Businesses

2U, Once a Giant in Online Education, Files for Chapter 11 Bankruptcy (wsj.com) 16

Online education company 2U filed for Chapter 11 bankruptcy protection and is being taken private in a deal that will wipe out more than half of its $945 million debt [non-paywalled link]. From a report: 2U was a pioneer in the online education space, joining with schools including the University of Southern California, Georgetown University and the University of North Carolina at Chapel Hill to design and operate online courses in fields including nursing and social work. But it struggled in recent years amid new competition and changing regulations. It also had a highly leveraged balance sheet with looming loan-repayment deadlines. 2U closed Wednesday with a market value of about $11.5 million, down from more than $5 billion in 2018. In 2021, 2U bought edX, an online platform for classes that was founded by Harvard University and the Massachusetts Institute of Technology. The debt from that $800 million deal for edX proved debilitating to 2U, WSJ reports.
Google

Google's Exclusive Reddit Access (404media.co) 43

Google is now the only search engine that can surface results from Reddit, making one of the web's most valuable repositories of user generated content exclusive to the internet's already dominant search engine. 404 Media: If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn't rely on Google's indexing and search Reddit by using "site:reddit.com," you will not see any results from the last week.

DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that "We would like to show you a description here but the site won't allow us." Older results will still show up, but these search engines are no longer able to "crawl" Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google's near monopoly on search is now actively hindering other companies' ability to compete at a time when Google is facing increasing criticism over the quality of its search results.
The news follows Google signing a $60 million deal with Reddit early this year to use the social network's content to train its LLMs.
AI

Mark Zuckerberg Imagines Content Creators Making AI Clones of Themselves (techcrunch.com) 75

An anonymous reader quotes a report from TechCrunch: Content creators are busy people. Most spend more than 20 hours a week creating new content for their respective corners of the web. That doesn't leave much time for audience engagement. But Mark Zuckerberg, Meta's CEO, thinks that AI could solve this problem. In an interview with internet personality Rowan Cheung, Zuckerberg laid out his vision for a future in which creators have their own bots, of sorts, that capture their personalities and "business objectives." Creators will offload some community outreach to these bots to free up time for other, presumably more important tasks, Zuckerberg says.

"I think there's going to be a huge unlock where basically every creator can pull in all their information from social media and train these systems to reflect their values and their objectives and what they're trying to do, and then people can can interact with that," Zuckerberg said. "It'll be almost like this artistic artifact that creators create that people can kind of interact with in different ways." [...] It's tough to imagine creators putting trust in the hands of flawed AI bots to interact with their fans. In the interview, Zuckerberg acknowledges that Meta has to "mitigate some of the concerns" around its use of generative AI and win users' trust over the long term. This is especially true as some of Meta's AI training practices are actively driving creators away from its platforms.

Facebook

Meta Warns EU Regulatory Efforts Risk Bloc Missing Out on AI Advances 35

Meta has warned that the EU's approach to regulating AI is creating the "risk" that the continent is cut off from accessing cutting-edge services, while the bloc continues its effort to rein in the power of Big Tech. From a report: Rob Sherman, the social media group's deputy privacy officer and vice-president of policy, confirmed a report that it had received a request from the EU's privacy watchdog to voluntarily pause the training of its future AI models on data in the region. He told the Financial Times this was in order to give local regulators time to "get their arms around the issue of generative AI." While the Facebook owner is adhering to the request, Sherman said such moves were leading to a "gap in the technologies that are available in Europe versus" the rest of the world. He added that, with future and more advanced AI releases, "it's likely that availability in Europe could be impacted." Sherman said: "If jurisdictions can't regulate in a way that enables us to have clarity on what's expected, then it's going to be harder for us to offer the most advanced technologies in those places ... it is a realistic outcome that we're worried about."
China

One Nation Mostly Unaffected by the Crowdstrike Outage: China (bbc.com) 49

The BBC reports that "while most of the world was grappling with the blue screen of death on Friday," there was one country that managed to escape largely unscathed: China. The reason is actually quite simple: CrowdStrike is hardly used there. Very few organisations will buy software from an American firm that, in the past, has been vocal about the cyber-security threat posed by Beijing. Additionally, China is not as reliant on Microsoft as the rest of the world. Domestic companies such as Alibaba, Tencent and Huawei are the dominant cloud providers.

So reports of outages in China, when they did come, were mainly at foreign firms or organisations. On Chinese social media sites, for example, some users complained they were not able to check into international chain hotels such as Sheraton, Marriott and Hyatt in Chinese cities. Over recent years, government organisations, businesses and infrastructure operators have increasingly been replacing foreign IT systems with domestic ones. Some analysts like to call this parallel network the "splinternet".

"It's a testament to China's strategic handling of foreign tech operations," says Josh Kennedy White, a cybersecurity expert based in Singapore. "Microsoft operates in China through a local partner, 21Vianet, which manages its services independently of its global infrastructure. This setup insulates China's essential services — like banking and aviation — from global disruptions."

"Beijing sees avoiding reliance on foreign systems as a way of shoring up national security."

Thanks to long-time Slashdot reader hackingbear for sharing the article.
Crime

Former Anonymous Spokesperson's Memoir Called 'Deranged, Hyperbolic, and True' (nytimes.com) 33

Slashdot covered Barrett Brown back in 2011 and 2012. The New York Times calls him "an activist associated with the hacker group Anonymous, and a political prisoner recently denied asylum in Britain, all of which sounds a bit dreary until we hear tell of it through Brown's unhinged self-regard."

They're reviewing Brown's "extraordinary" new memoir, My Glorious Defeats: Hacktivist, Narcissist, Anonymous," a book they call "deranged, hyperbolic, and true." A "machine" that focuses attention on little-known social issues, Anonymous has gone after the Church of Scientology, Koch Industries, websites hosting child pornography and the Westboro Baptist Church. The public tends to be confused by nebulous digital activities, so it was, in the collective's heyday, helpful to have Brown act as a translator between the hackers and mainstream journalists. "The year 2011 ended as it began," he writes, "with a sophisticated hack on a state-affiliated corporation that ostensibly dealt in straightforward security and analysis while secretly engaging in black ops campaigns against activists who'd proven troublesome to powerful clients."

This particular corporation was Stratfor, a company that spied on activists for the government... Brown waited for the feds to come back and drag him to jail. He also says he tried to get off suboxone in order to avoid the painful possibility of prison withdrawal, and stopped taking Paxil, inducing a manic state, all of which is given as explanation for his regrettable next move, which was to set up a camera and start talking. The feds had threatened his mother, he told the internet, and in response he was threatening Robert Smith, the lead agent on his case. He found himself in custody the same night.

Brown was then subjected to the kind of nonsense the Department of Justice is prone to inflicting on those involved in shadowy internet activities that, in fact, almost no one in the legal process understands. He was charged with participating in the hack of Stratfor, though he was not really involved and cannot code, and although the whole thing was organized by an F.B.I. informant. Brown had also retweeted a Fox News host's call to murder Julian Assange; the prosecution presented this as if he were himself calling for the murder of Assange. But generally, Brown's primary victim is himself. "My thirst for glory and hatred for the state," he writes, "were incompatible with an orthodox criminal defense, in which the limiting of one's sentence is the sole objective."

In his cell, with an eraser-less pencil he needs a compliant guard to repeatedly sharpen, he writes "The Barrett Brown Review of Arts and Letters and Jail." His mother types it up; The Intercept publishes. He develops the character he will play in his memoir: a self-aware narcissist and addict. He wins a National Magazine Award, and is especially pleased that his column "Please Stop Sending Me Jonathan Franzen Novels," wins while Franzen is in attendance.

"The state is an afterthought here — a litany of absurdist horrors too stupid to appall..." the review concludes.

"We're left with a man who refuses to look away from the deep structure of the world, an unstable position from which there is no sanctuary. My Glorious Defeats is deranged, hyperbolic and as true a work as I have read in a very long time."
Firefox

Firefox 128 Criticized for Including Small Test of 'Privacy-Preserving' Ad Tech by Default (itsfoss.com) 57

"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction."

Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.

And they also emphasize that it's "not tracking." The way it works is there's an "aggregation service" that can periodically send advertisers a summary of ad-related actions — again, aggregated data, from a mass of many other users. (And Mozilla says that aggregated summary even includes "noise that provides differential privacy.") This Privacy-Preserving Attribution concept "does not involve sending information about your browsing activities to anyone... Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

More from It's FOSS: Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blog posts, they failed to communicate this decision clearly, to a wider audience... In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on.

He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla. He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques. But, there were two limitations with this approach. One was that advertisers would try to bypass these countermeasures. The second, most users just accept the default options that they are shown...

Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that "[opt-in features are] making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in. They need to be the default.

"If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this."

This has already provoked a discussion among Slashdot readers. "It doesn't seem that evil to me," argues Slashdot reader geekprime. "Seems like the elimination of cross site cookies is a privacy enhancing idea." (They cite Mozilla's statement that their goal is "to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people. By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.")

But Slashdot reader TheNameOfNick disagrees. "How realistic is the part where advertisers stop tracking you because they get less information from the browser maker...?"

Mozilla has provided simple instructions for disabling the feature:
  • Click the menu button and select Settings.
  • In the Privacy & Security panel, find the Website Advertising Preferences section.
  • Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

IOS

'The DOJ's Assault On Apple Will Harm Consumers' (reason.com) 104

Longtime Slashdot reader SonicSpike shares an op-ed from Reason, written by Sen. Rand Paul: In America, we do not punish businesses for their success. We certainly do not punish businesses because their competitors are struggling to keep pace. Sadly, that is exactly what the Department of Justice (DOJ) is attempting to do in its recent lawsuit against Apple. In March, the DOJ, joined by 15 states and the District of Columbia, filed a lawsuit aimed at penalizing Apple for successfully competing in the market for smartphones. However, like much of the Biden administration's approach to antitrust enforcement, the DOJ's lawsuit is focused on punishing Apple for its success rather than addressing any real harm to consumers. Instead of fostering innovation and competition, this approach threatens to stifle the very progress that benefits Americans.

In its lawsuit, the DOJ makes the unsubstantiated claim that Apple has "willfully monopolized" the smartphone market through "exclusionary" and "anticompetitive" conduct. In particular, it accuses Apple of exercising unwarranted control over the creation, distribution, and functioning of apps within the iPhone operating system. What the complaint ignores, however, is that this control is not simply a lawful business practice by a privately held company; it is an indispensable part of Apple's business model. Far from being an "anticompetitive" practice that harms consumers, Apple's careful approach to app integration is a pro-competitive way in which it meets its users' demands.

Privacy, security, and seamless integration have been the core of Apple's operational strategy for years. Back in 2010, Steve Jobs explained that "when selling to people who want their devices to just work, we think integrated wins every time." That "open systems don't always work," and Apple was "committed to the integrated approach." What makes Apple products so unique is their ease of use and consistency over time. While no product will ever be perfect, Apple's goal is to deliver a seamless, integrated experience that users can rely on time after time without giving it a second thought. How does Apple do this? By carefully exercising the very control that the DOJ is trying to punish. As economist Alex Tabarrok explains in Marginal Revolution: "Apple's promise to iPhone users is that it will be a gatekeeper. Gatekeeping is what allows Apple to promise greater security, privacy, usability and reliability. Gatekeeping is Apple's brand promise. Gatekeeping is what the consumer's are buying." [...]
"Digital markets do not need more government regulation; they need more companies willing to innovate and compete," concludes Sen. Paul. "The DOJ should not waste taxpayer-provided resources targeting a company that has earned its success through excellence in the marketplace. An Apple a day may keep the doctor away, but it seems that all of the pro-competitive justifications in the world cannot keep a politically motivated antitrust enforcer at bay."
Privacy

USPS Shared Customers Postal Addresses With Meta, LinkedIn and Snap (techcrunch.com) 25

An anonymous reader quotes a report from TechCrunch: The U.S. Postal Service was sharing the postal addresses of its online customers with advertising and tech giants Meta, LinkedIn and Snap, TechCrunch has found. On Wednesday, the USPS said it addressed the issue and stopped the practice, claiming that it was "unaware" of it. TechCrunch found USPS was sharing customers' information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user -- such as which pages they visit -- every time a webpage containing the code loads in the customer's browser.

In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to see photos of their incoming mail before it arrives. It's not clear how many individuals had their information collected or for how long. Informed Delivery had more than 62 million users (PDF) as of March 2024. [...] The code also collected other data, such as information about the user's computer type and browser, which appeared as partly pseudonymized -- essentially scrambled in a way that makes it more difficult for humans to know where data came from, or who it relates to, by using randomized identifiers in place of real customer names. But researchers have long warned that pseudonymous data can still be used to re-identify seemingly anonymous individuals.

TechCrunch also found that tracking numbers entered into the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap. Some in-transit tracking data was also shared, such as the real-world location of the mail in the postal system, even if the customer was not logged in to USPS' website.
USPS spokesperson Jim McKean said in a statement: "The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products. The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media."

"We have taken immediate action to remediate this issue," the spokesperson added, without saying what action was taken.
Facebook

Meta Opens Pilot Program For Researchers To Study Instagram's Impact On Teen Mental Health (theatlantic.com) 13

An anonymous reader quotes a report from The Atlantic: Now, after years of contentious relationships with academic researchers, Meta is opening a small pilot program that would allow a handful of them to access Instagram data for up to about six months in order to study the app's effect on the well-being of teens and young adults. The company will announce today that it is seeking proposals that focus on certain research areas -- investigating whether social-media use is associated with different effects in different regions of the world, for example -- and that it plans to accept up to seven submissions. Once approved, researchers will be able to access relevant data from study participants -- how many accounts they follow, for example, or how much they use Instagram and when. Meta has said that certain types of data will be off-limits, such as user-demographic information and the content of media published by users; a full list of eligible data is forthcoming, and it is as yet unclear whether internal information related to ads that are served to users or Instagram's content-sorting algorithm, for example, might be provided. The program is being run in partnership with the Center for Open Science, or COS, a nonprofit. Researchers, not Meta, will be responsible for recruiting the teens, and will be required to get parental consent and take privacy precautions.
Security

Weak Security Defaults Enabled Squarespace Domains Hijacks (krebsonsecurity.com) 11

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Krebs on Security: Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain. The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors' cryptocurrency funds.

New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. Squarespace has not responded to a request for comment, nor has it issued a statement about the attacks. But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options -- such "Continue with Google" or "Continue with Apple" -- as opposed to the "Continue with email" choice.

Facebook

Facebook Ads For Windows Desktop Themes Push Info-Stealing Malware (bleepingcomputer.com) 28

Cybercriminals are using Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. From a report: Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.

The threat actors take out advertisements that promote Windows themes, free game downloads, and software activation cracks for popular applications, like Photoshop, Microsoft Office, and Windows. These advertisements are promoted through newly created Facebook business pages or by hijacking existing ones. When using hijacked Facebook pages, the threat actors rename them to suit the theme of their advertisement and to promote the downloads to the existing page members.

Microsoft

How Microsoft, Dell and Other Large US Employers Accommodate Neurodivergent Employees (nytimes.com) 53

As the number of autism diagnoses rises in America, a number of large employers "are taking steps to make workplaces more accessible and welcoming for neurodivergent employees," reports the New York Times — including Microsoft, Dell and Ford. [Alternate URL here.] The Centers for Disease Control and Prevention estimates that 1 in 36 8-year-olds in the United States has autism. That's up from 1 in 44 in 2018 and 1 in 150 in 2000, an increase that experts attribute, in part, to better screening. In addition, 2.2% of adults in the country, or 5.4 million people, are autistic, according to the CDC...

Autism activists have praised companies that have become more accepting of remote work since the coronavirus pandemic. Workplaces with too much light and noise can overwhelm those who are autistic, leading to burnout, said Jessica Myszak, a clinical psychologist in Chicago who specializes in testing and evaluations for autism. Remote work "reduces the social demands and some of the environmental sensitivities" that autistic people struggle with, Myszak added.

The article notes Microsoft's neurodiversity hiring program, which was established in 2015. The company's program was modeled after a venture created by the German software firm SAP, and has since been adopted in some form by companies including Dell and Ford. The initiative has brought in about 300 full-time neurodivergent employees to Microsoft, said Neil Barnett, the company's director for inclusive hiring and accessibility. "All they needed was this different, more inclusive process," Barnett said, "and once they got into the company, they flourished."

[One job applicant] was given a job coach to help her with time management and prioritization. Microsoft also paired her with a mentor who showed her around the company's campus in Redmond. Perhaps more important, she works with managers who have received neurodiversity training. The Microsoft campus also has "focus rooms," where lights can be dimmed and the heights of desks can be changed to fit sensory preferences. Employees seated in the open office may also request to sit away from busy aisles or receive noise-canceling headphones.

Space

SpaceX's Historic Falcon 9 Success Streak Is Over (reuters.com) 46

An anonymous reader quotes a report from Reuters: SpaceX's workhorse Falcon 9 rocket was grounded by the U.S. Federal Aviation Administration (FAA) on Friday after one broke apart in space and doomed its payload of Starlink satellites, the first failure in more than seven years of a rocket relied upon by the global space industry. Roughly an hour after Falcon 9 lifted off from the Vandenberg Space Force Base in California on Thursday night, the rocket's second stage failed to reignite and deployed its 20 Starlink satellites on a shallow orbital path where they will soon reenter and burn up in Earth's atmosphere.

The attempt to reignite the engine "resulted in an engine RUD for reasons currently unknown," SpaceX CEO Elon Musk wrote early on Friday on his social media platform X, using an industry acronym for Rapid Unscheduled Disassembly that usually means explosion. The Falcon 9 will be grounded until SpaceX investigates the cause of the failure, fixes the rocket and receives the agency's approval, the FAA said in a statement. That process could take several weeks or months, depending on the complexity of the failure and SpaceX's plan to fix it. Musk said SpaceX was updating the software of the Starlink satellites to force their on-board thrusters to fire harder than usual to avoid a fiery atmospheric re-entry. "Unlike a Star Trek episode, this will probably not work, but it's worth a shot," Musk said.

The satellites' altitude is so shallow that Earth's gravity is pulling them 3 miles (5 km) closer toward the atmosphere with each orbit, SpaceX later said, confirming they would inevitably "re-enter Earth's atmosphere and fully demise." SpaceX said the second stage's failure occurred after engineers detected a leak of liquid oxygen, a propellant. The mishap occurred on Falcon 9's 354th mission. It was the first Falcon 9 failure since 2016, when a rocket exploded on a launch pad in Florida and destroyed its customer payload, an Israeli communications satellite.
The failure "breaks a success streak of more than 300 straight missions," notes Reuters.

"We knew this incredible run had to come to an end at some point," Tom Mueller, SpaceX's former vice president of propulsion who designed Falcon 9's engines. "... The team will fix the problem and start the cycle again."
The Internet

iLounge and the Unofficial Apple Weblog Are Back As Unethical AI Content Farms 11

An anonymous reader quotes a report from Ars Technica, written by Samuel Axon: In one of the most egregiously unethical uses of AI we've seen, a web advertising company has re-created some defunct, classic tech blogs like The Unofficial Apple Weblog (TUAW) and iLounge by mimicking the bylines of the websites' former writers and publishing AI-generated content under their names. The Verge reported on the fiasco in detail, including speaking to Christina Warren, a former writer for TUAW who now works at GitHub. Warren took to the social media platform Threads yesterday to point out that someone had re-launched TUAW at its original domain and populated it with fake content allegedly written by her and other past TUAW staff. Some of the content simply reworded articles that originally appeared on TUAW, while other articles tied real writers' names to new, AI-generated articles about current events.

TUAW was shut down in 2015, but its intellectual property and domain name continued to be owned by Yahoo. A Hong Kong-based web advertising firm named Web Orange Limited claims to have purchased the domain and brand name but not the content. The domain name still carries some value in terms of Google ranking, so Web Orange Limited seems to have relaunched the site and then used AI summarization tools to reword the original content and publish it under the original authors' names. (It did the same with another classic Apple blog, iLounge.) The site also includes author bios, which are generic and may have been generated, and they are accompanied by author photos that don't look anything like the real writers. The Verge found that some of these same photos have appeared in other places, like web display ads for iPhone cases and dating websites. They may have been AI-generated, though the company has also been caught reusing photos of real people without permission in other contexts.

At first, some of Web Orange Limited's websites named Haider Ali Khan, an Australian currently residing in Dubai, as the owner of the company. Khan's own website identified him as "an independent cyber security analyst" and "long-time advocate for web security" who also runs a web hosting company, and who "started investing in several technology reporting websites" and "manages and runs several news blogs such as the well-known Apple tech-news blog iLounge." However, mentions of his name were removed from the websites today, and the details on his personal website have apparently been taken offline. Warren emailed the company, threatening legal action. After she did that, the byline was changed to what we can only assume is a made-up name -- "Mary Brown." The same goes for many of the other author names on Web Orange Limited's websites.

The company likely tried to use the original authors' names as part of an SEO play; Google tracks the names of authors and gives them authority rankings on specific topics as another layer on top of a website's own authority. That way, Google can try to respond to user queries with results written by people who have built strong reputations in the users' areas of interest. It also helps Google surface authors who are experts on a topic but who write for multiple websites, which is common among freelance writers. The websites are still operational, even though the most arguably egregious breach of ethics -- the false use of real people's names -- has been addressed in many cases.
Businesses

FTC Study Finds 'Dark Patterns' Used By a Majority of Subscription Apps and Websites (techcrunch.com) 35

The U.S. FTC, along with two other international consumer protection networks, announced on Thursday the results of a study into the use of "dark patterns" -- or manipulative design techniques -- that can put users' privacy at risk or push them to buy products or services or take other actions they otherwise wouldn't have. TechCrunch: In an analysis of 642 websites and apps offering subscription services, the study found that the majority (nearly 76%) used at least one dark pattern and nearly 67% used more than one. Dark patterns refer to a range of design techniques that can subtly encourage users to take some sort of action or put their privacy at risk. They're particularly popular among subscription websites and apps and have been an area of focus for the FTC in previous years. For instance, the FTC sued dating app giant Match for fraudulent practices, which included making it difficult to cancel a subscription through its use of dark patterns.

[...] The new report published Thursday dives into the many types of dark patterns like sneaking, obstruction, nagging, forced action, social proof and others. Sneaking was among the most common dark patterns encountered in the study, referring to the inability to turn off the auto-renewal of subscriptions during the sign-up and purchase process. Eighty-one percent of sites and apps studied used this technique to ensure their subscriptions were renewed automatically. In 70% of cases, the subscription providers didn't provide information on how to cancel a subscription, and 67% failed to provide the date by which a consumer needed to cancel in order to not be charged again.

Microsoft

Microsoft Emails That Warned Customers of Russian Hacks Criticized For Looking Like Spam And Phishing (techcrunch.com) 13

Microsoft is under fire for its handling of customer notifications following a data breach by Russian state-sponsored hackers. The tech giant confirmed in March that the group known as Midnight Blizzard had accessed its systems, potentially compromising customer data. Cybersecurity experts, including former Microsoft employee Kevin Beaumont, have raised concerns about the notification process. Beaumont warned on social media that the company's emails may be mistaken for spam or phishing attempts due to their format and the use of unfamiliar links. "The notifications aren't in the portal, they emailed tenant admins instead," Beaumont stated, adding that the emails could be easily overlooked. Some recipients have reported confusion over the legitimacy of the notifications, with many seeking confirmation through support channels and account managers.
United States

US Officials Uncover Alleged Russian 'Bot Farm' (bbc.com) 211

An anonymous reader quotes a report from the BBC: US officials say they have taken action against an AI-powered information operation run from Russia, including nearly 1,000 accounts pretending to be Americans. The accounts on X were designed to spread pro-Russia stories but were automated "bots" -- not real people. In court documents made public Tuesday the US justice department said the operation was devised by a deputy editor at Kremlin-owned RT, formerly Russia Today. RT runs TV channels in English and several other languages, but appears much more popular on social media than on conventional airwaves.

The justice department seized two websites that were used to issue emails associated with the bot accounts, and ordered X to turn over information relating to 968 accounts that investigators say were bots. According to the court documents, artificial intelligence was used to create the accounts, which then spread pro-Russian story lines, particularly about the war in Ukraine. "Today's actions represent a first in disrupting a Russian-sponsored generative AI-enhanced social media bot farm," said FBI Director Christopher Wray. "Russia intended to use this bot farm to disseminate AI-generated foreign disinformation, scaling their work with the assistance of AI to undermine our partners in Ukraine and influence geopolitical narratives favorable to the Russian government," Mr Wray said in a statement. The accounts now appear to have been deleted by X, and screenshots shared by FBI investigators indicated that they had very few followers.

Social Networks

In a First, Federal Regulators Ban Messaging App From Hosting Minors (washingtonpost.com) 15

An anonymous reader quotes a report from the Washington Post: Federal regulators have for the first time banned a digital platform from serving users under 18 (Warning: source may be paywalled; alternative source), accusing the app -- known as NGL -- of exaggerating its ability to use artificial intelligence to curb cyberbullying in a groundbreaking settlement. Anapp popular among children and teens, NGL aggressively marketed to young users despite risks of bullying on the anonymous messaging site, the Federal Trade Commission and the Los Angeles District Attorney's Office alleged in a complaint unveiled Tuesday.

The complaint alleged that NGL tricked users into paying for subscriptions by sending them computer-generated messages appearing to be from real people and offering a service for as much as $9.99 a week to find out their real identity. People who signed up received only "hints" of those identities, whether they were real or not, enforcers said. After users complained about the "bait-and switch tactic," executives at the company "laughed off" their concerns, referring to them as "suckers," the FTC said in an announcement. NGL, internet shorthand for "not gonna lie," agreed to pay $5 million and stop marketing to kids and teens to settle the lawsuit, which also alleged that the company violated children's privacy laws by collecting data from youths under 13 without parental consent.

The settlement marks a major milestone in the federal government's efforts to tackle concerns that tech platforms are exposing children to noxious material and profiting from it. And it's one of the most significant actions by the FTC under Chair Lina Khan, who has dialed up scrutiny of the tech sector at the agency since taking over in 2021. "We will keep cracking down on businesses that unlawfully exploit kids for profit," Khan (D) said in a statement.
NGL co-founder Joao Figueiredo said in a statement Tuesday that the company cooperated with the FTC's investigation for nearly two years and viewed the "resolution as an opportunity to make NGL better than ever."

"While we believe many of the allegations around the youth of our user base are factually incorrect, we anticipate that the agreed upon age-gating and other procedures will now provide direction for others in our space, and hopefully improve policies generally."

Slashdot Top Deals