Artist Banksy's team was warned his website had a security weakness seven days before a hacker scammed a fan out of $336,000. The BBC reports: On Tuesday a piece of art was advertised on Banksy's official website as the world-renowned graffiti artist's first NFT (non-fungible token). A British collector won the auction to buy it, before realizing it was a fake. A cyber-security expert warned Banksy that the website could be hacked, but was ignored. Sam Curry, a professional ethical hacker from the US and founder of security consultancy Palisade, said he first heard that the site could have a weakness on the social network Discord, last month.

"I was in a security forum and multiple people were posting links to the site. I'd clicked one and immediately saw it was vulnerable, so I reached out to Banksy's team via email as I wasn't sure if anyone else had. "They didn't respond over email, so I tried a few other ways to contact them including their Instagram, but never received a response." Mr Curry's disclosure, first reported by rekt.news was made initially by email on 25 August. The BBC was shown the email thread and has tried to contact Banksy's team several times, with no response.

Mr Curry says the website flaw -- which has now been fixed -- "allowed you to create arbitrary files on the website" and post your own pages and content. The new page, called 'Banksy.co.uk/NFT,' was deleted shortly after the auction, with Banksy's team saying: "Any Banksy NFT auctions are not affiliated with the artist in any shape or form." The British man who won the auction is a prominent NFT collector and Banksy fan known on Twitter as Pranksy. He said he felt "burned" when he was scammed out of nearly $340,000 in cryptocurrency coins, but was relieved when the hacker inexplicably returned most of the money to him by the end of the day.

Twitter's latest beta update introduces support for providing content creators with Bitcoin tips using the "Tip Jar" feature that Twitter introduced earlier this year. MacRumors reports: Bitcoin isn't yet available to select as a tip option for beta users, but code in the beta suggests that Twitter is in the process of rolling it out. When the Tip Jar was first introduced, Twitter allowed users to add Bandcamp, Cash App, Patreon, PayPal and Venmo links to their Twitter profile, but soon, there will be a Bitcoin option.

Details in the latest Twitter beta indicate that users will be directed through a Bitcoin tutorial that includes details on the Bitcoin Lightning Network and custodial and non-custodial Bitcoin wallets. Twitter gives Strike, Blue Wallet and Wallet of Satoshi as examples of custodial wallets and Muun, Breez, Phoenix and Zap as examples of non-custodial wallets. Twitter also informs users that a Strike account is required. "We use Strike to generate Bitcoin Lightning invoices so you'll need to connect your account to accept Bitcoin tips" reads the text.

An anonymous reader quotes a report from Bloomberg: Intuit, the maker of TurboTax and QuickBooks software, is in talks to buy email marketing firm Mailchimp for more than $10 billion, according to people familiar with the matter. No final decision has been made and discussions could fall through, said the people, who asked to not be identified because the matter isn't public. Another buyer could also emerge for the company and others are interested, they added. The deal would unite two providers of services for small businesses. Intuit has offered QuickBooks accounting software to clients for decades, supplementing it with services such as Credit Karma, which it acquired last year. Mailchimp is focused on digital marketing services, including social advertising, so-called shoppable links and automation products. [...] If talks are successful, it would be the largest deal to date for Intuit, according to data compiled by Bloomberg.

In Facebook's "widely viewed content report" released last week, The Verge's Casey Newton noticed something arguably just as damning as the spread of COVID-19 misinformation or rise of vaccine hesitancy: almost all of the most-viewed posts on Facebook over the past quarter were effectively plagiarized from elsewhere. From the report: Facebook's report details the top 20 most widely viewed posts on the network over the past three months. One of the posts was deleted before Facebook published it. Of the remaining 19, though, only four appear to have been original. The remaining 15 had been published in at least one other place first, and were then re-uploaded to Facebook, sometimes with small changes. [...] Facebook has long been home to reappropriated content, from the freebooting scandal during 2017's pivot to video to the more recent phenomenon of Instagram's Reels being flooded with videos bearing TikTok watermarks. But this kind of dumb, cheap growth hacking should sound familiar to anyone who paid even passing attention to the 2016 election. Russia's infamous Internet Research Agency commissioned a troll army to build up big followings on innocuous-seeming Facebook pages using a wide variety of engagement bait, then gradually shifted those pages to begin sharing more divisive political memes.

That's all much harder to do now, thanks to a variety of measures Facebook has taken to make it more difficult for people to disguise their identities or countries of origin. The company now routinely removes networks of pages where the creators' identities are suspect. And it's worth saying that in the most recent election, inauthentic behavior of the 2016 variety did not play a significant role. Most importantly, Facebook now has a policy against "abusive audience building" -- switching topics and repeatedly changing a page's name for the purpose of growing a following. But it seems notable that for domestic actors, the tactics not only work, but remain the most effective way to reach a large audience five years later. Steal some questions that went viral somewhere else, spam them on your page, and presto: you're one of the most-viewed links for the entire quarter on the world's biggest social network. "The plagiarists who dominate Facebook's top 20 links are likely doing it primarily for clout and ill-gotten audience growth," Casey goes on to say. "But some of the other characters here appear to have more direct monetary incentives..."

Elise Blanchard, writing on Mozilla blog: [...]

What happened in 1993 to suddenly make hyperlinks blue? No one knows, but I have some theories. I often hear that blue was chosen as the hyperlink color for color contrast. Well, even though the W3C wasn't created until 1994, and so the standards for which we judge web accessibility weren't yet defined, if we look at the contrast between black as a text color, and blue as a link color, there is a contrast ratio of 2.3:1, which would not pass as enough color contrast between the blue hyperlink and the black text. Instead, I like to imagine that Cello and Mosaic were both inspired by the same trends happening in user interface design at the time. My theory is that Windows 3.1 had just come out a few months before the beginning of both projects, and this interface was the first to use blue prominently as a selection color, paving the way for blue to be used as a hyperlink color.

Additionally, we know that Mosaic was inspired by ViolaWWW, and kept the same gray background and black text that they used for their interface. Reviewing Mosaic's release notes, we see in release 0.7 black text with underlines appearing as the preferred way of conveying hyperlinks, and we can infer that was still the case until something happened around mid April right before when blue hyperlinks made their appearance in release 0.13. In fact, conveying links as black text with underlines had been the standard since 1985 with Microsoft 1, which some once claimed Microsoft had stolen from Apple's Lisa's look and feel.

I think the real reason why we have blue hyperlinks is simply because color monitors were becoming more popular around this time. Mosaic as a product also became popular, and blue hyperlinks went along for the ride. Mosaic came out during an important time where support for color monitors was shifting; the standard was for hyperlinks to use black text with some sort of underline, hover state or border. Mosaic chose to use blue, and they chose to port their browser for multiple operating systems. This helped Mosaic become the standard browser for internet use, and helped solidify its user interface as the default language for interacting with the web.

Scientists at Northwestern University found that people became less sensitive to food odors based on the meal they had eaten just before. These findings show that just as smell regulates what we eat, what we eat -- in turn -- regulates our sense of smell. Phys.Org reports: The study found that participants who had just eaten a meal of either cinnamon buns or pizza were less likely to perceive "meal-matched" odors, but not non-matched odors. The findings were then corroborated with brain scans that showed brain activity in parts of the brain that process odors was altered in a similar way.

Feedback between food intake and the olfactory system may have an evolutionary benefit, said senior and corresponding study author Thorsten Kahnt, an assistant professor of neurology and psychiatry and behavioral sciences at Northwestern University Feinberg School of Medicine. "If you think about our ancestors roaming the forest trying to find food, they find and eat berries and then aren't as sensitive to the smell of berries anymore," Kahnt said. "But maybe they're still sensitive to the smell of mushrooms, so it could theoretically help facilitate diversity in food and nutrient intake."

Kahnt said while we don't see the hunter-gatherer adaptation come out in day-to-day decision-making, the connection between our nose, what we seek out and what we can detect with our nose may still be very important. If the nose isn't working right, for example, the feedback loop may be disrupted, leading to problems with disordered eating and obesity. There may even be links to disrupted sleep, another tie to the olfactory system the Kahnt lab is researching. Kahnt said with a better understanding of the feedback loop between smell and food intake, he's hoping to take the project full circle back to sleep deprivation to see if lack of sleep may impair the loop in some way. He added that with brain imaging, there are more questions about how the adaptation may impact sensory and decision-making circuits in the brain. The study has been published in the journal PLOS Biology.

The state security ministry is recruiting from a vast pool of private-sector hackers who often have their own agendas and sometimes use their access for commercial cybercrime, experts say. From a report: China's buzzy high-tech companies don't usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China's tropical island-province of Hainan. That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China's secretive state security ministry, according to a federal indictment from May. They hacked computers from the United States to Cambodia to Saudi Arabia, seeking sensitive government data as well as less-obvious spy stuff, like details of a New Jersey company's fire-suppression system, according to prosecutors. The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China's premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.

This new group of hackers has made China's state cyberspying machine stronger, more sophisticated and -- for its growing array of government and private-sector targets -- more dangerously unpredictable. Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike, mixing traditional espionage with outright fraud and other crimes for profit. China's new approach borrows from the tactics of Russia and Iran, which have tormented public and commercial targets for years. Chinese hackers with links to state security demanded ransom in return for not releasing a company's computer source code, according to an indictment released by the U.S. Department of Justice last year. Another group of hackers in southwest China mixed cyber raids on Hong Kong democracy activists with fraud on gaming websites, another indictment asserted. One member of the group boasted about having official protection, provided that they avoid targets in China.

An anonymous reader quotes a report from Motherboard, written by Lorenzo Franceschi-Bicchierai: A group of Apple workers has announced a campaign to improve working conditions within the company. On Monday, company employees launched a Twitter account called Apple Workers to gather stories from colleagues about workplace issues such as "persistent patterns of racism, sexism, inequity, discrimination, intimidation, suppression, coercion, abuse, unfair punishment, and unchecked privilege." The account links to a website that contains the campaign's announcement as well as a link to join it.

"We've exhausted all internal avenues. We've talked with our leadership. We've gone to the People team. We've escalated through Business Conduct. Nothing has changed," the announcement read. "It's time to Think Different." "Connect with us to share your own experience, stay informed, or unite in solidarity with other current or former Apple workers. United, we can collaborate to iterate a healthier workplace," the announcement continued. "We are working together to craft a statement on our behalf, reflecting our stories and an outline of changes we expect to see Apple make."

The site also links to a "Wage Transparency Survey," an initiative led by Cher Scarlett, an Apple employee who has recently organized an internal survey to find out if there are wage gaps inside the company. "Apple colleagues of all types -- we are gathering in solidarity to push Apple to change internally," Scarlett wrote on Twitter. The Apple employees are organizing in part on Discord channel, according to the person who runs the channel, who goes by Fudge. The person described themselves as a former Apple Authorized Service Providers employee, and asked to remain anonymous. Fudge said that the Discord channel has around 200 current and former employees.

Microsoft's upcoming release of Windows 11 will make it even harder to switch default browsers and ignores browser defaults in new areas of the operating system. While Microsoft is making many positive changes to the Windows 11 UI, the default apps experience is a step back and browser competitors like Mozilla, Opera, and Vivaldi are concerned. From a report: In Windows 11, Microsoft has changed the way you set default apps. Like Windows 10, there's a prompt that appears when you install a new browser and open a web link for the first time. It's the only opportunity to easily switch browsers, though. Unless you tick "always use this app," the default will never be changed. It's incredibly easy to forget to toggle the "always use this app" option, and simply launch the browser you want from this prompt and never see this default choice again when you click web links.

If you do forget to set your default browser at first launch, the experience for switching defaults is now very confusing compared to Windows 10. Chrome and many other rival browsers will often prompt users to set them as default and will throw Windows users into the default apps part of settings to enable this. Microsoft has changed the way default apps are assigned in Windows 11, which means you now have to set defaults by file or link type instead of a single switch. In the case of Chrome, that means changing the default file type for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPS. Firefox's statement: We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user's choice for a non-Microsoft browser.

A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The Register reports: The raid by four Metropolitan Police constables took place after Southwark campaigner Robert Hutchinson was reportedly accused of illegally entering a password-protected area of a website. "I was searching in Google and found links to board meeting minutes," he told The Register. "Board reports, none of which were marked confidential. So I have no question that it was in the public domain." The Southwark News reported that Hutchinson was arrested at 8.20am on 10 June this year at home following allegations made by Leathermarket Community Benefit Society (CBS). The society is a property development firm that wants to build flats over a children's caged ball court in the south London borough, something Hutchinson "vocally opposes," according to the local paper.

"There's a directory, which you need to enter a password and a username to get into. But documents from that area were being published on Google," explained Hutchinson. "I didn't see a page saying 'this is the directors' area' or anything like that, the documents were just available. They were just linked directly." Police said in a statement that Hutchinson was arrested on suspicion of breaking section 1 of Britain's Computer Misuse Act 1990 "between the 17th and 24th February 2021 and had published documents from the website on social media." They added: "He was taken into custody and later released under investigation. Following a review of all available evidence, it was determined no offences had been committed and no further action was taken."

Hutchinson said his identification by Leathermarket and subsequent arrest raised questions in his mind, saying police confirmed to him that the company had handed over an access log containing IP addresses: "Now, how that ended up with me being in the frame, I don't know. There's part of this that doesn't add up..." While the property business did not respond to The Register's request for comment at the time of publication, in a statement given to the Southwark News it said: "When it came to the CBS's attention that confidential information had been accessed and subsequently shared via Twitter, the CBS made a general report of the data breach to the police â" who requested a full log of visitor access to the website before deciding whether or not to progress. The police carried out their own independent investigation into who accessed the documents and how, and have now concluded their investigation." The prepared police statement did not explain whether investigators tested Leathermarket CBS's version of events before arresting the campaigner.

Websites and apps featuring pirated movies and TV shows make about $1.3 billion from advertising each year, including from major companies like Amazon.com, according to a study. From a report: The piracy operations are also a key source of malware, and some ads placed on the sites contain links that hackers use to steal personal information or conduct ransomware attacks, according to the online safety nonprofit Digital Citizens Alliance and the anti-piracy firm White Bullet Solutions. While law enforcement officials have sought to stop some of the online criminality, the groups identified at least 84,000 illicit entertainment sites.

The study underscores just how tough a problem piracy is for both Hollywood studios and companies that distribute digital ads. The situation has been compounded by the Covid-19 pandemic, which has left more people watching films and television shows over the web, where criminals have a greater chance of successfully targeting victims. "Piracy causes direct harm to creators and others who lose income when their content is stolen," the authors of the report wrote. "And major brands face reputational risks when their advertising appears on illicit websites."

"Part of the reason that misinformation about vaccines is so intractable is that it can be very lucrative," argues a new article in Slate: For years anti-vaccine figures have made money publishing books and giving speeches, and only in the past couple of years have major sites like YouTube started preventing anti-vaxxers from directly earning revenue from advertising. During the pandemic, as the coronavirus created new markets for health hoaxes, conspiracy theorists have been able to make money online by using the misinformation that they publicize on major sites like Facebook to sell supplements and books to followers via e-commerce shops. Now, vaccine skeptics with large followings are turning to crowdfunding platforms — both the relatively obscure GiveSendGo and the decidedly mainstream GoFundMe — to monetize their activities, often to the tune of hundreds of thousands of dollars...

On GiveSendGo and GoFundMe, vaccine truthers often portray themselves as little guys in a fight against the pro-vaccine tyranny of big pharma, big tech, and big government, and in doing so rake in money from thousands of sympathetic donors. They're able to do it in part because of lax standards and moderation blind spots, and in part by operating in gray areas... Over the past few months, GiveSendGo has been hosting fundraisers for causes casting doubt on vaccines that have racked up huge sums... But it isn't just GiveSendGo, though, that's facilitating donations for efforts to resist coronavirus vaccines. GoFundMe is also providing services to these causes. There, however, skeptics have a workaround: They're not raising money to oppose vaccines, per se, but to oppose vaccine mandates... [T]here are numerous other GoFundMe campaigns to support people who are choosing to leave their jobs instead of getting the vaccine.

GoFundMe does, however, appear to be placing banners with links to information from the CDC and WHO on fundraising pages that promote vaccine hesitancy, unlike GiveSendGo. "Fundraisers raising money to promote misinformation about vaccines violate GoFundMe's terms of service and will be removed from the platform," GoFundMe's senior communication manager Monica Corbett wrote in an email. "Over the last several years, we have removed over 250 fundraisers attempting to promote misinformation related to vaccines. Fundraisers for legal challenges do not violate our terms of service...." As the Daily Beast reported, users have in the past found ways to get around GoFundMe's ban on vaccine misinformation by crafting their campaigns in the name of anti-vax dog whistles like "medical freedom" and "informed consent...."

[T]he platform has tried to crack down on vaccine misinformation, finding itself walking the content-moderation tightrope that other large social media platforms are familiar with, which inevitably leaves loopholes in place that purveyors of misinformation try to exploit.

China ordered more than two dozen technology firms to carry out internal inspections as part of a campaign to root out illegal online activity. From a report: The Ministry of Industry Information Technology on Friday told 25 of its largest internet and hardware companies including Alibaba Group Holding and Tencent Holdings to carry out internal reviews and rectify issues ranging from data security to consumer rights protections. The twin giants and 10 other firms were also asked separately on Wednesday to step up data security protections, including the export of key information, by the Internet Society of China, which was acting on behalf of MIIT.

The meetings this week come after the internet industry regulator announced on Monday it was beginning a six-month campaign to crackdown on illegal online activity. Days later, it told Tencent and 13 other corporations to address problems related to pop-ups within their ads. The crackdown is the latest move by Beijing to rein in the country's internet leaders in areas from antitrust to data security and ride-hailing. Meituan, Xiaomi and ByteDance were among firms summoned to both meetings. On Friday, the MIIT ordered the companies to address eight types of problematic behavior including pop-ups, data collection and storage as well as the blocking of external links.

An anonymous reader quotes a report from Ars Technica: A security update will be applied to Drive," Google's weird new email reads. If you visit drive.google.com, you'll also see a message saying, "On September 13, 2021, a security update will be applied to some of your files." You can even see a list of the affected files, which have all gotten an unspecified "security update." So what is this all about? Google is changing the way content sharing works on Drive. Drive files have two sharing options: a single-person allow list (where you share a Google Doc with specific Google accounts) and a "get link" option (where anyone with the link can access the file). The "get link" option works the same way as unlisted YouTube videos -- it's not really private but, theoretically, not quite public, either, since the link needs to be publicized somewhere. The secret sharing links are really just security through obscurity, and it turns out the links are actually guessable.

Google knew about the problem of guessable secret links for a while and changed the way link generation works back in 2017 (presumably for Drive, too?). Of course, that doesn't affect links you've shared in the past, and soon Google is going to require your old links to change, which can break them. Google's new link scheme adds a "resourcekey" to the end of any shared Drive links, making them harder to guess. So a link that used to look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/" will now look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/view?resourcekey=0-OsOHHiQFk1QEw6vIyh8v_w." The resource key makes it harder to guess. If you head to drive.google.com/drive/update-drives in a browser, you should be able to see a list of your impacted files, and if you mouse over them you'll see a button on the right to remove or apply the security update. "Applied" means the resourcekey will be required after September 13, 2021, and will (mostly) break the old link, while "removed" means the resourcekey isn't required and any links out there should keep working. YouTube is also making similar changes. "In 2017, we rolled out an update to the system that generates new YouTube Unlisted links, which included security enhancements that make the links for your Unlisted videos even harder for someone to discover if you haven't shared the link with them," says YouTube in a support page.

YouTube creators can decide to opt out of this change. They also have the option of making Unlisted pre-2017 videos public or re-uploading as a new Unlisted video at the expense of stats.

China ordered Tencent Holdings and 13 other developers to rectify problems related to pop-ups within their apps, adding to a wide-ranging crackdown on the country's tech sector. From a report: The companies must address the "harassing" pop-up windows, which could contain misleading information or divert users away from the apps, the Ministry of Industry and Information Technology said in a statement on Wednesday. The 14 services, including an e-books app by Tencent's QQ and a video platform by Le.com, will have to fix the problems by Aug. 3. "Failure to abide by regulations" will not be tolerated and will be "penalized" accordingly, said the ministry.

Pop-ups, often used for advertising, are just the latest targets in a series of government crackdowns that have ranged from antitrust to data security, as Beijing seeks to rein in the tech giants' influence over most of everyday life. The crackdown has stepped into high gear in recent days after regulators announced their toughest-ever curbs on the online education sector and issued edicts governing food delivery, fueling a rout in Chinese tech stocks. The statement by MIIT comes days after the regulator announced a six-month crackdown on illegal online activities. The ministry on Monday said it will take steps to root out violations involving pop-ups, data collection and storage as well as the blocking of external links. Other regulators including the Cyberspace Administration of China have also pledged to tighten restrictions on misleading and explicit content used for marketing purposes. The watchdog said such material will be subject to harsher oversight, issuing fines against companies like Tencent, Kuaishou Technology and Alibaba Group Holding Ltd. for offensive content.

A counterterrorism organization formed by some of the biggest U.S. tech companies including Facebook and Microsoft is significantly expanding the types of extremist content shared between firms in a key database, aiming to crack down on material from white supremacists and far-right militias, the group told Reuters. From the report: Until now, the Global Internet Forum to Counter Terrorism's (GIFCT) database has focused on videos and images from terrorist groups on a United Nations list and so has largely consisted of content from Islamist extremist organizations such as Islamic State, al Qaeda and the Taliban. Over the next few months, the group will add attacker manifestos -- often shared by sympathizers after white supremacist violence -- and other publications and links flagged by U.N. initiative Tech Against Terrorism. It will use lists from intelligence-sharing group Five Eyes, adding URLs and PDFs from more groups, including the Proud Boys, the Three Percenters and neo-Nazis. The firms, which include Twitter and Alphabet 's YouTube, share "hashes," unique numerical representations of original pieces of content that have been removed from their services. Other platforms use these to identify the same content on their own sites in order to review or remove it.

Search Atlas makes it easy to see how Google offers different responses to the same query on versions of its search engine offered in different parts of the world. From a report: The research project reveals how Google's service can reflect or amplify cultural differences or government preferences -- such as whether Beijing's Tiananmen Square should be seen first as a sunny tourist attraction or the site of a lethal military crackdown on protesters. Divergent results like that show how the idea of search engines as neutral is a myth, says Rodrigo Ochigame, a PhD student in science, technology, and society at MIT and cocreator of Search Atlas. "Any attempt to quantify relevance necessarily encodes moral and political priorities," Ochigame says. Ochigame built Search Atlas with Katherine Ye, a computer science PhD student at Carnegie Mellon University and a research fellow at the nonprofit Center for Arts, Design, and Social Research.

Just like Google's homepage, the main feature of Search Atlas is a blank box. But instead of returning a single column of results, the site displays three lists of links, from different geographic versions of Google Search selected from the more than 100 the company offers. Search Atlas automatically translates a query to the default languages of each localized edition using Google Translate. Ochigame and Ye say the design reveals "information borders" created by the way Google's search technology ranks web pages, presenting different slices of reality to people in different locations or using different languages.

In a new report released last week by The Stanford Internet Observatory, researchers analyzed a Jordanian disinformation network that pushed pro-monarchy and pro-military narratives on Facebook, Twitter, and TikTok. The campaign, which Facebook said in a separate report had links to the Jordanian military, also republished audio that had been secretly recorded on Clubhouse. Rest of World reports: Researchers said this is the first time they have identified a disinformation operation that relied on Clubhouse and TikTok, indicating that some states are taking advantage of newer platforms to spread propaganda. The Jordanian campaign cobbled together audio and screen recordings from Clubhouse into at least one video that was then shared on Facebook. According to the report, the audio was taken from a conversation in which Jordanians outside the country and other Arab voices discussed Prince Hamzah, the half-brother of Jordan's leader, King Abdullah II, who was taken into custody in early April, along with over a dozen other prominent figures. Jordanian authorities accused Hamzah of plotting to destabilize the government, and while the prince later publicly pledged his loyalty to the king, he currently remains on house arrest.

People who saw the video "didn't know that it was linked to individuals in the Jordanian military," said Shelby Grossman, a research scholar at the Internet Observatory and a co-author of the report. "But at the same time, you could imagine that if someone watched this video, they might think to themselves, "Oh, people are listening when you have these Clubhouse conversations.'" While Clubhouse has not been officially banned by the Jordanian government, the nonprofit Jordan Open Source Association found that the app can currently only be accessed using a VPN. Recording is against Clubhouse's Terms of Service, which prohibits users from capturing "any portion of a conversation without the expressed consent of all of the speakers involved."

The most extensive portion of the Jordanian disinformation network was on Facebook. The social network said in its report that it had removed over 100 Facebook and Instagram accounts, three groups, and 35 pages connected to the campaign, four of which had more than 80,000 followers. The effort also included around $26,000 worth of Facebook ads, but it's unclear exactly whom they may have targeted. A spokesperson for Facebook said that the company's Ad Library transparency tool doesn't currently include data on ads that were run previously in Jordan. The reports says that the researchers "also identified a handful of sock puppet accounts on TikTok that appeared to have ties to the same network." They didn't put a lot of effort into it though. "[T]he fake personalities didn't post original content, instead sharing videos from established accounts associated with the Jordanian military."

The US Department of Commerce has sanctioned 14 Chinese tech companies over links to human rights abuses against Uyghur Muslims in Xinjiang, including one backed by a top Silicon Valley investment firm. From a report: DeepGlint, also known as Beijing Geling Shentong Information Technology Co., Ltd., is a facial recognition company with deep ties to Chinese police surveillance, and funding from US-based Sequoia Capital. Today the Commerce Department added it to its Entity List, which restricts US companies from doing business with listed firms without a special license. Sequoia did not immediately respond to a request for comment. DeepGlint co-founded a facial recognition lab in 2018 with Chinese authorities in Urumqi, the capital of Xinjiang, according to the South China Morning Post. It has also gained international bragging rights through the US National Institute of Standards and Technology's (NIST) Face Recognition Vendor Test. DeepGlint claimed top accuracy in the test as of January 2021, giving it a potent marketing tool in the security and surveillance industry. While DeepGlint has been accepted for a public offering on Shanghai's STAR stock exchange, the firm hasn't seen the commercial success of other AI startups in the country, explained Jeffrey Ding in his ChinAI newsletter last month. Since the firm is so heavily invested in government work, it has to follow slow government procurement cycles and is unlikely to score huge infrastructure projects, Ding writes.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.