An anonymous reader quotes a report from the New York Times: Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He's never been responsible for an accident. So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor. LexisNexis is a New York-based global data broker with a "Risk Solutions" division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl's request, LexisNexis sent him a 258-page "consumer disclosure report," which it must provide per the Fair Credit Reporting Act. What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn't have is where they had driven the car. On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.

According to the report, the trip details had been provided by General Motors -- the manufacturer of the Chevy Bolt. LexisNexis analyzed that driving data to create a risk score "for insurers to use as one factor of many to create more personalized insurance coverage," according to a LexisNexis spokesman, Dean Carney. Eight insurance companies had requested information about Mr. Dahl from LexisNexis over the previous month. "It felt like a betrayal," Mr. Dahl said. "They're taking information that I didn't realize was going to be shared and screwing with our insurance." In recent years, insurance companies have offered incentives to people who install dongles in their cars or download smartphone apps that monitor their driving, including how much they drive, how fast they take corners, how hard they hit the brakes and whether they speed. But "drivers are historically reluctant to participate in these programs," as Ford Motor put it in apatent application (PDF) that describes what is happening instead: Car companies are collecting information directly from internet-connected vehicles for use by the insurance industry.

Sometimes this is happening with a driver's awareness and consent. Car companies have established relationships with insurance companies, so that if drivers want to sign up for what's called usage-based insurance -- where rates are set based on monitoring of their driving habits -- it's easy to collect that data wirelessly from their cars. But in other instances, something much sneakier has happened. Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people's driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis. Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers' permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read. Especially troubling is that some drivers with vehicles made by G.M. say they were tracked even when they did not turn on the feature -- called OnStar Smart Driver -- and that their insurance rates went up as a result.

According to the Wall Street Journal (paywalled), former Activision CEO Bobby Kotick is reportedly considering buying TikTok. PCMag reports: Kotick floated the idea at a dinner at an Allen & Co. conference earlier this week with a group of potential partners, including OpenAI CEO Sam Altman, the Journal says. Kotick left Activision in late December after more than 30 years following the approval of the Microsoft merger and a tumultuous period that included a damaging discrimination lawsuit. And while he got a hefty golden parachute, it's probably not enough to buy TikTok, so he'll need partners with deep pockets. The report comes amid a vote in the House that would require TikTok to be sold or banned in the United States.

Over 15,000 Roku customers were hacked and used to make fraudulent purchases of hardware and streaming subscriptions. According to BleepingComputer, the threat actors were "selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases." From the report: On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack. A credential stuffing attack is when threat actors collect credentials exposed in data breaches and then attempt to use them to log in to other sites, in this case, Roku.com. The company says that once an account was breached, it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses. This effectively locked a user out of the account, allowing the threat actors to make purchases using stored credit card information without the legitimate account holder receiving order confirmation emails.

"It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts," reads the data breach notice. "As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. "After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions." Roku says that it secured the impacted accounts and forced a password reset upon detecting the incident. Additionally, the platform's security team investigated for any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.

A researcher told BleepingComputer last week that the threat actors have been using a Roku config to perform credential stuffing attacks for months, bypassing brute force attack protections and captchas by using specific URLs and rotating through lists of proxy servers. Successfully hacked accounts are then sold on stolen account marketplaces for as little as 50 cents, as seen below where 439 accounts are being sold. The seller of these accounts provides information on how to change information on the account to make fraudulent purchases. Those who purchase the stolen accounts hijack them with their own information and use stored credit cards to purchase cameras, remotes, soundbars, light strips, and streaming boxes. After making their purchases, it is common for them to share screenshots of redacted order confirmation emails on Telegram channels associated with the stolen account marketplaces.

Surgeons in the United Kingdom have performed the first operation in the country using Apple's Vision Pro headset. TechSpot reports: During a recent operation to repair a patient's spine at the private Cromwell Hospital in London, a scrub nurse working alongside the surgeon used the Vision Pro to help prepare, keep track of the procedure, and choose the right tools, reports the Daily Mail. This marked the first operation in the UK where the Vision Pro was used. The software running on Apple's headset during the operation comes from US company eXeX, which has made similar programs for Microsoft's HoloLens. It offers nurses and technicians both holographic and touch-free access to the surgical setup and the procedural guides from within the sterile field of the operating room, according to the press release. The software also tracks each stage of an operation and can measure how well the op went compared to previous procedures performed by other surgeons.

"It eliminates human error and eliminates the guesswork," said Suvi Verho, lead scrub nurse at London Independent Hospital. "It gives you confidence in surgery." While this marked the first time that the Vision Pro was used during a UK surgery, the first-ever time the device was used in an operating room was last month, just three days after its release, when Orlando resident and world-renowned Neurosurgeon Dr. Robert Masson wore it during several spine reconstruction surgeries. "We are in a new era of surgery, and for the first time, our surgical teams have the brilliance of visual holographic guidance and maps, improving visuospatial and temporal orientation for each surgical team and for each surgery in all specialties," said Masson.

An anonymous reader quotes a report from BleepingComputer: YouTube is no longer showing recommended videos to users logged out of a Google account or using Incognito mode, making people concerned they are being bullied into always being signed into the service. This change, which is now rolling out, shows a simple YouTube homepage without any videos or tips on what to watch. Before, even in incognito mode or when not logged in, Google would still show you video suggestions. Now, users see a message saying "Get Started" and "Start watching videos to help us build a feed of videos you'll love" when they open YouTube in incognito mode, with videos no longer being recommended.

Jess Weatherbed reports via The Verge: Midjourney says it has banned Stability AI staffers from using its service, accusing employees at the rival generative AI company of causing a systems outage earlier this month during an attempt to scrape Midjourney's data. Midjourney posted an update to its Discord server on March 2nd that acknowledged an extended server outage was preventing generated images from appearing in user galleries. In a summary of a business update call on March 6th, Midjourney claimed that "botnet-like activity from paid accounts" -- which the company specifically links to Stability AI employees -- was behind the outage.

According to Midjourney user Nick St. Pierre on X, who listened to the call, Midjourney said that the service was brought down because "someone at Stability AI was trying to grab all the prompt and image pairs in the middle of a night on Saturday." St. Pierre said that Midjourney had linked multiple paid accounts to an individual on the Stability AI data team. In its summary of the business update call on March 6th (which Midjourney refers to as "office hours"), the company says it's banning all Stability AI employees from using its service "indefinitely" in response to the outage. Midjourney is also introducing a new policy that will similarly ban employees of any company that exercises "aggressive automation" or causes outages to the service.

St. Pierre flagged the accusations to Stability AI CEO Emad Mostaque, who replied on X, saying he was investigating the situation and that Stability hadn't ordered the actions in question. "Very confusing how 2 accounts would do this team also hasn't been scraping as we have been using synthetic & other data given SD3 outperforms all other models," said Mostaque, referring to the Stable Diffusion 3 AI model currently in preview. He claimed that if the outage was caused by a Stability employee, then it was unintentional and "obviously not a DDoS attack." Midjourney founder David Holz responded to Mostaque in the same thread, claiming to have sent him "some information" to help with his internal investigation.

According to Bloomberg's Mark Gurman, AirPods Pro will gain a new "hearing aid mode" with the release of iOS 18 later this year. MacRumors reports: Writing in the subscriber edition of his regular Power On newsletter, Gurman claims that the "big news" for AirPods Pro in the near term will be support for a hearing aid-style function when iOS 18 drops in the fall. To be clear, this isn't the first time we have heard a potential hearing aid feature for AirPods Pro. The first rumor appeared in a 2021 Wall Street Journal report, but it was previously framed as a feature that would be exclusive to a next-generation model of AirPods Pro. However, Apple in September 2022 released the second-generation AirPods Pro, while the company more recently released a refreshed model with a USB-C port.

AirPods Pro already offer a Conversation Boost feature, which boosts the volume and clarity of people directly in front of the wearer, but Apple has not advertised the earbuds as a hearing aid device, because this would require FDA regulatory approval. As per the FDA, a hearing aid is defined as "any wearable device designed for, offered for the purpose of, or represented as aiding persons with or compensating for, impaired hearing." This definition encompasses both air-conduction and bone-conduction devices in a variety of styles (for example, behind-the-ear, in-the-canal, or body worn). [...] It is not yet clear whether Apple will need FDA clearance in order to make explicit or implicit claims about the rumored "hearing aid mode," which may not even adopt this exact name. If, for example, Apple subsequently suggests that AirPods Pro are for users with certain types or severity of hearing loss/impaired hearing, or for use as an alternative to a hearing aid, then they will require FDA regulatory approval to be marketed as such.

An anonymous reader quotes a report from TechCrunch: A lengthy investigation into the European Union's use of Microsoft 365 has found the Commission breached the bloc's data protection rules through its use of the cloud-based productivity software. Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed "several key data protection rules when using Microsoft 365." "The Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365," the data supervisor, Wojciech Wiewiorowski, wrote, adding: "The Commission's infringements as data controller also relate to data processing, including transfers of personal data, carried out on its behalf." The EDPS has imposed corrective measures requiring the Commission to address the compliance problems it has identified by December 9 2024, assuming it continues to use Microsoft's cloud suite. The regulator, which oversees' EU institutions' compliance with data protection rules, opened a probe of the Commission's use of Microsoft 365 and other U.S. cloud services back in May 2021. [...]

The Commission confirmed receipt of the EDPB's decision and said it will need to analyze the reasoning "in detail" before taking any decision on how to proceed. In a series of statements during a press briefing, it expressed confidence that it complies with "the applicable data protection rules, both in fact and in law." It also said "various improvements" have been made to contracts, with the EDPS, during its investigation. "We have been cooperating fully with the EDPS since the start of the investigation, by providing all relevant documents and information to the EDPS and by following up on the issues that have been raised in the course of the investigation," it said. "The Commission has always been ready to implement, and grateful for receiving, any substantiated recommendation from the EDPS. Data protection is a top priority for the Commission."

"The Commission has always been fully committed to ensuring that its use of Microsoft M365 is compliant with the applicable data protection rules and will continue to do so. The same applies to all other software acquired by the Commission," it went on, further noting: "New data protection rules for the EU institutions and bodies came into force on 11 December 2018. The Commission is actively pursuing ambitious and safe adequacy frameworks with international partners. The Commission applies those rules in all its processes and contracts, including with individual companies such as Microsoft." While the Commission's public statements reiterated that it's committed to compliance with its legal obligations, it also claimed that "compliance with the EDPS decision unfortunately seems likely to undermine the current high level of mobile and integrated IT services." "This applies not only to Microsoft but potentially also to other commercial IT services. But we need to first analyze the decision's conclusions and the underlying reasons in detail. We cannot provide further comments until we have concluded the analysis," it added.

Controversial eyeball scanning startup Worldcoin has failed to get an injunction against a temporary suspension ordered Wednesday by Spain's data protection authority, the AEPD. TechCrunch: The authority used emergency powers contained in the European Union's General Data Protection Regulation (GDPR) to make the local order, which can apply for up to three months. It said it was taking the precautionary measure against Worldcoin's operator, Tools for Humanity, in light of the sensitive nature of the biometric data being collected, which could pose a high risk to the rights and freedoms of individuals. It also raised specific concerns about risks to minors, citing complaints received.

Today a Madrid-based High Court declined to grant an injunction against the AEPD's order, saying that the "safeguarding of public interest" must be prioritized. As we reported Friday, the crypto blockchain biometrics digital identity firm shuttered scanning in the market shortly after the AEPD order -- which gave it 72 hours to comply. Today's court decision means Worldcoin's services remain suspended in Spain -- for up to three months.

Automakers, including G.M., Honda, Kia, and Hyundai, have been collecting detailed driving data from millions of Americans through internet-enabled connected-car apps. The data, which includes information on speed, hard braking, and rapid accelerations, is shared with data brokers like LexisNexis. These brokers then provide the information to insurance companies, which use it to personalize coverage and set rates, The New York Times reported Monday. While automakers and data brokers claim to have drivers' consent, the partnerships are often obscured in fine print and unclear privacy policies. The practice raises concerns about privacy and transparency, as some drivers may be unaware that their driving habits are being tracked and shared with third parties.

Dozens of people have been injured by what officials described as a "strong movement" on a Chilean flight from Australia to New Zealand. From a report: In a statement on Monday, Chilean LATAM Airlines blamed the injuries on "a technical event during the flight which caused a strong movement." It is just the latest in a series of safety-related incidents to feature a Boeing plane. Passengers were met by paramedics when the LATAM Boeing 787-9 Dreamliner touched down in Auckland. It was not immediately clear what caused the incident.

About 50 people were treated at the scene, mostly for mild injuries. Twelve were taken to hospital, an ambulance spokesperson said, with one believed to be in serious condition. It is been a turbulent week for Boeing, with the US plane maker suffering a series of safety-related issues. Further reading: Justice Department Opens Criminal Investigation Into Boeing's Window Blowout Incident.

The University of Texas at Austin said Monday that it would again require standardized tests for admissions (non-paywalled source), becoming the latest selective university to reinstate requirements for SAT or ACT scores that were abandoned during the pandemic. From a report: A few years ago, about 2,000 colleges across the country began to move away from requiring test scores, at least temporarily, amid concerns they helped fuel inequality. But a growing number of those schools have reversed those policies, including Brown, Yale, Dartmouth, M.I.T., Georgetown and Purdue, with several announcing the changes in recent months.

U.T. Austin, which admits a cross-section of high-achieving Texas students under a plan designed to increase opportunity in the state, cited a slightly different reason than the other schools in returning to test requirements. Without requiring test scores, officials said, they were hampered in placing the admitted students in programs they would be most suited for and in determining which ones needed extra help. After making test scores optional the past few years, the university will now require applicants to submit either SAT or ACT scores beginning Aug. 1, with applications for fall 2025 admissions.

In an interview, Jay Hartzell, the U.T. president, said that the decision followed an analysis of students who did not submit scores. "We looked at our students and found that, in many ways, they weren't faring as well," Dr. Hartzell said. Those against testing requirements have long said that standardized tests are unfair because many students from affluent families use tutors and coaches to bolster their scores. But recent data has raised questions about the contention. In reinstating test requirements, some universities have said that making scores optional had the unintended effect of harming prospective students from low-income families.

The US could further tighten controls on China's access to sophisticated semiconductor technologies, Commerce Secretary Gina Raimondo said, signaling Washington may intensify its campaign to prevent Beijing catching up in military capabilities. From a report: "We cannot allow China to have access for their military advancement to our most sophisticated technology," she told reporters in Manila on Monday. "So yes, we will do whatever it takes to protect our people including expanding our controls."

Raimondo, who is leading a trade delegation to the Philippines and Thailand, was asked if the US is planning to add new restrictions on the sale of semiconductors to China. The Biden administration is mulling fresh sanctions on several Chinese tech companies, including memory chipmaker ChangXin Memory Technologies Inc., while pushing allies to do more to curb the export of advanced tech to China, Bloomberg has reported in recent days. Washington has taken aim at China's chip industry for years, imposing sweeping controls on the export of advanced semiconductor-making machines and sophisticated chips like those used to develop artificial intelligence. Japan and the Netherlands, the two key countries where chip-making equipment is developed, joined the US effort last year.

The U.S. government must move "quickly and decisively" to avert substantial national security risks stemming from artificial intelligence (AI) which could, in the worst case, cause an "extinction-level threat to the human species," says a report commissioned by the U.S. government published on Monday. Time: "Current frontier AI development poses urgent and growing risks to national security," the report, which TIME obtained ahead of its publication, says. "The rise of advanced AI and AGI [artificial general intelligence] has the potential to destabilize global security in ways reminiscent of the introduction of nuclear weapons." AGI is a hypothetical technology that could perform most tasks at or above the level of a human. Such systems do not currently exist, but the leading AI labs are working toward them and many expect AGI to arrive within the next five years or less.

The three authors of the report worked on it for more than a year, speaking with more than 200 government employees, experts, and workers at frontier AI companies -- like OpenAI, Google DeepMind, Anthropic and Meta -- as part of their research. Accounts from some of those conversations paint a disturbing picture, suggesting that many AI safety workers inside cutting-edge labs are concerned about perverse incentives driving decisionmaking by the executives who control their companies. The finished document, titled "An Action Plan to Increase the Safety and Security of Advanced AI," recommends a set of sweeping and unprecedented policy actions that, if enacted, would radically disrupt the AI industry. Congress should make it illegal, the report recommends, to train AI models using more than a certain level of computing power.

The threshold, the report recommends, should be set by a new federal AI agency, although the report suggests, as an example, that the agency could set it just above the levels of computing power used to train current cutting-edge models like OpenAI's GPT-4 and Google's Gemini. The new AI agency should require AI companies on the "frontier" of the industry to obtain government permission to train and deploy new models above a certain lower threshold, the report adds. Authorities should also "urgently" consider outlawing the publication of the "weights," or inner workings, of powerful AI models, for example under open-source licenses, with violations possibly punishable by jail time, the report says. And the government should further tighten controls on the manufacture and export of AI chips, and channel federal funding toward "alignment" research that seeks to make advanced AI safer, it recommends.

Several French government agencies were hit by "intense" cyberattacks beginning Sunday night. From a report: The attacks' impact on most services has been reduced and access to agencies' websites restored, the prime minister's office said in a statement Monday.

Airbnb will no longer allow hosts to use indoor security cameras, regardless of where they're placed or what they're used for. In an update on Monday, Airbnb says the change to "prioritize the privacy" of renters goes into effect on April 30th. From a report: The vacation rental app previously let hosts install security cameras in "common areas" of listings, including hallways, living rooms, and front doors. Airbnb required hosts to disclose the presence of security cameras in their listings and make them clearly visible, and it prohibited hosts from using cameras in bedrooms and bathrooms.

But now, hosts can't use indoor security cameras at all. The change comes after numerous reports of guests finding hidden cameras within their rental, leading some vacation-goers to scan their rooms for cameras. Airbnb's new policy also introduces new rules for outdoor security cameras, and will now require hosts to disclose their use and locations before guests book a listing. Hosts can't use outdoor cams to keep tabs on indoor spaces, either, nor can they use them in "certain outdoor areas where there's a great expectation of privacy," such as an outdoor shower or sauna.

An anonymous reader shares a report: Linus Torvalds has released version 6.8 of the Linux Kernel. "So it took a bit longer for the commit counts to come down this release than I tend to prefer," Torvalds wrote on the Linx kernel mailing list on Sunday, "but a lot of that seemed to be about various selftest updates (networking in particular) rather than any actual real sign of problems."

"And the last two weeks have been pretty quiet, so I feel there's no real reason to delay 6.8." So he delivered it, ending his own speculation that this cut of the kernel might need an eighth release candidate. Torvalds found time to note what he described as "a bit of random git numerology" as when work ended on this version of the kernel the git repository used to track it contained 9.996 million objects."

"This is the last mainline kernel to have less than ten million git objects," Torvalds wrote. "Of course, there is absolutely nothing special about it apart from a nice round number. Git doesn't care," he added. Fair enough -- especially as noted that other trees, such as linux-next, have well and truly passed ten million objects.

An anonymous reader shares a report: Nvidia CEO Jensen Huang recently took to the stage to claim that Nvidia's GPUs are "so good that even when the competitor's chips are free, it's not cheap enough." Huang further explained that Nvidia GPU pricing isn't really significant in terms of an AI data center's total cost of ownership (TCO). The impressive scale of Nvidia's achievements in powering the booming AI industry is hard to deny; the company recently became the world's third most valuable company thanks largely to its AI-accelerating GPUs, but Jensen's comments are sure to be controversial as he dismisses a whole constellation of competitors, such as AMD, Intel and a range of competitors with ASICs and other types of custom AI silicon.

Starting at 22:32 of the YouTube recording, John Shoven, Former Trione Director of SIEPR and the Charles R. Schwab Professor Emeritus of Economics, Stanford University, asks, "You make completely state-of-the-art chips. Is it possible that you'll face competition that claims to be good enough -- not as good as Nvidia -- but good enough and much cheaper? Is that a threat?" Jensen Huang begins his response by unpacking his tiny violin. "We have more competition than anyone on the planet," claimed the CEO. He told Shoven that even Nvidia's customers are its competitors, in some cases. Also, Huang pointed out that Nvidia actively helps customers who are designing alternative AI processors and goes as far as revealing to them what upcoming Nvidia chips are on the roadmap.

Elon Musk's AI startup xAI will open-source Grok, its chatbot rivaling ChatGPT, this week, the entrepreneur said, days after suing OpenAI and complaining that the Microsoft-backed startup had deviated from its open-source roots. From a report: xAI released Grok last year, arming it with features including access to "real-time" information and views undeterred by "politically correct" norms. The service is available to customers paying for X's $16 monthly subscription.

Streamers narrowly avoided getting shut out at the 2024 Oscars: Netflix came away with just one trophy and Apple left empty-handed, after they garnered a total of 32 nominations. From a report: Netflix collected its one win for Wes Anderson's "The Wonderful Story of Henry Sugar," an adaptation of a Roald Dahl story, in the live action short film category. The 40-minute film, with a cast that includes Benedict Cumberbatch, Dev Patel, Ben Kingsley, and Ralph Fiennes, is the first Oscar for Anderson (who wasn't in attendance to receive the award). Heading into Sunday's 96th Academy Awards, Netflix led all studios and platforms with 19 nominations across 11 films, including seven for Bradley Cooper's "Maestro" -- which was shut out. Apple had picked up 13 nods, including 10 for Martin Scorsese's "Killers of the Flower Moon," which also drew a goose egg.

Since 2017, Netflix has now won 23 Oscars in all. But the best picture prize continues to elude the streamer as "Maestro" lost out to this year's awards powerhouse, "Oppenheimer." Nor has Netflix won in the lead actor or actress categories, coming up empty this year after four noms (Cooper and Carey Mulligan for "Maestro"; Colman Domingo for "Rustin"; and Annette Bening for "Nyad"). "Killers of the Flower Moon's" nominations included one for Scorsese in the best director category. His only Oscar to date came in 2007 for "The Departed" (for director). In 2020, his mafioso pic "The Irishman" for Netflix was shut out at the Oscars after receiving 10 nominations.