news outlet KXAN, the Office of the Attorney General filed two civil lawsuits on Tuesday afternoon against Hammy Media, which owns xHamster, and Multi Media, which owns Chaturbate. Texas Governor Greg Abbott signed HB 1181 into law in June, which requires porn sites to verify the ages of users through a driver's license or passport. If porn sites don't force consenting adults to hand over a government-issued ID in order to watch other consenting adults have sex on camera, they face heavy fines.

Paxton's lawsuit against xHamster asks the court to force the site to pay a civil penalty of up to $1.67 million, with an additional $10,000 a day since filing. For Chaturbate, it's $1.78 million plus $10,000 per day. Last week, Pornhub's parent company Aylo blocked anyone accessing its network of sites from a Texas IP address, and replaced its network of sites -- which include Pornhub, Brazzers, YouPorn and many more -- with a message about its rejection of age verification legislation that requires adults to show government-issued ID to access porn. [...] As of writing, xHamster and Chaturbate are still accessible in Texas and don't have requirements to verify users' ages with a government ID.