Security

Internet Archive Services Resume as They Promise Stronger, More Secure Return (msn.com) 16

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."

"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

Security

Fake Google Meet Conference Errors Push Infostealing Malware (bleepingcomputer.com) 6

An anonymous reader quotes a report from BleepingComputer: A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. ClickFix is a social-engineering tactic that emerged in May, first reported by cybersecurity company Proofpoint, from a threat actor (TA571) that used messages impersonating errors for Google Chrome, Microsoft Word, and OneDrive. The errors prompted the victim to copy to clipboard a piece of PowerShell code that would fix the issues by running it in Windows Command Prompt. Victims would thus infect systems with various malware such as DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer.

In July, McAfee reported that the ClickFix campaigns were becoming mode frequent, especially in the United States and Japan. A new report from Sekoia, a SaaS cybersecurity provider, notes that ClickFix campaigns have evolved significantly and now use a Google Meet lure, phishing emails targeting transport and logistics firms, fake Facebook pages, and deceptive GitHub issues. According to the French cybersecurity company, some of the more recent campaigns are conducted by two threat groups, the Slavic Nation Empire (SNE) and Scamquerteo, considered to be sub-teams of the cryptocurrency scam gangs Marko Polo and CryptoLove.

United States

The Pentagon Wants To Use AI To Create Deepfake Internet Users (theintercept.com) 83

schwit1 writes: The Department of Defense wants technology so it can fabricate online personas that are indistinguishable from real people.

The United States' secretive Special Operations Command is looking for companies to help create deepfake internet users so convincing that neither humans nor computers will be able to detect they are fake, according to a procurement document reviewed by The Intercept.

The plan, mentioned in a new 76-page wish list by the Department of Defense's Joint Special Operations Command, or JSOC, outlines advanced technologies desired for country's most elite, clandestine military efforts. "Special Operations Forces (SOF) are interested in technologies that can generate convincing online personas for use on social media platforms, social networking sites, and other online content," the entry reads.

AI

AI-Powered Social Media Manipulation App Promises to 'Shape Reality' (404media.co) 49

An anonymous reader shares a report: Impact, an app that describes itself as "AI-powered infrastructure for shaping and managing narratives in the modern world," is testing a way to organize and activate supporters on social media in order to promote certain political messages. The app aims to summon groups of supporters who will flood social media with AI-written talking points designed to game social media algorithms. In video demos and an overview document provided to people interested in using a prototype of the app that have been viewed by 404 Media, Impact shows how it can send push notifications to groups of supporters directing them at a specific social media post and provide them with AI-generated text they can copy and paste in order to flood the replies with counter arguments.
Education

Parents Take School To Court After Student Punished For Using AI 81

The parents of a Massachusetts student are suing his school after he was penalized for using AI in a Social Studies project, claiming it was for research purposes only. The student received a detention and a lower grade, which his parents argue could harm his college prospects. The school is defending its AI policy and fighting to dismiss the case. The Register reports: "The Plaintiff Student will suffer irreparable harm that far outweighs any harm that may befall the Defendants," their filing reads [PDF]. "He is applying to elite colleges and universities given his high level of academic and personal achievement. Early decision and early action applications in a highly competitive admissions process are imminent and start in earnest on October 1, 2024. Absent the grant of an injunction by this Court, the Student will suffer irreparable harm that is imminent."

The school, however, is fighting back with a motion to dismiss [PDF] the case. The school argues that RNH, along with his classmates, was given a copy of the student handbook in the Fall of last year, which specifically called out the use of AI by students. The class was also shown a presentation about the school's policy. Students should "not use AI tools during in-class examinations, processed writing assignments, homework or classwork unless explicitly permitted and instructed," the policy states. "RNH unequivocally used another author's language and thoughts, be it a digital and artificial author, without express permission to do so," the school argues. "Furthermore, he did not cite to his use of AI in his notes, scripts or in the project he submitted. Importantly, RNH's peers were not allowed to cut corners by using AI to craft their projects; thus, RNH acted 'unfairly in order to gain an advantage.'"
Apple

Apple Headset Stalls, Struggles To Attract Killer Apps in First Year (msn.com) 68

Apple's $3,499 Vision Pro is struggling to attract major software-makers to develop apps for the device, a challenge that threatens to slow the progress of the company's biggest new product in a decade. WSJ: New apps released on the Vision Pro every month have slowed since its launch in January. Some of the most successful virtual-reality software developers have so far opted not to build apps for the headset. Without enough killer apps, certain users have found the device less useful and are opting to sell it. "It's a chicken-or-egg problem," said Bertrand Nepveu, who previously worked on the Vision Pro at Apple and is now an investor in this area at Triptyq Capital.

Nepveu and app developers think Apple should fund app makers to give them an incentive to port over their existing apps from other headsets or to develop fresh content. This practice has become common in the industry, with headset leader Meta Platforms funding many developers and even buying several app makers. The social-media company is a formidable competitor to Apple, with a market share of all headsets reaching 74% in the second quarter this year, according to Counterpoint Research.

Security

Credit Cards Don't Require Signatures. So Why Do We Still Sign? (msn.com) 136

An anonymous reader shares a report: The big financial moments in life used to be marked with a flourish of a pen. Buying a house. A car. Breakfast. Not anymore. Visa, Mastercard, Discover and American Express dropped the requirement to sign for charges like restaurant checks in 2018. They don't look at our scribbles to verify identity or stop fraud. Taps, clicks and electronic signatures took over the heavy lifting for many everyday purchases -- and many contracts, loan applications and even Social Security forms. The John Hancock was written off as a relic useful mainly to inflate the value of sports memorabilia. But signatures didn't die.

We continue to be asked to sign with ink on paper or using fingers on touch screens at many restaurants, bars and other businesses. And people keep signing card receipts out of habit -- even when there is no blank space for it -- because it feels weird not to, payment networks and retail groups say. "Traditions have this odd way of sticking around," said Doug Kantor, general counsel of the National Association of Convenience Stores. Signatures had been used to verify identity and agree to financial terms for centuries. Banks kept records of customer signatures to check against, but the sheer number of transactions and advancements in technology eventually made that impractical.

By the 1980s, charges could be processed electronically. Signatures were still used in cases of fraud or stolen cards. Banks could call merchants and ask them to present a signed receipt. Yet given how easy signatures are to forge, they proved limited as a fraud prevention tool. Now there are more sophisticated ways to determine whether cards are stolen or misused, according to Mark Nelsen, global head of consumer payments at Visa.

Music

Spotify Criticized For Letting Fake Albums Appear On Real Artist Pages (arstechnica.com) 15

An anonymous reader quotes a report from Ars Technica: This fall, thousands of fake albums were added to Spotify, with some appearing on real artist pages, where they're positioned to lure unsuspecting listeners into streaming by posing as new releases from favorite bands. An Ars reader flagged the issue after finding a fake album on the Spotify page of an UK psych rock band called Gong. The Gong fan knew that the band had begun touring again after a surprise new release last year, but the "latest release" listed by Spotify wasn't that album. Instead, at the top of Gong's page was a fake self-titled album supposedly released in 2024.

The real fan detected the fake instantly, and not just because the generic electronic music sounded nothing like Gong's experimental sounds. The album's cover also gave the scheme away, using a generic font and neon stock image that invoked none of the trippy imagery that characterized Gong's typical album covers. Ars confirmed with Gong member Dave Sturt that the self-titled item was an obvious fake on Monday. At that time, Sturt said the band was working to get the junk album removed from its page, but as of Tuesday morning, that album remained online, along with hundreds of other albums uploaded by a fake label that former Spotify data "alchemist" Glenn McDonald flagged in a social media post that Spotify seemingly ignored.

On his site, McDonald gathered the junk album data by label, noting that Beat Street Music, which has no web presence but released the fake Gong album, uploaded 240 junk albums on Friday alone. Similarly, Ancient Lake Records uploaded 471 albums on Friday. And Gupta Music added 483 just a few days prior, along with 600 junk albums from Future Jazz Records uploaded between September 30 and October 8. These junk albums don't appear to be specifically targeting popular artists, McDonald told Ars. Rather, generic music is uploaded under a wide range of one-word artist names. However, by using that tactic, some of these fake albums appeared on real artist pages, such as Gong, experimental rock band Swans, and English rock bands Asia and Yes. And that oversight is on Spotify, McDonald suggested.
"We are aware of the issue, have relocated the content in question, and are considering our further options against the providing licensor," a Spotify spokesperson said. "When we identify or are alerted to attempts by bad actors to game the system, we take action that may include removing stream counts and withholding royalties. Spotify invests heavily in automated and manual reviews to prevent, detect, and mitigate the impact of bad actors attempting to collect unearned royalties."
Medicine

25% of Adults Suspect Undiagnosed ADHD (neurosciencenews.com) 154

An anonymous reader quotes a report from Neuroscience News: Attention deficit/hyperactivity disorder -- also known as ADHD -- is typically thought of as a childhood condition. But more adults are realizing that their struggles with attention, focus and restlessness could in fact be undiagnosed ADHD, thanks in large part to trending social media videos racking up millions of views. A new national survey of 1,000 American adults commissioned by The Ohio State University Wexner Medical Center and College of Medicine finds that 25% of adults now suspect they may have undiagnosed ADHD. But what worries mental health experts is that only 13% of survey respondents have shared their suspicions with their doctor. That's raising concerns about the consequences of self-diagnosis leading to incorrect treatment.

"Anxiety, depression and ADHD -- all these things can look a lot alike, but the wrong treatment can make things worse instead of helping that person feel better and improving their functioning," said psychologist Justin Barterian, PhD, clinical assistant professor in Ohio State's Department of Psychiatry and Behavioral Health. An estimated 4.4% of people ages 18 to 44 have ADHD, and some people aren't diagnosed until they're older, Barterian said. "There's definitely more awareness of how it can continue to affect folks into adulthood and a lot of people who are realizing, once their kids have been diagnosed, that they fit these symptoms as well, given that it's a genetic disorder," Barterian said. The survey found that younger adults are more likely to believe they have undiagnosed ADHD than older generations, and they're also more likely to do something about it. Barterian said that should include seeing a medical professional, usually their primary care provider, to receive a referral to a mental health expert to be thoroughly evaluated, accurately diagnosed and effectively treated.

Security

National Public Data, the Hacked Data Broker That Lost Millions of Social Security Numbers and More, Files For Bankruptcy (techcrunch.com) 28

An anonymous reader shares a report: A Florida data broker that lost hundreds of millions of Social Security numbers and other personally identifiable information in a data breach earlier this year, has filed for Chapter 11 bankruptcy protection as the company faces a wave of litigation.

Jericho Pictures, the parent company of the hacked data broker National Public Data, told a Florida bankruptcy court that it was unlikely to be able to repay its debtors or address its anticipated liabilities and class-action lawsuits, including paying "for credit monitoring for hundreds of millions of potentially impacted individuals." In its initial filing, Jericho Pictures' owner, Salvatore Verini, said the company "faces substantial uncertainty facing regulatory challenges by the Federal Trade Commission and more than 20 states with civil penalties for data breaches."

Privacy

Privacy Advocates Urge 23andMe Customers to Delete Their Data. But Can They? (sfgate.com) 45

"Some prominent privacy advocates are encouraging customers to pull their data" from 23andMe, reports SFGate.

But can you actually do that? 23andMe makes it easy to feel like you've protected your genetic footprint. In their account settings, customers can download versions of their data to a computer and choose to delete the data attached to their 23andMe profile. An email then arrives with a big pink button: "Permanently Delete All Records." Doing so, it promises, will "terminate your relationship with 23andMe and irreversibly delete your account and Personal Information."

But there's another clause in the email that conflicts with that "terminate" promise. It says 23andMe and whichever contracted genotyping laboratory worked on a customer's samples will still hold on to the customer's sex, date of birth and genetic information, even after they're "deleted." The reason? The company cites "legal obligations," including federal laboratory regulations and California lab rules. The federal program, which sets quality standards for laboratories, requires that labs hold on to patient test records for at least two years; the California rule, part of the state's Business and Professions Code, requires three. When SFGATE asked 23andMe vice president of communications Katie Watson about the retention mandates, she said 23andMe does delete the genetic data after the three-year period, where applicable...

Before it's finally deleted, the data remains 23andMe property and is held under the same rules as the company's privacy policy, Watson added. If that policy changes, customers are supposed to be informed and asked for their consent. In the meantime, a hack is unfortunately always possible. Another 23andMe spokesperson, Andy Kill, told SFGATE that [CEO Anne] Wojcicki is "committed to customers' privacy and pledges to retain the current privacy policy in force for the foreseeable future, including after the acquisition she is currently pursuing."

An Electronic Frontier Foundation privacy lawyer tells SFGate there's no information more personal than your DNA. "It is like a Social Security number, it can't be changed. But it's not just a piece of paper, it's kind of you."

He urged 23andMe to leave customers' data out of any acquisition deals, and promise customers they'd avoid takeover attempts from companies with bad security — or with ties to law enforcement.
Power

Were America's Electric Car Subsidies Worth the Money? (msn.com) 265

America's electric vehicle subsidies brought a 2-to-1 return on investment, according to a paper by the National Bureau of Economic Research. "That includes environmental benefits, but mostly reflects a shift of profits to the United States," reports the New York Times. "Before the climate law, tax credits were mainly used to buy foreign-made cars." "What the [subsidy legislation] did was swing the pendulum the other way, and heavily subsidized American carmakers," said Felix Tintelnot, an associate professor of economics at Duke University who was a co-author of the paper. Those benefits were undermined, however, by a loophole allowing dealers to apply the subsidy to leases of foreign-made electric vehicles. The provision sends profits to non-American companies, and since those foreign-made vehicles are on average heavier and less efficient, they impose more environmental and road-safety costs. Also, the researchers estimated that for every additional electric vehicle the new tax credits put on the road, about three other electric vehicle buyers would have made the purchases even without a $7,500 credit. That dilutes the effectiveness of the subsidies, which are forecast to cost as much as $390 billion through 2031.
The chief economist at Cox Automotive (which provided some of the data) tells the Times that "we could do better", but adds that the subsidies were "worth the money invested". But of course, that depends partly on how benefits were calculated: [U]ing the Environmental Protection Agency's "social cost of carbon" metric, they calculated the dollar cost of each model's lifetime carbon emissions from both manufacturing and driving. On average, emissions by gas-powered vehicles impose 57% greater costs than electric vehicles. The study then calculated harms from air pollution other than greenhouse gases — smog, for example. That's where electric vehicles start to perform relatively poorly, since generating the electricity for them still creates pollution. Those harms will probably fade as more wind and solar energy comes online, but they are significant. Finally, the authors added the road deaths associated with heavier cars. Batteries are heavy, so electric vehicles — especially the largest — are likelier to kill people in crashes.

Totaling these costs and then subtracting fiscal benefits through gas taxes and electricity bills, electric vehicles impose $16,003 in net harms, the authors said, while gas vehicles impose $19,239. But the range is wide, with the largest electric vehicles far outpacing many internal combustion cars.

By this methodology, a large electric pickup like the Rivian imposes three times the harms of a Prius, according to one of the study's co-authors (a Stanford professor of global environmental). And yet "we are subsidizing the Rivian and not the Prius..."
EU

Meta 'Supreme Court' Expands with European Center to Handle TikTok, YouTube Cases (msn.com) 19

Meta's Oversight Board "is spinning off a new appeals center," reports the Washington Post, "to handle content disputes from European social media users on multiple platforms".

It will operate under Europe's Digital Services Act, "which requires tech companies to allow users to appeal restrictions on their accounts before an independent group of experts." "I think this is really a game changer," Appeals Centre Europe CEO Thomas Hughes said in an interview. "It could really drive platform accountability and transparency."

The expansion arrives as the Oversight Board, an independent collection of academics, experts and lawyers funded by Meta, has been seeking to expand its influence beyond the social media giant... [The Board] has tried for years to court other major internet companies, offering to help them referee debates about content, The Post has reported...

Oversight Board members and Oversight Board Trust Chairman Stephen Neal said in statements that both the Appeals Centre Europe and the Oversight Board will play critical but complimentary roles in holding tech companies accountable for their decisions on content. "Both entities are committed to improving user redress, transparency and upholding users' rights online," Neal said...

Hughes, who used to be the Oversight Board's administration director, said that he was "proud" of what the Oversight Board is accomplishing but that it is different from what the Appeals Centre Europe will offer. When Facebook, YouTube or TikTok removes a post, European social media users will be able to appeal the decision to the center. Users also will also be able to flag the center with posts they think violate the rules but were not removed. While the Appeals Centre Europe's decisions will be nonbinding, the group will generate data that could power decisions by regulators, civil society groups and the general public, Hughes said. By contrast, the Oversight Board's decisions on Meta content are binding.

Last year the original Oversight Board completed more than 50 cases, "and is on track to exceed that number in 2024," according to the article. But this board is different, CEO Hughes told the Post. They'll have about two dozen staffers, with expertise in human rights and tech policy — or fluency in various languages.

And he added that though the center is funded by an initial grant, future operating costs will be covered by the fees social media companies pay the appeal center — roughly 90 euros ($100) per case.
Crime

WSJ Profiles The 'Dangerous' Autistic Teen Cybercriminal Who Leaked GTA VI Clips (msn.com) 78

The Wall Street Journal delves into the origin story of that teenaged Grand Theft Auto VI leaker. Arion Kurtaj, now 19 years old, is the most notorious name that has emerged from a sprawling set of online communities called the Com... Their youthful inventiveness and tenacity, as well as their status as minors that make prosecution more complicated, have made the Com especially dangerous, according to law-enforcement officials and cybersecurity investigators. Some kids, they say, are recruited from popular online spaces like Minecraft or Roblox.... [William McKeen, a supervisory special agent with the FBI's Cyber Division] said the average age of anyone arrested for a crime in the U.S. is 37, while the average age of someone arrested for cybercrime is 19. Cybersecurity investigators have found posts they say suggest Kurtaj has been involved in online attacks since he was 11.
"He had limited social skills and trouble developing relationships, records say — and ultimately looked for approval in the booming world of cybercrime..." [When Kurtaj was 14] he landed in a residential school serving children with severe emotional and behavioral needs. Kurtaj was physically assaulted by a staff member at his school who was later convicted as a result, according to a person familiar with the case. In early 2021, his mother brought him home and removed him from government care, court records say. He never returned to school. He was 16.

A month after his mother pulled him out of school, investigators say that Kurtaj was part of a hacking group called Recursion Team that broke into the videogame firm Electronic Arts and stole 780 gigabytes of data. When Electronic Arts refused to engage, they dumped the stolen data online. Within a week of that hack, investigators had identified Kurtaj and provided his name to the FBI. Later in that summer of 2021, according to court records, Kurtaj partnered with another teenager, known as ASyntax, and several Brazilian hackers, and started calling themselves Lapsus$. The group hacked into the British telecommunications giant BT in an effort to steal money using a technique called SIM swapping... The hacks weren't always for money. In late 2021, Lapsus$ hacked into a website operated by Brazil's Ministry of Health and deleted the country's database of Covid vaccinations, according to law enforcement...

If the Com has a social center, it's a website called Doxbin, where users publish personal details, such as home addresses and phone numbers, of their online rivals in an attempt to intimidate each other. Kurtaj bought Doxbin in November 2021 for $75,000, according to Chainalysis. But after a few months, the previous owners accused Kurtaj of mismanaging the site and pressured him to sell it back. He relented. Then in January 2022, cybersecurity investigators say, he doxxed the entire site, publishing a database that included usernames, passwords and email addresses that he'd downloaded when he was the owner. For cybersecurity experts, it was a gold mine. "It helped investigators piece together which crimes were done by who," said Allison Nixon, chief research officer at Unit 221B, an online investigations firm.

Doxbin's owners responded with a dox of Kurtaj and his family, including his home address and photos of him, investigators say — setting up the chain of events that would put Kurtaj in the Travelodge.

After two weeks of "protective custody" there — during which time he was supposed to be computer-free — Kurtaj "was arrested a third time and charged with hacking, fraud and blackmail. Authorities said that while at the Travelodge, he broke into Uber and taunted the company by posting a link to a photo of an erect penis on the company's internal Slack messaging system, then stole software and videos from Rockstar Games. Stolen clips had popped up in a Grand Theft Auto discussion forum from a user named teapotuberhacker and stirred a frenzy.

"As officers collected evidence, the teen stood by, emotionless, police say...."

"Kurtaj's lawyers and some experts on autism have said a potential lifetime of incarceration isn't appropriate for a teenager like Kurtaj..."

Thanks to long-time Slashdot reader SpzToid for sharing the article.
Microsoft

Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident (securityweek.com) 45

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
The Military

The Radio-Obsessed Civilian Shaping Ukraine's Drone Defense (technologyreview.com) 42

Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
It's funny.  Laugh.

Imgur Is No Longer Classifying Memes With Adult Humor As Mature (theverge.com) 22

Imgur announced changes to its content moderation policies, no longer classifying memes with adult humor as mature. Going forward, only memes with sexualized or lewd content will receive the mature tag. The Verge reports: Imgur is making the changes after it collected feedback about its content moderation over the course of this year, including that its policies, "especially surrounding mature content, feel inconsistently applied, too subjective, or just rather confusing as a whole," according to a post from Imgur product manager Martyn O'Neill. Now, mature content consists "solely of sexualized or 'lewd'" content.

Following the adjustments, O'Neill says that "warnings / post removals" are down nearly 35 percent month over month. Far fewer posts are being marked as mature as well; that stat has declined by almost 50 percent.

Social Networks

Bluesky Is Now Courting Threads Users (thurrott.com) 12

Bluesky, the decentralized social network cofounded by Jack Dorsey, created a Threads account to court users frustrated by Meta's moderation issues. Thurrott reports: This week, the Bluesky team also used Threads to share some tips on how to get started on Bluesky, how to get more engagement, and more. The company also emphasized its decentralized structure and more extensive customization options, with the app recently introducing a new theme font, adjustable font sizing, and the ability to pin posts on top of profiles.

Bluesky also couldn't resist to engage in some strange trolling this week. "We're not like the other girls ... we're not owned by a billionaire," the team wrote on Threads yesterday. Of course, this the post that got the most engagement on the Bluesky Threads account with close to 500 comments as of this writing.

Social Networks

TikTok Execs Know About App's Effect On Teens, Lawsuit Documents Allege (npr.org) 49

An anonymous reader quotes a report from NPR : For the first time, internal TikTok communications have been made public that show a company unconcerned with the harms the app poses for American teenagers. This is despite its own research validating many child safety concerns. The confidential material was part of a more than two-year investigation into TikTok by 14 attorneys general that led to state officials suing the company on Tuesday. The lawsuit alleges that TikTok was designed with the express intention of addicting young people to the app. The states argue the multi-billion-dollar company deceived the public about the risks. In each of the separate lawsuits state regulators filed, dozens of internal communications, documents and research data were redacted -- blacked-out from public view -- since authorities entered into confidentiality agreements with TikTok.

But in one of the lawsuits, filed by the Kentucky Attorney General's Office, the redactions were faulty. This was revealed when Kentucky Public Radio copied-and-pasted excerpts of the redacted material, bringing to light some 30 pages of documents that had been kept secret. A group of more than a dozen states sued TikTok on Tuesday, alleging the app was intentionally designed to addict teens, something authorities say is a violation of state consumer protection laws. After Kentucky Public Radio published excerpts of the redacted material, a state judge sealed the entire complaint following a request from the attorney general's office "to ensure that any settlement documents and related information, confidential commercial and trade secret information, and other protected information was not improperly disseminated," according to an emergency motion to seal the complaint filed on Wednesday by Kentucky officials.

NPR reviewed all the portions of the suit that were redacted, which highlight TikTok executives speaking candidly about a host of dangers for children on the wildly popular video app. The material, mostly summaries of internal studies and communications, show some remedial measures -- like time-management tools -- would have a negligible reduction in screen time. The company went ahead and decided to release and tout the features. Separately, under a new law, TikTok has until January to divest from its Chinese parent company, ByteDance, or face a nationwide ban. TikTok is fighting the looming crackdown. Meanwhile, the new lawsuits from state authorities have cast scrutiny on the app and its ability to counter content that harms minors.

The Internet

Ukraine Arrests VPN Operator Facilitating Access to Russian Internet (circleid.com) 122

penciling_in writes: Ukrainian authorities have arrested a 28-year-old man in Khmelnytskyi for running an illegal VPN service that allowed users to bypass Ukrainian sanctions and access the Russian internet (Runet). The VPN, active since Russia's invasion, enabled Russian sympathizers and people in occupied territories to reach blocked Russian government sites, social media, and news.

Handling over 100GB of data daily and linking to 48 million Russian IP addresses, the VPN may have been exploited by Russian intelligence. Ukrainian cyber police, in collaboration with the National Security Service, seized servers and equipment in multiple locations. The suspect faces charges under Part 5 of Article 361 of Ukraine's Criminal Code, which could lead to a 15-year prison sentence. Investigations are ongoing into further connections and funding sources. The case highlights the growing role of VPNs in the ongoing cyberwar between Ukraine and Russia.

Slashdot Top Deals