French newspaper Le Monde found that the fitness app Strava can easily track confidential movements of foreign leaders, including U.S. President Joe Biden, and presidential rivals Donald Trump and Kamala Harris. The Independent reports: Le Monde found that some U.S. Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English. Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community. Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin. In one example, Le Monde traced the Strava movements of Macron's bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn't listed on the president's official agenda.

Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards' Strava profiles. In a statement to Le Monde, the U.S. Secret Service said its staff aren't allowed to use personal electronic devices while on duty during protective assignments but "we do not prohibit an employee's personal use of social media off-duty." "Affected personnel has been notified," it said. "We will review this information to determine if any additional training or guidance is required." "We do not assess that there were any impacts to protective operations or threats to any protectees," it added. Locations "are regularly disclosed as part of public schedule releases."

In another example, Le Monde reported that a U.S. Secret Service agent's Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden's arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found. The newspaper's journalists say they identified 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.

JPMorgan Chase is suing customers who exploited an ATM glitch that allowed them to withdraw funds before a check bounced. CNBC reports: The bank on Monday filed lawsuits in at least three federal courts, taking aim at some of the people who withdrew the highest amounts in the so-called infinite money glitch that went viral on TikTok and other social media platforms in late August. [...] JPMorgan, the biggest U.S. bank by assets, is investigating thousands of possible cases related to the "infinite money glitch," though it hasn't disclosed the scope of associated losses. Despite the waning use of paper checks as digital forms of payment gain popularity, they're still a major avenue for fraud, resulting in $26.6 billion in losses globally last year, according to Nasdaq's Global Financial Crime Report.

The infinite money glitch episode highlights the risk that social media can amplify vulnerabilities discovered at a financial institution. Videos began circulating in late August showing people celebrating the withdrawal of wads of cash from Chase ATMs shortly after bad checks were deposited. Normally, banks only make available a fraction of the value of a check until it clears, which takes several days. JPMorgan says it closed the loophole a few days after it was discovered.

The lawsuits are likely to be just the start of a wave of litigation meant to force customers to repay their debts and signal broadly that the bank won't tolerate fraud, according to the people familiar. JPMorgan prioritized cases with large dollar amounts and indications of possible ties to criminal groups, they said. The civil cases are separate from potential criminal investigations; JPMorgan says it has also referred cases to law enforcement officials across the country. "Fraud is a crime that impacts everyone and undermines trust in the banking system," JPMorgan spokesman Drew Pusateri said in a statement to CNBC. "We're pursuing these cases and actively cooperating with law enforcement to make sure if someone is committing fraud against Chase and its customers, they're held accountable."

An anonymous reader quotes a report from TechCrunch: Similar to how Mastodon offers an open source, distributed version of X, the fediverse is getting its own TikTok competitor. This week, an app called Loops began accepting signups on its new platform for sharing short, looping videos. Still in the early stages, Loops is not yet open sourced, nor has it completed its integration with ActivityPub, the protocol that powers Mastodon, Pixelfed, PeerTube, and other federated apps. However, both those efforts are in the works and when complete, will allow Loops to add another layer of social activity to the growing open social web known as the fediverse, which now has north of 11.6 million users and over 1 million monthly active users. (Mastodon accounts for roughly 65% of that activity.) Growth in this space has also encouraged other apps to adopt ActivityPub, like social magazine app Flipboard and Meta's Threads. The latter is not yet fully integrated but already has more than 200 million monthly active users.

Loops, meanwhile, was developed by Daniel Supernault, who also created the federated Instagram rival Pixelfed. In fact, Loops will run under the Pixelfed project, according to an FAQ on its website. [...] Aimed at users 13 and up, Loops will allow you to follow other users, as well as like, comment on, or share their videos. But as a part of the federated web -- the open social web running on ActivityPub -- remote users from other platforms like Mastodon and Pixelfed will also be able to follow users' Loops accounts and then view the videos in their home feed on those respective platforms. These remote followers will also be able to like, comment on, or share videos if their platform supports it. Videos published to the app will be held for moderation if the uploader has a low trust score, but trusted users will be able to skip the queue and publish immediately. The trust score is also used to hide problematic comments on posts and apply content warnings, Supernault notes. Other features, like profile sharing or the ability for Loops users to follow Mastodon and Pixelfed users in return, are still "to be announced," the site notes.

An anonymous reader shared this report from the Verge: Ever wondered why some of your Instagram videos tend to look blurry, while others are crisp and sharp? It's because, on Instagram, the quality of your video apparently depends on how many views it's getting.

Here's part of Mosseri's explanation, from the video, which was reposted by a Threads user today. "In general, we want to show the highest-quality video we can ... But if something isn't watched for a long time — because the vast majority of views are in the beginning — we will move to a lower quality video. And then if it's watched again a lot then we'll re-render the higher quality video...."

The shift in quality "isn't huge," Mosseri said in response to another Threads user, who'd asked if that approach disadvantaged smaller creators. That's "the right concern," he told them, but said people interact with videos based on its content, not its quality. That's consistent with how Meta has described its approach before... Meta wrote in a blog [post] that in order to conserve computing resources for the relatively few, most watched videos, it gives fresh uploads the fastest, most basic encoding. After a video "gets sufficiently high watch time," it receives a more robust encoding pass.
"It works at an aggregate level, not an individual viewer level," Mosseri wrote later on Threads. "We bias to higher quality (more CPU intensive encoding and more expensive storage for bigger files) for creators who drive more views. It's not a binary theshhold, but rather a sliding scale."

NoWayNoShapeNoForm writes: OpenVault believes that data caps on broadband are not a problem because most people do not exceed their existing data caps. OpenVault contends that people that do exceed their broadband data caps are simply being forgetful — leaving a streaming device on 24x7, or deploying unsecure WiFi access points, or reselling their service within an apartment building.

Yes, there may be some ISPs that have older networks that they have not upgraded. Or maybe they are unable to increase network capacity in "the middle mile" of their networks, but the Covid pandemic certainly encouraged many ISPs to upgrade their networks and capacity while many ISPs that had broadband data caps ended that feature.

Perhaps the biggest problem, according to OpenVault, is that most broadband users do not really have any idea how much bandwidth they "consume" every month. If Internet access is a service that people want to treat as a "utility", then you have to ask, Would they keep the water running after finishing their shower?
In the article Ookla's VP of Smart Communities adds that "Scrolling through social media feeds for hours can 'push' hundreds of videos to the user, many of which may be of no interest — they just start running." So the main driver for usage-based billing wasn't to increase revenue, OpenVault CEO Mark Trudeau tells the site, but to "balance the network a little more..." (Though he then also adds that sometimes a subscriber could also be reselling broadband service in their apartment building, "And that's not even legal.")

"If one or two customers on a given node is causing issues for 300 others, where those 300 are not getting the service that they paid for, then that's a problem right?" he said.

Having said that, the article also points out that "Many major fiber providers, like AT&T, Frontier, Google Fiber and Verizon Fios, don't have data caps at all."

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

OFF Radio Krakow sparked controversy by replacing its journalists with AI-generated presenters in an experiment to attract younger audiences. CNN Business reports: Weeks after letting its journalists go, OFF Radio Krakow relaunched this week, with what it said was âoethe first experiment in Poland in which journalists ... are virtual characters created by AI." The station in the southern city of Krakow said its three avatars are designed to reach younger listeners by speaking about cultural, art and social issues including the concerns of LGBTQ+ people. "Is artificial intelligence more of an opportunity or a threat to media, radio and journalism? We will seek answers to this question," the station head, Marcin Pulit, wrote in a statement.

UnitedHealth Group said a ransomware attack in February resulted in more than 100 million individuals having their private health information stolen. The U.S. Department of Health and Human Services first reported the figure on Thursday. TechCrunch reports: The ransomware attack and data breach at Change Healthcare stands as the largest known digital theft of U.S. medical records, and one of the biggest data breaches in living history. The ramifications for the millions of Americans whose private medical information was irretrievably stolen are likely to be life lasting. UHG began notifying affected individuals in late July, which continued through October. The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver's license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information -- as well as financial and banking information found in claims and payment data taken by the criminals.

The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector that relied on Change for handling patient insurance and billing. UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the cyberattack. The ransomware gang's leaders later vanished after absconding with a $22 million ransom paid by the health insurance giant, stiffing the group's contractors who carried out the hacking of Change Healthcare out of their new financial windfall. The contractors took the data they stole from Change Healthcare and formed a new group, which extorted a second ransom from UHG, while publishing a portion of the stolen files online in the process to prove their threat.

There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including LockBit, have been shown to hoard stolen data, even after the victim pays and the criminals claim to have deleted the data. In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data. Efforts by the U.S. government to catch the hackers behind ALPHV/BlackCat, one of the most prolific ransomware gangs today, have so far failed. The gang bounced back following a takedown operation in 2023 to seize the gang's dark web leak site. Months after the Change Healthcare breach, the U.S. State Department upped its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.

An anonymous reader quotes a report from TechCrunch: Smashing, a new app curating the best of the web from Goodreads co-founder Otis Chandler, is now available to the public. Like Goodreads, the app aims to create a community around content. But this time, instead of books, the focus is on web content -- like news articles, blog posts, social media posts, podcasts, and more. In addition, Smashing is introducing an AI Questions feature that allows you to engage with the content being shared in different ways, including by viewing a news story from different perspectives or asking the AI to poke holes in the story, among other things. By viewing different angles of a story, you can see how both the political left and right view the subject. Or, in the case of a company's stock, you might be presented with both the bull and bear case.

There are a good handful of AI prompts available at launch, notes Chandler, and not all will make sense to use on every news story or piece of content. For instance, there's a silly "make it funny" prompt, and others that can simplify the story, display a timeline, or introduce "unconventional" takes that may involve thinking outside the box, helping you weigh ideas you hadn't considered yet. You can also ask your own questions, if you prefer. On the app, users are able to create multiple interest feeds to stay informed about the topics that matter to them, like politics, investing, parenting, health and wellness, and more, or even narrower interests like specific companies, sports teams, crypto, climate change, or other subtopics. The app also leverages AI to surface content from around the web and then match it to an individual reader based on what articles they tend to read, what subtopics they like, and what's already popular in the community, as determined by upvotes and downvotes. Combined, the signals tune Smashing to a user's particular interests. As part of the AI Questions feature, Smashing is also introducing AI-powered Story Overview pages, which offer grouped articles, blog posts, and social media posts all about the same story.

Ireland's data-protection watchdog fined LinkedIn 310 million euros ($334.3 million), saying the Microsoft-owned career platform's personal-data processing breached strict European Union data-privacy and security legislation. From a report: The Irish Data Protection Commission in 2018 launched a probe into LinkedIn's processing of users' personal data for behavioral analysis and targeted advertising after its French equivalent flagged a complaint it received from a non-profit organization. Irish officials raised concerns on the lawfulness, fairness and transparency of the practice, saying Thursday that LinkedIn was in breach of the EU's General Data Protection Regulation.

"The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subjects' fundamental right to data protection," said Graham Doyle, deputy commissioner at the Irish Data Protection Commission. In their decision, Irish officials said LinkedIn wasn't sufficiently informing users when seeking their consent to process third-party data for behavioral analysis and targeted advertising and ordered the platform to bring its processing into compliance.

Norway plans to enforce a strict minimum social media age of 15 to protect children from harmful content and the influence of algorithms. The Guardian reports: The Scandinavian country already has a minimum age limit of 13 in place. Despite this, more than half of nine-year-olds, 58% of 10-year-olds and 72% of 11-year-olds are on social media, according to research by the Norwegian media authority. The government has pledged to introduce more safeguards to prevent children from getting around the age restrictions -- including amending the Personal Data Act so that social media users must be 15 years old to agree that the platform can handle their personal data, and developing an age verification barrier for social media.

"It sends quite a strong signal," the prime minister told the newspaper VG on Wednesday. "Children must be protected from harmful content on social media. These are big tech giants pitted against small children's brains. We know that this is an uphill battle, because there are strong forces here, but it is also where politics is needed." While he said he understood that social media could offer lonely children a community, self-expression must not be in the power of algorithms. "On the contrary, it can cause you to become single-minded and pacified, because everything happens so fast on this screen," he added. "It is also about giving parents the security to say no," said Kjersti Toppe, the minister for children and families. "We know that many people really want to say no, but don't feel they can."

The Register's Laura Dobberstein reports: Huawei formally launched its home-brewed operating system, HarmonyOS NEXT, on Wednesday, marking its official separation from the Android ecosystem. Huawei declared it released and "officially started public beta testing" of the OS for some of its smartphones and tablets that run its own Kirin and Kunpeng chips.

Unlike previous iterations of HarmonyOS, HarmonyOS NEXT no longer supports Android apps. Huawei maintains top Chinese outfits aren't deterred by that. It cited Meituan, Douyin, Taobao, Xiaohongshu, Alipay, and JD.com as among those who have developed native apps for the OS. In case you're not familiar, they're China's top shopping, payment, and social media apps.

Huawei also claimed that at the time of its announcement, over 15,000 HarmonyOS native applications and meta-services were also launched. That's a nice number, but well short of the millions of apps found on the Google Play Store and Apple's App Store. The Chinese tech player also revealed that the operating system has 110 million lines of code and claimed it improves the overall performance of mobile devices running it by 30 percent. It also purportedly increases battery life by 56 minutes and leaves an average of 1.5GB of memory for purposes other than running the OS.

Foursquare, one of the App Store's earliest success stories, will shut down its flagship city guide app on December 15 to focus on its check-in service Swarm, the company said. The move reverses Foursquare's controversial 2014 decision to split its platform into two apps: Swarm for check-ins and Foursquare for local recommendations and reviews. The strategy shift comes months after Foursquare laid off over 100 employees. Engadget adds: Foursquare founder Dennis Crowley, who is currently co-chair of the company's board of directors, said in a post on Threads that the company is "doing fine," though he expressed disappointment with the news. "I would be lying if I didn't admit that I have been in a real funk these last few days over this news," he wrote.

Speaking of streaming services, an anonymous reader shares a story that looks into Apple's entertainment offering: Ever since its launch in 2019, Apple TV+ has been carving out an identity as the new home for prestige shows from some of Hollywood's biggest names -- the kind of shows that sound natural coming out of Jimmy Kimmel's mouth in monologue jokes at the Emmys. While the company never provides spending details, Apple is estimated to have spent at least $20 billion recruiting the likes of Reese Witherspoon, M. Night Shayamalan, and Harrison Ford to help cultivate its award-worthy sheen. For all the effort Apple has expended, and for all the cultural excitement around Ted Lasso during its three-season run, the streaming service has won nearly 500 Emmys ... while attracting just 0.2% of total TV viewing in the U.S.

No wonder the company reportedly began reining in its spending spree recently. (Apple did not reply to a request for comment.) "It seems like Apple TV wants to be seen as a platform that's numbers-agnostic," says Ashley Ray, comedian, TV writer, and host of the erstwhile podcast TV I Say. "They wanna be known for being about the creativity and the love of making TV shows, even if nobody's watching them."

The experience of enjoying a new Apple TV+ series can often be a lonely one. Adventurous subscribers might see an in-network ad about something like last summer's Sunny, the timely, genre-bending Rashida Jones series about murderous AI, and give it a shot -- only to find that nobody else is talking about it in their social media feeds or around the company Keurig machine. Sure, the same could be said for hundreds of other streaming series in the post-monoculture era, but most streaming companies aren't consistently landing as much marquee talent for such a limited library. (Apple currently has 259 TV shows and films compared to Netflix's nearly 16,000.)

How is it possible for a streaming service to have as much high-pedigree programming as Apple TV+ does and so relatively few viewers, despite an estimated 25 million paid subscribers? How can shows starring Natalie Portman, Idris Elba, and Colin Farrell launch and even get renewed without ever quite grazing the zeitgeist? How does a show set in the same Monsterverse as Godzilla vs. Kong, and starring Kurt Russell and his roguishly charming son, not become a monster-size hit?

For many perplexed observers, the blame falls squarely on Apple's marketing efforts, or seeming lack thereof.

The UK parliament is considering clamping down on how young people use smartphones. A bill brought forward by a Labour member of parliament proposes both banning phones in schools and raising the age at which children can consent to social media companies using their data. Wired: Calls for smartphone bans have been growing in the UK, driven by fears that the devices are driving a decline in kids' mental health and ability to focus. Smartphone Free Childhood, a prominent pressure group inspired by Jonathan Haidt's book The Anxious Generation, calls for parents to delay getting smartphones for their children until they are at least 13. Florida has already passed a law that bans under-14s from holding social media accounts, and Australia is considering similar restrictions.

But academics warn that smartphone and social media bans are unlikely to be a catch-all solution to the problems facing young people. Experts on the impact of digital technologies argue that the legislation could end up shutting children out from the potential benefits of smartphones, and that more pressure should be put on social media companies to design better digital worlds for children. The latest proposed clampdown in the UK is thin on details, but the MP bringing the bill, Josh MacAllister, told the radio show Today that it would prevent social media companies making use of young peoples' data until they are 16. "We can protect children from lots of the addictive bad design features that come from social media," he said. The bill would also make a ban on phones in schools legally binding.

An anonymous reader quotes a report from Ars Technica: 37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple's move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a "Return to Windows," followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn't do so quietly or without details. Back then, Hansson described his firm as paying "an at times almost absurd premium" for defense against "wild swings or towering peaks in usage." In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years' life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. "The motto of the 2010s and early 2020s -- all-cloud, everything, all the time -- seems to finally have peaked," Hansson writes. "And thank heavens for that!" He adds the caveat that companies with "enormous fluctuations in load," and those in early or uncertain stages, still have a place in the cloud.

TikTok's parent company, ByteDance, fired an intern for "maliciously interfering" with the training of one of its AI models. However, the firm "rejected claims about the extent of the damage caused by the unnamed individual, saying they 'contain some exaggerations and inaccuracies,'" reports the BBC. From the report: The Chinese technology giant's Doubao ChatGPT-like generative AI model is the country's most popular AI chatbot. "The individual was an intern with the [advertising] technology team and has no experience with the AI Lab," ByteDance said in a statement. "Their social media profile and some media reports contain inaccuracies." Its commercial online operations, including its large language AI models, were unaffected by the intern's actions, the company added.

ByteDance also denied reports that the incident caused more than $10 million of damage by disrupting an AI training system made up of thousands of powerful graphics processing units (GPU). As well as firing the person in August, ByteDance said it had informed the intern's university and industry bodies about the incident.

An anonymous reader quotes a report from the Hollywood Reporter: A production company for Blade Runner 2049 has sued (PDF) Tesla, which allegedly fed images from the movie into an artificial intelligence image generator to create unlicensed promotional materials. Alcon Entertainment, in a lawsuit filed Monday in California federal court, accuses Elon Musk and his autonomous vehicle company of misappropriating the movie's brand to promote its robotaxi at a glitzy unveiling earlier this month. The producer says it doesn't want Blade Runner 2049 to be affiliated with Musk because of his "extreme political and social views," pointing to ongoing efforts with potential partners for an upcoming TV series.

The complaint, which brings claims for copyright infringement and false endorsement, also names Warner Bros. Discovery for allegedly facilitating the partnership. "Any prudent brand considering any Tesla partnership has to take Musk's massively amplified, highly politicized, capricious and arbitrary behavior, which sometimes veers into hate speech, into account," states the complaint. "Alcon did not want BR2049 to be affiliated with Musk." [...] The lawsuit cites an agreement, the details of which are unknown to Alcon, for Warners to lease or license studio lot space, access and other materials to Tesla for the event. Alcon alleges that the deal included promotional elements allowing Tesla to affiliate its products with WBD movies. WBD was Alcon's domestic distributor for the 2017 release of Blade Runner 2049. It has limited clip licensing rights, though not for Tesla's livestream TV event, the lawsuit claims.

Alcon says it wasn't informed about the brand deal until the day of the unveiling. According to the complaint, Musk communicated to WBD that he wanted to associate the robotaxi with the film. He asked the company for permission to use a still directly from the movie, which prompted an employee to send an emergency request for clearance to Alcon since international rights would be involved, the lawsuit says. The producer refused, spurring the creation of the AI images. [...] Alcon seeks unspecified damages, as well as a court order barring Tesla from further distributing the disputed promotional materials. Musk referenced Denis Villeneuve's Blade Runner movie during the robotaxi event. "You know, I love Blade Runner, but I don't know if we want that future," he said. "I believe we want that duster he's wearing, but not the, uh, not the bleak apocalypse."

I, Robot director Alex Proyas also took to X last week, writing: "Hey Elon, Can I have my designs back please?"

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

It connects people, data, and money, Bill Gates wrote this week on his personal blog. But digital public infrastructure is also "revolutionizing the way entire nations serve their people, respond to crises, and grow their economies" — and the Gates Foundation sees it "as an important part of our efforts to help save lives and fight poverty in poor countries." Digital public infrastructure [or "DPI"]: digital ID systems that securely prove who you are, payment systems that move money instantly and cheaply, and data exchange platforms that allow different services to work together seamlessly... [W]ith the right investments, countries can use DPI to bypass outdated and inefficient systems, immediately adopt cutting-edge digital solutions, and leapfrog traditional development trajectories — potentially accelerating their progress by more than a decade. Countries without extensive branch banking can move straight to mobile banking, reaching far more people at a fraction of the cost. Similarly, digital ID systems can provide legal identity to millions who previously lacked official documentation, giving them access to a wide range of services — from buying a SIM card to opening a bank account to receiving social benefits like pensions.

I've heard concerns about DPI — here's how I think about them. Many people worry digital systems are a tool for government surveillance. But properly designed DPI includes safeguards against misuse and even enhances privacy... These systems also reduce the need for physical document copies that can be lost or stolen, and even create audit trails that make it easier to detect and prevent unauthorized access. The goal is to empower people, not restrict them. Then there's the fear that DPI will disenfranchise vulnerable populations like rural communities, the elderly, or those with limited digital literacy. But when it's properly designed and thoughtfully implemented, DPI actually increases inclusion — like in India, where millions of previously unbanked people now have access to financial services, and where biometric exceptions or assisted enrollment exist for people with physical disabilities or no fixed address.

Meanwhile, countries can use open-source tools — like MOSIP for digital identity and Mojaloop for payments — to build DPI that fosters competition and promotes innovation locally. By providing a common digital framework, they allow smaller companies and start-ups to build services without requiring them to create the underlying systems from scratch. Even more important, they empower countries to seek out services that address their own unique needs and challenges without forcing them to rely on proprietary systems.
"Digital public infrastructure is key to making progress on many of the issues we work on at the Gates Foundation," Bill writes, "including protecting children from preventable diseases, strengthening healthcare systems, improving the lives and livelihoods of farmers, and empowering women to control their financial futures.

"That's why we're so committed to DPI — and why we've committed $200 million over five years to supporting DPI initiatives around the world... The future is digital. Let's make sure it's a future that benefits everyone."