Stephen Harrison, an Englishman living in Thailand who posed as chief executive Steven Reece Lewis for the launch of the HyperVerse crypto scheme, told the Guardian Australia that he was paid to play the role of chief executive but denies having 'pocketed' any of the money lost. He says he received 180,000 Thai baht (about $7,500) over nine months and a free suit, adding that he was "shocked" to learn the company had presented him as having fake credentials to promote the scheme. From the report: He said he felt sorry for those who had lost money in relation to the scheme -- which he said he had no role in -- an amount Chainalysis estimates at US$1.3 billion in 2022 alone. "I am sorry for these people," he said. "Because they believed some idea with me at the forefront and believed in what I said, and God knows what these people have lost. And I do feel bad about this. "I do feel deeply sorry for these people, I really do. You know, it's horrible for them. I just hope that there is some resolution. I know it's hard to get the money back off these people or whatever, but I just hope there can be some justice served in all of this where they can get to the bottom of this." He said he wanted to make clear he had "certainly not pocketed" any of the money lost by investors.

Harrison, who at the time was a freelance television presenter engaged in unpaid football commentary, said he had been approached and offered the HyperVerse work by a friend of a friend. He said he was new to the industry and had been open to picking up more work and experience as a corporate "presenter." "I was told I was acting out a role to represent the business and many people do this," Harrison said. He said he trusted his agent and accepted that. After reading through the scripts he said he was initially suspicious about the company he was hired to represent because he was unfamiliar with the crypto industry, but said he had been reassured by his agent that the company was legitimate. He said he had also done some of his own online research into the organization and found articles about the Australian blockchain entrepreneur and HyperTech chairman Sam Lee. "I went away and I actually looked at the company because I was concerned that it could be a scam," Harrison said. "So I looked online a bit and everything seemed OK, so I rolled with it." The HyperVerse crypto scheme was promoted by Lee and his business partner Ryan Xu, both of which were founders of the collapsed Australian bitcoin company Blockchain Global. "Blockchain Global owes creditors $58 million and its liquidator has referred Xu and Lee to the Australian Securities and Investments Commission for alleged possible breaches of the Corporations Act," reports The Guardian. "Asic has said it does not intend to take action at this time."

Rodney Burton, known as "Bitcoin Rodney," was arrested and charged in the U.S on Monday for his alleged role in promoting the HyperVerse crypto scheme. The IRS alleges Burton was "part of a network that made 'fraudulent' presentations claiming high returns for investors based on crypto-mining operations that did not exist," reports The Guardian.

Karl Bode, reporting for TechDirt: Back in 2019 we noted how the streaming sector risked driving consumers back to piracy if they didn't heed the lessons of the past. We explored how the rush to raise rates, nickel-and-dime users, implement arbitrary restrictions, and force users toward hunting and pecking their way through a confusing platter of exclusives and availability windows risked driving befuddled users back to piracy. And lo and behold, that's exactly what's happening.

After several decades of kicking and screaming, studio and music execs somewhere around 2010 finally realized they needed to offer users affordable access to easy-to-use online content resources. They finally realized they needed to compete with piracy and focus on consumer satisfaction whether they liked the concept or not. And unsurprisingly, once they learned that lesson piracy began to dramatically decrease. That was until 2021, when piracy rates began to climb slowly upward again in the U.S. and EU. As the Daily Beast notes, users have grown increasingly frustrated at having to hunt and peck through a universe of different, often terrible streaming services just to find a single film or television program.

As every last broadcaster, cable company, broadband provider, and tech company got into streaming they began to lock down "must watch" content behind an ever-shifting number of exclusivity silos, across an ocean of sometimes substandard "me too" services. Initially competition worked, but as the market saturated and the most powerful companies started to silo content, those benefits have been muted. Now users have to hunt and peck between Disney+, Netflix, Starz, Max, Apple+, Acorn, Paramount+, Hulu, Peacock, Amazon Prime, and countless other services in the hopes that a service has the rights to a particular film or program. When you already pay for five different services, you're not keen to sign up to fucking Starz just to watch a single 90s film. And availability is constantly shifting, confusing things further.

According to Bloomberg, Apple's AirDrop feature has been cracked by a Chinese state-backed institution to identify senders who share "undesirable content". MacRumors reports: AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.

According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. "It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.

It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.

With the approval of new rule change applications, the SEC is now allowing bitcoin ETFs to be traded in the United States.



UPDATE: The SEC said that the announcement about bitcoin ETFs on social media was incorrect, and that its X account was compromised. "The SEC's @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff," an SEC spokesperson told CNBC.

"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products," said SEC Chair Gary Gensler in a post on X. From the original CNBC article: The decision will likely lead to the conversion of the Grayscale Bitcoin Trust, which holds about $29 billion of the cryptocurrency, into an ETF, as well as the launch of competing funds from mainstream issuers like BlackRock's iShares. The approval could prove to be a landmark event in the adoption of cryptocurrency by mainstream finance, as the ETF structure gives institutions and financial advisors a familiar and regulated way to buy exposure to bitcoin.

The SEC has for years opposed a so-called spot bitcoin fund, with several firms filing and then withdrawing applications for ETFs in the past. SEC Chair Gary Gensler has been an outspoken critic of crypto during his tenure. However, the regulator appeared to change course on the ETF question in 2023, possibly due in part to an August loss to Grayscale in court which criticized the SEC for blocking bitcoin ETFs while allowing funds that track bitcoin futures.

The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users' sensitive location data, the federal regulator said Tuesday. From a report: The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and selling users' sensitive information to others. The settlement will also require the data broker to delete or destroy all the location data it previously collected, along with any products produced from this data, unless the company obtains consumer consent or ensures the data has been de-identified. X-Mode buys and sells access to the location data collected from ordinary phone apps. While just one of many organizations in the multibillion-dollar data broker industry, X-Mode faced scrutiny for selling access to the commercial location data of Americans' past movements to the U.S. government and military contractors. Soon after, Apple and Google told developers to remove X-Mode from their apps or face a ban from the app stores.

Press2ToContinue writes: England's 1,000-year-old legal system -- still steeped in traditions that include wearing wigs and robes -- has taken a cautious step into the future by giving judges permission to use artificial intelligence to help produce rulings . The Courts and Tribunals Judiciary last month said AI could help write opinions but stressed it shouldn't be used for research or legal analyses because the technology can fabricate information and provide misleading, inaccurate and biased information.

"Judges do not need to shun the careful use of AI," said Master of the Rolls Geoffrey Vos, the second-highest ranking judge in England and Wales. "But they must ensure that they protect confidence and take full personal responsibility for everything they produce." At a time when scholars and legal experts are pondering a future when AI could replace lawyers, help select jurors or even decide cases, the approach spelled out Dec. 11 by the judiciary is restrained. But for a profession slow to embrace technological change, it's a proactive step as government and industry -- and society in general -- react to a rapidly advancing technology alternately portrayed as a panacea and a menace.

Alphabet's Google is set to go before a federal jury in Boston on Tuesday in a trial over accusations that processors it uses to power AI technology in key products infringe a computer scientist's patents. From a report: Singular Computing, founded by Massachusetts-based computer scientist Joseph Bates, claims Google copied his technology and used it to support AI features in Google Search, Gmail, Google Translate and other Google services. A Google court filing said that Singular has requested up to $7 billion in monetary damages, which would be more than double the largest-ever patent infringement award in U.S. history.

Google spokesperson Jose Castaneda called Singular's patents "dubious" and said that Google developed its processors "independently over many years." "We look forward to setting the record straight in court," Castaneda said.

An anonymous reader quotes a report from Reuters: The administration of U.S. President Joe Biden will release a final rule as soon as this week that will make it more difficult for companies to treat workers as independent contractors rather than employees that typically cost a company more, an administration official said. The U.S. Department of Labor rule, which was first proposed in 2022 and is likely to face legal challenges, will require that workers be considered employees entitled to more benefits and legal protections than contractors when they are "economically dependent" on a company.

A range of industries will likely be affected by the rule, which will take effect later this year, but its potential impact on app-based services that rely heavily on contract workers has garnered the most attention. Shares of Uber, Lyft and DoorDash all tumbled at least 10% when the draft rule was proposed in October 2022. The rule is among regulations with the most far-reaching impacts issued by the Labor Department office that enforces U.S. wage laws, according to Marc Freedman, vice president at the U.S. Chamber of Commerce, the largest U.S. business lobby. But he said the draft version of the rule provides little guidance to companies on where to draw the line between employees and contractors. "Economic dependence is an elusive concept that in some cases may end up being defined by the eyes of the beholder," Freedman said.

The Labor Department in the proposed rule said it would consider factors such as a worker's "opportunity for profit or loss, investment, permanency, the degree of control by the employer over the worker, (and) whether the work is an integral part of the employer's business." The rule replaces a Trump administration regulation that said workers who own their own businesses or have the ability to work for competing companies, such as a driver who works for Uber and Lyft, can be treated as contractors. [...] The Biden administration has said the Trump-era rule violated U.S. wage laws and was out of step with decades of federal court decisions, and worker advocates have said a more strict standard was necessary to combat the rampant misclassification of workers in some industries.

"The famed and mysterious disappearance of D.B. Cooper has puzzled investigators for over half a century," writes a Seattle TV station. Now new evidence is coming to light in the supposed "skyjacking," after a microscopic piece of metal found on D. B. Cooper's tie could help reveal his true identity. "Considering the totality of all that has been uncovered in the last year with respect to DB Cooper's tie, I can say with a very high degree of certainty that DB Cooper worked for Crucible Steel," said independent investigator Eric Ulis.
"I would not be surprised at all if 2024 was the year we figure out who this guy was," Ulis told another local Seattle news station: This particle is part stainless steel, part titanium... 18 months ago, Ulis used U.S. patents to trace three of these fragments from the same very tie to a specific plant in Pennsylvania, Crucible Steel. "Headquartered in the suburbs of Pittsburgh, a significant subcontractor all throughout the 1960s," said Ulis. "It supplied the lion's share of titanium and stainless steel for Boeing's aircraft...."

Ulis claims evidence points to Cooper having in-depth knowledge of the 727 he hijacked, and of the Seattle area. Workers at Crucible Steel were known to travel and visit their contractor, Boeing. "This is also the time, 1971, when Boeing had this significant downturn, the big depression, with 'The last person leaving Seattle, please turn out the lights' [billboard sign]," said Ulis. "It's reasonable to deduce that D. B. Cooper may well have been part of that downturn."

Ulis admits his findings are not yet concrete. He's not crossing any suspects off the list. However, he believes from what he's seen, all roads lead to titanium research engineer Vince Peterson from Pittsburgh.
It all reminds me of that episode of Prison Break where they suspect one of the prisoners is secretly D.B. Cooper...

Today America's Federal Aviation Administration "ordered the temporary grounding of Boeing 737 Max 9 aircraft," reports CNN, identifying the aircraft as "the model involved in an Alaska Airlines emergency landing in Oregon on Friday after a section of the plane apparently blew out in midflight." A passenger's video posted to social media shows a side section of the fuselage, where a window would have been, missing — exposing passengers to the outside air. The video, which appears to have been taken from several rows behind the incident, shows oxygen masks deployed throughout the airplane, and least two people sitting near and just behind the missing section...

The plane "landed safely back at Portland International Airport with 171 guests and six crew members," the airline said... According to FlightAware, the flight was airborne for about 20 minutes.
"There was a really loud bang toward the rear of the plane and a whoosh noise," one passenger told a local news station — and then "all of the masks dropped."

Long-time Slashdot reader ArchieBunker shares more details from the BBC: Diego Murillo said the gap was "as wide as a refrigerator".

Fellow passenger Elizabeth Lee added: "Part of the plane was missing and the wind was just extremely loud. but everyone was in their seats and had their belt on."

Jessica Montoia described the flight as a "trip from hell" adding a phone was taken out of a man's hand by the wind.
CNN covers the federal response: The FAA said the planes must be parked until emergency inspections are performed, which will "take around four to eight hours per aircraft."

"The FAA is requiring immediate inspections of certain Boeing 737 MAX 9 planes before they can return to flight," FAA Administrator Mike Whitaker said Saturday in a statement. "Safety will continue to drive our decision-making as we assist the (National Transportation Safety Board's) investigation into Alaska Airlines Flight 1282." The order impacts 171 Boeing 737 Max 9 jets, the agency approximates....

Boeing said the company supported the FAA's grounding decision. "Safety is our top priority and we deeply regret the impact this event has had on our customers and their passengers," Boeing said in a statement
Thanks to long-time Slashdot reader lsllll for sharing the news.

CNN reports that some Verizon customers "might have found an unexpected surprise in the mail this week: An opportunity to receive a refund as part of a proposed $100 million settlement from a class-action lawsuit." Eligible customers are receiving postcards or emails alerting them to file a claim by April 15 to receive up to $100, which is the result of the lawsuit accusing Verizon of charging fees that were "unfair and not adequately disclosed."

At issue is Verizon's "administrative charge," which the plaintiffs said were "misleading" because that fee wasn't disclosed in their plan's advertised monthly price and were charged in a "deceptive and unfair manner." Verizon has denied the claims and said in a statement that it "clearly identifies and describes its wireless consumer admin charge multiple times during the sales transaction, as well as in its marketing, contracts and billing." A company spokesperson said that the charge "helps our company recover certain regulatory compliance and network related costs."
"The payout is at least $15," adds CNN, "and might be more depending on how long the customer used Verizon and the number of customers who file a claim."

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.

The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."

Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.

An anonymous reader quotes a report from the New York Times: The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company's strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter. The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company's devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active. Specifically, investigators have examined how the Apple Watch works better with the iPhone than with other brands, as well as how Apple locks competitors out of its iMessage service. They have also scrutinized Apple's payments system for the iPhone, which blocks other financial firms from offering similar services, these people said.

The Justice Department is closing in on what would be the most consequential federal antitrust lawsuit challenging Apple, which is the most valuable tech company in the world. If the lawsuit is filed, American regulators will have sued four of the biggest tech companies for monopolistic business practices in less than five years. The Justice Department is currently facing off against Google in two antitrust cases, focused on its search and ad tech businesses, while the Federal Trade Commission has sued Amazon and Meta for stifling competition. The Apple suit would likely be even more expansive than previous challenges to the company, attacking its powerful business model that draws together the iPhone with devices like the Apple Watch and services like Apple Pay to attract and keep consumers loyal to its products. Rivals have said that they have been denied access to key Apple features, like the Siri virtual assistant, prompting them to argue the practices are anticompetitive.

Google is collecting the eyelid shape and skin tone of children via parent submitted videos, according to a project description online reviewed by 404 Media. From the report: Canadian tech conglomerate TELUS, which says it is working on Google's behalf, is offering parents $50 to film their children wearing various props such as hats or sunglasses as part of the project, the description adds. The project shows the methods some companies are using to build machine learning, artificial intelligence, or facial recognition datasets and products. Rather than scraping already existing images or analyzing previously collected material, TELUS, and by extension Google, is asking the public to contribute directly and get paid in return. Google told 404 Media the collection was part of the company's efforts to verify users' age.

A cartel in the embattled central Mexico state of Michoacan set up its own makeshift internet antennas and told locals they had to pay to use its wifi service or they would be killed, according to prosecutors. New submitter awwshit shares a story: Dubbed "narco-antennas" by local media, the cartel's system involved internet antennas set up in various towns built with stolen equipment. The group charged approximately 5,000 people elevated prices between 400 and 500 pesos ($25 and $30) a month, the Michoacan state prosecutor's office told the Associated Press. That meant the group could rake in about $150,000 a month. People were terrorized "to contract the internet services at excessive costs, under the claim that they would be killed if they did not," prosecutors said, though they did not report any such deaths. Local media identified the criminal group as a faction known as Los Viagras. Prosecutors declined to say which cartel was involved because the case was still under investigation, but they confirmed Los Viagras dominates the towns forced to make the wifi payments.

Alex Hern reports via the Guardian: The email newsletter service Substack is facing a user revolt after its chief executive defended hosting and handling payments for "Nazis" on its platform, citing anti-censorship reasons. In a note on the site published in December, the chief executive, Hamish McKenzie, said the firm "doesn't like Nazis," and wished "no one held these views." But he said the company did not think that censorship -- by demonetising sites that publish extreme views -- was a solution to the problem, and instead made it worse. Some of the largest newsletters on the service have threatened to take their business elsewhere if Substack does not reverse its stance.

On Tuesday Casey Newton, who writes Platformer -- a popular tech newsletter on the platform with thousands of subscribers paying at least $10 a month -- became the most prominent yet. [...] Substack takes a 10% cut of subscriptions from paid newsletters, meaning the loss of Platformer alone could represent six figures of revenue. Other newsletters have already made the jump. Talia Lavin, a journalist with thousands of paid subscribers on her newsletter The Sword and the Sandwich, moved to a competing service, Buttondown, on Tuesday. Substack's leadership team said in a statement: "As we face growing pressure to censor content published on Substack that to some seems dubious or objectionable, our answer remains the same: we make decisions based on principles not PR, we will defend free expression, and we will stick to our hands-off approach to content moderation."

Alexander Martin reports via The Record: The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country's armed forces after a neighbor alerted the police to the message 'Slava Ukraini' scrolling across their LED curtains. When police went to the scene, they saw the garland which the owner had hung in celebration of the New Year and a "slogan glorifying the Armed Forces of Ukraine," as a spokesperson for the Ministry of Internal Affairs told state-owned news agency TASS. The apartment owner said the garland was supposed to display a "Happy New Year" greeting, TASS reported.

Several other people in Russia described a similar experience on the AlexGyver web forum, linked to a DIY blog popular in the country. They said at the stroke of midnight on New Year's Eve, their LED curtains also began to show the "Glory to Ukraine" message in Ukrainian. It is not clear whether any of these other posters were also arrested. The man in Veliky Novgorod will have to defend his case in court, according to TASS. Police have seized the curtain itself.

An independent investigation into the cause of the message by the AlexGyver forum users found that affected curtains all used the same open-source firmware code. The original code appears to have originated in Ukraine before someone created a fork translated into Russian. According to the Telegram channel for AlexGyver, the code had been added to the original project on October 18, and then in December the people or person running the fork copied and pasted that update into their own version. "Everyone who downloaded and updated the firmware in December received a gift," the Telegram channel wrote. The message was "really encrypted, hidden from the 'reader' of the code, and is displayed on the first day of the year exclusively for residents of Russia by [geographic region]."

A federal criminal complaint has revealed that state and local agencies in New Jersey bought millions of dollars worth of banned Chinese surveillance cameras. The cameras were purchased from a local company that rebranded the banned equipment made by Dahua Technology, a company that has been implicated in the surveillance of the Uyghur people in Xinjiang. According to 404 Media, "At least $15 million of the equipment was bought using federal COVID relief funds." From the report: The feds charged Tamer Zakhary, the CEO of the New Jersey-based surveillance company Packetalk, with three counts of wire fraud and a separate count of false statements for repeatedly lying to state and local agencies about the provenance of his company's surveillance cameras. Some of the cameras Packetalk sold to local agencies were Dahua cameras that had the Dahua logo removed and the colors of the camera changed, according to the criminal complaint.

Dahua Technology is the second largest surveillance camera company in the world. In 2019, the U.S. government banned the purchase of Dahua cameras using federal funds because their cameras have "been implicated in human rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uyghurs, Kazakhs, and other members of Muslim minority groups in Xingjiang." The FCC later said that Dahua cameras "pose an unacceptable risk to U.S. national security." Dahua is not named in the federal complaint, but [404 Media's Jason Koebler] was able to cross-reference details in the complaint with Dahua and was able to identify specific cameras sold by Packetalk to Dahua's product.

According to the FBI, Zakhary sold millions of dollars of surveillance equipment, including rebranded Dahua cameras, to agencies all over New Jersey despite knowing that the cameras were illegal to sell to public agencies. Zakhary also specifically helped two specific agencies in New Jersey (called "Victim Agency-1" and "Victim Agency-2" in the complaint) justify their purchases using federal COVID relief money from the CARES Act, according to the criminal complaint. The feds allege, essentially, that Zakhary tricked local agencies into buying banned cameras using COVID funds: "Zakhary fraudulently misrepresented to the Public Safety Customers that [Packetalk's] products were compliant with Section 889 of the John S. McCain National Defense Authorization Act for 2019 [which banned Dahua cameras], when, in fact, they were not," the complaint reads. "As a result of Zakhary's fraudulent misrepresentations, the Public Safety Customers purchased at least $35 million in surveillance cameras and equipment from [Packetalk], over $15 million of which was federal funds and grants."

An anonymous reader quotes a report from TechCrunch: Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. "Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers. The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing. From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe's DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform. In other words, by hacking into only 14,000 customers' accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked.

But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said that "users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe." "Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures," the letter reads. [...] 23andMe's lawyers argued that the stolen data cannot be used to inflict monetary damage against the victims. "The information that was potentially accessed cannot be used for any harm. As explained in the October 6, 2023 blog post, the profile information that may have been accessed related to the DNA Relatives feature, which a customer creates and chooses to share with other users on 23andMe's platform. Such information would only be available if plaintiffs affirmatively elected to share this information with other users via the DNA Relatives feature. Additionally, the information that the unauthorized actor potentially obtained about plaintiffs could not have been used to cause pecuniary harm (it did not include their social security number, driver's license number, or any payment or financial information)," the letter read. "This finger pointing is nonsensical," said Zavareei. "23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing -- especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform."

"The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe's platform, not because they used recycled passwords," added Zavareei. "Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe's attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever."

An anonymous reader quotes a report from Gizmodo: Facebook recently rolled out a new "Link History" setting that creates a special repository of all the links you click on in the Facebook mobile app. Users can opt-out, but Link History is turned on by default, and the data is used for targeted ads. The company pitches Link History as a useful tool for consumers "with your browsing activity saved in one place," rather than another way to keep tabs on your behavior. With the new setting you'll "never lose a link again," Facebook says in a pop-up encouraging users to consent to the new tracking method. The company goes on to mention that "When you allow link history, we may use your information to improve your ads across Meta technologies."

Facebook promises to delete the Link History it's created for you within 90 days if you turn the setting off. According to a Facebook help page, Link History isn't available everywhere. The company says it's rolling out globally "over time." This is a privacy improvement in some ways, but the setting raises more questions than it answers. Meta has always kept track of the links you click on, and this is the first time users have had any visibility or control over this corner of the company's internet spying apparatus. In other words, Meta is just asking users for permission for a category of tracking that it's been using for over a decade. Beyond that, there are a number of ways this setting might give users an illusion of privacy that Meta isn't offering. "The Link History doesn't mention anything about the invasive ways Facebook monitors what you're doing once you visit a webpage," notes Gizmodo's Thomas Germain. "It seems the setting only affects Meta's record of the fact that you clicked a link in the first place. Furthermore, Meta links everything you do on Facebook, Instagram, WhatsApp, and its other products. Unlike several of Facebook's other privacy settings, Link History doesn't say that it affects any of Meta's other apps, leaving you with the data harvesting status quo on other parts of Mark Zuckerberg's empire."

"Link History also creates a confusing new regime that establishes privacy settings that don't apply if you access Facebook outside of the Facebook app. If you log in to Facebook on a computer or a mobile browser instead, Link History doesn't protect you. In fact, you can't see the Link History page at all if you're looking at Facebook on your laptop."