One compromised admin account led to two projects being scammed in a day. From a report: On Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop -- essentially a free distribution to early supporters -- a few days later. Then, disaster struck. Posts appeared in the official "announcements" channel of each project claiming that a surprise mint would reward community members with a limited edition NFT. Hundreds jumped at the chance -- but for those who followed the links and connected their crypto wallets, a costly surprise was waiting. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases.

In the space of an hour, a Twitter post, first from Monkey Kingdom and then from Fractal, informed followers that their Discord servers had been hacked; news of the NFT mints was bogus, the links a phishing fraud. In the case of Fractal, the scammers got away with about $150,000 worth of cryptocurrency. For Monkey Kingdom, the estimated total was reported to be $1.3 million. Neither attack targeted the blockchain or the tokens themselves. Instead, the thieves exploited weaknesses in the infrastructure used to sell the tokens -- specifically, the Discord chatrooms where NFT fans gather. It's a reminder of a persistent weakness in the growing NFT economy, where surprise drops have primed buyers to move fast or risk missing out. But the same techniques that hype up a sale can also open the door to hackers -- and in this case, a single compromise can end up spreading to more than one community at once. In this case, the NFTs thieves had targeted a feature known as a webhook. Webhooks are used by many web applications (Discord included) to listen for a message sent to a particular URL and trigger an event in response, like posting content to a certain channel. By gaining access to webhooks belonging to the Fractal and Monkey Kingdom Discord servers, the hackers were able to send messages that were broadcast to all members of certain channels: a feature meant to be used only for official communications from the project teams. This was where the fake "announcement" had come from and why it had pointed to a scam address. In hindsight, the content should have raised some red flags -- but given the distribution method, it looked just legitimate enough that many were fooled.

An anonymous reader quotes a report from BleepingComputer: Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group's rediCASE case management software, both from Australia. Among FlexBooker's customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.

Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver's licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver's license photos. The actor notes that some "juicy columns" in the database are names, emails, phone numbers, password salt, and hashed passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders "accessed and downloaded" data on the service's Amazon cloud storage system. "On December 23, 2021, starting at 4:05 PM EST our account on Amazon's AWS servers was compromised," reads the notification, adding that the intruders did not access "any credit card or other payment card information."

An anonymous reader shares a report: NFT marketplace OpenSea has frozen 16 Bored Ape and Mutant Ape nonfungible tokens (NFT) after they were reportedly stolen yesterday from a New York art gallery operator. In total, one Clonex, seven Mutant Ape Yacht Club, and eight Bored Ape Yacht Club NFTs currently valued at about 615 ETH ($2.28 million) were stolen and are now not able to be traded on OpenSea.

The toddkramer.eth account, which links to the Ross+Kramer Art Gallery in New York, fired off a series of tweets detailing the 16 NFTs that were stolen from his hot wallet and pleading with OpenSea and the NFT community for help. While the NFT community was often unsympathetic to the trader's plight, OpenSea froze trading on the stolen items. The freeze on buying and selling the NFTs have some traders decrying a lack of decentralization, one of the cherished aspects of the crypto industry. One Twitter commenter kw.sol said, "Who was able to freeze the n? Feels pretty anti crypto to be asking third parties to do this and ideally they shouldn't be able to."

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

The Public Health Agency of Canada (or PHAC) "accessed location data from 33 million mobile devices to monitor people's movement during lockdown," reports Canada's National Post newspaper: "Due to the urgency of the pandemic, PHAC collected and used mobility data, such as cell-tower location data, throughout the COVID-19 response," a spokesperson told National Post... PHAC used the location data to evaluate the effectiveness of public lockdown measures and allow the Agency to "understand possible links between movement of populations within Canada and spread of COVID-19," the spokesperson said.

In March, the Agency awarded a contract to the Telus Data For Good program to provide "de-identified and aggregated data" of movement trends in Canada. The contract expired in October, and PHAC no longer has access to the location data, the spokesperson said. The Agency is planning to track population movement for roughly the next five years, including to address other public health issues, such as "other infectious diseases, chronic disease prevention and mental health," the spokesperson added.

Privacy advocates raised concerns to the National Post about the long-term implications of the program. "I think that the Canadian public will find out about many other such unauthorized surveillance initiatives before the pandemic is over — and afterwards," David Lyon, author of Pandemic Surveillance and former director of the Surveillance Studies Centre at Queen's University, said in an email.... Increased use of surveillance technology during the COVID-19 pandemic has created a new normal in the name of security, Lyon said. "The pandemic has created opportunities for a massive surveillance surge on many levels — not only for public health, but also for monitoring those working, shopping and learning from home."

"Evidence is coming in from many sources, from countries around the world, that what was seen as a huge surveillance surge — post 9/11 — is now completely upstaged by pandemic surveillance," he added.

An anonymous reader quotes a report from The Record: Many apps used by schools contain features that can lead to the "unregulated and out of control" sharing of student data to advertising companies and other security issues, according to a report published Monday by the nonprofit Me2B Alliance. The report follows up on research published by the group in May, which audited 73 apps used by 38 schools to find that 60% of them were sending student data to a variety of third parties. Roughly half of them were sending student data to Google, while 14% were sending data to Facebook.

In the update, Me2B specifically looked at the use of a common feature called "WebView," which allows developers to integrate web pages into apps. Although the feature allows schools to include dynamic details -- like calendars and results of sporting events -- in apps without having to update the app itself, it can lead to the siphoning of student data and, in particularly bad cases, students and parents being targeted by scams. For example, on several occasions the researchers observed the hijacking of web pages linked to by school apps, leading users to malicious sites. An app used by Maryland's largest school district accidentally directed users to a compromised site that once was used for the district's sports teams. The Quinlan, Texas school district had a sports domain integrated into its app that was purchased by an unknown actor for $30 before anyone took action -- a security threat that's sometimes called a "dangling domain." Some of the recommendations to mitigate security risks include "training for app administrators, creating processes at schools for keeping track of expiring URLs, requiring schools to report lost or dangling domains within a specific time, and launching a 'privacy bounty program' at the US Department of Education to audit school apps," reports The Record. "But perhaps the fastest way to reduce these risks is to alter the way the apps work."

"Apple and Google can change rules for in-app WebView links to ensure app developers can't overrule a local device browser preference," said Zach Edwards, who is in charge of data integrity testing for the Me2B Alliance.

RadioShack.com is now showing visitors a new message: "Bringing cryptocurrency to the mainstream..."

With a 100-year-old brand, "we are going to lead the way for blockchain tech to reach mainstream adoption by other large brands."

The RadioShack home page says they'll start with a "symbiosis" with Atlas USV, a community-driven project to build a universal, decentralized/widely accessible DeFi base layer. Atlas USV's "Barter" mechanism lets users purchase third-party tokens and transfer them to Atlas USV's treasury in return for discounted USV tokens. "The Atlas USV treasury can accumulate any crypto asset of its choice with this dynamic...

"Once the liquidity pool surpasses other exchanges' liquidity level in any token pair, our swap efficiency will be unbeatable for that pair...

"Other decentralized exchanges margins on swap fees are our opportunity.... "

Or, as they explain on a more detailed web page, "We intend RadioShack to be the first protocol to pass over into mainstream usage in the history of DeFI," promising that RadioShack DeFi "will become the first to market with a 100 year old brand name that's recognized in virtually all 190+ countries in the world..."

"RadioShack has one objective: Distribution and usage by millions of individuals but possibly more important, by hundreds of blue-chip, large corporations as their gateway into becoming blockchain companies."

Currently there's a sign-up form for a notification when "RADIO token" launches (as well as links to their channels on Discord and Telegram).

Their "Fundamentals" page explains that "It is our hypothesis that the best way for crypto to be more mainstream is for an established brand name in the tech space to lead the way."

The RadioShack brand was purchased In November of 2020 by e-commerce rehabilitator REV, now listed as a collaborator on RadioShack's home page. (Ironically, the "Fundamentals" page also includes RadioShack's Super Bowl ad where there store is taken back by the 1980s.)

The official Twitter feed of Radio Shack now also has the same new tagline: "Bringing Cryptocurrency To The Mainstream."

An anonymous reader writes: Burning fossil fuels kills more than 1 million people ever year, according to a new study that examined the worldwide health effects of fine particulate pollution, also known as PM2.5. Coal, which produces sooty, particulate-laden pollution, is responsible for half of those deaths, while natural gas and oil are responsible for the other half. Some 80 percent of premature deaths due to fossil fuel combustion takes place in South Asia or East Asia, the report said. Because fine particulate pollution can be so easily inhaled and swept into the bloodstream, it is responsible for a range of diseases, including heart disease, diabetes, COPD, lung cancer, and stroke. More recently, researchers have found links between PM2.5 and other, less obvious diseases like kidney failure and Parkinson's. People who have experienced long-term exposure to PM2.5 are also at greater risk of hospitalization if they fall ill with COVID.

The researchers gathered monthly pollution and source data from 1970 to 2017 and ran it through a global air-quality model in conjunction with satellite data. The result was a global map of outdoor PM2.5 with a resolution of about 1 km^2. From there, they estimated the average outdoor exposure for people living in various parts of the world. The study was coordinated by the nonprofit Health Effects Institute, and its coauthors were Randall Martin, a professor of energy, environmental and chemical engineering at Washington University, and Michael Brauer, a professor of population and public health at the University of British Columbia. In regions like South Asia and East Asia and some Eastern and Central European countries, coal causes a majority of the premature deaths that result from fossil fuel combustion. That's due in part to those regions' reliance on coal and because their regulations are typically not as stringent as elsewhere. In regions like North America and Western Europe, which are less reliant on coal, oil and natural gas cause the majority of deaths from fossil fuel-related particulate pollution. Even in the US, a country with relatively stringent clean air laws, fine particulate pollution from fossil fuels is responsible for about 20,000 deaths annually, according to the study.

In a bold bid to turn digital crooks away from a life of crime, Microsoft is offering a 50 percent discount on its Office suite to some people using pirated versions. The Verge reports: Ghacks reports that a new message in the Office ribbon bar is appearing on pirated Office apps, tempting people with a 50 percent discount on a genuine Microsoft 365 subscription. The message links to an official Microsoft website that claims "pirated software exposes your PC to security threats." Microsoft warns Office pirates that they run the risk of running into viruses, malware, data loss, identify theft, and the inability to receive critical updates. The discount brings the price of a Microsoft 365 Family subscription down to just $49.99 for the first year, or $34.99 for a year of Microsoft 365 Personal.

Apple will not have to implement changes to its in-app purchase system and App Store guidelines as ordered by the judge's ruling in its court battle with Epic Games. From a report: While Apple largely won that case, as the court ruled Apple was not acting as a monopolist, the company had been ordered to stop preventing app developers from adding links that pointed users to other means of paying for their in-app purchases outside the App Store. Both Apple and Epic appealed the original ruling -- Epic because it was not successful with its larger claims, and Apple because it disagreed with this aspect of the ruling over in-app purchases. Apple originally had until Dec. 9 to update its App Store policies, but had asked the court for a stay on the injunction regarding the changes to its in-app purchasing guidelines until the appeal was decided.

The appeals court has now granted Apple more time before the injunction goes into effect. That means developers will have to continue to use the existing in-app purchase system Apple provides. They won't be allowed to link to or steer users to their own websites for payments from inside their apps. In a document filed today in the U.S Court of Appels for the Ninth Circuit, the court decided Apple had demonstrated "at minimum, that its appeal raises serious questions on the merits of the district court's determination that Epic Games failed to show Apple's conduct violated any antitrust laws but did show that the same conduct violated California's Unfair Competition Law."

Verizon might be collecting information about your browsing history, location, apps, and your contacts, all in the name of helping the company "understand your interests," first spotted by Input. The Verge reports: The program, which Verizon appears to automatically opt customers into, is called Verizon Custom Experience and its controls lay buried in the privacy settings on the My Verizon app. The program introduces two different options that appear in the app, Custom Experience and Custom Experience Plus, each of which varies in terms of invasiveness. Verizon provides additional information about both settings within the app, as well as on a FAQ page on its website. It appears that the Custom Experience option is a stripped-down version of Custom Experience Plus, and as Verizon states directly in the app, it helps Verizon "personalize" its "communication with you" and "give you more relevant product and service recommendations" by using "information about websites you visit and apps you use on your mobile device."

Meanwhile, Custom Experience Plus has the same stated purpose -- to help Verizon provide you with a more "personalized" experience. However, it not only uses information about the websites and apps you use on your mobile device, but it also says it uses your "device location," along with "phone numbers you call or that call you" to help Verizon "better understand your interests." This also includes your CPNI, which tracks the times and duration of your calls, and because Verizon is your wireless network provider, it can track your location even if you've turned off location services on your phone. As Verizon explains on its site, it might use your information to, say, present you with an offer that includes music content, or give you a music-related option in its Verizon Up reward program if it knows you like music. Verizon explicitly states that for the more invasive Customer Experience Plus tracking, you "must opt-in to participate and you can change your choice at any time." Signing up for those Up Rewards, or other promotions with consequences buried in the fine print may have opted customers in unknowingly. How to opt-out: "[...] open your My Verizon app, and then hit the gear icon in the top-right corner of the screen. Scroll down and select 'Manage privacy settings' beneath the 'Preferences' heading. On the next page, toggle off 'Custom Experience' and 'Custom Experience Plus.' To erase the information that Verizon has already collected about you through the program, tap 'Custom Experience Settings,' and hit 'Reset.'"

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays?
But wait — it gets even more interesting...

The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.")

But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built.

While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities!

In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

Finland is working to stop a flood of text messages of an unknown origin that are spreading malware. From a report: The messages with malicious links to malware called FluBot number in the millions, according to Aino-Maria Vayrynen, information security specialist at the National Cyber Security Centre. Telia Co AB, the country's second-biggest telecommunications operator, has intercepted some hundreds of thousands of messages. "The malware attack is extremely exceptional and very worrying," Teemu Makela, chief information security officer at Elisa Oyj, the largest telecoms operator, said by phone. "Considerable numbers of text messages are flying around."

Recently Australian developer Geoffrey Huntley announced they'd created a 20-terabyte archive of all NFTs on the Ethereum and Solana blockchains.

But one NFT startup company now says they tried downloading the archive — and discovered most of it was zeroes. Many of the articles are careful to point out "we have not verified the contents of the torrent," because of course they couldn't. A 20TB torrent would take several days to download, necessitating a pretty beefy internet connection and more disk space to store than most people have at their disposal. We at ClubNFT fired up a massive AWS instance with 40TB of EBS disk space to attempt to download this, with a cost estimate of $10k-20k over the next month, as we saw this torrent as potentially an easy way to pre-seed our NFT storage efforts — not many people have these resources to devote to a single news story.

Fortunately, we can save you the trouble of downloading the entire torrent — all you need is about 10GB. Download the first 10GB of the torrent, plus the last block, and you can fill in all the rest with zeroes. In other words, it's empty; and no, Geoff did not actually download all the NFTs. Ironically, Geoff has archived all of the media articles about this and linked them on TheNFTBay's site, presumably to preserve an immutable record of the spread and success of his campaign — kinda like an NFT...

We were hoping this was real... [I]t is actually rather complicated to correctly download and secure the media for even a single NFT, nevermind trying to do it for every NFT ever made. This is why we were initially skeptical of Geoff's statements. But even if he had actually downloaded all the NFT media and made it available as a torrent, this would not have solved the problem... a torrent containing all the NFTs does nothing to actually make those NFTs available via IPFS, which is the network they must be present on in order for the NFTs to be visible on marketplaces and galleries....

[A]nd this is a bit in the weeds: in order to reupload an NFT's media to IPFS, you need more than just the media itself. In order to restore a file to IPFS so it can continue to be located by the original link embedded in the NFT, you must know exactly the settings used when that file was originally uploaded, and potentially even the exact version of the IPFS software used for the upload.

For these reasons and more, ClubNFT is working hard on an actual solution to ensure that everybody's NFTs can be safely secured by the collectors themselves. We look forward to providing more educational resources on these and other topics, and welcome the attention that others, like Geoff, bring to these important issues.
Their article was shared by a Slashdot reader (who is one of ClubNFT's three founders). I'd wondered suspiciously if ClubNFT was a hoax, but if this PR Newswire press release is legit, they've raised $3 million in seed funding. (And that does include an investment from Drapen Dragon, co-founded by Tim Draper which shows up on CrunchBase). The International Business Times has also covered ClubNFT, identifying it as a startup whose mission statement is "to build the next generation of NFT solutions to help collectors discover, protect, and share digital assets." Co-founder and CEO Jason Bailey said these next-generation tools are in their "discovery" phase, and one of the first set of tools that is designed to provide a backup solution for NFTs will roll out early next year. Speaking to International Business Times, Bailey said, "We are looking at early 2022 to roll out the backup solution. But between now and then we should be feeding (1,500 beta testers) valuable information about their wallets." Bailey says while doing the beta testing, he realized that there are loopholes in the NFT storage systems and only 40% of the NFTs were actually pointing to the IPFS, while 40% of them were at risk — pointing to private servers.

Here is the problem explained: NFTs are basically a collection of metadata, that define the underlying property that is owned. Just like in the world of internet documents, links point to the art and any details about it that are being stored. But links can break, or die. Many NFTs use a system called InterPlanetary File System, or IPFS, which let you find a piece of content as long as it is hosted somewhere on the IPFS network. Unlike in the world of internet domains, you don't need to own the domain to really make sure the data is safe. Explaining the problem which the backup tool will address, Bailey said, "When you upload an image to IPFS, it creates a cryptographic hash. And if someone ever stops paying to store that image on IPFS, as long as you have the original image, you can always restore it. That's why we're giving people the right to download the image.... [W]e're going to start with this protection tool solution that will allow people to click a button and download all the assets associated with their NFT collection and their wallet in the exact format that they would need it in to restore it back up to IPFS, should it ever disappear. And we're not going to charge any money for that."

The idea, he said, is that collectors should not have to trust any company; rather they can use ClubNFT's tool, whenever it becomes available, to download the files locally... "One of the things that we're doing early around that discovery process, we're building out a tool that looks in your wallet and can see who you collect, and then go a level deeper and see who they collect," Bailey said. Bailey said that the rest of the tools will process after gathering lessons based on user feedback on the first set of solutions. He, however, seemed positive that the talks of the next set of tools will begin in the Spring of next year as the company has laid a "general roadmap."

Starbucks has partnered with Amazon Go, the e-commerce giant's brick-and-mortar convenience store, to open its first ever cashierless cafe. "[C]ustomers can sit at a table with a latte or grab a sandwich from a shelf and walk out," reports Reuters. From the report: Hit by a U.S. labor crunch, Starbucks and other companies are expanding labor-saving technology like artificial intelligence, robotics and digital touch screens. [...] The pandemic pushed people to place more orders online for carry out, delivery and drive-thru. To keep up, Starbucks shifted its development strategy to new store formats, adding pickup-only locations in urban areas, as well as traditional cafes and suburban drive-thrus. Starbucks and Amazon plan to open at least two more U.S. locations together in 2022, said Kathryn Young, Starbucks' senior vice president of global growth and development.

Starbucks baristas will make drinks and the rest of the chain's menu at the new location in New York City, which will have the same staffing level as any other Starbucks, she said. Customers can order through the Starbucks app and grab coffee to go from a counter near the door. Or they can use a credit card, Amazon app or Amazon One palm reader to enter the rest of the space, take snacks from shelves, or sit at tables.

NFTs are unique blockchain entries through which people can prove that they own something. However, the underlying images can be copied with a single click. This point is illustrated by The NFT Bay which links to a 19.5 Terabyte collection of 'all NFTs' on the Ethereum and Solana blockchains. (UPDATE: One NFT startup is claiming that the collection is mostly just zeroes, and does not in fact contain all of the NFTs.)

But the archive also delivered an important warning message too. TorrentFreak reports: "The Billion Dollar Torrent," as it's called, reportedly includes all the NFTs on the Ethereum and Solana blockchains. These files are bundled in a massive torrent that points to roughly 15 terabytes of data. Unpacked, this adds up to almost 20 terabytes. Australian developer Geoff is the brains behind the platform, which he describes as an art project. Speaking with TorrentFreak, he says that The Pirate Bay was used as inspiration for nostalgic reasons, which needs further explanation.

The NFT Bay is not just any random art project. It does come with a message, perhaps a wake-up call, for people who jump on the NFT bandwagon without fully realizing what they're spending their crypto profits on. "Purchasing NFT art right now is nothing more than directions on how to access or download an image. The image is not stored on the blockchain and the majority of images I've seen are hosted on Web 2.0 storage which is likely to end up as 404 meaning the NFT has even less value." The same warning is more sharply articulated in the torrent's release notes which are styled in true pirate fashion. "[T]his handy torrent contains all of the NFT's so that future generations can study this generation's tulip mania and collectively go..." it reads.

In the war against misinformation and social media-inspired violence, ultimately the social media platforms are just one front. But what about the people consuming misinformation? In June America's National Security Council unveiled a "National Strategy for Countering Domestic Terrorism," which argued that "pursuing the goal of preventing, disrupting, and deterring acts of domestic terrorism... can mean, broader still, cultivating the type of digital literacy that can empower the American public to resist those who would use online communications platforms and other venues to recruit, radicalize, and mobilize to violence."

This week America's Department of Homeland Security warned the country still faces "a diverse and challenging threat environment" including the possibility of violence "by individuals and small groups...including domestic violent extremists and those inspired or motivated by foreign terrorists and other malign foreign influences.....These actors continue to exploit online forums to influence and spread violent extremist narratives and promote violent activity." (Though they add that the agency "is not aware of an imminent and credible threat to a specific location...")

But besides offering links to mental health resources and info on law enforcement tip lines, the agency also suggests Americans "Maintain digital media literacy to recognize and build resilience to false and harmful narratives" — linking to an online publication about "Media Literacy and Critical Thinking Online."

Here's our look at the documents they're making available — and the language that they're using to convey the threat.

An anonymous reader quotes a report from Bloomberg: Apple failed to persuade a federal judge to push back a December deadline to change the lucrative business model for its App Store while the iPhone maker's legal fight with Epic Games is appealed. Unless the iPhone maker wins a reprieve from an appeals court, it will soon have to start allowing developers to steer customers to payment methods outside the App Store, an overhaul the judge ordered in September that could cost the tech giant a few billion dollars annually. Apple asked U.S. District Judge Yvonne Gonzales Rogers to put on hold a part of the injunction that said the company must undo its rule forbidding developers from using web links or other means within apps to inform consumers about payment methods outside the App Store. "Apple's motion is based on a selective reading of this court's findings and ignores all of the findings which supported the injunction," Rogers said in an order Tuesday. "The motion is fundamentally flawed."

"Apple believes no additional business changes should be required to take effect until all appeals in this case are resolved," the company said in a statement. While Apple largely won its showdown with Epic, the world's most valuable technology company isn't out of danger from challenges to its role as a gatekeeper to the digital economy. The iPhone maker continues to face a plethora of antitrust lawsuits in and outside the U.S seeking to open up the App Store to competition, monopolization enforcement investigations brought by federal and state agencies, and legislative bids to restrict its business practices. Bloomberg Intelligence has said that pressure on Apple to lower its App Store commissions on developers, which currently run as high as 30%, could squeeze revenue by $2 billion to $4 billion in a worst-case scenario.

An anonymous reader quotes a report from Bloomberg: Unsealed emails reveal the role baby-powder maker Johnson & Johnson played in a report that an industry group submitted to U.S. regulators deciding whether to keep warnings off talc-based products linked to cancer. The emails -- unsealed in the state of Mississippi's lawsuit against J&J over its refusal to add a safety warning -- show J&J and its talc supplier chose the scientists hired by their trade association, the Personal Care Products Council, to write the 2009 report assessing talc-based powders' health risks. They also show the researchers changed the final version of their report at the companies' behest. The U.S. Food and Drug Administration said it relied in part on the report in its decision to forgo a warning for the product.

The emails among executives of J&J and Rio Tinto Minerals, its supplier at the time, provide a behind-the-scenes glimpse of dealings between companies and their industry group that successfully fended off a cancer warning on talc-based powders for nearly 40 years. Now, almost 39,000 users and their families are suing J&J, most claiming their ovarian cancers and those of loved ones were linked to asbestos, the potent carcinogen in the products pulled from U.S. and Canadian shelves in May 2020. Dependence on industry data creates a situation that's ripe for lobbyists to exert pressure on the FDA. The unsealed emails pull back the curtain on how such efforts get launched, who pays for them, and who has a hand in delivering the final product to regulators.

While the practice of companies having a say in industry group submissions to the FDA isn't new or illegal, the emails reveal just how involved J&J got in a report meant to assess product safety -- down to selecting individual scientists to produce it and having them write an executive summary. J&J denied any wrongdoing in its decision not to acknowledge its input to the report that the PCPC lobbying group sent to the FDA. [...] FDA officials acknowledged they weighed the PCPC's response to the citizens' petitions demanding a warning for talc-based powders before finding there was "inconclusive evidence" the mineral caused ovarian and other forms of cancer. "The FDA reviewed and considered all of the information submitted to us in the two petitions, the comments received in response to the petitions, and additional scientific information," said Tara Rabin, a spokeswoman.

23andMe CEO Anne Wojcicki wants to make drugs using insights from millions of customer DNA samples, and doesn't think that should bother anyone. From a report: A few months ago, on the morning 23andMe Holding Co. was about to go public, Chief Executive Officer Anne Wojcicki received a framed sheet of paper she hadn't seen in 15 years. As she was preparing to ring in the Nasdaq bell remotely from the courtyard of her company's Silicon Valley headquarters, Patrick Chung, one of its earliest investors, presented her with the pitch document she'd shown him when she was first asking for money, reproduced on two pieces of paper so she could see both sides. The one-sheet outlined a radical transformation in the field of DNA testing. Wojcicki's plan back then was to turn genetics from the rarefied work of high-end labs into mainstream health and quasi entertainment products.

First she'd sell tastemakers on her mail-in spit kits as a way to learn sort-of-interesting things about their DNA makeup, such as its likely ancestral origins and the chance it would lead to certain health conditions. Eventually she'd be able to lower prices enough to make the kits broadly accessible, allowing 23andMe to build a database big enough to identify new links between diseases and particular genes. Later, this research would fuel the creation of drugs the company could tailor to different genetic profiles. 23andMe would become a new kind of health-care business, sitting somewhere between a Big Pharma lab, a Big Tech company, and a trusted neighborhood doctor.

Some of this still sounds as far off now as it did during the Bush years. Improbably, though, 23andMe has rounded second base and is heading for third. Wojcicki did sell millions of people on DNA test kits -- 11 million and counting -- and bring such tests to the mainstream, with some help from Oprah's holiday gift guide. An estimated 1 in 5 Americans have turned over their genetic material to 23andMe or one of its competitors. Now that she's got the data, Wojcicki is working on the drugs. Her company is collaborating on clinical trials for one compound (and nearing trials for another) that could be used for what's known as immuno-oncology, treatments that attempt to harness the body's complex immune system to beat cancer. 23andMe says it's also exploring drugs with potential use in treatments for neurological, cardiovascular, and other conditions, though it declined to specify them. Last month the company bought Lemonaid Health, a telehealth and drug delivery startup that offers treatment and prescriptions for a select group of conditions, including depression, anxiety, and STDs.