An anonymous reader quotes a report from Gizmodo: For 20 years, a loosely organized group of Wikipedia editors toiled away curating a collection of 15,000 articles on a single subject: the roads and highways of the United States. Despite minor disagreements, the US Roads Project mostly worked in harmony, but recently, a long-simmering debate over the website's rules drove this community to the brink. Efforts at compromise fell apart. There was a schism, and in the fall of 2023, the editors packed up their articles and moved over to a website dedicated to roads and roads alone. It's called AARoads, a promised land where the editors hope, at last, that they can find peace. "Roads are a background piece. People drive on them every day, but they don't give them much attention," said editor Michael Gronseth, who goes by Imzadi1979 on Wikipedia, where he dedicated his work to Michigan highways, specifically. But a road has so much to offer if you look beyond the asphalt. It's the nexus of history, geography, travel, and government, a seemingly perfect subject for the hyper-fixations of Wikipedia. "But there was a shift about a year ago," Gronseth said. "More editors started telling us that what we're doing isn't important enough, and we should go work on more significant topics." [...]

The Roads Project had a number of adversaries, but the chief rival is a group known as the New Page Patrol, or the NPP for short. The NPP has a singular mission. When a new page goes up on Wikipedia, it gets reviewed by the NPP. The Patrol has special editing privileges and if a new article doesn't meet the website's standards, the NPP takes it down. "There's a faction of people who feel that basically anything is valid to be published on Wikipedia. They say, 'Hey, just throw it out there! Anything goes.' That's not where I come down." said Bil Zeleny, a former member of the NPP who goes by onel5969 on Wikipedia, a reference to the unusual spelling of his first name. At his peak, Zeleny said he was reviewing upwards of 100,000 articles a year, and he rejected a lot of articles about roads during his time. After years of frustration, Zeleny felt he was seeing too many new road articles that weren't following the rules -- entire articles that cited nothing other than Google Maps, he said. Enough was enough. Zeleny decided it was time to bring the subject to the council.

Zeleny brought up the problem on the NPP discussion forum, sparking months of heated debate. Eventually, the issue became so serious that some editors proposed an official policy change on the use of maps as a source. Rule changes require a process called "Request for Comment," where everyone is invited to share their thoughts on the issue. Over the course of a month, Wikipedia users had written more than 56,000 words on the subject. For reference, that's about twice as long as Ernest Hemingway's novel The Old Man and the Sea. In the end, the roads project was successful. The vote was decisive, and Wikipedia updated its "No Original Research" policy to clarify that it's ok to cite maps and other visual sources. But this, ultimately, was a victory with no winners. "Some of us felt attacked," Gronseth said. On the US Roads Project's Discord channel, a different debate was brewing. The website didn't feel safe anymore. What would happen at the next request for comment? The community decided it was time to fork. "We don't want our articles deleted. It didn't feel like we had a choice," he said.

The Wikipedia platform is designed for interoperability. If you want to start your own Wiki, you can split off and take your Wikipedia work with you, a process known as "forking." [...] Over the course of several months, the US Roads Project did the same. Leaving Wikipedia was painful, but the fight that drove the roads editors away was just as difficult for people on the other side. Some editors embroiled in the roads fights deleted their accounts, though none of these ex-Wikipedian's responded to Gizmodo's requests for comment. Bil Zeleny was among the casualties. After almost six years of hard work on the New Post Patrol, he reached the breaking point. The controversy had pushed him too far, and Zeleny resigned from the NPP. [...] AARoads actually predates Wikipedia, tracing its origins all the way back to the prehistoric internet days of the year 2000, complete with articles, maps, forums, and a collection of over 10,000 photos of highway signs and markers. When the US Roads Project needed a new home, AARoads was happy to oblige. It's a beautiful resource. It even has backlinks to relevant non-roads articles on the regular Wikipedia. But for some, it isn't home. "There are members who disagree with me, but my ultimate goal is to fork back," said Gronseth. "We made our articles license-compatible, so they can be exported back to Wikipedia someday if that becomes an option. I don't want to stay separate. I want to be part of the Wikipedia community. But we don't know where things will land, and for now, we've struck out on our own."

An anonymous reader quotes a report from TechCrunch: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users' access to their Facebook, Google and TikTok accounts. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. YX International claims to send 5 million SMS text messages daily. But the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database's public IP address.

Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world's largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. The database had monthly logs dating back to July 2023 and was growing in size by the minute. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. The database went offline a short time later.

Stack Overflow has launched an API that will require all AI models trained on its coding question-and-answer content to attribute sources linking back to its posts. And it will cost money to use the site's content. From a report: "All products based on models that consume public Stack Overflow data are required to provide attribution back to the highest relevance posts that influenced the summary given by the model," it confirmed in a statement. The Overflow API is designed to act as a knowledge database to help developers build more accurate and helpful code-generation models. Google announced it was using the service to access relevant information from Stack Overflow via the API and integrate the data with its latest Gemini models, and for its cloud storage console.

Google is cracking down on rooted Android devices, blocking multiple people from using the RCS message feature in Google Messages. From a report: Users with rooted phones -- a process that unlocks privileged access to the Android operating system, like jailbreaking iPhones -- have made several reports on the Google Messages support page, Reddit, and XDA's web forum over the last few months, finding they're suddenly unable to send or receive RCS messages. One example from Reddit user u/joefuf shows that RCS messages would simply vanish after hitting the send button. Several reports also mention that Google Messages gave no indication that RCS chat was no longer working, and was still showing as connected and working in Google Messages. In a statement sent to the Verge where we asked if Google is blocking rooted devices from using RCS, Google communications manager Ivy Hunt said the company is "ensuring that message-issuing/receiving devices are following the operating measures defined by the RCS standard" in a bid to prevent spam and abuse on Google Messages. In other words, yes, Google is blocking RCS on rooted devices.

An anonymous reader shares a report: Google pulled more than a dozen popular Indian apps including recruitment platform Naukri, matrimony service Shaadi, audio storytelling platforms Kuku FM and Stage and real-estate manager 99acres from Play Store on Friday after warning that it will be taking actions against developers who have persistently not complied with its billing policies, escalating a three-year dispute in what is the company's largest market by users. Google said that 10 companies in the country, including "many well-established" names it did not disclose, had avoided paying fees despite benefiting from the platform.

The Android-maker, owned by Alphabet, said a small group of developers in India had more than three years to prepare and comply with Play Store's payments policy but opted against it. These firms continue to comply with payment policies of other app stores, Google said. Some Android apps of matrimony platforms Shaadi, Matrimony.com and Bharat Matrimony were pulled from the Play Store Friday. Info Edge's Naukri and 99acres, audio storytelling apps Kuku FM and Stage, Alt Balaji's Altt, dating service Quack Quack were also axed from the store.

Murugavel Janakiraman, chief executive of Bharat Matrimony, said Google had pulled about 10 of the Indian firm's apps from the store. Bharat Matrimony is evaluating legal options, he told TechCrunch, adding that he believes Google has violated an Indian antitrust watchdog's order in its removal of the apps today. It's a "dark day for the India internet," he added. Lal Chand Bisu, co-founder and chief executive of Kuku FM lambasted at Google, saying the Android-maker had turned "the most evil" partner to do business with and the Indian startup ecosystem was "completely" in its control.

Elon Musk has sued OpenAI, its co-founders Sam Altman and Greg Brockman and affiliated entities, alleging the ChatGPT makers have breached their original contractual agreements by pursuing profits instead of the non-profit's founding mission to develop AI that benefits humanity. TechCrunch: Musk, a co-founder and early backer of OpenAI, claims Altman and Brockman convinced him to help found and bankroll the startup in 2015 with promises it would be a non-profit focused on countering the competitive threat from Google. The founding agreement required OpenAI to make its technology "freely available" to the public, the lawsuit alleges.

The lawsuit, filed in a court in San Francisco late Thursday, says that OpenAI, the world's most valuable AI startup, has shifted to a for-profit model focused on commercializing its AGI research after partnering with Microsoft, the world's most valuable company that has invested about $13 billion into the startup. "In reality, however, OpenAI, Inc. has been transformed into a closed-source de facto subsidiary of the largest technology company in the world: Microsoft. Under its new board, it is not just developing but is actually refining an AGI to maximize profits for Microsoft, rather than for the benefit of humanity," the lawsuit adds. "This was a stark betrayal of the Founding Agreement."

Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds."

SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code."

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023.

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.

An anonymous reader shares a report: Google is introducing improvements to search suggestions in Chrome, the company announced today. As part of the changes, users will start to get more helpful search suggestions in Chrome based on what others are searching for, see more images for suggested searches and find search suggestions even with a poor connection.

Search suggestions are the drop-down list of suggested completions that appear before you finish typing out your query in Google. The feature generates predictions to help users save time and speed up their search. With these new updates, Google is expanding the availability of search suggestions and using them to boost inspiration. When users are signed into Chrome on desktop and open a new tab, they will now start to see suggestions in the search box related to their previous searches based on what other people are searching for.

Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. From a report: On Thursday, the non-profit Consumer Reports published research that detailed four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China, which makes cameras branded as EKEN, but also, apparently, Tuck and other brands. These relatively cheap doorbell cameras were available on online marketplaces like Walmart and Temu, which removed them from sale after Consumer Reports reached out to the companies to flag the problems. These doorbell cameras are, however, still available elsewhere.

According to Consumer Reports, the most impactful issue is that if someone is in close proximity to a EKEN doorbell camera, they can take "full control" of it by simply downloading its official app -- called Aiwit -- and putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds. Aiwit's app has more than a million downloads on Google Play, suggesting it is widely used. At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell's camera.

Apple plans to disclose more about its plans to put generative AI to use later this year, Chief Executive Officer Tim Cook said during the company's annual shareholder meeting on Wednesday. From a report: Cook said that the iPhone maker sees "incredible breakthrough potential for generative AI, which is why we're currently investing significantly in this area. We believe that will unlock transformative opportunities for users when it comes to productivity, problem solving and more."

Apple has been slower in rolling out generative AI, which can generate human-like responses to written prompts, than rivals such as Microsoftand Alphabet's Google, which are weaving them into products. On Wednesday, Cook argued that AI is already at work behind the scenes in Apple's products but said there would be more news on explicit AI features later this year. Bloomberg previously reported Apple plans to use AI to improve the ability to search through data stored on Apple devices. "Every Mac that is powered by Apple silicon is an extraordinarily capable AI machine. In fact, there's no better computer for AI on the market today," Cook said.

An anonymous reader shares a report (paywalled): As Google grapples with the backlash over the historically inaccurate responses on its Gemini chatbot, Meta Platforms is dealing with a related issue. As part of its work on the forthcoming version of its large language model, Llama 3, Meta is trying to overcome a problem perceived in Llama 2: Its answers to anything at all contentious aren't helpful. Safeguards added to Llama 2, which Meta released last July and which powers the artificial intelligence assistant in its apps, prevent the LLM from answering a broad range of questions deemed controversial. These guardrails have made Llama 2 appear too "safe" in the eyes of Meta's senior leadership, as well as among some researchers who worked on the model itself, according to people who work at Meta.

[...] Meta's conservative approach with Llama 2 was designed to ward off any public relations disasters, said the people who work at Meta. But researchers are now trying to loosen up Llama 3 so it engages more with users when they ask about difficult topics, offering context rather than just shutting down tricky questions, said two of the people who work at Meta. The new version of the model will in theory be able to better distinguish when a word has multiple meanings. For example, Llama 3 might understand that a question about how to kill a vehicle's engine means asking how to shut it off rather than end its life. Meta also plans to appoint someone internally in the coming weeks to oversee tone and safety training as part of its efforts to make the model's responses more nuanced, said one of the people. The company plans to release Llama 3 in July, though the timeline could still change, they added.

Google CEO Sundar Pichai addressed the company's Gemini controversy Tuesday evening, calling the AI app's problematic responses around race unacceptable and vowing to make structural changes to fix the problem. The memo: I want to address the recent issues with problematic text and image responses in the Gemini app (formerly Bard). I know that some of its responses have offended our users and shown bias -- to be clear, that's completely unacceptable and we got it wrong.

Our teams have been working around the clock to address these issues. We're already seeing a substantial improvement on a wide range of prompts. No AI is perfect, especially at this emerging stage of the industry's development, but we know the bar is high for us and we will keep at it for however long it takes. And we'll review what happened and make sure we fix it at scale.

Our mission to organize the world's information and make it universally accessible and useful is sacrosanct. We've always sought to give users helpful, accurate, and unbiased information in our products. That's why people trust them. This has to be our approach for all our products, including our emerging AI products.

We'll be driving a clear set of actions, including structural changes, updated product guidelines, improved launch processes, robust evals and red-teaming, and technical recommendations. We are looking across all of this and will make the necessary changes.

Even as we learn from what went wrong here, we should also build on the product and technical announcements we've made in AI over the last several weeks. That includes some foundational advances in our underlying models e.g. our 1 million long-context window breakthrough and our open models, both of which have been well received.

We know what it takes to create great products that are used and beloved by billions of people and businesses, and with our infrastructure and research expertise we have an incredible springboard for the AI wave. Let's focus on what matters most: building helpful products that are deserving of our users' trust.

Alphabet's Google Cloud on Monday ramped up its criticism of Microsoft's cloud computing practices, saying its rival is seeking a monopoly that would harm the development of emerging technologies such as generative AI. From a report: "We worry about Microsoft wanting to flex their decade-long practices where they had a lot of monopoly on the on-premise software before and now they are trying to push that into cloud now," Google Cloud Vice President Amit Zavery said in an interview. "So they are creating this whole walled garden, which is completely controlled and owned by Microsoft, and customers who want to do any of this stuff, you have to go to Microsoft only," he said.

"If Microsoft cloud doesn't remain open, we will have issues and long-term problems, even in next generation technologies like AI as well, because Microsoft is forcing customers to go to Azure in many ways," Zavery said, referring to Microsoft's cloud computing platform. He urged antitrust regulators to act. "I think regulators need to provide some kind of guidance as well as maybe regulations which prevent the way Microsoft is building the Azure cloud business, not allow your on-premise monopoly to bring it into the cloud monopoly," Zavery said.

Almost 3 years after launching the first OnePlus Watch, the Chinese smartphone company is launching a successor -- this time powered by Wear OS 4. Utilizing a "hybrid interface," the OnePlus Watch 2 is able to offer 100 hours of battery life, or just over four full days of use. 9to5Google reports: To achieve that goal, the OnePlus Watch 2 actually runs two separate operating systems. Wear OS handles things like apps and watchfaces, while a RTOS powered by a secondary chipset handles more lightweight tasks. A "smart mode" on the watch allows the watch swap back and forth between its two operating systems and two chipsets. Wear OS is powered by the Snapdragon W5 Gen 1 and it is Wear OS 4. The RTOS is powered by a BES 2700 MCU Efficiency chipset.

Switching between the two OS's is something you're likely to not even notice, OnePlus claims: "The BES2700 Efficiency Chipset runs RTOS and handles background activity and simple tasks, while the Snapdragon W5 handles more demanding tasks, like running your favorite Google apps. This optimized approach, enabled by the Wear OS hybrid interface seamlessly managing the transition between chips, means users will experience a smartwatch that effortlessly does it all while extending the time between charges."

Powering the Watch 2 is a 500 mAh battery which features 7.5W charging with a special charger that connects to a typical USB-C cable. The charger is magnetic, of course, and OnePlus claims a full charge in 60 minutes or less. The 1.43-inch AMOLED display of the OnePlus Watch 2 is covered in a slightly curved sapphire glass, while the watch chassis is built from stainless steel. You'll have the choice of black or silver colors with either black or green bands, respectively. The whole package is also 5ATM water resistant. Rounding out the main specs you'll find 32GB of storage and 2GB of RAM. The OnePlus Watch 2 goes on sale today at $299.

Microsoft offered to sell its Bing search engine to Apple in 2018, Google said in a court filing earlier this month. The document, from Google's antitrust case against the U.S. Justice Department, was unsealed on Friday. From a report: In the filing earlier this month, Google argued that Microsoft pitched Apple in 2009, 2013, 2015, 2016, 2018 and 2020 about making Bing the default in Apple's Safari web browser, but each time, Apple said no, citing quality issues with Bing. "In each instance, Apple took a hard look at the relative quality of Bing versus Google and concluded that Google was the superior default choice for its Safari users. That is competition," Google wrote in the filing.

The Justice Department said in its own newly unsealed filing that Microsoft has spent almost $100 billion on Bing over 20 years. The Windows and Office software maker launched Bing in 2009, following search efforts under the MSN and Windows Live brands. Today Bing has 3% global market share, according to StatCounter. In the fourth quarter, Microsoft generated $3.2 billion from search and news advertising, while Google search and other revenue totaled $48 billion. Google said in its filing that when Microsoft reached out to Apple in 2018, emphasizing gains in Bing's quality, Microsoft offered to either sell Bing to Apple or establish a Bing-related joint venture with the company.

Microsoft has struck a deal with French AI startup Mistral as it seeks to broaden its involvement in the fast-growing industry beyond OpenAI. From a report: The US tech giant will provide the 10-month-old Paris-based company with help in bringing its AI models to market. Microsoft will also take a minor stake in Mistral, although the financial details have not been disclosed. The partnership makes Mistral the second company to provide commercial language models available on Microsoft's Azure cloud computing platform. Microsoft has already invested about $13 billion in San Francisco-based OpenAI, an alliance that is being reviewed by competition watchdogs in the US, EU and UK. Other Big Tech rivals, such as Google and Amazon, are also investing heavily in building generative AI -- software that can produce text, images and code in seconds -- which analysts believe has the capacity to shake up industries across the world. WSJ adds: On Monday, Mistral plans to announce a new AI model, called Mistral Large, that Mensch said can perform some reasoning tasks comparably with GPT-4, OpenAI's most advanced language model to date, and Gemini Ultra, Google's new model. Mensch said his new model cost less than 20 million euros, the equivalent of roughly $22 million, to train. By contrast OpenAI Chief Executive Sam Altman said last year after the release of GPT-4 that training his company's biggest models cost "much more than" $50 million to $100 million.

The Washington Post reports: Google's self-driving car company, Waymo, is hitting resistance in its quest to expand 24/7 robotaxi service to other parts of California, including a series of incidents that have fed public officials' safety concerns about the vehicles coming to their cities. Over eight days in February, for example, a Waymo vehicle smashed into a closing gate while exiting the University of Southern California's campus; the next day, another collided with a cyclist in San Francisco. Later that week, a mob of people vandalized and lit one of its cars on fire. Days later, the company announced a voluntary recall of its software for an incident involving a pickup truck in Phoenix. [Though it occurred three months ago, the Post reports that after the initial contact between the vehicles, "A second Waymo vehicle made contact with the pickup truck a few minutes later."]

This string of events — none of which resulted in serious injuries — comes after Waymo's main competitor, General Motors-owned Cruise, recalled its fleet of driverless cars last year... [Waymo] is now the lone company trying to expand 24/7 robotaxi service around California, despite sharp resistance from local officials. "Waymo has become the standard-bearer for the entire robotaxi industry for better or for worse," said David Zipper, a senior fellow at the MIT Mobility Initiative. While Waymo's incidents are "nowhere near what Cruise is accused of doing, there is a crisis of confidence in autonomous vehicle companies related to safety right now."

The California Public Utilities Commission (CPUC) delayed deciding whether Waymo could expand its service to include a portion of a major California highway and also Los Angeles and San Mateo counties, pending "further staff review," according to the regulator's website. While Waymo said the delay is a part of the commission's "standard and robust review process," the postponement comes as officials from other localities fear becoming like San Francisco — where self-driving cars have disrupted emergency scenes, held up traffic and frustrated residents who are learning to share public roads with robot cars... Zipper said it is a notable disparity that "the companies are saying the technology is supposed to be a godsend for urban life, and it's pretty striking that the leaders of these urban areas really don't want them," he said.
Waymo offers ride-hailing services in San Francisco and Phoenix — as well as some free rides in Los Angeles, according to the article. It also cites a December report from Waymo estimated that overich 7.1 million miles of testing, there were 17 fewer injuries and 20 fewer police-reported crashes "compared to if human drivers with the benchmark crash rate would have driven the same distance in the areas we operate."

From a report: A team of drone enthusiasts have built a sub-$500 drone that uses a camera and Google Maps to provide itself with GPS co-ordinates, removing the need for a GPS satellite signal. And all of this was done in 24 hours during the El Segundo Defense Tech Hackathon. The drone the trio opted for is a custom designed and 3D printed fixed wing featuring a large single motor towards the rear and a downward facing camera used for geo-referencing...

Doesn't Google Maps still require internet, you may ask? Google Maps allows users to download segments of maps ahead of time, usually for use when you are travelling or camping out in remote areas. In this instance, the team used this feature to their advantage, allowing the drone to continue operating...
Thanks to long-time Slashdot reader schwit1 for sharing the news.

Fast Company notes that "the deadly impacts of Pegasus and other cyberweapons — wielded by governments from Spain to Saudi Arabia against human rights defenders, journalists, lawyers and others — is by now well documented. A wave of scrutiny and sanctions have helped expose the secretive, quasi-legal industry behind these tools, and put financial strain on firms like Israel's NSO Group, which builds Pegasus.

"And yet business is booming." New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.

"The industry is thriving," says Maddie Stone, a researcher at Google's Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. "More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them." For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone's team at Google. Beyond prominent firms like NSO and Candiru, Google's researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against "high risk individuals."

Of the 72 zero-day exploits Google discovered in the wild between 2014 and last year, 35 were attributed to these and other industry players, as opposed to state-backed actors. "If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over," reads the report.

The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.
"In its report, Google describes a 'rise in turnkey espionage solutions' offered by dozens of shady companies..."

Thanks to Slashdot reader tedlistens for sharing the article.