SpyAgent is a new Android malware that uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices, allowing attackers to hijack wallets and steal funds. The malware primarily targets South Korea but poses a growing threat as it expands to other regions and possibly iOS. BleepingComputer reports: A malware operation discovered by McAfee was traced back to at least 280 APKs distributed outside of Google Play using SMS or malicious social media posts. This malware can use OCR to recover cryptocurrency recovery phrases from images stored on an Android device, making it a significant threat. [...] Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

- Victim's contact list, likely for distributing the malware via SMS originating from trusted contacts.
- Incoming SMS messages, including those containing one-time passwords (OTPs).
- Images stored on the device to use for OCR scanning.
- Generic device information, likely for optimizing the attacks.

SpyAgent can also receive commands from the C2 to change the sound settings or send SMS messages, likely used to send phishing texts to distribute the malware. McAfee found that the operators of the SpyAgent campaign did not follow proper security practices in configuring their servers, allowing the researchers to gain access to them. Admin panel pages, as well as files and data stolen from victims, were easily accessible, allowing McAfee to confirm that the malware had claimed multiple victims. The stolen images are processed and OCR-scanned on the server side and then organized on the admin panel accordingly to allow easy management and immediate utilization in wallet hijack attacks.

An anonymous reader quotes a report from Ars Technica: Since its introduction in the 1970s, Dungeons & Dragons has become one of the most influential tabletop role-playing games (TRPGs) in popular culture, featuring heavily in Stranger Things, for example, and spawning a blockbuster movie released last year. Over the last decade or so, researchers have turned their focus more heavily to the ways in which D&D and other TRPGs can help people with autism form healthy social connections, in part because the gaming environment offers clear rules around social interactions. According to the authors of a new paper published in the journal Autism, D&D helped boost players' confidence with autism, giving them a strong sense of kinship or belonging, among other benefits.

"There are many myths and misconceptions about autism, with some of the biggest suggesting that those with it aren't socially motivated, or don't have any imagination," said co-author Gray Atherton, a psychologist at the University of Plymouth. "Dungeons & Dragons goes against all that, centering around working together in a team, all of which takes place in a completely imaginary environment. Those taking part in our study saw the game as a breath of fresh air, a chance to take on a different persona and share experiences outside of an often challenging reality. That sense of escapism made them feel incredibly comfortable, and many of them said they were now trying to apply aspects of it in their daily lives." [...] For this latest study. Atherton et al. wanted to specifically investigate how autistic players experience D&D when playing in groups with other autistic players. It's essentially a case study with a small sample size -- just eight participants -- and qualitative in nature, since the post-play analysis focused on semistructured interviews with each player after the conclusion of the online campaign, the better to highlight their individual voices.

The players were recruited through social media advertisements within the D&D, Reddit and Discord online communities; all had received an autism diagnosis by a medical professional. They were split into two groups of four players, with one of the researchers (who's been playing D&D for years) acting as the dungeon master. The online sessions featured in the study was the Waterdeep: Dragonheist campaign. The campaign ran for six weeks, with sessions lasting between two and four hours (including breaks). Participants spoke repeatedly about the positive benefits they received from playing D&D, providing a friendly environment that helped them relax about social pressures. "When you're interacting with people over D&D, you're more likely to understand what's going on," one participant said in their study interview. "That's because the method you'll use to interact is written out. You can see what you're meant to do. There's an actual sort of reference sheet for some social interactions." That, in turn, helped foster a sense of belonging and kinship with their fellow players.

Participants also reported feeling emotionally invested and close to their characters, with some preferring to separate themselves from their character in order to explore other aspects of their personality or even an entirely new persona, thus broadening their perspectives. "I can make a character quite different from how I interact with people in real-life interactions," one participant said. "It helps you put yourself in the other person's perspective because you are technically entering a persona that is your character. You can then try to see how it feels to be in that interaction or in that scenario through another lens." And some participants said they were able to "rewrite" their own personal stories outside the game by adopting some of their characters' traits -- a psychological phenomenon known as "bleed."

Following the arrest of its CEO Pavel Durov last month, the encrypted messaging service said it has disabled some "outdated" and "misused" features used by anonymous users. The Verge reports: The first changes to the app following his arrest in France last month affect its built-in blog posts and a "People Nearby" location-based feature. [...] Durov's first post-arrest statement Thursday said, "Telegram's abrupt increase in user count to 950M caused growing pains that made it easier for criminals to abuse our platform. That's why I made it my personal goal to ensure we significantly improve things in this regard." He also said that during the four-day interview after his arrest, "I was told I may be personally responsible for other people's illegal use of Telegram, because the French authorities didn't receive responses from Telegram."

Telegram has since reworked some of its language surrounding private chats and moderation and followed up with these new updates. It's also adding Star giveaways and enabling a reading mode for its in-app browser. "While 99.999% of Telegram users have nothing to do with crime, the 0.001% involved in illicit activities creates a bad image for the entire platform," Durov's message says. "That's why this year we are committed to turn moderation on Telegram from an area of criticism into one of praise."

Durov says the service has stopped new media uploads to its standalone blogging tool, Telegraph, because it was "misused by anonymous actors." Telegram has also removed its People Nearby feature, which lets you find and message other users in your area. Durov says the feature has "had issues with bots and scammers" and was only used by less than 0.1 percent of users. Telegram will replace this feature with "Businesses Nearby" instead, allowing "legitimate, verified businesses" to display products and accept payments.

An anonymous reader quotes a report from TechCrunch: Meta on Friday published an update on how it plans to comply with the Digital Markets Act (DMA), the European law that aims to promote competition in digital marketplaces, where the law concerns the company's messaging apps, Messenger and WhatsApp. As Meta notes in a blog post, the DMA requires that it provide an option in WhatsApp and Messenger to connect with interoperable third-party messaging services and apps. Meta says it's building notifications into WhatsApp and Messenger to inform users about these third-party integrations and alert them when a newly compatible third-party messaging app comes online. The company also says it's introducing an onboarding flow in WhatsApp and Messenger where users can learn more about third-party chats and switch them on. From the flow, users will be able to set up a designated folder for third-party messages or, alternatively, opt for a combined inbox.

In 2025, Meta will roll out group functionality for third-party chats, and, in 2027, it'll launch voice and video calling in accordance with the DMA. And at some unspecified point in the future, Meta will bring "rich messaging" features for third-party chats to WhatsApp and Messenger, like reactions, direct replies, typing indicators and read receipts, the company says. "We will keep collaborating with third-party messaging services in order to provide the safest and best experience," Meta wrote in the post. "Users will start to see the third-party chat option when a third-party messaging service has built, tested and launched the necessary technology to make the feature a positive and secure user experience."

Ben Werdmuller, an entrepreneur who leads tech for ProPublica, writes on the trust crisis brewing in Meta's Threads app. He posted a quick comment about the Internet Archive's legal troubles, only to find it blew up in unexpected ways. Turns out, Threads' algorithm tossed his post to folks way outside his usual crowd, and they weren't happy about the lack of context. He writes: The comments that really surprised me were the ones that accused me of engagement farming. I've never received these before, and it made me wonder about the underlying assumptions. Why would this be engagement farming? Why would someone do this? Why would they assume that about me? Turns out, Meta's been secretly paying select "creators" up to $5,000 per viral post, turning the platform into a digital gold rush. Now, every post is suspect.

An anonymous reader quotes a report from Wired: Jazmin Jones knowswhat she did. "If you're online, there's this idea of trolling," Jones, the director behindSeeking Mavis Beacon, said during a recent panel for her new documentary. "For this project, some things we're taking incredibly seriously ... and other things we're trolling. We're trolling this idea of a detective because we're also, like,ACAB." Her trolling, though, was for a good reason. Jones and fellow filmmaker Olivia Mckayla Ross did it in hopes of finding the woman behind Mavis Beacon Teaches Typing. The popular teaching tool was released in 1987 by The Software Toolworks, a video game and software company based in California that produced educational chess, reading, and math games. Mavis, essentially the "mascot" of the game, is a Black woman donned in professional clothes and a slicked-back bun. Though Mavis Beacon was not an actual person, Jones and Ross say that she is one of the first examples of Black representation they witnessed in tech. Seeking Mavis Beacon, which opened in New York City on August 30 and is rolling out to other cities in September, is their attempt to uncover the story behind the face, which appeared on the tool's packaging and later as part of its interface.

The film shows the duo setting up a detective room, conversing over FaceTime, running up to people on the street, and even tracking down a relative connected to the ever-elusive Mavis. But the journey of their search turned up a different question they didn't initially expect: What are the impacts of sexism, racism, privacy, and exploitation in a world where you can present yourself any way you want to? Using shots from computer screens, deep dives through archival footage, and sit-down interviews, the noir-style documentary reveals that Mavis Beacon is actually Renee L'Esperance, a Black model from Haiti who was paid $500 for her likeness with no royalties, despite the program selling millions of copies. [...]

In a world where anyone can create images of folks of any race, gender, or sexual orientation without having to fully compensate the real people who inspired them, Jones and Ross are working to preserve not only the data behind Mavis Beacon but also the humanity behind the software. On the panel, hosted by Black Girls in Media, Ross stated that the film's social media has a form where users of Mavis Beacon can share what the game has meant to them, for archival purposes. "On some level, Olivia and I are trolling ideas of worlds that we never felt safe in or protected by," Jones said during the panel. "And in other ways, we are honoring this legacy of cyber feminism, historians, and care workers that we are very seriously indebted to." You can watch the trailer for "Seeking Mavis Beacon" on YouTube.

In the days following Brazil's shutdown of X, the decentralized social networking startup Bluesky added over 2 million new users, up from just half a million as of Friday. "This rapid growth led some users to encounter the occasional error that would state there were 'Not Enough Resources' to handle requests, as Bluesky engineers scrambled to keep the servers stable under the influx of new sign-ups," reports TechCrunch's Sarah Perez. From the report: As new users downloaded the app, Bluesky jumped to becoming the app to No. 1 in Brazil over the weekend, ahead of Meta's X competitor, Instagram Threads. According to app intelligence firm Appfigures, Bluesky's total downloads soared by 10,584% this weekend compared to last, and its downloads in Brazil were up by a whopping 1,018,952%. The growth seems to be having a halo effect, as downloads outside Brazil also rose by 584%, the firm noted. In part, this is due to Bluesky receiving downloads in 22 countries where it had barely seen any traction before.

In terms of absolute downloads, countries that saw the most installs outside Brazil included the U.S., Portugal, the U.K., Canada and Spain. Those with the most download growth, however, were Portugal, Chile, Argentina, Colombia and Romania. Most of the latter group jumped from single-digit growth to growth in the thousands. Bluesky's newcomers have actively engaged on the platform, too, driving up other key metrics.

As one Bluesky engineer remarked, the number of likes on the social network grew to 104.6 million over the past four-day period, up from just 13 million when compared with a similar period just a week ago. Follows also grew from 1.4 million to 100.8 million while reposts grew from 1.3 million to 11 million. As of Monday, Bluesky said it had added 2.11 million users during the past four days, up from 26,000 users it had added in the week-ago period. In addition, the company noted it had seen "significantly more than a 100% [daily active users] increase." On Tuesday, Bluesky told TechCrunch the number is now 2.4 million and continues to grow "by the minute."

An anonymous reader quotes a report from Ars Technica: On Thursday, ABC announced an upcoming TV special titled, "AI and the Future of Us: An Oprah Winfrey Special." The one-hour show, set to air on September 12, aims to explore AI's impact on daily life and will feature interviews with figures in the tech industry, like OpenAI CEO Sam Altman and Bill Gates. Soon after the announcement, some AI critics began questioning the guest list and the framing of the show in general. [...] Critics of generative AI ... question the utility of the technology, its perceived environmental impact, and what they see as blatant copyright infringement.

"Sure is nice of Oprah to host this extended sales pitch for the generative AI industry at a moment when its fortunes are flagging and the AI bubble is threatening to burst," tweeted author Brian Merchant, who frequently criticizes generative AI technology in op-eds, social media, and through his "Blood in the Machine" AI newsletter. "The way the experts who are not experts are presented as such what a train wreck," replied artist Karla Ortiz, who is a plaintiff in a lawsuit against several AI companies. "There's still PLENTY of time to get actual experts and have a better discussion on this because yikes." On Friday, Ortiz created a lengthy viral thread on X that detailed her potential issues with the program, writing, "This event will be the first time many people will get info on Generative AI. However it is shaping up to be a misinformed marketing event starring vested interests (some who are under a litany of lawsuits) who ignore the harms GenAi inflicts on communities NOW." The AI TV special will feature "some of the most important and powerful people in AI," said ABC. They include Microsoft co-founder Bill Gates, OpenAI CEO Sam Altman, YouTube creator Marques Brownlee, Tristan Harris and Aza Raskin from the Center for Humane Technology, FBI Director Christopher Wray, and author Marilynne Robinson.

The show will air on September 12 on ABC (and a day later on Hulu) in the U.S.

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.
The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...

To make America the "crypto capital of the planet," former U.S. President Donald Trump promised crypto-friendly policies, writes Politico, which "could have a new beneficiary: his own family." Trump has vowed to enact an array of pro-crypto policies in a bid to win votes — and campaign cash — from digital asset enthusiasts in recent months. Now, he's weaving the overtures into his pitch for his sons' forthcoming startup... It remains unclear what the Trump sons' crypto venture will look like. They have been teasing their plans to launch it for weeks, in part by positioning it as an alternative to the use of big banks.... ["Be defiant," reads the tagline on their World Liberty Financial home page — with nothing more than its name and the words "Coming soon."]

Trump's sons took over control of their father's business, the Trump Organization, after he became president in 2017, but he retained ownership of the company... It is unclear whether the crypto startup would be launched as part of the Trump Organization or as a separate entity. Either way, ethics experts and watchdogs say the crypto business could create the appearance of a conflict of interest if Trump wins back the White House this fall... From an "optics perspective, it's terrible," said Richard Painter, who served as chief White House ethics lawyer under former President George W. Bush and later ran for Congress as a Democrat. But he said it wouldn't violate any ethics laws.

The family venture is the latest way Trump has embraced the digital asset industry, which is pouring more than $160 million into the 2024 elections as it seeks to help elect allies up and down the ballot. Trump has also marketed his own line of non-fungible tokens, or NFTs, which are digital images of the former president that fans can purchase for $99... Trump's NFT sales could also raise ethics concerns, said Jordan Libowitz, vice president for communications at the Citizens for Responsibility and Ethics in Washington....

"[P]rior conflicts and illegalities took advantage of preexisting loopholes," said Norman Eisen, an ethics lawyer who served in the Obama White House and later helped build the first impeachment case against Trump. "Here, Trump appears to be promising to create the loopholes while his family is simultaneously designing a business venture to exploit them."
The article notes that Trump promoted his son's crypto venture on X this week with audio from Trump's speech at a crypto conference in July. "He first revealed his pro-crypto leanings — after previously deriding digital currency — at a Mar-a-Lago event in May with supporters who bought his crypto-linked digital trading cards..."

"Trump is also facing new questions about what he would do with his stake in the parent company of the social media service Truth Social," the article adds. (Although this week the stock hit a new low. After losing 50% of its value in six weeks, it's dropped below $20 per share for the first time since it started publicly trading...)

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.
The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

"Sometimes an artificial intelligence tool comes out of nowhere and dominates the conversation on social media," writes Tom's Guide.

"This week that app is Cursor, an AI coding tool that uses models like Claude 3.5 Sonnet and GPT-4o to make it easier than ever to build your own apps," with the ability to "write, predict and manipulate code using nothing but a text prompt." Cursor is part development environment, part AI chatbot and unlike tools like GitHub Copilot it can more or less do all of the work for you, transforming a simple idea into functional code in minutes... Built on the same system as the popular Microsoft Visual Studio Code, Cursor has already found a fanbase among novice coders and experienced engineers...

Cursor's simplicity, working from a chat window, means even someone completely new to code could get a functional app running in minutes and keep building on it to add new features... The startup has raised over $400 million since it was founded in 2022 and works with various models including those from Anthropic and OpenAI... In my view, its true power is in the democratization of coding. It would also allow someone without much coding experience to build the tools they need by typing a few lines of text.
More from ReadWrite: Cursor, an AI firm that is attempting to build a "magical tool that will one day write all the world's code," has announced it has raised $60 million in its Series A funding round... As of August 22, the company had a valuation of $400 million, according to sources cited by TechCrunch...

Anysphere is the two-year-old startup that developed the app. Its co-founders are Michael Truell, Sualeh Asif, Arvid Lunnemark and Aman Sanger, who started the company while they were students at MIT... Using advanced AI capabilities, it is said to be able to finish, correct, and change AI code through natural language commands. It currently works with JavaScript, Python, and TypeScript, and is free for most uses. The pro plan will set you back $20 per month.
But how well does it work? Tom's Guide notes that after requesting a test app, "It generated the necessary code in the sidebar chat window and all I had to do was click Apply and then Accept. This added the code to a new Python file including all the necessary imports. It also gave me instructions on how to add modules to my machine to make the code work.

"As the chat is powered by Claude 3.5 Sonnet, you can just have it explain in more detail any element of the code or any task required to make it run..."

Andreessen Horowitz explains why they invested in the company: It's very clear that LLMs are a powerful tool for programmers, and that their coding abilities will improve over time. But it's also clear that for most coding tasks, the problem to solve is not how to make LLMs perform well in isolation, but how to make them perform well alongside a human developer. We believe, therefore, the interface between programmers and AI models will soon become one of the most important pieces of the dev stack. And we're thrilled to announce our series A investment...

Cursor is a fork of VS Code that's heavily customized for AI-assisted programming. It works with all the latest LLMs and supports the full VS Code plugin ecosystem. What makes Cursor special are the features designed to integrate AI into developer workflows — including next action prediction, natural language edits, chatting with your codebase, and a bunch of new ones to come... Our belief is that Cursor, distinctly among AI coding tools, has simply gotten it right. That's why, in a little over a year, thousands of users have signed up for Cursor, including at companies like OpenAI, Midjourney, Perplexity, Replicate, Shopify, Instacart, and many others. Users give glowing reviews of the product, many of them have started to pay for it, and they rarely switch back to other IDEs. Most of the a16z Infra team have also become avid Cursor users!
One site even argues that Cursor's coding and AI capabilities "should be a wake up call for Microsoft to make VS Code integration with GitHub Copilot a lot easier."

Thanks to Slashdot reader joshuark for sharing the article.

A climate newsletter from the Los Angeles Times asked the question: Is it ethical to have children in the face of climate change?

And they start by noting many people ask that question: A Pew Research Survey published in July found that among U.S. adults aged 18 to 49 who don't plan on having kids, more than a quarter — 26% — cited "concerns about the environment, including climate change," as a major factor. Of the people over 50 who did not have kids, 6% cited the same reason, pointing to a generational divide that may be fueled by growing awareness of the issue, as well as increasing exposure to worsening climate hazards...

I worry about the well-being of these kids: What kind of world will they live in? Will there be clean air and water? Will it be too hot or smoky to play outside? (To be blunt, the outlook on these matters doesn't look great under most emissions scenarios.) But the other side of the coin involves the well-being of the planet. Is it wrong to add more people at a moment when resources are so strained — when, say, the Colorado River is shrinking to record lows and the global average temperature is soaring to record highs? Each new child, after all, will bring not only a cute little footprint but a carbon footprint as well...

[T]he fact is that climate change is also affecting reproduction. Hotter temperatures and air pollution, for instance, have been linked to increased stillbirths, preterm births, lower birth weight and increased risk of hospitalization for newborns and infants, among other negative outcomes. Pregnant people are also especially vulnerable to climate hazards, which can trigger hypertension and other health issues and contribute to reduced fertility rates.
The newsletter makes many other points, but ultimately concludes that "children, after all, are one of the clearest symbols of how we, as a society, feel about the future." And it includes this quote from the book The Quickening, in which author Elizabeth Rush visits the melting Thwaites Glacier in Antarctic.

"I can celebrate the idea that to have a child means having faith that the world will change, and more importantly, committing to being a part of the change yourself."

The Washington Post writes that Telegram's "anything-goes approach" to its 950 million users "has also made it one of the internet's largest havens for child predators, experts say...."

"Durov's critics say his public idealism masks an opportunistic business model that allows Telegram to profit from the worst the internet has to offer, including child sexual abuse material, or CSAM... " [Telegram is] an app of choice for political organizing, including by dissidents under repressive regimes. But it is equally appealing for terrorist groups, criminal organizations and sexual predators, who use it as a hub to share and consume nonconsensual pornography, AI "deepfake" nudes, and illegal sexual images and videos of exploited minors, said Alex Stamos, chief information security officer at the cybersecurity firm SentinelOne. "Due to their advertised policy of not cooperating with law enforcement, and the fact that they are known not to scan for CSAM, Telegram has attracted large groups of pedophiles trading and selling child abuse materials," Stamos said.

That reach comes even though many Telegram exchanges don't actually use the strong forms of encryption available on true private messaging apps, he added. Telegram is used for private messaging, public posts and group chats. Only one-to-one conversations can be encrypted in a way that even Telegram can't access them. And that occurs only if users choose the option, meaning the company could turn over everything else to governments if it wanted to... French prosecutors argue that Durov is in fact responsible for Telegram's emergence as a global haven for illegal content, including CSAM, because of his reluctance to moderate it and his refusal to help authorities police it, among other allegations...

David Kaye, a professor at University of California, Irvine School of Law and former U.N. special rapporteur on freedom of expression... said that while Telegram has at times banned groups and taken down [CSAM] content in response to law enforcement, its refusal to share data with investigators sets it apart from most other major tech companies. Unlike U.S.-based platforms, Telegram is not required by U.S. law to report instances of CSAM to the National Center for Missing and Exploited Children, or NCMEC. Many online platforms based overseas do so anyway — but not Telegram. "NCMEC has tried to get them to report, but they have no interest and are known for not wanting to work with [law enforcement agencies] or anyone in this space," a NCMEC spokesperson said.
The Post also writes that Telegram "has repeatedly been revealed to serve as a tool to store, distribute and share child sexual imagery." (They cite several examples, including two different men convicted to minimum sentences of at least 10 years for using the service to purchase CSAM and solicit explicit photos from minors.)

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city's data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group's dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a "breakthrough" in the city's forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them "unusable" to the thieves. Ginther went on to say the data's lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him "interacting" with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. "Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so," city attorneys wrote. "The dark web-posted data is not readily available for public consumption. Defendant is making it so." The same day, a Franklin County judge granted the city's motion for a temporary restraining order (PDF) against Ross. It bars the researcher "from accessing, and/or downloading, and/or disseminating" any city files that were posted to the dark web. The motion was made and granted "ex parte," meaning in secret before Ross was informed of it or had an opportunity to present his case.

A longtime Slashdot reader writes: Regular Slashdot users will certainly be aware of the saga unfolding between the country of Brazil and X. Reuters has already reported that what I have to relay here will come as no surprise to Elon Musk, but reporting on CNN confirms that Brazilian Justice Alexandre de Moraes has ordered X to suspend operations in Brazil until X names a representative to appear on X's behalf in Brazilian Courts.

Is this the end of X or some brilliant Machiavellian ploy on the part of Elon Musk? Only time and the informed and spirited debate of the users here at /. can be sure. Here's a recap of the saga, as told by X's Grok-2 chatbot: The Beginning: Alexandre de Moraes, a Brazilian Supreme Court Justice with a reputation for tackling misinformation, especially around elections, found himself at odds with Elon Musk, the space-faring, electric-car magnate turned social media mogul. The conflict kicked off when Moraes ordered X to block certain accounts in Brazil, part of his broader crackdown on what he deemed as misinformation.

The Escalation: Musk, never one to shy away from a fight, especially when it involves what he perceives as free speech issues, declared on X that he would not comply with Moraes' orders. This defiance wasn't just a tweet; it was a digital declaration of war. Musk accused Moraes of overstepping his bounds, betraying the constitution, and even likened him to Darth Vader in a less than flattering comparison. Moraes, not amused, opened an investigation into Musk for obstruction of justice, accusing him of inciting disobedience and disrespecting Brazil's sovereignty. The stakes were raised with fines of around $20,000 per day for each reactivated account, and threats of arresting X employees in Brazil.

The Drama Unfolds: The internet, as it does, had a field day. Posts on X ranged from Musk supporters calling Moraes a dictator to others backing Moraes, arguing he was defending democracy against foreign billionaires. The conflict became a global spectacle, with Musk's posts drawing international attention, comparing the situation to a battle for free speech versus censorship. Musk, in true Musk fashion, didn't just stop at defiance. He shared all of Moraes' demands publicly, suggesting users use VPNs, and even hinted at closing X's operations in Brazil, which eventually happened, citing the need to protect staff safety.

The Latest Chapter: Recently, X announced the closure of its operations in Brazil, a move seen as the culmination of this legal and ideological battle. Musk framed it as a stand against what he saw as an assault on free speech, while critics viewed it as an overreaction or a strategic retreat.

The Pidgin messaging app removed the ScreenShareOTR plugin from its third-party plugin list after it was found to be used to install keyloggers, information stealers, and malware targeting corporate networks. BleepingComputer reports: The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin. According to ESET, the malicious plugin was configured to infect unsuspecting users with DarkGate malware, a powerful malware threat actors use to breach networks since QBot's dismantling by the authorities. [...] Those who installed it are recommended to remove it immediately and perform a full system scan with an antivirus tool, as DarkGate may be lurking on their system.

After publishing our story, Pidgin's maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.

An anonymous reader quotes a report from Reuters: Facebook owner Meta struck a deal to buy geothermal power from Sage Geosystems to supply its U.S. data centers, it said on Monday, as it races to build out the infrastructure to support its massive investments in energy-hungry artificial intelligence. The first phase of the 150-megawatt project should be operational by 2027 and "significantly" expand the use of geothermal power in the United States, the social media company said. The location has yet to be determined, but the companies said it will be east of the Rocky Mountains. Financial terms of the deal were not disclosed. [...]

Sage, which is based in Houston, is a four-year-old startup developing next-generation technology that it says can be deployed in more locations than traditional geothermal, which requires naturally occurring underground reservoirs of hot water and accounts for 0.4% of U.S. power generation. The company is backed by oil and gas firms Chesapeake Energy and Nabors Industries and venture capital firms Virya and Helium-3 Ventures. The project for Meta would be Sage's largest to date by far. The company said it first validated the technology in the field just two years ago. A Meta spokesperson told Reuters the company expected the Sage Geosystems energy to feed the power grid, rather than directly supplying any specific data center.

A U.S. appeals court has revived a lawsuit against TikTok over a child's death, potentially limiting tech companies' legal shield under Section 230. The 3rd U.S. Circuit Court of Appeals ruled that the law does not protect TikTok from claims that its algorithm recommended a deadly "blackout challenge" to a 10-year-old girl.

Judge Patty Shwartz wrote that Section 230 only immunizes third-party content, not recommendations made by TikTok's own algorithm. The decision marks a departure from previous rulings, citing a recent Supreme Court opinion that platform algorithms reflect "editorial judgments." This interpretation could significantly impact how courts apply Section 230 to social media companies' content curation practices.

The Register's Liam Proven reports: Microsoft's in-house professional networking site is moving to Microsoft's in-house Linux. This could mean that big changes are coming for the former CBL-Mariner distro. Ievgen Priadka's post on the LinkedIn Engineering blog, titled Navigating the transition: adopting Azure Linux as LinkedIn's operating system, is the visible sign of what we suspect has been a massive internal engineering effort. It describes some of the changes needed to migrate what the post calls "most of our fleet" from the end-of-life CentOS 7 to Microsoft Azure Linux -- the distro that grew out of and replaced its previous internal distro, CBL-Mariner.

This is an important stage in a long process. Microsoft acquired LinkedIn way back in 2016. Even so, as recently as the end of last year, we reported that a move to Azure had been abandoned, which came a few months after it laid off almost 700 LinkedIn staff -- the majority in R&D. The blog post is over 3,500 words long, so there's quite a lot to chew on -- and we're certain that this has been passed through and approved by numerous marketing and management people and scoured of any potentially embarrassing admissions. Some interesting nuggets remain, though. We enjoyed the modest comment that: "However, with the shift to CentOS Stream, users felt uncertain about the project's direction and the timeline for updates. This uncertainty created some concerns about the reliability and support of CentOS as an operating system." [...]

There are some interesting technical details in the post too. It seems LinkedIn is running on XFS -- also the RHEL default file system, of course -- with the notable exception of Hadoop, and so the Azure Linux team had to add XFS support. Some CentOS and actual RHEL is still used in there somewhere. That fits perfectly with using any of the RHELatives. However, the post also mentions that the team developed a tool to aid with deploying via MaaS, which it explicitly defines as Metal as a Service. MaaS is a Canonical service, although it does support other distros -- so as well as CentOS, there may have been some Ubuntu in the LinkedIn stack as well. Some details hint at what we suspect were probably major deployment headaches. [...] Some of the other information covers things the teams did not do, which is equally informative. [...]