Pete Syme reports via Insider: A British software company is giving Meta 30 days to stop using the name Threads in the UK because it owns the trademark. Threads Software Limited says its lawyers wrote to the Facebook and Instagram parent company on Monday. If Meta doesn't stop using the name Threads, Threads Software Limited says it will seek an injunction from the courts.

The British company trademarked Threads in 2012 for its intelligent messaging hub, which can store a company's emails, tweets, and voice over internet protocol phone calls in a cloud database. In a press release, it said it had declined the four offers that Meta's lawyers made to purchase its domain name "threads.app." Then when Meta launched Threads, its social media app designed to compete with Elon Musk's X, the British company says it was removed from Facebook. John Yardley, the managing director of Threads Software Limited, said the business "faces a serious threat from one of the largest technology companies in the world."

"We recognize that this is a classic 'David and Goliath' battle with Meta," said Yardley. "And whilst they may think they can use whatever name they want, that does not give them the right to use the Threads brand name."

Citing an "unacceptable level of risk to privacy and security," Canada banned Chinese messaging application WeChat and Russian antivirus program Kaspersky on government-issued mobile devices. Reuters reports: The ban was announced after an assessment by Canada's chief information officer that Tencent-owned WeChat and applications made by Moscow-based Kaspersky "present an unacceptable level of risk to privacy and security," the Treasury Board of Canada, which oversees public administration, said in a statement. Kaspersky said it was surprised and disappointed, and that the decision was made without warning or an opportunity for the firm to address the government's concerns. "As there has been no evidence or due process to otherwise justify these actions, they are highly unsupported and a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky's products and services," the company said in a statement.

The Treasury Board said it has no evidence that government information has been compromised, but the collection methods of the applications provide considerable access to a device's contents, and risks of using them were "clear." "The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that government of Canada networks and data remain secure and protected and are in line with the approach of our international partners," the statement said. The applications will be removed from government-issued mobile devices on Monday, and users will be blocked from downloading them in the future.

President Joe Biden signed a wide-ranging executive order on artificial intelligence Monday, setting the stage for some industry regulations and funding for the U.S. government to further invest in the technology. From a report: The order is broad, and its focuses range from civil rights and industry regulations to a government hiring spree. In a media call previewing the order Sunday, a senior White House official, who asked to not be named as part of the terms of the call, said AI has so many facets that effective regulations have to cast a wide net. "AI policy is like running into a decathlon, and there's 10 different events here," the official said. "And we don't have the luxury of just picking 'we're just going to do safety' or "we're just going to do equity' or 'we're just going to do privacy.' You have to do all of these things."

The official also called for "significant bipartisan legislation" to further advance the country's interests with AI. Senate Majority Leader Chuck Schumer, D-N.Y., held a private forum in September with industry leaders but has yet to introduce significant AI legislation. Some of the order builds on a previous nonbinding agreement that seven of the top U.S. tech companies developing AI agreed to in July, like hiring outside experts to probe their systems for weaknesses and sharing their critical findings. The order leverages the Defense Production Act to legally require those companies to share safety test results with the federal government.

The Wall Street Journal reports that more than three million Americans have now had a total of $127 billion in student loans flagged for cancellation. (Which for 3 million would average out to over $40,000 apiece).

Interestingly, the article notes this happened despite a set back for forgiveness in America's highest court this June: The high court ruled that the Biden administration couldn't cancel hundreds of billions of dollars for tens millions of student-loan holders, reasoning that the authority for such a broad-based policy doesn't exist under the law. While that closed one path, Biden tapped a variety of different tools that no previous president had ever used to this extent. Since taking office in 2021, the Biden administration has arranged to cancel loans equal to around 30% of the total projected cost of its blocked mass cancellation plan.

The seven industrial countries known as the "G7" — America, Canada, Japan, Germany, France, Italy, and Britain — will agree on a code of conduct Monday for companies developing advanced AI systems, reports Reuters.

The news comes "as governments seek to mitigate the risks and potential misuse of the technology," Reuters reports — citing a G7 document. The 11-point code "aims to promote safe, secure, and trustworthy AI worldwide and will provide voluntary guidance for actions by organizations developing the most advanced AI systems, including the most advanced foundation models and generative AI systems", the G7 document said. It "is meant to help seize the benefits and address the risks and challenges brought by these technologies".

The code urges companies to take appropriate measures to identify, evaluate and mitigate risks across the AI lifecycle, as well as tackle incidents and patterns of misuse after AI products have been placed on the market. Companies should post public reports on the capabilities, limitations and the use and misuse of AI systems, and also invest in robust security controls.

The Washington Post's editorial board looks at America's "net neutrality" debate.

But first they note that America's communications-regulating FCC has "limited authority to regulate unless broadband is considered a 'common carrier' under the Telecommunications Act of 1996." The FCC under President Barack Obama moved to reclassify broadband so it could regulate broadband companies; the FCC under President Donald Trump reversed the change. Dismayed advocates warned the world that, without the protections in place, the internet would break. You'll never guess what happened next: nothing. Or, at least, almost nothing. The internet did not break, and internet service providers for the most part did not block and they did not throttle.

All the same, today's FCC, under Chairwoman Jessica Rosenworcel, has just moved to re-reclassify broadband. The interesting part is that her strongest argument doesn't have much to do with net neutrality, but with some of the other benefits the country could see from having a federal watchdog keeping an eye on the broadband business... Broadband is an essential service... Yet there isn't a single government agency with sufficient authority to oversee this vital tool. Asserting federal authority over broadband would empower regulation of any blocking, throttling or anti-competitive paid traffic prioritization that they might engage in. But it could also help ensure the safety and security of U.S. networks.

The FCC has, on national security grounds, removed authorization for companies affiliated with adversary states, such as China's Huawei, from participating in U.S. telecommunications markets. The agency can do this for phone carriers. But it can't do it for broadband, because it isn't allowed to. Or consider public safety during a crisis. The FCC doesn't have the ability to access the data it needs to know when and where there are broadband outages — much less the ability to do anything about those outages if they are identified. Similarly, it can't impose requirements for network resiliency to help prevent those outages from occurring in the first place — during, say, a natural disaster or a cyberattack.

The agency has ample power to police the types of services that are becoming less relevant in American life, such as landline telephones, and little power to police those that are becoming more important every day.
The FCC acknowledges this power would also allow them to prohibit "throttling" of content. But the Post's editorial also makes the argument that here in 2023 that's "unlikely to have any major effect on the broadband industry in either direction... Substantial consequences have only become less likely as high-speed bandwidth has become less limited."

The SF Standard reports that a San Francisco man whose car was stolen in the middle of the night "managed to track down the vehicle using his car insurance app and retrieve the stolen vehicle the following morning within half an hour of noticing it was gone." Harris realized he could track his phone using his app from MetroMile, a San Francisco-based digital pay-per-mile car insurance company that tracks a car's location and charges a rate based on how much it's driven. "I opened the app and found it was in Mission Bay," he said, adding that the person who stole it drove it all night before parking. "I rode my bike down there and picked it up...."

Before picking up his car, Harris didn't consult with the San Francisco Police Department and said officers were confused about why he wanted to report a stolen car that was already back in his possession. He said his driver's side window had been smashed, but there wasn't any other damage, just a mess of marijuana paraphernalia and blunt wraps inside... "If a vehicle owner locates their stolen vehicle prior to the police locating it, we highly recommend that they alert us to the vehicle's location and do not move the car prior to reporting it recovered," Sgt. Kathryn Winters wrote in an email. "Additionally, if they locate the vehicle occupied, they should not approach the vehicle or suspects and should call law enforcement immediately."

There were 274 motor vehicle theft reports in the Western Addition neighborhood, which includes Alamo Square, in the 12 months leading up to Oct. 21 compared with 219 during the same period the previous year, according to police data. Citywide, the problem has also gotten worse in recent years. The number of car thefts has risen from 60 incidents per 10,000 residents in 2019 to 101 incidents this year.

To explore America's "transition to a post-quantum world," the Washington Post interviewed U.S. federal official Nick Polk, who is focused on national security issues including quantum computing and is also a senior advisor to a White House federal chief information security officer): The Washington Post: The U.S. is in the early stages of a major shift focused on bolstering government network defenses, pushing federal agencies to adopt a new encryption standard known as post-quantum cryptography that aims to prevent systems from being vulnerable to advanced decryption techniques enabled by quantum computers in the near future...

Nick Polk: We've been using asymmetric encryption for a very long time now, and it's been ubiquitous since about 2014, when the U.S. government and some of the large tech companies decided that they're going to make it a default on most web browsers... Interestingly enough, regarding the post-quantum cryptographic standards being developed, the only thing that's quantum about them is that it has "quantum" in the name. It's really just a different type of math that's much more difficult for a quantum computer to be able to reverse-engineer. The National Institute of Standards and Technology is looking at different mathematical models to cover all their bases. The interesting thing is that these post-quantum standards are actually being used to protect classical computers that we have now, like laptops...

Given the breadth of the U.S. government and the amount of computing power we use, we really see ourselves and our role as a steward of the tech ecosystem. One of the things that came out of [this week's Inside Quantum Technology conference in New York City] was that we are very quickly moving along with the private sector to migrate to post-quantum cryptography. I think you're gonna see very shortly a lot of very sensitive private sector industries start to migrate or start to advertise that they're going to migrate. Banks are a perfect example. That means meeting with vendors regularly, and testing their algorithms to ensure that we can accurately and effectively implement them on federal systems...

The administration and national security memorandum set 2035 as our deadline as a government to migrate our [national security] systems to post-quantum cryptography. That's supposed to time with the development of operational quantum computers. We need to ensure that we start now, so that we don't end up not meeting the deadline before computers are operational... This is a prioritized migration for the U.S. government. We're going to start with our most critical systems — that includes what we call high-value assets, and high-impact systems. So for example, we're gonna prioritize systems that have personal health information.

That's our biggest emphasis — both when we talk to private industry and when we encourage agencies when they talk to their contractors and vendors — to really think about where your most sensitive data is and then prioritize those systems for migration.

Bloomberg thinks they've identified the source of the advanced chips in Huawei's newest smartphone, citing to "people familiar with the matter". In a suggestion that export restrictions on Europe's most valuable tech company may have come too late to stem China's advances in chipmaking, ASML's so-called immersion deep ultraviolet machines were used in combination with tools from other companies to make the Huawei Technologies Co. chip, the people said, asking not to be identified discussing information that's not public. ASML declined to comment.

There is no suggestion that their sales violated export restrictions... ASML has never been able to sell its EUV machines to China because of export restrictions. But less advanced DUV models can be retooled with deposition and etching gear to produce 7-nanometer and possibly even more advanced chips, according to industry analysts. The process is much more expensive than using EUV, making it very difficult to scale production in a competitive market environment. In China, however, the government is willing to shoulder a significant portion of chipmaking costs.

Chinese companies have been legally stockpiling DUV gear for years — especially after the U.S. introduced its initial export controls last year before getting Japan and the Netherlands on board... According to an investor presentation published by the company last week, ASML experienced a jump in business from China this year as chipmakers there boosted orders ahead of the export controls taking full effect in 2024. China accounted for 46% of ASML's sales in the third quarter, compared with 24% in the previous quarter and 8% in the three months ending in March.
Another article from Bloomberg includes this prediction: The U.S. won't be able to stop Huawei and SMIC from making progress in chip technology, Burn J. Lin, a former Taiwan Semiconductor Manufacturing Co. vice president, told Bloomberg News. Semiconductor Manufacturing International Corp should be able to advance to the next generation at 5 nanometers with machines from ASML Holding NV that it already operates, said Lin, who at TSMC championed the lithography technology that transformed chipmaking.
The end result is that Huawei's profit "more than doubled during the quarter it revealed its biggest achievement in chip technology," the article reports, "adding to signs the Chinese tech leader is steadying a business rocked by US sanctions." The Shenzhen company reported a 118% surge in net profit to 26.4 billion yuan ($3.6 billion) in the September quarter, and a slight rise in sales to 145.7 billion yuan, according to Bloomberg News calculations from nine-month results released Friday. Those numbers included initial sales of the vastly popular Mate 60 Pro, which began shipping in late August... The gadget sold out almost instantly, spurring expectations it could rejuvenate Huawei's fortunes and potentially cut into Apple Inc.'s lead in China, given signs of a disappointing debut for the iPhone 15...

A resurgent Huawei would pose problems not just for Apple but also local brands from Xiaomi Corp. to Oppo and Vivo, all of which are fighting for sales in a shrinking market.

An anonymous reader shared this report from Ars Technica: Following the passage of California's repair bill that Apple supported, requiring seven years of parts, specialty tools, and repair manual availability, Apple announced Tuesday that it would back a similar bill on a federal level. It would also make its parts, tools, and repair documentation available to both non-affiliated repair shops and individual customers, "at fair and reasonable prices."

"We intend to honor California's new repair provisions across the United States," said Brian Naumann, Apple's vice president for service and operation management, at a White House event Tuesday...

"I think most OEMs [Original Equipment Manufacturers] will realize they can save themselves a lot of trouble by making parts, tools, and other requirements of state laws already in NY, MN, CA, and CO available nationally," wrote Gay Gordon-Byrne, executive director of The Repair Association, to Ars... Gordon-Byrne noted that firms like HP, Google, Samsung, and Lenovo have pledged to comply with repair rules on a national level. The US Public Interest Research Group (PIRG) communicated a similarly hopeful note in its response to Tuesday's event, noting that "Apple makes a lot of products, and its conduct definitely influences other manufacturers." At the same time, numerous obstacles to repair access remain in place through copyright law — "Which we hope will be high on an agenda in the IP subcommittee this session," Gordon-Byrne wrote.
Besides strong support from President Biden, there's also strong support from America's Federal Trade Commission, reports TechCrunch: FTC chair Lina Khan commented on the pushback many corporations have given such legislation. Device and automotive manufacturers have argued that putting such choice in the hands of consumers opens them up to additional security risks. "We hear some manufacturers defend repair restrictions, claiming that they're needed for safety or security reasons," said Khan. "The FTC has found that all too often these claims are backed by limited evidence. Accordingly, the FTC has committed itself to using all of our enforcement and policy tools to fight for people's right to repair their own products."
A cautionary note from Ars Technica: Elizabeth Chamberlain, director of sustainability for iFixit, a parts vendor and repair advocate, suggested that Apple's pledge to extend California's law on a national level is "a strategic move." "Apple likely hopes that they will be able to negotiate out the parts of the Minnesota bill they don't like," Chamberlain wrote in an email, pointing specifically to the "fair and reasonable" parts provisioning measure that could preclude Apple's tendency toward pairing parts to individual devices. "[I]t's vital to get bulletproof parts pairing prohibitions passed in other states in 2024," Chamberlain wrote. "Independent repair and refurbishment depend on parts harvesting."
The Washington Post reports that currently repair shop owners and parts vendors "have had to find ways to reassure their customers they haven't made a mistake by choosing an independent fix." If the digital identifier tied to a replacement part doesn't match the one the phone expects to see, you'll start seeing those warnings and issues. "Only Apple pairs parts in an intrusive way where you get these messages pop up," said Jonathan Strange, owner of two XiRepair gadget repair shops in Montgomery, Alabama. To ward off those unnerving messages and restore full functionality, repair technicians are required to go through a "system configuration" process that authenticates the part after making the fix. Some small operations, like Strange's XiRepair shops, can do that in-store because they've gone through a process to become a certified Apple Independent Repair Providers. But that process can't happen at all in shops that haven't gone through that certification, or if more affordable parts like third-party replacements were used.
The Post also shares this reaction from Aaron Perzanowski, a repair researcher and law professor at the University of Michigan.

"The fact that companies want to use technology to essentially undo the notion of interchangeable parts is something we ought to find deeply disturbing."

Brandon Vigliarolo reports via The Register: After over seven years of legal battles, a group of former HP employees who claim the venerable firm discriminated against older staff when culling jobs has won a $18 million settlement. Hewlett Packard's offshoots, HP and Hewlett Packard Enterprise (HPE) have agreed to cough up just over a day's combined profits for the last quarter to settle a class-action case brought by employees who were over 40 and got laid off when the company split in 2015. The group sued HP and HPE in 2016 claiming both the new entities and the old Hewlett Packard had unfairly targeted older employees for layoffs as far back as 2012.

Two classes were designated in the lawsuit -- 146 former staff accusing HP and HPE of age discrimination on US Age Discrimination in Employment Act (ADEA) grounds, and 212 accusing their former employer of the same based on California state labor laws. The settlement notice [PDF], which was filed in the US District Court for the Northern District of California in late September and preliminarily approved by a judge on Thursday, doesn't include any admission of guilt on HP or HPE's part -- quite the opposite, in fact. "Throughout the litigation, each Defendant has denied, and continues to deny, the allegations described above," lawyers for the plaintiffs wrote in the settlement notice. Nonetheless, the settlement notice was filed without opposition from HP and HPE. [...]

Judge Edward Davila determined the settlement was "fair, adequate and reasonable" yesterday, and will issue a final order later, a draft [PDF] of which was also filed with the court in September. If approved without changes, each of the 358 plaintiffs in the California case stand to earn $50,279 in gross individual recovery. Net of attorney's fees, costs and expenses, however, that total shrinks to a "minimum of $15,000," court filings indicate.

Apple is in violation of a patent that belongs to medical technology company Masimo, says the International Trade Commission (ITC). Android Authority reports: The commission upheld a previous ruling by a US judge who ruled in Masimo's favor. The patent in question is for light-based pulse oximetry technology or blood oxygen tracking on Apple Watches. While ITC's latest ruling confirms Apple's infringement and can potentially stop the company from bringing Apple Watches to the US, it will not come into effect immediately. The decision now faces a Presidential review and could be followed by possible appeals by Apple.

The Biden administration will have 60 days to veto the import ban on Apple Watches. However, as Reuters notes, US Presidents have rarely vetoed bans in the past. It's unclear which models of the Apple Watch could be affected by the ban if it comes into effect. However, Masimo's complaint alleged that the Apple Watch 6, the first one to feature blood oxygen tracking, violated its patent. "Masimo has wrongly attempted to use the ITC to keep a potentially lifesaving product from millions of U.S. consumers while making way for their own watch that copies Apple," an Apple spokesperson told Reuters. "While today's decision has no immediate impact on sales of Apple Watch, we believe it should be reversed, and will continue our efforts to appeal."

Meanwhile, Masimo CEO Joe Kiani said the ITC's ruling "sends a powerful message that even the world's largest company is not above the law."

An anonymous reader quotes a report from TorrentFreak: As far as we know, Brazil-based file-sharing forum FileWarez.com first appeared in August 2004, its domain name having been registered the previous month. The default language was naturally Portuguese and according to this image from the Wayback Machine, potential members needed a basic grip of the language to sign up. After all, Google Translate wouldn't exist for another two years. At some point in the years that followed, FileWarez shifted to a Netherlands .NL domain supported by filewarez.no-ip.biz, which may suggest a site regularly on the move. In 2008, unspecified problems saw the .NL domain dumped in favor of a new one. Riding out problems, various issues, and bouts of downtime, FileWarez.tv stayed in place for the next 15.5 years. Then two weeks ago, after establishing itself as Brazil's oldest file-sharing forum, FileWarez suddenly vanished.

In a press release Wednesday, global music industry group IFPI announced that "prominent illegal file-sharing forum, FileWarez," was shut down following co-ordinated action by record companies, anti-piracy body APDIF, and local cybercrime unit, Cyber Gaeco. "IFPI, the organization that represents the recorded music industry worldwide, alongside its Brazilian national group Pro-Musica, have welcomed the successful action against FileWarez.tv -- one of the most prominent illegal file sharing sites in Brazil -- by the Brazilian special cybercrime unit of prosecutor's office of Sao Paulo, Cyber Gaeco," the announcement reads. "FileWarez was the most established illegal filesharing forum in Brazil, dedicated to sharing illegal music content. While active, the site had more than 118,000 registered users with at least 24,000 monthly active users."

An anonymous reader quotes a report from Ars Technica: Sam Bankman-Fried took the stand in his criminal trial today in an attempt to avoid decades in prison for alleged fraud at cryptocurrency exchange FTX and its affiliate Alameda Research. [...] Some of the alleged fraud relates to how Alameda borrowed money from FTX. In testimony today, "Bankman-Fried said he believed that under FTX's terms of service, sister firm Alameda was allowed in many circumstances to borrow funds from the exchange," the WSJ wrote. Bankman-Fried reportedly said the terms of service were written by FTX lawyers and that he only "skimmed" certain parts. "I read parts in depth. Parts I skimmed over," Bankman-Fried reportedly said after [U.S. District Judge Lewis Kaplan] asked if he read the entire terms of service document.

Sassoon asked Bankman-Fried if he had "any conversations with lawyers about Alameda spending customer money that was deposited into FTX bank accounts," according to Bloomberg's live coverage. "I don't recall any conversations that were contemporaneous and phrased that way," Bankman-Fried answered. "I had so many conversations with lawyers later when we were trying to reconcile things in November 2022," Bankman-Fried also said. "There were conversations around Alameda being used as a payment processor, a payment agent for FTX. I frankly don't recall conversations with lawyers or otherwise about the usage of the funds or the North Dimension accounts." North Dimension was an Alameda subsidiary. The Securities and Exchange Commission has alleged that "Bankman-Fried directed FTX to have customers send funds to North Dimension in an effort to hide the fact that the funds were being sent to an account controlled by Alameda." [...]

In an overview of the alleged crimes, the indictment said Bankman-Fried "misappropriated and embezzled FTX customer deposits and used billions of dollars in stolen funds... to enrich himself; to support the operations of FTX; to fund speculative venture investments; to help fund over a hundred million dollars in campaign contributions to Democrats and Republicans to seek to influence cryptocurrency regulation; and to pay for Alameda's operating costs." He was also accused of making "false and fraudulent statements and representations to FTX's investors and Alameda's lenders." SBF's legal team decided that he would take the stand in his own defense -- a risky decision by legal observers as he will have to face cross-examination from federal prosecutors. In a rather unusual move, Judge Kaplan sent the jury home for a day to conduct a hearing on whether certain parts of Bankman-Fried's testimony are admissible.

During his testimony, Bankman-Fried discussed various aspects of the case, including FTX's terms of service, loans from Alameda to him and other executives, a hack into FTX, and his use of the encrypted messaging service Signal. Live paywall-free updates of the trial are available here.

"Illegal dumping is way too common, and often leads to no consequences," writes Slashdot reader Tony Isaac. "In some urban neighborhoods, people dump entire truckloads of waste in ditches along the streets. Maybe authorities have found a way to make a dent in this problem." Houston Chronicle reports: The Texas Game Wardens were recently able to track down and arrest a litterbug allegedly behind an illegal dumping of over 200 pounds of construction materials using a barcode left at the scene of the crime, according to a news release from the Texas Parks and Wildlife Department (TPWD). The pile of trash, which included sheetrock, housing trim, two-by-fours and various plastic items, was reportedly dumped along a bridge and creek on private land instead of being properly disposed of.

However, hidden among the garbage was also a box containing a barcode that would help identify the person behind the heap. A Smith County Game Warden used the barcode to track down the materials to a local store, and ultimately the owner of the credit card that was used for the purchase, TPWD said. The game warden interviewed the home owner who had reportedly just finished remodeling his home. "The homeowner explained that he paid someone familiar to the family who offered to haul off their used material and trash for a minimum fee," Texas Games Wardens said in a statement. "Unfortunately, the suspect kept the money and dumped the trash onto private property."

Working with the game warden, Smith County Sheriff's Office environmental deputies eventually arrested the suspect on charges of felony commercial dumping. At the time of the arrest, the suspect's truck was reportedly found loaded with even more building materials and trash, TPWD said. The state agency did not identify the suspect or disclose when or where they were arrested.

Dan Goodin reports via Ars Technica: Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. [...]

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a "private Wi-Fi address" that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. "From the get-go, this feature was useless because of this bug," he said. "We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode."

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID. To the casual observer, the feature appeared to work as advertised. The "source" listed in the request was the private Wi-Fi address. Digging in a little further, however, it became clear that the real, permanent MAC was still broadcast to all other connected devices, just in a different field of the request. Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.

"Privacy advocate Alexander Hanff has filed a complaint with the Irish Data Protection Commission (DPC) challenging YouTube's use of JavaScript code to detect the presence of ad blocking extensions in the browsers of website visitors," writes long-time Slashdot reader Dotnaught. "He claims that under Europe's ePrivacy Directive, YouTube needs to ask permission to run its detection script because it's not technically necessary. If the DPC agrees, it would be a major win for user privacy." The Register reports: Asked how he hopes the Irish DPC will respond, Hanff replied via email, "I would expect the DPC to investigate and issue an enforcement notice to YouTube requiring them to cease and desist these activities without first obtaining consent (as per [Europe's General Data Protection Regulation (GDPR)] standard) for the deployment of their -spyware- detection scripts; and further to order YouTube to unban any accounts which have been banned as a result of these detections and to delete any personal data processed unlawfully (see Article 5(1) of GDPR) since they first started to deploy their -spyware- detection scripts."

Hanff's use of strikethrough formatting to acknowledges the legal difficulty of using the term "spyware" to refer to YouTube's ad block detection code. The security industry's standard defamation defense terminology for such stuff is PUPs, or potentially unwanted programs. Hanff, who reports having a Masters in Law focused on data and privacy protection, added that the ePrivacy Directive is lex specialis to GPDR. That means where laws overlap, the specific one takes precedence over the more general one. Thus, he argues, personal data collected without consent is unlawful under Article 5(1) of GDPR and cannot be lawfully processed for any purpose.

With regard to YouTube's assertion that using an ad blocker violates the site's Terms of Service, Hanff argued, "Any terms and conditions which restrict the legal rights and freedoms of an EU citizen (and the point of Article 5(3) of the ePrivacy Directive is specifically to protect the fundamental right to Privacy under Article 7 of the Charter of Fundamental Rights of the European Union) are void under EU law." Therefore, in essence, "Any such terms which restrict the rights of EU persons to limit access to their terminal equipment would, as a result, be void and unenforceable," he added.

iFixit has started selling genuine replacement parts for Microsoft Surface devices. From a report: The company now offers SSDs, batteries, screens, kickstands, and a whole bunch of other parts for 15 Surface products. Some of the devices on that list include the Surface Pro 9, Surface Laptop 5, Surface Go 4, Surface Studio 2 Plus, and others. You can check out the entire list of supported products and parts in this post on Microsoft's website. In addition to supplying replacement parts, iFixit also offers disassembly videos and guides for each product, as well as toolkits that include things like an opening tool, tweezers, drivers, and more.

An anonymous reader shares a report: The UK's Online Safety Bill, a wide-ranging piece of legislation that aims to make the country "the safest place in the world to be online" received royal assent today and became law. The bill has been years in the making and attempts to introduce new obligations for how tech firms should design, operate, and moderate their platforms. Specific harms the bill aims to address include underage access to online pornography, "anonymous trolls," scam ads, the nonconsensual sharing of intimate deepfakes, and the spread of child sexual abuse material and terrorism-related content.

Although it's now law, online platforms will not need to immediately comply with all of their duties under the bill, which is now known as the Online Safety Act. UK telecoms regulator Ofcom, which is in charge of enforcing the rules, plans to publish its codes of practice in three phases. The first covers how platforms will have to respond to illegal content like terrorism and child sexual abuse material, and a consultation with proposals on how to handle these duties is due to be published on November 9th.

Balaji Srinivasan, former CTO of Coinbase and author of the Network State, has announced his first Network State Conference. This is a conference for people interested in founding, funding, and finding new communities.
Topics include startup societies, network states, digital nomadism, competitive government, legalizing innovation, and building alternatives. Speakers include Glenn Greenwald, Vitalik Buterin, Anatoly Yakovenko, Garry Tan, the Winklevosses, and Tyler Cowen. See presentations by startup society founders around the world, invest in them, and search for the community that fits you.

With this and Joseon, the first legally recognized cyber state, the network state movement is beginning to get interesting.

Another anonymous reader quotes from the Joseon Official X Account's reply to Balaji's announcement:

Joseon, the first legally recognized cyber nation state, will be there.
Interestingly, Joseon dons the same grey checkmark that is for governments on its X account.