The Brazilian government is studying whether to regulate Internet platforms with content that earns revenue such as advertising, its secretary for digital policies, Joao Brant, said on Friday. Reuters reports: The idea would be for a regulator to hold such platforms, not consumers, accountable for monetized content, Brant told Reuters. Another goal is "to prevent the networks from being used for the dissemination and promotion of crimes and illegal content" especially after the riots by supporters of former far-right President JairBolsonaro in Brasilia in January, fueled by misinformation about the election he lost in October.

Brant said President Luiz Inacio Lula da Silva's government also intends to make companies responsible for stopping misinformation, hate speech and other crimes on their social media platforms. Platforms would not be held responsible for content individually, but for how diligent they are in protecting the "digital environment," he said in an interview. Brant did not detail what the regulatory body would look like, but said the government wants to regulate monetized content and prevent the platforms from spreading misinformation.

An anonymous reader quotes a report from The Register: A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak. The proposed class-action lawsuit stems from a February intrusion during which malware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online. The Pennsylvania health care group, one of the largest in the US state, oversees 13 hospitals, 28 health centers, and dozens of other physicians' clinics, pharmacies, rehab centers, imaging and lab services. LVHN refused to pay the ransom, and earlier this month BlackCat started leaking patient info, including images of at least two breast cancer patients, naked from the waist up.

According to the lawsuit [PDF] filed this week, here's how one of the patients, identified as "Jane Doe" found out about the data breach -- and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers' leak site. "Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring," the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.

According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. "Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach," the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients' sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the "hundreds, if not thousands."

New Zealand will ban TikTok on devices with access to the parliamentary network because of cybersecurity concerns, a government official said on Friday. CNBC reports: TikTok will be banned on all devices with access to New Zealand's parliamentary network by the end of March, said Parliamentary Service Chief Executive Rafael Gonzalez-Montero. Gonzalez-Montero, in an email to Reuters, said the decision was taken after advice from cybersecurity experts and discussions within government and with other countries.

"Based on this information the Service has determined that the risks are not acceptable in the current New Zealand Parliamentary environment," he said. Special arrangements can be made for those who require the app to do their jobs, he added.

The influential social media app TikTok is flooding the nation's capital with influencers next week as part of an 11th hour lobbying blitz to stave off the forced sale of the company. From a report: The efforts come as the Biden administration urges TikTok's Chinese owners to sell the app to a new owner or face a potential ban in the United States. The Committee on Foreign Investment in the United States, the interagency board that issued the call, has spent years reviewing the potential national security risks posed by TikTok, and the Chinese company that owns it: ByteDance.

Dozens of TikTok creators will descend on Washington for three days next week, according to a person familiar with the plans, who revealed details on condition of anonymity. The creators will hold a press conference on Wednesday on Capitol Hill, the person added. Another person familiar with the plans noted that TikTok was paying for the cost of sending influencers to D.C. It was not clear which influencers would be making the trip.

Meta on Friday launched its subscription service in the U.S., which would allow Facebook and Instagram users pay for verification in the same vein as Elon Musk-owned Twitter. From a report: The Meta Verified service will give users a blue badge after they verify their accounts using a government ID and will cost $11.99 per month on the web or $14.99 a month on Apple's iOS system and Google-owned Android, Meta said in a statement. The service, which Meta said it was testing in February, follows in the footsteps of Snapchat as well as messaging app Telegram and marks the latest effort by a social media company to diversify its revenue away from advertising.

Twitch CEO Emmett Shear is resigning, effective immediately, he announced in a blog post on Thursday. The Verge reports: Shear has been at Twitch since before it was Twitch. He was a co-founder of Justin.tv, the platform where Justin Kan streamed his life 24/7. That became Twitch in 2011 to focus on popular gaming livestreams, and just three years later, the platform was acquired by Amazon for nearly a billion dollars.

"With my first child just born, I've been reflecting on my future with Twitch," Shear wrote. "Twitch often feels to me like a child I've been raising as well. And while I will always want to be there if Twitch needs me, at 16 years old it feels to me Twitch is ready to move out of the house and venture alone."

Shear will be replaced by Dan Clancy, who has been at Twitch for more than three years and was serving as the company's president. Clancy was originally hired in 2019 as the company's executive VP of creator and community experience, according to Variety. Shear will continue at the company in an advisory role. "I've never had more confidence in Twitch's leadership, in all our people, and in our product, than I do today," he wrote. "For many years I truly felt Twitch might die without my guidance and input, but I no longer feel that is true."

The French government is planning to ask cabinet ministers to avoid using TikTok and similar apps on their personal phones, Bloomberg News reported Thursday, citing two people with direct knowledge of the discussions. From the report: The government is mulling the guidelines in part over concerns about security with the Chinese-owned social media app, according to one of the people. They requested anonymity in order to discuss private deliberations. Social media apps such as TikTok are already banned from their professional phones. The UK banned TikTok from government phones on Thursday, citing security fears. The US Congress restricted the app on government devices last year and European Commission employees were told to delete it by March 15.

Remember Second Life? The virtual world launched on the desktop web back in 2003 with 3D avatars and spaces for various social activities. Believe it or not, it has been running continually this entire time -- and now it's coming to mobile for the first time. From a report: In fact, this will be the first time that Second Life has expanded beyond the PC (across Windows, macOS, and Linux) in any form. In a post to the virtual world's community web forum, a community manager for Second Life developer Linden Lab shared a video with some details about the mobile version's development, and announced that a beta version of the mobile app will launch sometime this year.

The video reveals that the app was built using Unity -- in part to make for an easy path to releasing and maintaining the app on multiple platforms, including the iPhone, iPad, Android phones, and Android tablets. It also includes a few minutes of footage of Second Life's detailed character models and environments, with accompanying commentary by Linden Lab developers about bringing as much of the experience to mobile as possible.

An anonymous reader quotes a report from KrebsOnSecurity: Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh -- also known as "Weep" -- a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, NY, who allegedly also went by the handles "Convict" and "Ominus." The Justice Department says Singh and Ceraolo belong to a group of cybercriminals known to its members as "ViLE," who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as "doxing." [...]

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization. The complaint doesn't specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States. [On May 12, 2022, KrebsOnSecurity broke the news.] Prosecutors say they tied Singh to the government portal hack because he connected to it from an Internet address that he'd previously used to access a social media account registered in his name. When they raided Singh's residence on Sept. 8, 2022 and seized his devices, investigators with Homeland Security found a cellular phone and laptop that allegedly "contained extensive evidence of access to the Portal." If convicted, Ceraolo faces up to 20 years' imprisonment for conspiracy to commit wire fraud; both Ceraolo and Singh face five years' imprisonment for conspiracy to commit computer intrusions.

A copy of the complaint against Ceraolo and Singh is here (PDF).

Reddit is currently experiencing a big outage affecting its websites and apps, according to the company's status page. The Verge reports: "We've identified an internal systems issue and are working to determine a fix," the company wrote at 12:56PM ET on its status page. The preceding message, from nearly 40 minutes before, notes that Reddit is "is currently offline." The problem appears to be widespread, with about 50,000 people reporting issues on Downdetector.

Meta plans to cut its workforce by another 10,000 people, withdraw around 5,000 open roles that it has not filled and cancel some projects, company co-founder and CEO Mark Zuckerberg said Tuesday, confirming recent rumors that another round of layoffs was imminent. From a report: The announcement comes just four months after Meta revealed that it was eliminating about 11,000 roles as the social networking giant pushes to become more efficient this year. Combined, this means that Meta has effectively laid off -- or plans to lay-off -- roughly one-quarter of its workforce since the tail-end of last year. Facebook's parent firm said it expects the latest "restructuring" efforts to start in April, and the process to impact business groups in May. Zuckerberg said that the company will also cancel "lower priority projects," adding that it "underestimated the indirect costs" associated with these initiatives.

"Meta, the parent firm of Facebook and Instagram, is working on a standalone, text-based social network app," reports the BBC.
BR> "It could rival both Twitter and its decentralised competitor, Mastodon." A spokesperson told the BBC: "We're exploring a standalone decentralized social network for sharing text updates...." According to MoneyControl, the new app is codenamed P92, and will allow users to log in through their existing Instagram credentials.

Meta's app will be based on a similar framework to the one that powers Mastodon, a Twitter-like service which was launched in 2016. The new app would be decentralised — it cannot be run at the whim of a single entity, bought or sold....

It was not immediately clear when Meta would roll out the new app.

Though Kia and Hyundai represent a tenth of U.S. auto sales, the New York Times reports that "Of the nearly 11,000 cars stolen in Memphis last year — about twice as many as in 2021 — roughly a third were late-model Kias and Hyundais, according to the police."

"It doesn't take much to rip them off: just a screwdriver, a USB cord and hot-wiring know-how found in videos proliferating on social media." Many of the culprits are teenagers or young adults stealing cars for kicks or to use them for other crimes, such as robberies, the police say. More than half of the 175 people arrested and accused of car theft this year in Memphis were teenagers, who often abandon the vehicles after a joyride.... [A]uto thefts have continued to rise, even as other forms of lawbreaking have leveled out or fallen....

[T]he surge has continued, fueled in part by social media videos that show, step by step, how to steal Kias and Hyundais that are not equipped with an engine immobilizer — an electronic security device that keeps a car from being started without a key.... [Kia and Hyundai] recently issued statements saying they had fixed the problem that makes their vehicles relatively easy to steal in their latest models, and were introducing free software upgrades for vulnerable cars — about 4.5 million Kias and 3.8 million Hyundais, the federal government estimated. At the same time, the companies have shipped steering wheel locks to police departments across the country, to be provided free of charge to car owners who drive at-risk models. And executives say they are constantly monitoring TikTok and YouTube for new videos that show how to steal their vehicles, and then alerting the social media companies so those videos can be removed....

Officials say the social media-driven rise in Kia and Hyundai thefts began about two years ago in Milwaukee, and then spread nationwide. City attorneys for Seattle and Columbus recently sued the automakers for not installing anti-theft technology, and other cities, including Cleveland, Milwaukee and St. Louis, have threatened litigation.

An anonymous reader quotes a report from CNBC: Rep. Mark Takano, who represents California's 39th district, has reintroduced his 32-hour Workweek Act to Congress, which, if passed, would officially reduce the standard definition of the workweek from 40 hours to 32 hours by amending the Fair Labor Standards Act. His proposal would mandate overtime pay for any work done after 32 hours, which would encourage business to either pay workers more for longer hours, or shorten their week and hire more people.

The bill applies to non-exempt workers, who typically work hourly jobs across leisure and hospitality, transportation, construction, manufacturing, wholesale, and retail trade. This is by design, Takano tells CNBC Make It. "The serious conversations about the reduced workweek are happening for white-collar professions. What my bill will do is spur conversation about how we democratize this norm to other sectors of the workforce so everybody benefits."

Takano says he's passionate about the 32-hour workweek to bring about "a significant change which will increase the happiness of humankind. That's a very big statement. But it was a big deal 100 years ago when we gave people the weekend by passing the Fair Labor Standards Act," which established a 40-hour workweek and created other worker protections. "These are all part of the social justice discourse," he says. Supporters say a shortened week would push businesses to hire more people, increase labor market participation, and create "healthier competition in the workplace that empowers workers to negotiate for better wages and working conditions," according to a release (PDF) from Takano's team. The report notes that Takano first introduced the legislation in 2021, but it "ultimately failed to advanced in Congress."

Cerebral has revealed it shared the private health information, including mental health assessments, of more than 3.1 million patients in the United States with advertisers and social media giants like Facebook, Google, and TikTok. From a report: The telehealth startup, which exploded in popularity during the COVID-19 pandemic after rolling lockdowns and a surge in online-only virtual health services, disclosed the security lapse in a filing with the federal government that it shared patients' personal and health information who used the app to search for therapy or other mental health care services. Cerebral said that it collected and shared names, phone numbers, email addresses, dates of birth, IP addresses and other demographics, as well as data collected from Cerebral's online mental health self-assessment, which may have also included the services that the patient selected, assessment responses, and other associated health information.

Belgian federal government employees will no longer be allowed to use the Chinese-owned video app TikTok on their work phones, Belgian Prime Minister Alexander De Croo said on Friday. From a report: De Croo said the Belgian national security council had warned of the risks associated with the large amounts of data collected by TikTok, which is owned by Chinese firm ByteDance, and the fact that the company is required to cooperate with Chinese intelligence services. "That is the reality," the prime minister said in a statement. "That's why it is logical to forbid the use of TikTok on phones provided by the federal government. The safety of our information must prevail." The European Commission and the European Parliament last month banned TikTok from staff phones due to growing concerns about the company, and whether China's government could harvest users' data or advance its interests.

Twitter's decline is paving the way for other platforms to build next-generation replacements. And now the biggest player in the game is getting involved: Meta is in the early stages of building a dedicated app for people to post text-based updates. From a report: "We're exploring a standalone decentralized social network for sharing text updates," the company told Platformer exclusively in an email. "We believe there's an opportunity for a separate space where creators and public figures can share timely updates about their interests." News that Meta has been exploring a text-based network was first reported Thursday by MoneyControl. The app is codenamed P92 and will allow users to log in through their existing Instagram credentials, the outlet reported.

Details about the project are scant. The product is still in its earliest stages, sources said, and there is no time frame for it being released. But legal and regulatory teams have already started to investigate potential privacy concerns around the app so they can be addressed before launch, we're told. Adam Mosseri, who runs Instagram, is taking the lead on the project, sources said. The most remarkable aspect of the project is that Meta plans for the network to be decentralized. While the company would not elaborate beyond its statement, in a decentralized network individual users are typically able to set up their own, independent servers and set server-specific rules for how content is moderated. Building a decentralized network could also give Meta the opportunity for its new app to interoperate with other social products -- a previously unheard-of gesture from a company known for building some of the most lucrative walled gardens in the industry's history.

According to Bloomberg, Google wants to build AI into everything to fight OpenAI's ChatGPT. Google issued "a directive that all of its most important products -- those with more than a billion users -- must incorporate generative AI within months."

Ars Technica's Ron Amadeo likens it to the company's failed Google+ playbook from 2011. To combat Facebook's rising popularity, then-Google CEO Larry Page directed employees to build social features into everything. YouTube comments were tied to Google+, Gmail addresses required a Google+ account, Google Search had "+1" buttons, and a "real name" policy was instituted, among other things. "That forced integration strategy was an abject failure, and after a few years of Google's social panic, all of Google+'s integrations were removed, and the service was eventually shut down," writes Amadeo. An anonymous reader shares an excerpt from Amadeo's report: We wrote last month that Google's ChatGPT panic seemed a lot like its response to Google+, and several employees relayed that same sentiment to Bloomberg. Just like with G+, the report added that "current and former employees say at least some Googlers' ratings and reviews will likely be influenced by their ability to integrate generative AI into their work."

AI is one of the few areas of Google that CEO Sundar Pichai is really invested in, with the CEO saying the technology would be "more profound than fire or electricity." Google was, for years, a leader in AI with voice recognition features like the Google Assistant, speech synthesis features like Google Duplex, and mastering the game of Go. Those features debuted years ago, though, and a fear of rolling out imperfect products has meant Google locks a lot of technology away in a lab somewhere. In a 2021 New York Times article that was critical of Pichai's management style, "A common critique among current and former executives is that Mr. Pichai's slow deliberations often feel like a way to play it safe and arrive at a 'no.'" Despite many seeing Pichai as the source of Google's reluctance, the Bloomberg report says the CEO is now taking a more hands-on approach to product development, saying, "The effort has Pichai reliving his days as a product manager, as he's taken to weighing in directly on the details of product features, a task that would usually fall far below his pay grade, according to one former employee."

As for exactly what these forced AI integrations will look like, the report cites a recent YouTube feature that would let people virtually swap outfits. In Alphabet's Q4 2022 (PDF) earnings call, Pichai said the company was "working to bring large language models to Gmail and Docs," so expect to be able to click a few buttons soon and have those apps generate blocks of text. The Bloomberg article quotes one Google employee as saying, "We're throwing spaghetti at the wall, but it's not even close to what's needed to transform the company and be competitive."

An anonymous reader quotes a report from Motherboard: A security researcher appears to have tracked the physical location of a former top Biden administration official through his apparent usage of AllTrails, a popular hiking app with more than 30 million registered users. The AllTrails records appear to show the official visiting sensitive locations such as the White House, and also suggests the specific house where he or his family lives. By default, AllTrails users' activity is public for anyone to view, including completed trails, maps, and activities. But that convenience and focus on providing a social network style experience comes with potential risks around national security or privacy, depending on the particular user. Whether a public figure like a government official or celebrity, or someone at risk of stalking in general such as someone in an abusive relationship, AllTrails' privacy settings may be something users should consider.

"I found interesting results by searching near the Pentagon, NSA, CIA or White House and then looking at the user's other activity," Wojciech, the security researcher, told Motherboard in an email. Wojciech said they used their own open source intelligence platform as part of the investigative process. They said the tool supports Strava and another app called SportsTracker, and will include AllTrails itself soon. Wojciech sent Motherboard a link to what they believed to be the AllTrails profile of the former top Biden official. Motherboard is not naming the official because they did not respond to requests for comment, and their profile is still publicly accessible.

One trip to the White House in December recorded in AllTrails also shows a nearby apartment building he ended his journey at. More trips recorded that month show the official's other movements throughout Washington D.C. Much of the AllTrails activity relates to when this official was part of the administration. Motherboard searched through the official's AllTrails activity and found multiple hikes starting from the same location. Motherboard then queried public records and found this location was a house registered to the official's family, meaning AllTrails had helped identify where the official or his family may have been living. Motherboard also verified that the official does have an account on AllTrails by attempting to sign up to the service with the official's personal email address. This was not possible because the address was already registered to an account.

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. KrebsOnSecurity reports: Freenom is the domain name registry service provider for five so-called "country code top level domains" (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau. Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee. On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different "John Does" -- Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users. The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted for the European Commission, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.

"The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers' identity, even after being presented with evidence that the domain names are being used for illegal purposes," the complaint charges. "Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers." Freenom has not yet responded to requests for comment. But attempts to register a domain through the company's website as of publication time generated an error message that reads: "Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding." Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit names are incorporated in the United States.

It remains unclear why Freenom has stopped allowing domain registration, but it could be that the company was recently the subject of some kind of disciplinary action by the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit entity which oversees the domain registrars. In June 2015, ICANN suspended Freenom's ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN's determination that Freenom "has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest."