An anonymous reader quotes a report from TechCrunch: Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That's pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around. Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers' identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate "tens of events" alone.

The "Rangers," according to the two, carefully explored the hacked computers, doing reconnaissance, sometimes changing passwords, and mostly leaving it at that. "Our hypothesis is that they are evaluating the system they compromised so that another profile of attacker can come back later," the researchers wrote in a blog post published on Wednesday to accompany their talk. The "Barbarians" use the compromised honeypot computers to try and bruteforce into other computers using known lists of hacked usernames and passwords, sometimes using tools such as Masscan, a legitimate tool that allows users to port-scan the whole internet, according to the researchers. The "Wizards" use the honeypot as a platform to connect to other computers in an attempt to hide their trails and the actual origin of their attacks. According to what Bergeron and Bilodeau wrote in their blog post, defensive teams can gather threat intelligence on these hackers, and "reach deeper into compromised infrastructure."

According to Bergeron and Bilodeau, the "Thieves" have the clear goal of monetizing their access to these honeypots. They may do that by installing crypto miners, programs to perform click fraud or generate fake traffic to websites they control, and selling access to the honeypot itself to other hackers. Finally, the "Bards" are hackers with very little or almost no skills. These hackers used the honeypots to use Google to search for malware, and even watch porn. These hackers sometimes used cell phones instead of desktop or laptop computers to connect to the honeypots. Bergeron and Bilodeau said they believe this type of hacker sometimes uses the compromised computers to download porn, something that may be banned or censored in their country of origin. In one case, a hacker "was downloading the porn and sending it to himself via Telegram. So basically circumventing a country-level ban on porn," Bilodeau told TechCrunch. "What I think [the hacker] does with this then is download it in an internet cafe, using Telegram, and then he can put it on USB keys, and he can sell it." These types of honeypots could be useful for law enforcement or cybersecurity defensive teams. "Law enforcement could lawfully intercept the RDP environments used by ransomware groups and collect intelligence in recorded sessions for use in investigations," the researchers wrote in the blog post. "Blue teams for their part can consume the [Indicators of Compromise] and roll out their own traps in order to further protect their organization, as this will give them extensive documentation of opportunistic attackers' tradecraft."

Moreover, if hackers start to suspect that the servers they compromise may be honeypots, they will have to change strategies and decide whether the risks of being caught are worth it, "leading to a slow down which will ultimately benefit everyone," according to the researchers.

An anonymous reader quotes a report from BleepingComputer: Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime. [...] Last week, one of Moq's owners, Daniel Cazzulino (kzu), who also maintains the SponsorLink project, added SponsorLink to Moq versions 4.20.0 and above. This move sent shock waves across the open source ecosystem largely for two reasons -- while Cazzulino has every right to change his project Moq, he did not notify the user base prior to bundling the dependency, and SponsorLink DLLs contain obfuscated code, making it is hard to reverse engineer, and not quite "open source."

"It seems that starting from version 4.20, SponsorLink is included," Germany-based software developer Georg Dangl reported referring to Moq's 4.20.0 release. "This is a closed-source project, provided as a DLL with obfuscated code, which seems to at least scan local data (git config?) and sends the hashed email of the current developer to a cloud service." The scanning capability is part of the .NET analyzer tool that runs during the build process, and is hard to disable, warns Dangl. "I can understand the reasoning behind it, but this is honestly pretty scary from a privacy standpoint."

SponsorLink describes itself as a means to integrate GitHub Sponsors into your libraries so that "users can be properly linked to their sponsorship to unlock features or simply get the recognition they deserve for supporting your project." GitHub user Mike (d0pare) decompiled the DLLs, and shared a rough reconstruction of the source code. The library, according to the analyst, "spawns external git process to get your email." It then calculates a SHA-256 hash of the email addresses and sends it to SponsorLink's CDN: hxxps://cdn.devlooped[.]com/sponsorlink. "Honestly Microsoft should blacklist this package working with the NuGet providers," writes Austin-based developer Travis Taylor. "The author can't be trusted. This was an incredibly stupid move that's just created a ton of work for lots of people." Following the backlash, Cazzulino updated the SponsorLink project's README with a lengthy "Privacy Considerations" section that clarifies that no actual email addresses, just their hashes, are being collected.

An anonymous reader quotes a report from ExtremeTech: Intel has introduced a telemetry collection service by default in the latest beta driver for its Arc GPUs. You can opt out of it, but we all know most people just click "yes" to everything during a software installation. Intel's release notes for the drivers don't mention this change to how its drivers work, which is a curious omission. News of Intel adding telemetry collection to its drivers is a significant change to how its GPU drivers work. Intel has even given this new collation routine a cute name -- the Intel Computing Improvement Program. Gee, that sounds pretty wonderful. We want to improve our computing, so let's dive into the details briefly.

According to TechPowerUp, which discovered the change, Intel has created a landing page for the program that explains what is collected and what isn't. At a high level, it states, "This program uses information about your computer's performance to make product improvements that may benefit you in the future." Though that sounds innocuous, Intel provides a long list of the types of data it collects, many unrelated to your computer's performance. Those include the types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites. It also collects information on "how you use your computer" but offers no details. It will also identify "Other devices in your computing environment." Numerous performance-related data points are also captured, such as your CPU model, display resolution, how much memory you have, and, oddly, your laptop's average battery life. The good news is that Intel allows you to opt out of this program, which is not the case with Nvidia. According to TechPowerUp, they don't even ask for permission! As for AMD, they not only give you a choice to opt out but they also explain what data they're collecting.

DARPA, the Pentagon agency that funds moonshot technology innovations, is hosting a two-year competition for artificial intelligence experts to create new ways to bolster the world's cybersecurity. From a report: The competition launches Wednesday at the cybersecurity conference Black Hat in Las Vegas. It asks participants to create tools that can be used by anyone to help identify and fix holes in software to keep hackers from exploiting them. It will dole out a total of $18.5 million to winners in different categories and will formally conclude at the Def Con hacker conference in Las Vegas in August 2025.

In a call to reporters Tuesday previewing the competition, Arati Prabhakar, director of the White House Office of Science and Technology Policy, said it was "a clarion call for all kinds of creative people and organizations to bolster the security of critical software that American families and businesses and all of our society relies on." U.S. organizations have been battered by hackers in recent years. During the Biden administration alone, federal agencies have been repeatedly breached by hackers allegedly working for Chinese and Russian intelligence services, which often find creative ways to break into common software programs and then use that access to spy on government activity around the world.

The US Supreme Court let Apple keep its App Store payment rules in place for the time being, rejecting an Epic Games request that would have let developers start directing iPhone users to other purchasing options. From a report: Justice Elena Kagan said she wouldn't let a federal appeals court decision take effect immediately, as Epic had sought. The 9th US Circuit Court of Appeals said earlier this year that Apple violated California's Unfair Competition Law by limiting the ability of developers to communicate about alternative payment systems, including purchases through the Epic Games Store.

Kagan, who gave no explanation, is the justice assigned to handle emergency matters from the San Francisco-based 9th Circuit. Kagan's rejection of Epic means Apple will get a reprieve from the 9th Circuit ruling, though perhaps only a temporary one. The appeals court put its decision on hold to give Apple time to file a Supreme Court appeal later this year, but the ruling will kick in if the justices refuse to hear the case.

An anonymous reader quotes a report from The Verge: Gizmodo editor-in-chief Daniel Ackerman has sued Apple and other parties over the 2023 Apple TV Plus film Tetris, alleging it rips off his 2016 book The Tetris Effect. Ackerman claims Apple, Tetris rightsholder the Tetris Company, the Tetris film's producers, and screenwriter Noah Pink copied "the exact same feel, tone, approach, and scenes" from The Tetris Effect -- particularly its framing of the game's release as a "Cold War spy thriller." Initially reported by Reuters, Ackerman's lawsuit (PDF) outlines a yearslong correspondence with the Tetris Company as he wrote The Tetris Effect. He claims that the Tetris Company was aware of his work and threatened him with legal action for trying to pursue film and TV adaptations of his own book, only to draw heavily from his framing of the Tetris story. "The film liberally borrowed numerous specific sections and events of the book," claims Ackerman.

Apple and the Tetris Company did not immediately respond to requests for comment from The Verge. But Ackerman's case may be difficult given the fact that Tetris and The Tetris Effect both draw on real historical facts, which are not generally protected by copyright law. As a result, the suit relies heavily on arguing that Tetris copies the feel of The Tetris Effect. (He also argues that some potential inventions of the film -- like a guide who turns out to be a secret KGB agent -- are based on speculations in his narrative.) "Ackerman's book took a unique approach to writing about the real history of Tetris, as it not only applied the historical record, but also layered his own original research and ingenuity to create a compelling narrative non-fiction book in the style of a Cold War spy thriller," the suit says. "Mr. Ackerman's literary masterpiece, unlike other articles and writings, dispelled of the emphasis on the actual gameplay and fans, and instead concentrated on the surrounding narrative, action sequences, and adversarial relationship between the players ... This was the identical approach Defendants adopted for the Tetris Film, without notable material distinction."

Ackerman says that he reached out after the Tetris trailer's release and unsuccessfully requested Apple and the other defendants address legal issues before the film's release. His suit alleges copyright infringement and unfair competition, among other offenses.

Long-time Slashdot reader SonicSpike shares a report from NBC News: A divided Supreme Court on Tuesday allowed the Biden administration to enforce regulations aimed at clamping down on so-called ghost guns -- firearm-making kits available online that people can assemble at home. The court, which has a 6-3 conservative majority, in a brief order (PDF) put on hold a July 5 ruling by a federal judge in Texas that blocked the regulations nationwide. The vote was 5-4, with conservatives Chief Justice John Roberts and Justice Amy Coney Barrett joining the three liberal justices in the majority.

The federal Bureau of Alcohol, Tobacco, Firearms and Explosives, commonly known as ATF, issued the regulations last year to tackle what it claims has been an abrupt increase in the availability of ghost guns. The guns are difficult for law enforcement to trace, with the administration calling them a major threat to public safety. The rule clarified that ghost guns fit within the definition of 'firearm' under federal law, meaning that the government has the power to regulate them in the same way it regulates firearms manufactured and sold through the traditional process. The regulations require manufacturers and sellers of the kits to obtain licenses, mark the products with serial numbers, conduct background checks and maintain records.

The White House on Tuesday held its first-ever cybersecurity "summit" on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports. PBS reports: At least 48 districts have been hit by ransomware attacks this year -- already three more than in all of 2022, according to the cybersecurity firm Emsisoft. All but 10 had data stolen, the firm reported. Typically, Russian-speaking foreign-based gangs steal the data -- sometimes including the Social Security numbers and financial data of district staff -- before activating network-encrypting malware then threaten to dump it online unless paid in cryptocurrency. "Last school year, schools in Arizona, California, Washington, Massachusetts, West Virginia, Minnesota, New Hampshire and Michigan were all victims of major cyber attacks," the deputy national security advisor for cyber, Anne Neuberger, told the summit.

An October 2022 report from the Government Accountability Office, a federal watchdog agency, found that more than 1.2 million students were affected in 2020 alone -- with lost learning ranging from three days to three weeks. Nearly one in three U.S. districts had been breached by the end of 2021, according to a survey by the Center for Internet Security, a federally funded nonprofit. "Do not underestimate the ruthlessness of those who would do us harm," said Homeland Security Secretary Alejandro Mayorkas during the summit, noting that even reports on suicide attempts have been dumped online by criminal extortionists and urging educators to avail themselves of federal resources already available.

Among measures announced at the summit: The Cybersecurity and Infrastructure Security Agency will step up tailored security assessments for the K-12 sector while technology providers, including Amazon Web Services, Google and Cloudflare, are offering grants and other support. A pilot proposed by Federal Communications Commission Chair Jessica Rosenworcel -- yet to be voted on by the agency -- would make $200 million available over three years to strengthen cyber defense in schools and libraries.

TSMC is committing $3.8 billion to establish its first European factory in Germany, benefiting from significant state support for the $11 billion project as Europe aims to shorten supply chains. Reuters reports: The plant, which will be TSMC's third outside of traditional manufacturing bases Taiwan and China, is central to Berlin's ambition to foster the domestic semiconductor industry its car industry will need to remain globally competitive. Germany, which has been courting the world's largest contract chipmaker since 2021, will contribute up to 5 billion euros to the factory in Dresden, capital of the eastern state of Saxony, German officials said.

"Germany is now probably becoming the major location for semiconductor production in Europe," German Chancellor Olaf Scholz said, less than two months after Intel announced a 30 billion euro plan to build two chip-making plants in the country. "That is important for the resilience of production structures around the world, but it is also important for the future viability of our European continent, and it is of course particularly important for the future viability of Germany."

TSMC said it would invest up to 3.499 billion euros into a subsidiary, European Semiconductor Manufacturing Company (ESMC), of which it will own 70%. Germany's Bosch and Infineon and the Netherlands' NXP (NXPI.O) will each own 10% of the plant, which will make up to 40,000 wafers a month for cars and industrial and home products when it opens in 2017. The factory will cost around 10 billion euros in total.

The UK's Electoral Commission revealed that a cyber attack granted access to the data of 40 million voters. It went unnoticed for a year and was not disclosed to the public for an additional 10 months. The Guardian reports: The Electoral Commission apologized for the security breach in which the names and addresses of all voters registered between 2014 and 2022 were open to "hostile actors" as far back as August 2021. The attack was discovered last October and reported within 72 hours to the Information Commissioner's Office (ICO), as well as the National Crime Agency. However, the public has only now been informed that the electoral registers containing the data of millions of voters may have been accessible throughout that time.

The Electoral Commission said it was "not able to know conclusively" what information had been accessed. It is not known whether the attackers were linked to a hostile state, such as Russia, or a criminal cyber gang. The watchdog said "much of the data" was already in the public domain and insisted it would be difficult for anyone to influence the outcome of the UK's largely paper-based electoral system, but it acknowledged that voters would still be concerned.

The attackers were able to access full copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations. These registers include the name and address of anyone in the UK who was registered to vote between 2014 and 2022. The commission's email system was also accessible during the attack. The full register held by the Electoral Commission contains name and address data that can be inspected by the public but only locally through electoral registration officers, with only handwritten notes allowed. The information is not permitted to be used for commercial or marketing purposes. The data of anonymous voters whose details are private for safety reasons and the addresses of overseas voters were not accessible to the intruders in the IT system. A spokesperson for the ICO, the UK's independent regulator on data protection, said: "The Electoral Commission has contacted us regarding this incident and we are currently making inquiries."

They added: "We recognize this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency. In the meantime, if anyone is concerned about how their data has been handled, they should get in touch with the ICO or check our website for advice and support."

A U.S. judge rejected Google's bid to dismiss a lawsuit claiming it invaded the privacy of millions of people by secretly tracking their internet use. From a report: U.S. District Judge Yvonne Gonzalez Rogers on Monday said she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet unit never explicitly told them it would. David Boies, a lawyer for the plaintiffs in the proposed $5 billion class action, called the decision "an important step in protecting the privacy interests of millions of Americans."

The plaintiffs alleged that Google's analytics, cookies and apps let the Mountain View, California-based company track their activity even when they set Google's Chrome browser to "Incognito" mode and other browsers to "private" browsing mode. They said this let Google learn enough about their friends, hobbies, favorite foods, shopping habits, and "potentially embarrassing things" they seek out online, becoming "an unaccountable trove of information so detailed and expansive that George Orwell could never have dreamed it."

An anonymous reader quotes a report from the New York Times: Rex Heuermann, the meticulous architectural consultant who the authorities say murdered three women and buried them on a Long Island beach more than a decade ago, may have been among the last of the dying breed of American serial killers. Even as serial killers came to inhabit a central place in the nation's imagination -- inspiring hit movies, television shows, books, podcasts and more -- their actual number was dwindling dramatically. There were once hundreds at large, and a spike in the 1970s and '80s terrified the country. Now only a handful at most are known to be active, researchers say. The techniques that led to the arrest of Mr. Heuermann, who has pleaded not guilty to the crimes, help explain the waning of serial killing, which the F.B.I. defines as the same person killing two or more victims in separate events at different times.

It is harder to hide. Rapid advances in investigative technology, video and other digital surveillance tools, as well as the ability to analyze mountains of information, quickly allow the authorities to find killers who before would have gone undetected. At the same time, Americans have adopted more cautious habits in their everyday lives -- hitchhiking, for example, is less common, and children are driven to and from school. That reduces easy targets. And, some theorize, those bent on killing now opt for spectacular mass murders. "The 'perfect crime' concept is more of a concept than it ever has been before," said Adam Scott Wandt, an assistant professor at John Jay College of Criminal Justice. More than a decade ago, prosecutors said, Mr. Heuermann tried to cover his digital tracks by communicating with victims using so-called burner phones, prepaid units purchased anonymously for temporary use. But thanks to exponential progress in technology since 2010, investigators were able not only to chart Mr. Heuermann's decade-old movements; they could also monitor exactly what he was searching online in recent months. They saw that he was using an anonymous account for internet queries like "Why could law enforcement not trace the calls made by the long island serial killer," prosecutors said. He had also been visiting massage parlors and contacting women working as escorts, they said.

The ubiquity of technology has made it harder to get away with murder, Mr. Wandt said. The amount of data people create in their daily lives is more than many can conceptualize, he said. Just by walking outside, people are now tracked by ever-present cameras, from Amazon's Ring units outside homes to surveillance at banks and retail stores, he said. Every use of a phone or computer creates streams of data that are collected directly on devices or immortalized on servers, he said. A concerted effort by the federal government to ensure that even the smallest police departments can use technology to their benefit has also helped give investigators an upper hand, Mr. Wandt said. In 1987, there were 198 known active serial killers -- people connected to at least two murders -- and 404 known victims across the United States, according to a report published three years ago by researchers who run Radford University and Florida Gulf Coast University's Serial Killer Database. By 2018, there were only 12 known serial killers and 44 victims, according to the report. "The big question is: Are they going underground and finding other techniques?â said Terence Leary, an associate professor in the psychology department at Florida Gulf Coast University and the team leader for the database.

He said that some serial murderers have killed for discrete periods before taking prolonged breaks: "Maybe they decided to give it up. Who knows?"

In a period of less than nine months, Google received requests to remove over a billion links to pirate sites from its search engine. This is a significant increase compared to recent years, but not necessarily a new trend. More than a quarter of all reported links, relating to a single website, were sent by MindGeek, the parent company of PornHub. TorrentFreak reports: Google first started to keep track of these takedown notices at the beginning of the last decade. In the spring of 2012, Google launched its Transparency Report which publishes all DMCA requests the company receives, including the targeted links and their senders. This provided fuel for hundreds of news reports as well as academic research. A few days ago, Google reached a new milestone when it processed the seven billionth removal request. It's a mind-boggling number that comes less than a year after the six billionth takedown was recorded.

Looking more closely at the timeline, we see that a billion URLs were reported to Google search in less than nine months. For comparison, it took twice as long to go from five to six billion, suggesting that the takedown volume picked up again after a previously reported decline. There's no denying the recent surge in reported links but much of the increase was generated by a single rightsholder in an effort to remove a particular pirate operation from Google search.

Around the start of the year MG Premium began to increase its takedown efforts. The company is an intellectual property vehicle of the MindGeek conglomerate, known for popular adult sites such as PornHub. One of MG Premium's main goals is to shut down âunlicensed' sites or at least make when unfindable. [...] The surge is clearly visible in the graph above and at times the company was averaging more than two million takedown requests per day. More recently the volume has come down a bit, but it's been a major contributor to Google's takedown uptick.

An anonymous reader shares a report: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there's no need to worry about that. Zoom execs swear the company won't actually train its AI on your video calls even though the Terms of Service still say it can.

The company's legal documents call your video, audio, and chat transcripts "Customer Content." When you click through Zoom's terms, you agree to give Zoom "perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights" to use that Customer Content for "machine learning, artificial intelligence, training, testing," and a variety of other product development purposes. The company reserves similar rights for "Service Generated Data," which includes telemetry data, product usage data, diagnostic data, and other information it gets from analyzing your content and behavior.

The Washington Post reports: California's newly empowered privacy regulators announced their first case Monday, a probe of the data practices of newer-generation cars that are often or always connected to the internet. The California Privacy Protection Agency said its enforcement division would review manufacturer's treatment of data collected from vehicles, including locations, smartphone connections and images from cameras.

The agency was established by a 2020 ballot initiative that toughened the California Consumer Privacy Act of 2018. As of July 1, it can conduct operations to enforce Californians' right to learn what is being collected about them, the right to stop that information from being spread and the right to have it deleted...

When combined with web surfing habits and other internet data collated by brokers, movement tracking can paint a full portrait that includes a person's home, workplace, shopping habits, religious attendance and medical treatments. Insurance companies also want data on how quickly drivers brake ahead of problems on the road, along with other performance indicators, and they are willing to pay to get it.
The Post notes that data is beamed to business partners of automakers under "vague privacy policies."

For storing passwords, Slashdot reader eggegick has a simple, easy solution: "I use Vim to keep my passwords in an encrypted file."

But what's the easiest solution for people who don't use Vim? My wife is not a Linux geek like I am, so she's using [free and open-source] KeePass. It's relatively simple to install and use, but I seem to recall it used to be even much simpler... Does anybody know of a really simple password manager or encrypting notepad?

I've looked at a number of them, and they use Java or Javascript, or they involve an external web site, or they have way too many features, or they use an installation program. Or Windows Defender objects to them.
Share your own suggestions and thoughts in the comments.

What's the best (encrypted) password manager?

An anonymous reader shared this report from the Associated Press: A judge has ordered criminal charges dropped against the final executive accused of lying about problems building two nuclear reactors in South Carolina that were abandoned without generating a watt of power. The judge tossed the charges Wednesday because ratepayers of the utility that lost billions of dollars on the project were improperly allowed on the grand jury that indicted Westinghouse Electric Co. executive Jeffrey Benjamin. But federal judge Mary Geiger Lewis also ruled that nothing is stopping prosecutors from properly seeking another indictment. "We're not going away," said assistant U.S. Attorney Winston Holliday, who said prosecutors are still reviewing the ruling to decide their next steps...

The project fell apart in 2017 after nearly a decade of work, when executives and regulators determined construction of the reactors was so hopelessly behind schedule they could not get nearly $2 billion of tax breaks needed to help pay for the work. SCANA contracted with Westinghouse to build the reactors. Prosecutors said Benjamin , who was in charge of major projects, knew of delays and cost overruns but lied to regulators, utility executives and others. The lies led to electric rate increases while keeping the price of SCANA's stock from plummeting...

Two former SCANA executives have been sentenced to federal prison after pleading guilty to their roles in lying to ratepayers, regulators and investors. Former CEO Kevin Marsh received two years while chief operating officer Stephen Byrne was sentenced to 15 months. Former Westinghouse project director Carl Churchman has pleaded guilty to lying to FBI agents investigating the project's failure and is awaiting sentencing.

The Washington Post reports: A federal judge said the Department of Justice's landmark case alleging Google's dominance over the online search business is anti-competitive can go ahead, throwing out some of the government's claims but ruling that a trial is still necessary.

Google had asked for the judge to make a ruling before the trial, which is scheduled for September.

Some of the government's claims, including those put together by a consortium of state attorneys general that argued the way Google designed its search engine page was unfairly harming competitors like Yelp, were dismissed. But D.C. District Court Judge Amit Mehta said the allegations that Google's overall business practices constitute a monopoly that violates the 1890 Sherman Antitrust Act still deserve a trial. "This is a significant victory for Google, knocking out several claims and narrowing the range of activities at issue for trial," said David Olson, an associate professor and antitrust expert at Boston College's law school. "Having said that, the strongest claims against Google remain, so Google still remains at risk of a significant antitrust ruling against it."

The trial will be a major test for Google and the massive business empire it has assembled over the past two decades. The company is still the dominant portal to the internet, exercising immense power over what people see online... The eventual ruling will also be seen as a test for the U.S. government's more aggressive posture on antitrust.

An anonymous reader quotes a report from ProPublica: The Environmental Protection Agency approved a component of boat fuel made from discarded plastic that the agency's own risk formula determined was so hazardous, everyone exposed to the substance continually over a lifetime would be expected to develop cancer. Current and former EPA scientists said that threat level is unheard of. It is a million times higher than what the agency usually considers acceptable for new chemicals and six times worse than the risk of lung cancer from a lifetime of smoking. Federal law requires the EPA to conduct safety reviews before allowing new chemical products onto the market. If the agency finds that a substance causes unreasonable risk to health or the environment, the EPA is not allowed to approve it without first finding ways to reduce that risk. But the agency did not do that in this case. Instead, the EPA decided its scientists were overstating the risks and gave Chevron the go-ahead to make the new boat fuel ingredient at its refinery in Pascagoula, Mississippi. Though the substance can poison air and contaminate water, EPA officials mandated no remedies other than requiring workers to wear gloves, records show.

ProPublica and the Guardian in February reported on the risks of other new plastic-based Chevron fuels that were also approved under an EPA program that the agency had touted as a "climate-friendly" way to boost alternatives to petroleum-based fuels. That story was based on an EPA consent order, a legally binding document the agency issues to address risks to health or the environment. In the Chevron consent order, the highest noted risk came from a jet fuel that was expected to create air pollution so toxic that 1 out of 4 people exposed to it over a lifetime could get cancer. In February, ProPublica and the Guardian asked the EPA for its scientists' risk assessment, which underpinned the consent order. The agency declined to provide it, so ProPublica requested it under the Freedom of Information Act. The 203-page risk assessment revealed that, for the boat fuel ingredient, there was a far higher risk that was not in the consent order. EPA scientists included figures that made it possible for ProPublica to calculate the lifetime cancer risk from breathing air pollution that comes from a boat engine burning the fuel. That calculation, which was confirmed by the EPA, came out to 1.3 in 1, meaning every person exposed to it over the course of a full lifetime would be expected to get cancer.

Another serious cancer risk associated with the boat fuel ingredient that was documented in the risk assessment was also missing from the consent order. For every 100 people who ate fish raised in water contaminated with that same product over a lifetime, seven would be expected to develop cancer -- a risk that's 70,000 times what the agency usually considers acceptable. When asked why it didn't include those sky-high risks in the consent order, the EPA acknowledged having made a mistake. This information "was inadvertently not included in the consent order," an agency spokesperson said in an email. [...] The risk assessment makes it clear that cancer is not the only problem. Some of the new fuels pose additional risks to infants, the document said, but the EPA didn't quantify the effects or do anything to limit those harms, and the agency wouldn't answer questions about them. Some of these newly approved toxic chemicals are expected to persist in nature and accumulate in living things, the risk assessment said. That combination is supposed to trigger additional restrictions under EPA policy, including prohibitions on releasing the chemicals into water. Yet the agency lists the risk from eating fish contaminated with several of the compounds, suggesting they are expected to get into water. When asked about this, an EPA spokesperson wrote that the agency's testing protocols for persistence, bioaccumulation and toxicity are "unsuitable for complex mixtures" and contended that these substances are similar to existing petroleum-based fuels. The EPA did address the concerns in June when it proposed a rule that "would require companies to contact the agency before making any of 18 fuels and related compounds listed in the Chevron consent order," notes ProPublica. "The EPA would then have the option of requiring tests to ensure that the oil used to create the new fuels doesn't contain unsafe contaminants often found in plastic, including certain flame retardants, heavy metals, dioxins and PFAS. If approved, the rule will require Chevron to undergo such a review before producing the fuels, according to the EPA."

Pirate eBook repository Z-Library has launched browser extensions that should make it easier for users to find the site if its current domains are seized in the future. While the site doesn't explicitly mention the U.S. Government crackdown, it likely plays a key role in the decision to make these extensions available. TorrentFreak reports: Since the shadow library is now well aware that its domain names could be taken away at any moment, numerous precautions are being taken to mitigate the risks. A few weeks ago, Z-Library released a dedicated desktop application that should make it easier to access the site. The software has the ability to redirect users to working domains and whenever necessary, connect over the Tor network, which also helps to evade blocking efforts. In an announcement this week, the operators of the shadow library unveiled new precautionary tools to redirect users to working domains, including any new ones, should they be needed.

The new browser extensions are available for both Chrome and Firefox and promise 'seamless access' to alternative domains in the event that existing ones run into trouble. "Say goodbye to searching for available domains, as this handy extension takes care of everything for you. Simplify your online library experience and enjoy seamless access to a world of knowledge, right at your fingertips. "After launching the extension, the process of searching for an available domain will begin. Within some seconds when the domain is found, you will be redirected to the library homepage," Z-Library explains.

While installing browser extensions should always happen with caution, in just a few hours thousands of Z-Library users have already installed the new software. According to the Chrome store, the Z-Library Finder currently has over 7,000 users. These extensions may indeed help to point users to new domain names, but the solution isn't bulletproof. The authorities may attempt to remove the listings from the Chrome and Firefox extension libraries, for example. Even if Z-Library decides to self-host these tools, they still rely on technical infrastructure that could be targeted in the future. That being said, the releases are still notable; it's rare to a service going full steam ahead in the face of an active criminal case.