The United States Postal Service has suspended all package shipments from China and Hong Kong following President Donald Trump's decision to eliminate the de minimis exemption, which previously allowed small packages under $800 to enter the U.S. without import duties. "The move could potentially create chaos and confusion across the online shopping industry, as well as make purchases more expensive for consumers, especially because many global manufacturers and internet sellers are located in China," reports Wired. "Shoppers are now on the hook not only for the additional 10 percent tariff, but also whatever original tax rate their products were exempted from until Tuesday." From the report: Cindy Allen, who has worked in international trade for over 30 years and is the CEO of the consulting firm Trade Force Multiplier, gave WIRED an example of how much additional cost the tariff will incur: A woman's dress made of synthetic fiber shipped from China through de minimis will now be subject to a regular 16 percent tariff, a 7.5 percent Section 301 duty specifically for goods from China, the new 10 percent tariff required by Trump, additional processing fees and customs brokerage fees, and perhaps increased brokering and handling costs due to the sudden change in rules. "Will the dress that was $5 now cost $5.50 or $15?" says Allen. "That we don't know. It depends on how those retailers react and change their business models."

In the immediate term, clearing customs will become a challenge for most ecommerce companies. Their long-term concern, though, is the potential impact on profitability. The appeal of Temu and Shein and similar Chinese ecommerce companies is how affordable their products are. If that changes, the ecommerce landscape and consumer behavior in the US may change significantly as well. While the USPS has announced the suspension of accepting any parcels from China and Hong Kong, CBP hasn't elaborated on how the agency will enforce Trump's new tariffs other than saying in an announcement that it will reject de minimis exemption requests from China starting today.

An anonymous reader quotes a report from Ars Technica: US Senator Ted Cruz (R-Texas) has been demanding an overhaul of a $42.45 billion broadband deployment program, and now his telecom policy director has been chosen to lead the federal agency in charge of the grant money. "Congratulations to my Telecom Policy Director, Arielle Roth, for being nominated to lead NTIA," Cruz wrote last night, referring to President Trump's pick to lead the National Telecommunications and Information Administration. Roth's nomination is pending Senate approval. Roth works for the Senate Commerce Committee, which is chaired by Cruz. "Arielle led my legislative and oversight efforts on communications and broadband policy with integrity, creativity, and dedication," Cruz wrote.

Shortly after Trump's election win, Cruz called for an overhaul of the Broadband Equity, Access, and Deployment (BEAD) program, which was created by Congress in November 2021 and is being implemented by the NTIA. Biden-era leaders of the NTIA developed rules for the program and approved initial funding plans submitted by every state and territory, but a major change in approach could delay the distribution of funds. Cruz previously accused the NTIA of "technology bias" because the agency prioritized fiber over other types of technology. He said Congress would review BEAD for "imposition of statutorily-prohibited rate regulation; unionized workforce and DEI labor requirements; climate change assessments; excessive per-location costs; and other central planning mandates."

Roth criticized the BEAD implementation at a Federalist Society event in June 2024. "Instead of prioritizing connecting all Americans who are currently unserved to broadband, the NTIA has been preoccupied with attaching all kinds of extralegal requirements on BEAD and, to be honest, a woke social agenda, loading up all kinds of burdens that deter participation in the program and drive up costs," she said. Municipal broadband networks and fiber networks in general could get less funding under the new plans. Roth is "expected to change the funding conditions that currently include priority access for government-owned networks" and "could revisit decisions like the current preference for fiber," Bloomberg reported, citing people familiar with the matter. Congress defined priority broadband projects under BEAD as those that "ensure that the network built by the project can easily scale speeds over time to meet the evolving connectivity needs of households and businesses; and support the deployment of 5G, successor wireless technologies, and other advanced services."

The Biden NTIA determined that only end-to-end fiber-optic architecture meet these criteria. "End-to-end fiber networks can be updated by replacing equipment attached to the ends of the fiber-optic facilities, allowing for quick and relatively inexpensive network scaling as compared to other technologies. Moreover, new fiber deployments will facilitate the deployment and growth of 5G and other advanced wireless services, which rely extensively on fiber for essential backhaul," the Biden NTIA said (PDF).

China said Tuesday it has launched an antitrust investigation into Google, part of a swift retaliation after the U.S. President Donald Trump imposed a 10% tariff on Chinese goods. From a report: The probe by China's State Administration for Market Regulation will examine alleged monopolistic practices by the U.S. tech giant, which has had its search and internet services blocked in China since 2010 but maintains operations there primarily focused on advertising.

An anonymous reader quotes a report from Ars Technica: In what is becoming a sadly regular occurrence, two popular free software projects, X.org/Freedesktop.org and Alpine Linux, need to rally some of their millions of users so that they can continue operating. Both services have largely depended on free server resources provided by Equinix (formerly Packet.net) and its Metal division for the past few years. Equinix announced recently that it was sunsetting its bare-metal sales and services, or renting out physically distinct single computers rather than virtualized and shared hardware. As reported by the Phoronix blog, both free software organizations have until the end of April to find and fund new hosting, with some fairly demanding bandwidth and development needs.

An issue ticket on Freedesktop.org's GitLab repository provides the story and the nitty-gritty needs of that project. Both the X.org foundation (home of the 40-year-old window system) and Freedesktop.org (a shared base of specifications and technology for free software desktops, including Wayland and many more) used Equinix's donated space. [...] Alpine Linux, a small, security-minded distribution used in many containers and embedded devices, also needs a new home quickly. As detailed in its blog, Alpine Linux uses about 800TB of bandwidth each month and also needs continuous integration runners (or separate job agents), as well as a development box. Alpine states it is seeking co-location space and bare-metal servers near the Netherlands, though it will consider virtual machines if bare metal is not feasible.

NetChoice has filed (PDF) its 10th lawsuit challenging state internet regulations, this time opposing Maryland's Age-Appropriate Design Code Act. The Verge's Lauren Feiner reports: NetChoice has become one of the fiercest -- and most successful -- opponents of age verification, moderation, and design code laws, all of which would put new obligations on tech platforms and change how users experience the internet. [...] NetChoice's latest suit opposes the Maryland Age-Appropriate Design Code Act, a rule that echoes a California law of a similar name. In the California litigation, NetChoice notched a partial win in the Ninth Circuit Court of Appeals, which upheld the district court's decision to block a part of the law requiring platforms to file reports about their services' impact on kids. (It sent another part of the law back to the lower court for further review.)

A similar provision in Maryland's law is at the center of NetChoice's complaint. The group says that Maryland's reporting requirement lets regulators subjectively determine the "best interests of children," inviting "discriminatory enforcement." The reporting requirement on tech companies essentially mandates them "to disparage their services and opine on far-ranging and ill-defined harms that could purportedly arise from their services' 'design' and use of information," NetChoice alleges. NetChoice points out that both California and Maryland have passed separate online privacy laws, which NetChoice Litigation Center director Chris Marchese says shows that "lawmakers know how to write laws to protect online privacy when what they want to do is protect online privacy."

Supporters of the Maryland law say legislators learned from California's challenges and "optimized" their law to avoid questions about speech, according to Tech Policy Press. In a blog analyzing Maryland's approach, Future of Privacy Forum points out that the state made some significant changes from California's version -- such as avoiding an "express obligationâ to determine users' ages and defining the "best interests of children." The NetChoice challenge will test how well those changes can hold up to First Amendment scrutiny. NetChoice has consistently maintained that even well-intentioned attempts to protect kids online are likely to backfire. Though the Maryland law does not explicitly require the use of specific age verification tools, Marchese says it essentially leaves tech platforms with a no-win decision: collect more data on users to determine their ages and create varied user experiences or cater to the lowest common denominator and self-censor lawful content that might be considered inappropriate for its youngest users. And similar to its arguments in other cases, Marchese worries that collecting more data to identify users as minors could create a "honey pot" of kids' information, creating a different problem in attempting to solve another.

U.S. Representative Zoe Lofgren has introduced a bill that would allow courts to block access to foreign websites primarily engaged in copyright infringement. The Foreign Anti-Digital Piracy Act would enable rightsholders to obtain injunctions requiring large Internet service providers and DNS resolvers to block access to pirate sites.

The bill marks a shift from previous site-blocking proposals, notably including DNS providers like Google and Cloudflare with annual revenues above $100 million. Motion Picture Association CEO Charles Rivkin backed the measure, while consumer group Public Knowledge criticized it as "censorious." The legislation requires court review and due process before any blocking orders can be issued. Sites would have 30 days to contest preliminary orders.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

Just three hours ago, OpenAI made a surprise announcement to their 3.9 million followers on X.com. "Live from Tokyo," they'd be livestreaming... something. Their description of the event was just two words.

"Deep Research"

UPDATE: The stream has begun, and it's about OpenAI's next "agent-ic offering". ("OpenAI cares about agents because we believe they're going to transform knowlege work...")

"We're introducing a capability called Deep Research... a model that does multi-step research. It discovers content, it synthesizes content, and it reasons about this content." It even asks "clarifying" questions to your prompt to make sure its multi-step research stays on track. Deep Research will be launching in ChatGPT Pro later today, rolling out into other OpenAI products...

And OpenAI's site now has an "Introducing Deep Research" page. Its official description? "An agent that uses reasoning to synthesize large amounts of online information and complete multi-step research tasks for you. Available to Pro users today, Plus and Team next."

Before the livestream began, X.com users shared their reactions to the coming announcement:

"It's like DeepSeek, but cleaner"
"Deep do do if things don't work out"
"Live from Tokyo? Hope this research includes the secret to waking up early!"
"Stop trying, we don't trust u"

But one X.com user had presciently pointed out OpenAI has used the phrase "deep research" before. In July of 2024, Reuters reported on internal documentation (confirmed with "a person familiar with the matter") code-named "Strawberry" which suggested OpenAI was working on "human-like reasoning skills." How Strawberry works is a tightly kept secret even within OpenAI, the person said. The document describes a project that uses Strawberry models with the aim of enabling the company's AI to not just generate answers to queries but to plan ahead enough to navigate the internet autonomously and reliably to perform what OpenAI terms "deep research," according to the source. This is something that has eluded AI models to date, according to interviews with more than a dozen AI researchers.

Asked about Strawberry and the details reported in this story, an OpenAI company spokesperson said in a statement: "We want our AI models to see and understand the world more like we do. Continuous research into new AI capabilities is a common practice in the industry, with a shared belief that these systems will improve in reasoning over time." The spokesperson did not directly address questions about Strawberry.

The Strawberry project was formerly known as Q*, which Reuters reported last year was already seen inside the company as a breakthrough... OpenAI hopes the innovation will improve its AI models' reasoning capabilities dramatically, the person familiar with it said, adding that Strawberry involves a specialized way of processing an AI model after it has been pre-trained on very large datasets.

Researchers Reuters interviewed say that reasoning is key to AI achieving human or super-human-level intelligence... OpenAI CEO Sam Altman said earlier this year that in AI "the most important areas of progress will be around reasoning ability.

An aircraft carrier in the U.S. Navy tested "vastly increased" levels of internet connectivity, reports the defense-news web site TWZ, callling it "a game-changer for what a ship, and its sailors, can do while at sea." The F-35 Joint Strike Fighters assigned to the carrier offer a case in point for what more shipboard bandwidth — provided by commercial providers like Starlink and OneWeb — can mean at the tactical level. Jets with the embarked Marine Fighter Attack Squadron 314 took on critical mission data file updates in record time last fall due to the carrier's internet innovations, a capability that is slated to expand across the fleet. "This file offers intelligence updates and design enhancements that enable pilots to identify and counter threats in specific operational environments," the Navy said in an October release announcing the feat. "The update incorporated more than 100 intelligence changes and multiple design improvements, significantly enhancing the aircraft's survivability and lethality...." [Capt. Kevin White, then the Lincoln's combat systems officer] noted how the F-35 "eats and breathes data daily," and it has to be shared with commands ashore. The connectivity innovations he's pioneered will enable such data transfers, which will only grow more complex over time. "If you can't get the data onboard, you're probably going to be at a loss," White said. "So large file transfer capability increases combat readiness...."

When the system was on, it provided not only mission benefits, but benefits to the hard-working Lincoln crew as well, which was at sea for 107 days at one point with no port calls [Capt. Pete "Repete" Riebe, told WEST conference attendees]... White said the average age of an embarked Lincoln sailor was 20.8, and Riebe noted that to attract young people into service, the Navy needs to recognize the innate connection they have to their devices. "The next generation of sailors grew up with a cell phone in their hand, and they are uncomfortable without it," Riebe said. "I don't necessarily like that, but that's reality, and if we want to compete for the best folks coming into the Navy, we need to offer them bandwidth at sea." Having better connectivity also helped with the ship's administrative functions, Riebe said, making medical, dental and other work far easier than they have been in the past...

A sailor who can FaceTime with his family back home carries less non-Navy stress with them as they focus on the life-or-death duties at hand, White said... This beefed-up bandwidth allowed 38 sailors to witness the birth of their child, while others were able to watch their kids' sporting events, White said. Several crew members pursued doctorate and master's degrees while deployed due to better internet, while others were able to deal with personal or legal issues they had left behind back home. One officer was able to commission his wife remotely from the ship... On the operational side, from "the most desolate waters," Lincoln used its bandwidth to connect with a command in Norfolk, which undertook the ship's annual cybersecurity scans "from halfway around the world," White said... Taxpayer dollars can also be saved if a ship isn't paying for WiFi access while in port, White noted, and the crew was able to start getting to know Italian allies online before an exercise, enhancing the personal aspects of such partnerships.

More bandwidth also means more onboard training, meaning some sailors who don't have to leave to go to the school house, and sailors were able to get answers to maintenance questions from ashore commands faster as well. "Just by being able to have more reliable access to support resources, we definitely become more effective at maintenance," White said.
Every day the aircraft carrier averaged four to eight terabytes of transferred data, according to the article (with a team of two full-time system administrators managing 7,000 IP addresses), and ultimately saw 780 terabytes of data transferred over five-and-a-half months. The article notes it's part of the Navy's larger "Sailor Edge Afloat and Ashore" (SEA2) program to provide all its warships with high-bandwidth connectivity around the world.

The program "involves moving some communications aspects away from proprietary Defense Department satellites, while leaning on commercial satellite constellations and even cellular providers to keep ships more connected at sea for both personal and tactical uses."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.
The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.
A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality

An anonymous reader shared this report from Reuters: New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.

Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.

"But this was so simple to find we believe we're not the only ones who found it."

Despite being removed from app stores and facing a potential U.S. ban, TikTok has regained nearly 90% of its user traffic, according to Cloudflare Radar. "DNS traffic for TikTok-related domains has continued to recover since service restoration, and is currently about 10% lower than pre-shutdown level," said David Belson, head of data insight at Cloudflare. CNBC reports: The data from Cloudflare shows that, for the most part, TikTok has managed to maintain the bulk of its users and creators in the U.S. despite going offline for about 14 hours and remaining off of the Apple or Google app stores.

As for its alternatives, Cloudflare's data shows a spike in traffic the day of the temporary ban, with levels remaining steadily higher in the following week. Traffic for alternatives began to grow a week ahead of the expected shutdown, driven by the increased popularity of RedNote, known as Xiaohongshu in China, Belson said.

But traffic to TikTok alternatives peaked on Jan. 19, the day TikTok returned online, he added. "DNS traffic fell rapidly once the shutdown ended, and has continued to slowly decline over the last week and a half," Belson said.

The Swiss canton ("state") of Basel-Stadt fixed a tax flyer typo by buying the incorrect domain and setting up a redirect, avoiding a $100,000 reprint cost. TechCrunch reports: As Swiss news outlet SRF reports, the Basel tax administration printed fliers that were supposed to include a URL to file taxes online. However, the Swiss country code top-level domain (ccTLD) of ".ch" was omitted, leaving just the Basel-Stadt suffix of ".bs" -- which just happens to be the ccTLD of the Bahamas.

A spokesperson for Basel-Stadt's department of finance told SRF that it would cost the equivalent of around $100,000 to print and send out a batch of new flyers, so it was a no-brainer to fork out $1,000 to administer the new domain instead.

An anonymous reader quotes a report from 404 Media: Datasets aggregated on data.gov, the largest repository of U.S. government open data on the internet, are being deleted, according to the website's own information. Since Donald Trump was inaugurated as president, more than 2,000 datasets have disappeared from the database. As people in the Data Hoarding and archiving communities have pointed out, on January 21, there were 307,854 datasets on data.gov. As of Thursday, there are 305,564 datasets. Many of the deletions happened immediately after Trump was inaugurated, according to snapshots of the website saved on the Internet Archive's Wayback Machine. Harvard University researcher Jack Cushman has been taking snapshots of Data.gov's datasets both before and after the inauguration, and has worked to create a full archive of the data.

"Some of [the entries link to] actual data," Cushman told 404 Media. "And some of them link to a landing page [where the data is hosted]. And the question is -- when things are disappearing, is it the data it points to that is gone? Or is it just the index to it that's gone?" For example, "National Coral Reef Monitoring Program: Water Temperature Data from Subsurface Temperature Recorders (STRs) deployed at coral reef sites in the Hawaiian Archipelago from 2005 to 2019," a NOAA dataset, can no longer be found on data.gov but can be found on one of NOAA's websites by Googling the title. "Stetson Flower Garden Banks Benthic_Covage Monitoring 1993-2018 -- OBIS Event," another NOAA dataset, can no longer be found on data.gov and also appears to have been deleted from the internet. "Three Dimensional Thermal Model of Newberry Volcano, Oregon," a Department of Energy resource, is no longer available via the Department of Energy but can be found backed up on third-party websites. [...]

Data.gov serves as an aggregator of datasets and research across the entire government, meaning it isn't a single database. This makes it slightly harder to archive than any individual database, according to Mark Phillips, a University of Northern Texas researcher who works on the End of Term Web Archive, a project that archives as much as possible from government websites before a new administration takes over. "Some of this falls into the 'We don't know what we don't know,'" Phillips told 404 Media. "It is very challenging to know exactly what, where, how often it changes, and what is new, gone, or going to move. Saving content from an aggregator like data.gov is a bit more challenging for the End of Term work because often the data is only identified and registered as a metadata record with data.gov but the actual data could live on another website, a state .gov, a university website, cloud provider like Amazon or Microsoft or any other location. This makes the crawling even more difficult."

Phillips said that, for this round of archiving (which the team does every administration change), the project has been crawling government websites since January 2024, and that they have been doing "large-scale crawls with help from our partners at the Internet Archive, Common Crawl, and the University of North Texas. We've worked to collect 100s of terabytes of web content, which includes datasets from domains like data.gov." [...] It is absolutely true that the Trump administration is deleting government data and research and is making it harder to access. But determining what is gone, where it went, whether it's been preserved somewhere, and why it was taken down is a process that is time intensive and going to take a while. "One thing that is clear to me about datasets coming down from data.gov is that when we rely on one place for collecting, hosting, and making available these datasets, we will always have an issue with data disappearing," Phillips said. "Historically the federal government would distribute information to libraries across the country to provide greater access and also a safeguard against loss. That isn't done in the same way for this government data."

The company that Jeff Bezos founded has gone to court to keep the newspaper he owns from finding out too much about the inner workings of its business. From a report: Amazon is suing Washington state to limit the release of public records to The Washington Post from a series of state Department of Labor and Industries investigations of an Amazon Project Kuiper satellite facility in the Seattle area.

The lawsuit, filed this week in King County Superior Court in Seattle, says the newspaper on Nov. 26 requested "copies of inspection records, investigation notes, interview notes, complaints," and other documents related to four investigations at the Redmond, Wash., facility between August and October 2024. It's not an unusual move by the company, and in some ways it's a legal technicality.

Amazon says it's not seeking to block the records release entirely, but rather seeking to protect from public disclosure certain records that contain proprietary information and trade secrets about the company's satellite internet operations. The lawsuit cites a prior situation in which Amazon and the Department of Labor and Industries similarly worked through the court to respond to a Seattle Times public records request without disclosing proprietary information.

An anonymous reader quotes a report from Ars Technica: US Rep. Zoe Lofgren (D-Calif.) today proposed a law that would let copyright owners obtain court orders requiring Internet service providers to block access to foreign piracy websites. The bill would also force DNS providers to block sites. Lofgren said in a press release that she "work[ed] for over a year with the tech, film, and television industries" on "a proposal that has a remedy for copyright infringers located overseas that does not disrupt the free Internet except for the infringers." Lofgren said she plans to work with Republican leaders to enact the bill. [...]

Lofgren's bill (PDF) would impose site-blocking requirements on broadband providers with at least 100,000 subscribers and providers of public domain name resolution services with annual revenue of over $100 million. The bill has exemptions for VPN services and "similar services that encrypt and route user traffic through intermediary servers"; DNS providers that offer service "exclusively through encrypted DNS protocols"; and operators of premises that provide Internet access, like coffee shops, bookstores, airlines, and universities. Lofgren released a summary of the bill explaining how copyright owners can obtain blocking orders. "A copyright owner or exclusive licensee may file a petition in US District Court to obtain a preliminary order against a foreign website or online service engaging in copyright infringement," the summary said.

For non-live content, the petition must show that "transmission of a work through a foreign website likely infringes exclusive rights under Section 106 [of US law] and is causing irreparable harm." For live events, a petition must show that "an imminent or ongoing unauthorized transmission of a live event is likely to infringe, and will cause irreparable harm." The proposed law says that after a preliminary order is issued, copyright owners would be able to obtain orders directing service providers "to take reasonable and technically feasible measures to prevent users of the service provided by the service provider from accessing the foreign website or online service identified in the order." Judges would not be permitted to "prescribe any specific technical measures" for blocking and may not require any action that would prevent Internet users from using virtual private networks.Consumer advocacy group Public Knowledge described the bill as a "censorious site-blocking" measure "that turns broadband providers into copyright police at Americans' expense."

"Rather than attacking the problem at its source -- bringing the people running overseas piracy websites to court -- Congress and its allies in the entertainment industry has decided to build out a sweeping infrastructure for censorship," Public Knowledge Senior Policy Counsel Meredith Rose said. "Site-blocking orders force any service provider, from residential broadband providers to global DNS resolvers, to disrupt traffic from targeted websites accused of copyright infringement. More importantly, applying blocking orders to global DNS resolvers results in global blocks. This means that one court can cut off access to a website globally, based on one individual's filing and an expedited procedure. Blocking orders are incredibly powerful weapons, ripe for abuse, and we've seen the messy consequences of them being implemented in other countries."

NordVPN has introduced NordWhisper, a new protocol designed to bypass VPN blocks in restrictive countries like Russia and India by making VPN traffic appear like regular internet activity. Gizmodo reports: NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency. The protocol is rolling out first to users on Windows, Linux, and Android. Support for other platforms will come in the future.

Comcast is deploying "Low Latency, Low Loss, Scalable Throughput" (L4S) technology across its Xfinity internet network in six U.S. cities, a system that reduces the time data packets take to travel between users and servers. Initial trials showed a 78% reduction in working latency under normal home conditions. The technology will first support FaceTime calls, Nvidia's GeForce Now cloud gaming, and Steam games, with planned expansion to Meta's mixed reality applications.

The Federal Communications Commission will abandon a proposal that would have banned mandatory internet service charges for apartment and condominium residents. FCC Chair Brendan Carr halted the Biden-era plan that sought to prevent landlords from requiring tenants to pay for specific broadband providers. Housing industry groups said they welcomed the decision, arguing bulk billing arrangements help secure discounted rates. They claim these agreements can reduce internet costs by up to 50%. However, public interest advocates, who backed the original proposal, contend that landlords don't always pass these savings to tenants.

chicksdaddy share a report from the Security Ledger: Vulnerabilities in Subaru's STARLINK telematics software enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan. In a report published Thursday researchers Sam Curry and Shubham Shah revealed a now-patched flaw in Subaru's STARLINK connected vehicle service that allowed them to remotely control Subarus and access vehicle location information and driver data with nothing more than the vehicle's license plate number, or easily accessible information like the vehicle owner's email address, zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite-based high speed Internet service.)

[Curry and Shah downloaded a year's worth of vehicle location data for Curry's mother's 2023 Impreza (Curry bought her the car with the understanding that she'd let him hack it.) The two researchers also added themselves to a friend's STARLINK account without any notification to the owner and used that access to remotely lock and unlock the friend's Subaru.] The details of Curry and Shah's hack of the STARLINK telematics system bears a strong resemblance to hacks documented in his 2023 report Web Hackers versus the Auto Industry as well as a September, 2024 discovery of a remote access flaw in web-based applications used by KIA automotive dealers that also gave remote attackers the ability to steal owners' personal information and take control of their KIA vehicle. In each case, Curry and his fellow researchers uncovered publicly accessible connected vehicle infrastructure intended for use by [employees and dealers was found to be trivially vulnerable to compromise and lack even basic protections around account creation and authentication].