An anonymous reader quotes a report from Ars Technica: The Department of Homeland Security has terminated all members of advisory committees, including one that has been investigating a major Chinese hack of large US telecom firms. "The Cyber Safety Review Board -- a Department of Homeland Security investigatory body stood up under a Biden-era cybersecurity executive order to probe major cybersecurity incidents -- has been cleared of non-government members as part of a DHS-wide push to cut costs under the Trump administration, according to three people familiar with the matter," NextGov/FCW reported yesterday.

A memo sent Monday by DHS Acting Secretary Benjamine Huffman said that in order to "eliminate[e] the misuse of resources and ensur[e] that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately. Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." The memo said advisory board members terminated this week "are welcome to reapply." The Cyber Safety Review Board's list of members included security experts from the private sector and lead cybersecurity officials from multiple government agencies. "The CSRB was 'less than halfway' done with its Salt Typhoon investigation, according to a now-former member," wrote freelance cybersecurity reporter Eric Geller, who quoted an anonymous source as saying the Cyber Safety Review Board's review of Salt Typhoon is "dead." The former member was also quoted as saying, "There are still professional staff for the CSRB and I hope they will continue some of the work in the interim."

The Cyber Safety Review Board operates under (PDF) the DHS's Cybersecurity and Infrastructure Security Agency (CISA), notes Ars. The review board previously investigated a 2023 hack of Microsoft Exchange Online and more recently has been investigating how the Chinese hacking group called Salt Typhoon infiltrated major telecom providers such as Verizon and AT&T.

Google Fiber has confirmed that it has started construction in Las Vegas and Clark County, with its fiber internet service expected to be available "later this year." The Verge reports: On Wednesday, Google also confirmed that it's piloting simplified, "lifestyle-based" plans in Alabama and Tennesee, which were first spotted last month. The new $70 / month Core 1 Gig, $100 / month Home 3 Gig, and $150 / month Edge 8 Gig plans replace the 1 Gig, 2 Gig, 5 Gig, and 8 Gig plans that GFiber widely offers.

These new plans are also launching in all of the locations where GFiber is currently available in Arizona and North Carolina, GFiber spokesperson Sunny Gettinger tells The Verge. They're coming to most of GFiber's remaining cities within the next month, too.

Search in Premiere Pro has been updated with AI-powered visual recognition, allowing users to find videos by describing the contents of the footage. From a report: It's just one of several quality-of-life features Adobe is adding to Premiere Pro, After Effects, and Frame.io that aim to save video editors time on their projects. Users can enter search terms like "a person skating with a lens flare" to find corresponding clips within their media library.

Adobe says the media intelligence AI can automatically recognize "objects, locations, camera angles, and more," alongside spoken words -- providing there's a transcript attached to the video. The feature doesn't detect audio or identify specific people, but it can scrub through any metadata attached to video files, which allows it to fetch clips based on shoot dates, locations, and camera types. The media analysis runs on-device, so doesn't require an internet connection, and Adobe reiterates that users' video content isn't used to train any AI models.

Cloudflare blocked 21.3 million DDoS attacks in 2024, including a record-breaking 5.6 terabit-per-second strike that targeted an Asian internet service provider last October. The yearly total marked a 53% increase from 2023.

The 80-second October attack, which originated from over 13,000 compromised Internet of Things devices running Mirai malware variant, highlighted an alarming trend: hyper-volumetric attacks exceeding 1 terabit per second grew by 1,885% in the fourth quarter compared to the previous quarter. Ransom DDoS attacks, where criminals threatened organizations with service disruptions unless paid, rose 78% in the same period.

An anonymous reader quotes an op-ed from 404 Media's Jason Koebler: If it wasn't already obvious, the last 72 hours have made it crystal clear that it is urgent to build and mainstream alternative, decentralized social media platforms that are resistant to government censorship and control, are not owned by oligarchs and dominated by their algorithms, and in which users own their follower list and can port it elsewhere easily and without restriction. [...] Mastodon's ActivityPub and Bluesky's AT.Protocol have provided the base technology layer to make this possible, and have laid important groundwork over the last few years to decorporatize and decentralize the social internet.

The problem with decentralized social media platforms thus far is that their user base is minuscule compared to platforms like TikTok, Facebook, and Instagram, meaning the cultural and political influence has lagged behind them. You also cannot directly monetize an audience on Bluesky or Mastodon -- which, to be clear, is a feature, not a bug -- but also means that the value proposition for an influencer who makes money through the TikTok creator program or a small business that makes money selling chewing gum on TikTok shop or a clothes brand that has figured out how to arbitrage Instagram ads to sell flannel shirts is not exactly clear. I am not advocating for decentralized social media to implement ads and creator payment programs. I'm just saying that many TikTok influencers were directing their collective hundreds of millions of fans to follow them to Instagram or YouTube, not a decentralized alternative.

This doesn't mean that the fediverse or that a decentralized Instagram or TikTok competitor that runs on the AT.Protocol is doomed. But there is a lot of work to do. There is development work that needs to be done (and is being done) to make decentralized protocols easier to join and use and more interoperable with each other. And there is a massive education and recruitment challenge required to get the masses to not just try out decentralized platforms but to earnestly use them. Bluesky's growing user base and rise as a legitimately impressive platform that one can post to without feeling like it's going into the void is a massive step forward, and proof that it is possible to build thriving alternative platforms. The fact that Meta recently blocked links to a decentralized Instagram alternative shows that big tech sees these platforms, potentially, as a real threat. "This is all to say that it is possible to build alternatives to Elon Musk's X, Mark Zuckerberg's Instagram, and whatever TikTok will become," concludes Koebler. "It is happening, and it is necessary. The richest, most powerful people in the world have all aligned themselves and their platforms with Donald Trump. But their platforms' relevance and importance doesn't necessarily have to last forever. A different way is possible, if we build it."

Further reading: 'The Tech Oligarchy Arrives' (The Atlantic)

Donald and Melania Trump have launched a pair of meme coins just before President Trump was sworn into office. The coins are already worth billions of dollars, raising "serious ethical questions and conflicts of interest," said Richard Painter, a law professor at the University of Minnesota. CNN reports: Melania Trump launched her cryptocurrency $MELANIA in a social media post Sunday, sending her husband's cryptocurrency $TRUMP, announced two days earlier, plummeting. "The Official Melania Meme is live! You can buy $MELANIA now. https://melaniameme.com," the future first lady wrote on X Sunday. Meme coins are a type of highly volatile cryptocurrency inspired by popular internet or cultural trends. They carry no intrinsic value but can soar, or plummet, in price. "My NEW Official Trump Meme is HERE!" Trump wrote on X Friday. "It's time to celebrate everything we stand for: WINNING! Join my very special Trump Community. GET YOUR $TRUMP NOW. Go to http://gettrumpmemes.com -- Have Fun!" Both coins are trading on the Solana blockchain. [...]

$TRUMP is the first cryptocurrency endorsed by the incoming president, who once trashed bitcoin as "based on thin air." [...] While executive branch employees must follow conflict of interest criminal statutes that prevent them from participating in matters that impact their own financial interests, the law does not apply to the president or the vice president. [...] The Trump coin's market capitalization, which is based on the 200 million coins circulating, is capped at $13 billion, according to CoinMarketCap. The meme coin's website said there will be 1 billion Trump coins over the next three years. Both $MELANIA and $TRUMP's websites contain disclaimers saying the coins are "intended to function as a support for, and engagement with" the values of their respective brands and "are not intended to be, or to be the subject of, an investment opportunity, investment contract, or security of any type."

The website says the meme coin is not politically affiliated. But 80% of the coin's supply is held by Trump Organization-affiliate CIC Digital and Fight Fight Fight LLC, which are both subject to a three-year unlocking schedule -- so they cannot sell all of their holdings at once. Trump coin's fully diluted value (which reflects the eventual total supply of Trump coins) stood at around $54 billion as of Monday morning, according to CoinMarketCap. At that value, the 80% linked to Trump is worth a staggering $43 billion, at least on paper. The $TRUMP coin's website says it is "the only official Trump meme. Now, you can get your piece of history. This Trump Meme celebrates a leader who doesn't back down, no matter the odds," the website reads. "Trump owning 80% and timing launch hours before inauguration is predatory and many will likely get hurt by it," Nick Tomaino, a former Coinbase executive, said in a post on X. "Trump should be airdropping to the people rather than enriching himself or his team on this."

America's outgoing national security adviser has "wide access to the world's secrets," writes Axios, adding that the security adviser delivered a "chilling" warning that "The next few years will determine whether AI leads to catastrophe — and whether China or America prevails in the AI arms race."

But in addition, Sullivan "said in our phone interview that unlike previous dramatic technology advancements (atomic weapons, space, the internet), AI development sits outside of government and security clearances, and in the hands of private companies with the power of nation-states... 'There's going to have to be a new model of relationship because of just the sheer capability in the hands of a private actor,' Sullivan says..." Somehow, government will have to join forces with these companies to nurture and protect America's early AI edge, and shape the global rules for using potentially God-like powers, he says. U.S. failure to get this right, Sullivan warns, could be "dramatic, and dramatically negative — to include the democratization of extremely powerful and lethal weapons; massive disruption and dislocation of jobs; an avalanche of misinformation..."

To distill Sullivan: America must quickly perfect a technology that many believe will be smarter and more capable than humans. We need to do this without decimating U.S. jobs, and inadvertently unleashing something with capabilities we didn't anticipate or prepare for. We need to both beat China on the technology and in shaping and setting global usage and monitoring of it, so bad actors don't use it catastrophically. Oh, and it can only be done with unprecedented government-private sector collaboration — and probably difficult, but vital, cooperation with China...

There's no person we know in a position of power in AI or governance who doesn't share Sullivan's broad belief in the stakes ahead...

That said, AI is like the climate: America could do everything right — but if China refuses to do the same, the problem persists and metastasizes fast. Sullivan said Trump, like Biden, should try to work with Chinese leader Xi Jinping on a global AI framework, much like the world did with nuclear weapons.
"I personally am not an AI doomer," Sullivan says in the interview. "I am a person who believes that we can seize the opportunities of AI. But to do so, we've got to manage the downside risks, and we have to be clear-eyed and real about those risks."

Thanks to long-time Slashdot reader Mr_Blank for sharing the article.

The Washington Post reports: Ruptures of undersea cables that have rattled European security officials in recent months were likely the result of maritime accidents rather than Russian sabotage, according to several U.S. and European intelligence officials.

The determination reflects an emerging consensus among U.S. and European security services, according to senior officials from three countries involved in ongoing investigations of a string of incidents in which critical seabed energy and communications lines have been severed... [S]o far, officials said, investigations involving the United States and a half-dozen European security services have turned up no indication that commercial ships suspected of dragging anchors across seabed systems did so intentionally or at the direction of Moscow. Instead, U.S. and European officials said that the evidence gathered to date — including intercepted communications and other classified intelligence — points to accidents caused by inexperienced crews serving aboard poorly maintained vessels.

U.S. officials cited "clear explanations" that have come to light in each case indicating a likelihood that the damage was accidental, and a lack of evidence suggesting Russian culpability. Officials with two European intelligence services said that they concurred with U.S. assessments. Despite initial suspicions that Russia was involved, one European official said there is "counter evidence" suggesting otherwise. The U.S. and European officials declined to elaborate and spoke on the condition of anonymity, citing the sensitivity of ongoing investigations...

A Nordic official briefed on the investigation said conditions on the tanker were abysmal. "We've always gone out with the assumption that shadow fleet vessels are in bad shape," the official said. "But this was even worse than we thought...." European security officials said that Finland's main intelligence service is in agreement with Western counterparts that the Dec. 25 incident appears to have been an accident, though they cautioned that it may be impossible to rule out a Russian role.
The article points out another reason Russia might not want to draw attention to the waterways around NATO countries. Doing so "could endanger oil smuggling operations Russia has relied on to finance the war in Ukraine, and possibly provoke more aggressive efforts by Western governments to choke off Russia's route to the North Atlantic."

ABC News reported that the official newspaper of China's communist party is claiming TikTok refugees on RedNote found a "new home," and "openness, communication, and mutual learning are... the heartfelt desires of people from all countries."

But in fact, Wired reports, "China's Cyberspace Administration, the country's top internet watchdog, has reportedly already grown concerned about content being shared by foreigners on Xiaohongshu," and "warned the platform earlier this week to 'ensure China-based users can't see posts from U.S. users,' according to The Information."

And that's just the beginning. Wired reports that RedNote is now also "scrambling to hire English-speaking moderators." Social media platforms in China are legally required to remove a wide range of content, including nudity and graphic violence, but especially information that the government deems politically sensitive... "RedNote — like all platforms owned by Chinese companies — is subject to the Chinese Communist Party's repressive laws," wrote Allie Funk, research director for technology and democracy at the nonprofit human rights organization Freedom House, in an email to WIRED. "Independent researchers have documented how keywords deemed sensitive to those in power, such as discussion of labor strikes or criticism of Xi Jinping, can be scrubbed from the platform."

But the influx of American TikTok users — as many as 700,000 in merely two days, according to Reuters — could be stretching Xiaohongshu's content moderation abilities thin, says Eric Liu, an editor at China Digital Times, a California-based publication documenting censorship in China, who also used to work as a content moderator himself for the Chinese social media platform Weibo... Liu reposted a screenshot on Bluesky showing that some people who recently joined Xiaohongshu have received notifications that their posts can only be shown to other users after 48 hours, seemingly giving the company time to determine whether they may be violating any of the platform's rules. This is a sign that Xiaohongshu's moderation teams are unable to react swiftly, Liu says...

While the majority of the new TikTok refugees still appear to be enjoying their time on Xiaohongshu, some have already had their posts censored. Christine Lu, a Taiwanese-American tech entrepreneur who created a Xiaohongshu account on Wednesday, says she was suspended after uploading three provocative posts about Tiananmen, Tibet, and Taiwan. "I support more [Chinese and American] people engaging directly. But also, knowing China, I knew it wouldn't last for long," Lu tells WIRED.
Despite the 700,000 signups in two days, "It's also worth nothing that the migration to RedNote is still very small, and only a fraction of the 170 million people in the US who use TikTok," notes The Conversation. (And they add that "The US government also has the authority to pressure Apple to remove RedNote from the US App Store if it thinks the migration poses a national security threat.")

One nurse told the Los Angeles Times Americans signed up for the app because they "just don't want to give in" to "bullying" by the U.S. government. (The Times notes she later recorded a video acknowledging that on the Chinese-language app, "I don't know what I'm doing, I don't know what I'm reading, I'm just pressing buttons.") On Tuesday, the Wall Street Journal reported that Chinese officials had discussed the possibility of selling TikTok to a trusted non-Chinese party such as Elon Musk, who already owns social media platform X. However, analysts said that Bytedance is unlikely to agree to a sale of the underlying algorithm that powers the app, meaning the platform under a new owner could still look drastically different.

The BBC brings news from the Baltic Sea. After critical undersea cables were damaged or severed last year, "NATO has launched a new mission to increase the surveillance of ships..." Undersea infrastructure is essential not only for electricity supply but also because more than 95% of internet traffic is secured via undersea cables, [said NATO head Mark Rutte], adding that "1.3 million kilometres (800,000 miles) of cables guarantee an estimated 10 trillion-dollar worth of financial transactions every day". In a post on X, he said Nato would do "what it takes to ensure the safety and security of our critical infrastructure and all that we hold dear".... Estonia's Foreign Minister Margus Tsahkna said in December that damage to submarine infrastructure had become "so frequent" that it cast doubt on the idea the damage could be considered "accidental" or "merely poor seamanship".
The article also has new details about a late-December cable-cutting by the Eagle S (which was then boarded by Finland's coast guard and steered into Finnish waters). "On Monday, Risto Lohi of Finland's National Bureau of Investigation told Reuters that the Eagle S was threatening to cut a second power cable and a gas pipe between Finland and Estonia at the time it was seized." And there's reports that the ship was loaded with spying equipment.

UPDATE (1/19/2024): The Washington Post reports that the undersea cable ruptures "were likely the result of maritime accidents rather than Russian sabotage, according to several U.S. and European intelligence officials."

But whatever they're watching for, NATO's new surveillance of the Baltic Sea will include "uncrewed surface vessels," according to defense-news web site TWZ.com: The uncrewed surface vessels [or USVs], also known as drone boats, will help establish an enhanced common operating picture to give participating nations a better sense of potential threats and speed up any response. It is the first time NATO will use USVs in this manner, said a top alliance commander... There will be at least 20 USVs assigned [a NATO spokesman told The War Zone Friday]... In the first phase of the experiment, the USVs will "have the capabilities under human control" while "later phases will include greater autonomy." The USVs will augment the dozen or so vessels as well as an unspecified number of crewed maritime patrol aircraft committed
One highly-placed NATO official tells the site that within weeks "we will begin to use these ships to give a persistent, 24-7 surveillance of critical areas."

Last week the U.K. government also announced "an advanced UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet."

The system "harnesses AI to assess data from a range of sources, including the Automatic Identification System (AIS) ships use to broadcast their position, to calculate the risk posed by each vessel entering areas of interest." Harnessing the power of AI, this UK-led system is a major innovation which allows us the unprecedented ability to monitor large areas of the sea with a comparatively small number of resources, helping us stay secure at home and strong abroad.

"Scientists have just resurrected 'ELIZA,' the world's first chatbot, from long-lost computer code," reports LiveScience, "and it still works extremely well." (Click in the vintage black-and-green rectangle for a blinking-cursor prompt...) Using dusty printouts from MIT archives, these "software archaeologists" discovered defunct code that had been lost for 60 years and brought it back to life. ELIZA was developed in the 1960s by MIT professor Joseph Weizenbaum and named for Eliza Doolittle, the protagonist of the play "Pygmalion," who was taught how to speak like an aristocratic British woman.

As a language model that the user could interact with, ELIZA had a significant impact on today's artificial intelligence (AI), the researchers wrote in a paper posted to the preprint database arXiv Sunday (Jan. 12). The "DOCTOR" script written for ELIZA was programmed to respond to questions as a psychotherapist would. For example, ELIZA would say, "Please tell me your problem." If the user input "Men are all alike," the program would respond, "In what way."

Weizenbaum wrote ELIZA in a now-defunct programming language he invented, called Michigan Algorithm Decoder Symmetric List Processor (MAD-SLIP), but it was almost immediately copied into the language Lisp. With the advent of the early internet, the Lisp version of ELIZA went viral, and the original version became obsolete. Experts thought the original 420-line ELIZA code was lost until 2021, when study co-author Jeff Shrager, a cognitive scientist at Stanford University, and Myles Crowley, an MIT archivist, found it among Weizenbaum's papers. "I have a particular interest in how early AI pioneers thought," Shrager told Live Science in an email. "Having computer scientists' code is as close to having a record of their thoughts, and as ELIZA was — and remains, for better or for worse — a touchstone of early AI, I want to know what was in his mind...."

Even though it was intended to be a research platform for human-computer communication, "ELIZA was such a novelty at the time that its 'chatbotness' overwhelmed its research purposes," Shrager said.
I just remember that time 23 years ago when someone connected a Perl version of ELIZA to "an AOL Instant Messenger account that has a high rate of 'random' people trying to start conversations" to "put ELIZA in touch with the real world..."

Thanks to long-time Slashdot reader MattSparkes for sharing the news.

The U.S. Department of the Treasury's OFAC has sanctioned Yin Kecheng and Sichuan Juxinhe Network Technology Co. for their roles in a recent Treasury breach and espionage operations targeting U.S. telecommunications. BleepingComputer reports: "Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People's Republic of China Ministry of State Security (MSS)," reads the Treasury's announcement. "Yin Kecheng was associated with the recent compromise of the Department of the Treasury's Departmental Offices network," says the agency.

OFAC also announced sanctions against Sichuan Juxinhe Network Technology Co., a Chinese cybersecurity firm believed to be directly involved with the Salt Typhoon state hacker group. Salt Typhoon was recently linked to several breaches on major U.S. telecommunications and internet service providers to spy on confidential communications of high-profile targets. "Sichuan Juxinhe Network Technology Co., LTD. (Sichuan Juxinhe) had direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies," the U.S. Treasury explains, adding that "the MSS has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe." [...]

The sanctions imposed on Kecheng and the Chinese cybersecurity firm under Executive Order (E.O.) 13694 block all property and financial assets located in the United States or are in the possession of U.S. entities, including banks, businesses, and individuals. Additionally, U.S. entities are prohibited from conducting any transactions with the sanctioned entities without OFAC's explicit authorization. It's worth noting that these sanctions come after OFAC sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. U.S. Treasury's announcement reiterates that the U.S. Department of State offers, through its Rewards for Justice program, up to $10,000,000 for information leading to uncovering the identity of hackers who have targeted the U.S. government or critical infrastructure in the country.

Ars Technica's Jon Brodkin reports: AT&T has stopped offering its 5G home Internet service in New York instead of complying with a new state law that requires ISPs to offer $15 or $20 plans to people with low incomes. New York started enforcing its Affordable Broadband Act yesterday after a legal battle of nearly four years. [...] The law requires ISPs with over 20,000 customers in New York to offer $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The plans only have to be offered to households that meet income eligibility requirements, such as qualifying for the National School Lunch Program, Supplemental Nutrition Assistance Program, or Medicaid. [...]

Ending home Internet service in New York is relatively simple for AT&T because it is outside the 21-state wireline territory in which the telco offers fiber and DSL home Internet service. "AT&T Internet Air is currently available only in select areas and where AT&T Fiber is not available. New York is outside of our wireline service footprint, so we do not have other home Internet options available in the state," the company said. AT&T will continue offering its 4G and 5G mobile service in New York, as the state law only affects home Internet service. People with smartphones or other mobile devices connected to the AT&T wireless network should thus see no change.

Existing New York-based users of AT&T Internet Air can only keep it for 45 days and won't be charged during that time, AT&T said. "During this transition, customers will be able to keep their existing AT&T Internet Air service for up to 45 days, at no charge, as they find other options for broadband. We will work closely with our customers throughout this transition," AT&T said. Residential users will be sent "a recovery kit with instructions on how to return their AIA equipment, while business customers can keep any device they purchased at no charge," AT&T said.

An anonymous reader quotes a report from The Verge: The Biden administration finalized a new rule that would effectively ban all Chinese vehicles from the US under the auspices of blocking the "sale or import" of connected vehicle software from "countries of concern." The rule could have wide-ranging effects on big automakers, like Ford and GM, as well as smaller manufacturers like Polestar -- and even companies that don't produce cars, like Waymo. The rule covers everything that connects a vehicle to the outside world, such as Bluetooth, Wi-Fi, cellular, and satellite components. It also addresses concerns that technology like cameras, sensors, and onboard computers could be exploited by foreign adversaries to collect sensitive data about US citizens and infrastructure. And it would ban China from testing its self-driving cars on US soil.

"Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet," US Secretary of Commerce Gina Raimondo said in a statement. "It doesn't take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens. To address these national security concerns, the Commerce Department is taking targeted, proactive steps to keep [People's Republic of China] and Russian-manufactured technologies off American roads." The rules for prohibited software go into effect for model year 2027 vehicles, while the ban on hardware from China waits until model year 2030 vehicles. According to Reuters, the rules were updated from the original proposal to exempt vehicles weighing over 10,000 pounds, which would allow companies like BYD to continue to assemble electric buses in California. The Biden administration published a fact sheet with more information about this rule.

"[F]oreign adversary involvement in the supply chains of connected vehicles poses a significant threat in most cars on the road today, granting malign actors unfettered access to these connected systems and the data they collect," the White House said. "As PRC automakers aggressively seek to increase their presence in American and global automotive markets, through this final rule, President Biden is delivering on his commitment to secure critical American supply chains and protect our national security."

A Google engineer has warned that a major shift in web browser caching is upending long-standing performance optimization practices. Browsers have overhauled their caching systems that forces websites to maintain separate copies of shared resources instead of reusing them across domains.

The new "double-keyed caching" system, implemented to enhance privacy, is ending the era of shared public content delivery networks, writes Google engineer Addy Osmani. According to Chrome's data, the change has led to a 3.6% increase in cache misses and 4% rise in network bandwidth usage.

Ars Technica's Jon Brodkin reports: The New York law requiring Internet providers to offer cheap plans to people with low incomes will take effect on Wednesday this week following a multi-year court battle in which the state defeated broadband industry lobby groups. A US appeals court upheld the law in April 2024, reversing the ruling of a district judge who blocked it in 2021. The Supreme Court last month decided not to hear the broadband industry's challenge, leaving the appeals court ruling in place. The state law requires Internet providers to offer $15- or $20-per-month service to people with low incomes.

As we've written, the battle between New York and ISPs was an important test case for how states can regulate broadband providers when the Federal Communications Commission isn't doing so. The Biden-era FCC's attempt to reinstate net neutrality rules and regulate broadband providers as common carriers was blocked in court, but ISPs lost the fight against the New York affordability law and an earlier fight against California's net neutrality law.

New York-based ISPs can comply by offering $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The price must include "any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees." Price increases are to be capped at 2 percent per year, and state officials will periodically review whether minimum required speeds should be raised. New York Public Service Commission Chair Rory Christian last week issued an order stating that the law will take effect on January 15. "On December 16, 2024, the United States Supreme Court denied the Plaintiff's request for further review," the order said. "As part of the litigation, the [New York attorney general] agreed not to enforce the ABA [Affordable Broadband Act] until 30 days after the date when the US Supreme Court decided the writ of Certiorari. Thus, the ABA will once again take effect and may be enforced in New York on January 15, 2025." The order said it plans to implement the law quickly because of "developments at the federal level impacting the affordability of broadband service."

ISPs can receive one-month exemptions by filing paperwork by Wednesday confirming they meet the subscriber threshold, notes Ars. To secure longer-term exemptions, ISPs must submit detailed financial information by February 15.

"In at least five of the 16 African countries where the service is available, a monthly Starlink subscription is cheaper than the leading fixed internet service provider," reports Rest of World.

"Starlink, launched in 2019 by Elon Musk's SpaceX, has become the leading satellite internet provider in the world." Now available in more than 100 countries, Starlink can also be a relatively affordable option for users trying to log on in countries with limited internet service providers... A Rest of World analysis indicates that in at least five of the 16 African countries where the service is available, a monthly Starlink subscription is cheaper than the leading fixed internet service provider... [Kenya, Ghana, Zimbabwe, Mozambique, and Cape Verde — though not including the upfront costs of Starlink hardware.]

Historically, internet connections around the globe have typically been enabled by ground-based internet service providers using fiber-optic cables and mobile base stations. But in many parts of the world, that infrastructure is sparse or nonexistent. "This is where satellite providers come in," said Nitinder Mohan, a computer science professor at the Delft University of Technology in the Netherlands who has studied Starlink's performance around the world. "I can be in the middle of a forest and, if I have a direct view of the sky, I can get my internet connectivity," he told Rest of World. "Regions which are previously underconnected — where there was no way of getting internet connectivity to them — now with these satellites, you can actually enable that...." According to the latest figures by the International Telecommunication Union, a U.N. agency focused on information and communication technologies, 38% of the population in Africa uses the internet, compared to 91% of Europe...

Since launching in Kenya in July 2023, Starlink has disrupted the existing internet service provider industry. Starlink offers high connectivity speeds and wide availability in remote areas, along with dramatically lower prices. The company also introduced a rental option... Starlink has become so popular in Kenya that the company paused new subscriptions in major cities in early November due to network overload. The company plans to deploy more infrastructure in Nairobi and Johannesburg in order to bring more people online, said Mohan, the computer science professor at Delft University.
Starlink is less than half the cost of the leading ISP in Kenya Ghana, and especially in Zimbabwe (where the difference is dramatic):

Starlink: $30
Leading ISP in Zimbabwe: $633.62

Now in Kenya legacy telecom providers like Safaricom "have responded by lowering prices and increasing internet speeds," according to the article. The head of the research wing of the Global Systems for Mobile Communications Association even told Rest of World ISPS are also developing their own satellite networks (like Vodacom's partnership with satellite mobile network AST SpaceMobile) — though ironically, AST SpaceMobile launched its first satellites with the help of SpaceX.

Google is reintroducing "digital fingerprinting" in five weeks, reports Mashable, describing it as "a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices." Or, to put it another way, Google "is tracking your online behavior in the name of advertising."

The UK's Information Commissioner's Office called Google's decision "irresponsible": it is likely to reduce people's choice and control over how their information is collected. The change to Google's policy means that fingerprinting could now replace the functions of third-party cookies... Google itself has previously said that fingerprinting does not meet users' expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google's own position on fingerprinting from 2019: "We think this subverts user choice and is wrong...." When the new policy comes into force on 16 February 2025, organisations using Google's advertising technology will be able to deploy fingerprinting without being in breach of Google's own policies. Given Google's position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising "will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure."

But security and privacy researcher Lukasz Olejnik asks if Google's move is the biggest privacy erosion in 10 years.... Could this mark the end of nearly a decade of progress in internet and web privacy? It would be unfortunate if the newly developing AI economy started from a decrease of privacy and data protection standards. Some analysts or observers might then be inclined to wonder whether this approach to privacy online might signal similar attitudes in other future Google products, like AI... The shift is rather drastic. Where clear restrictions once existed, the new policy removes the prohibition (so allows such uses) and now only requires disclosure... [I]f the ICO's claims about Google sharing IP addresses within the adtech ecosystem are accurate, this represents a significant policy shift with critical implications for privacy, trust, and the integrity of previously proposed Privacy Sandbox initiatives.
Their post includes a disturbing thought. "Reversing the stance on fingerprinting could open the door to further data collection, including to crafting dynamic, generative AI-powered ads tailored with huge precision. Indeed, such applications would require new data..."

Thanks to long-time Slashdot reader sinij for sharing the news.

"What if they ban TikTok and people keep using it anyway?" asks the New York Times, saying a pending ban in America "is vague on how it would be enforced" Some experts say that even if TikTok is actually banned this month or soon, there may be so many legal and technical loopholes that millions of Americans could find ways to keep TikTok'ing. The law is "Swiss cheese with lots of holes in it," said Glenn Gerstell, a former top lawyer at the National Security Agency and a senior adviser at the Center for Strategic and International Studies, a policy research organization. "There are obviously ways around it...." When other countries ban apps, the government typically orders internet providers and mobile carriers to block web traffic to and from the blocked website or app. That's probably not how a ban on TikTok in the United States would work. Two lawyers who reviewed the law said the text as written doesn't appear to order internet and mobile carriers to stop people from using TikTok.

There may not be unanimity on this point. Some lawyers who spoke to Bloomberg News said internet providers would be in legal hot water if they let their customers continue to use a banned TikTok. Alan Rozenshtein, a University of Minnesota associate law professor, said he suspected internet providers aren't obligated to stop TikTok use "because Congress wanted to allow the most dedicated TikTok users to be able to access the app, so as to limit the First Amendment infringement." The law also doesn't order Americans to stop using TikTok if it's banned or to delete the app from our phones....

Odds are that if the Supreme Court declares the TikTok law constitutional and if a ban goes into effect, blacklisting the app from the Apple and Google app stores will be enough to stop most people from using TikTok... If a ban goes into effect and Apple and Google block TikTok from pushing updates to the app on your phone, it may become buggy or broken over time. But no one is quite sure how long it would take for the TikTok app to become unusable or compromised in this situation.
Users could just sideload the app after downloading it outside a phone's official app store, the article points out. (More than 10 million people sideloaded Fortnite within six weeks of its removal from Apple and Google's app stores.) And there's also the option of just using a VPN — or watching TikTok's web site.

(I've never understood why all apps haven't already been replaced with phone-optimized web sites...)

An anonymous reader quotes a report from TechCrunch: On Saturday, Triplegangers CEO Oleksandr Tomchuk was alerted that his company's e-commerce site was down. It looked to be some kind of distributed denial-of-service attack. He soon discovered the culprit was a bot from OpenAI that was relentlessly attempting to scrape his entire, enormous site. "We have over 65,000 products, each product has a page," Tomchuk told TechCrunch. "Each page has at least three photos." OpenAI was sending "tens of thousands" of server requests trying to download all of it, hundreds of thousands of photos, along with their detailed descriptions. "OpenAI used 600 IPs to scrape data, and we are still analyzing logs from last week, perhaps it's way more," he said of the IP addresses the bot used to attempt to consume his site. "Their crawlers were crushing our site," he said "It was basically a DDoS attack."

Triplegangers' website is its business. The seven-employee company has spent over a decade assembling what it calls the largest database of "human digital doubles" on the web, meaning 3D image files scanned from actual human models. It sells the 3D object files, as well as photos -- everything from hands to hair, skin, and full bodies -- to 3D artists, video game makers, anyone who needs to digitally recreate authentic human characteristics. [...] To add insult to injury, not only was Triplegangers knocked offline by OpenAI's bot during U.S. business hours, but Tomchuk expects a jacked-up AWS bill thanks to all of the CPU and downloading activity from the bot. Triplegangers initially lacked a properly configured robots.txt file, which allowed the bot to freely scrape its site since the system interprets the absence of such a file as permission. It's not an opt-in system.

Once the file was updated with specific tags to block OpenAI's bot, along with additional defenses like Cloudflare, the scraping stopped. However, robots.txt is not foolproof since compliance by AI companies is voluntary, leaving the burden on website owners to monitor and block unauthorized access proactively. "[Tomchuk] wants other small online business to know that the only way to discover if an AI bot is taking a website's copyrighted belongings is to actively look," reports TechCrunch.