An anonymous reader shares a report: The volunteer moderators of Reddit's r/blackladies community -- an online message board that currently has over 40,000 members -- wrote an open letter outlining their frustrations with the popular website in August 2014. They had pitched their message board, known as a subreddit, as a safe space for Black women, but were being deluged with hateful comments and links to racist content from anonymous accounts. "They are relentless, coming in barrages," the moderators wrote. "We have a racist user problem and Reddit won't take action." Several months later Alexis Ohanian, one of Reddit's co-founders, joined a comment thread on r/blackladies discussing the letter. Ohanian, who had recently returned to the company as its executive chairman, said protecting communities like theirs from abuse was a "top priority." He solicited suggestions on how to do it, and expressed interest in an "ongoing dialogue with all of the mods who signed onto the open letter."

Reddit user TheYellowRose, a r/blackladies moderator who helped write the letter said in a recent phone interview that Ohanian's promised dialogue never materialized. To TheYellowRose, who asked to be identified only by her screen name because she is still regularly subjected to racist abuse and fears physical violence if her identity is revealed, Ohanian's initial enthusiasm for the idea seemed like just another example of the company's leaders trying to say the right things without seriously confronting the ways their site harbored extremists and gave them a place to organize. Reddit has faced several potential inflection points in its approach to racism in the six years since then, but has never undertaken a full enough reckoning to satisfy its critics. It's facing another big moment in the aftermath of the killing of George Floyd. Once again, the pressure is coming in part from the volunteers who moderate Reddit's countless message boards. On June 1, Steve Huffman, another co-founder who has been chief executive since 2015, sent a note to Reddit employees voicing support for the Black Lives Matter movement. "We do not tolerate hate, racism, and violence, and while we have work to do to fight these on our platform, our values are clear," he wrote.

Earlier this week, Apple told Basecamp, the company that makes the brand new email app called Hey, that it cannot distribute its app on the iPhone unless it makes it possible for users to sign up via Apple's own prescribed methods -- which gives Apple a 30 percent cut. Apple told Basecamp that by avoiding giving an option in its iOS app to sign up and support in-app purchases, it was violating Apple's App Store policy, 3.1.1, which says: If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase. Dieter Bohn, writing for The Verge: The key thing to know is that the text of this policy is not actually the policy. Or rather, as with any law, the text is only one of the things you need to understand. You also need to know how it is enforced and how the enforcers interpret that text. It should not surprise you to know that Apple's interpretation of its text often seems capricious at best and at worst seems like it's motivated by self-dealing. And the enforcement consequently often seems unfair.

The rule states that if you want to sell digital goods, you have to use Apple's payment system. Except that's not how 3.1.1 has been interpreted to date. It has been interpreted as allowing people to access services they paid for elsewhere on their iOS devices, but not allowing those apps to try to get around the Apple payment rules when people sign up on those devices. That's convoluted, but that interpretation is what keeps Netflix from having an account sign-up in its app. It's the policy that has enraged Spotify and keeps you from buying Kindle books on your iPhone without jumping through a million weird Safari hoops. That was already a very bad rule, if you ask me. Now, with this email app, Apple is apparently changing its interpretation to be more strict. David Pierce, in an update to his news report about Hey-Apple debacle: Apple told me that its actual mistake was approving the app in the first place, when it didn't conform to its guidelines. Apple allows these kinds of client apps -- where you can't sign up, only sign in -- for business services but not consumer products. That's why Basecamp, which companies typically pay for, is allowed on the App Store when Hey, which users pay for, isn't. One other distinction: Apple allows "Reader" apps -- things like Netflix and Kindle and Dropbox, where you're using the app to access existing subscriptions -- as long as they don't offer a way to sign up. But email, messaging, etc. don't count as Reader apps. John Gruber, writing at DaringFireball: The lone instance of "consumer" refers to the "Consumer Health Records API". The price that Basecamp pays for not supporting in-app purchase in their iOS app is that they lose whatever number of users would have signed up in-app but won't sign up out-of-app. That's competition. Again, putting aside arguments that Apple should allow apps to use their own payment systems in apps, or be able to link to a website for sign up, or at the very least just tell users how to sign up -- the makers of an app should be able to say "OK, we won't even tell users how to sign up within our app; our app is only for existing customers and we'll obtain all of them outside the app." [...]

Second, how could such a distinction be made in writing? There are some apps that are definitely "business services" and some that are definitely "consumer products" (games for example), but to say that the area in between encompasses many shades of gray is an understatement. The entire mobile era of computing -- an era which Apple itself has inarguably largely defined -- is about the obliteration of distinct lines between business and consumer products. [...] At some level there's a clear distinction here -- Netflix and Kindle are clearly consumption services. But Dropbox? Dropbox is a lot closer to an email or messaging service like Hey than it is to Netflix or Kindle. The stuff in my Dropbox account is every bit as personal as the stuff in my email account. When you put Dropbox in the same bucket with Netflix and Amazon Kindle, it seems to me like the distinction is not so much between what is and isn't a "reader" app or what is or isn't a "business" app, but between companies which are too big for Apple to push around and those they can.

Senate investigators said Tuesday that government officials had "exercised minimal oversight" of the risks posed by three Chinese telecom companies that operate on American communications networks. From a report: Federal agencies failed to properly follow up on some agreements meant to protect national security, did not provide adequate workers to vet the Chinese companies and operated through a "disorganized" process, according to a report from the Senate's Permanent Subcommittee on Investigations. The report looked into a group of officials from the Homeland Security, Justice and Defense Departments, known as Team Telecom, that has historically advised the Federal Communications Commission on the possible national security risks of foreign involvement in American networks. The findings could put pressure on officials at those agencies and embolden politicians from both parties who argue that the United States must move quickly to sever any links between its communications networks and Chinese companies.

WhatsApp claims it fixed an issue that was showing users' phone numbers in Google search results. From a report: The change comes after security researcher Athul Jayaram revealed that phone numbers of WhatsApp users who used the Click to Chat feature were being indexed in search. Click to Chat allows users to create a link with their phone number in plain text. According to Jayaram, because the links don't have a robot.txt file in the server root, they cannot stop Google or other search engine bots from crawling and indexing the links. Jayaram says as many as 300,000 phone numbers may have appeared in Google search results, and they could be found by searching "site:wa.me."

An anonymous reader quotes a report from TechCrunch: Last year, Google launched the beta of Currents, which was essentially a rebrand of Google+ for G Suite users, since Google+ for consumers went to meet its maker in April 2019. While Google+ was meant to be an all-purpose social network, the idea behind Currents is more akin to what Microsoft is doing with Yammer or Facebook with Workplace. It's meant to give employees a forum for internal discussions and announcements. To complicate matters, Google kept Google+ around, even after the launch of Currents, but in an email to G Suite admins, it has now announced that Google+ for G Suite will close its doors on July 6, after which there will be no way to opt out of Currents or revert back to Google+. And with that, Google has driven the final nail into Google+'s coffin. The Google+ mobile apps will be automatically updated to Currents. All existing links to Google+ will redirect to Currents.

China's Huawei acted to cover up its relationship with a firm that had tried to sell prohibited U.S. computer gear to Iran, after Reuters in 2013 reported deep links between the firm and the telecom-equipment giant's chief financial officer, newly obtained internal Huawei documents show. From the report: Huawei has long described the firm -- Skycom Tech -- as a separate local business partner in Iran. Now, documents obtained by Reuters show how the Chinese tech titan effectively controlled Skycom. The documents, reported here for the first time, are part of a trove of internal Huawei and Skycom Iran-related business records -- including memos, letters and contractual agreements -- that Reuters has reviewed. One document described how Huawei scrambled in early 2013 to try to "separate" itself from Skycom out of concern over trade sanctions on Tehran. To that end, this and other documents show, Huawei took a series of actions -- including changing the managers of Skycom, shutting down Skycom's Tehran office and forming another business in Iran to take over tens of millions of dollars worth of Skycom contracts.

The revelations in the new documents could buttress a high-profile criminal case being pursued by U.S. authorities against Huawei and its chief financial officer, Meng Wanzhou, who is also the daughter of Huawei's founder. The United States has been trying to get Meng extradited from Canada, where she was arrested in December 2018. A Canadian judge last week allowed the case to continue, rejecting defense arguments that the U.S. charges against Meng do not constitute crimes in Canada. A U.S. indictment alleges that Huawei and Meng participated in a fraudulent scheme to obtain prohibited U.S. goods and technology for Huawei's Iran-based business via Skycom, and move money out of Iran by deceiving a major bank. The indictment alleges that Skycom was an "unofficial subsidiary" of Huawei, not a local partner.

The unrest following the death of George Floyd has prompted Amazon shoppers to buy pepper spray for self-defense. According to Bloomberg, "a $9.48 canister of Sabre 'max police strength' pepper spray shot up to the top-selling rank in Amazon's sports and outdoors category Monday morning." The No. 2 spot was a neck gaiter, which can cover the nose and mouth. From the report: One Amazon shopper named "Bill" left a 5-star review for the pepper spray May 31 and said "Put the cops down when they mess with you." People are swapping recommendations for self-defense products on social-media platforms like Twitter, where users are posting links to Sabre pepper spray on Amazon. According to customer reviews, the pepper spray can be used for self-defense. Amazon became a pipeline for household essentials such as toilet paper and disinfecting wipes for shoppers hunkered down at home to avoid contracting Covid-19. The spike in pepper spray sales shows how protests around the country are influencing consumer demand. Amazon's best-seller product rankings provide a real-time gauge for sudden swings in consumer demand.

The American Civil Liberties Union on Thursday sued the facial recognition start-up Clearview AI (alternative source), which claims to have helped hundreds of law enforcement agencies use online photos to solve crimes, accusing the company of "unlawful, privacy-destroying surveillance activities." The New York Times reports: In a suit filed in Illinois, the A.C.L.U. said that Clearview violated a state law that forbids companies from using a resident's fingerprints or face scans without consent. Under the law, residents have the right to sue companies for up to $5,000 per privacy violation. "The bottom line is that, if left unchecked, Clearview's product is going to end privacy as we know it," said Nathan Freed Wessler, a lawyer at the A.C.L.U., "and we're taking the company to court to prevent that from happening."

The suit, filed in the Circuit Court of Cook County, adds to the growing backlash against Clearview since January, when The New York Times reported that the company had amassed a database of more than three billion photos across the internet, including from Facebook, YouTube, Twitter and Venmo. This trove of photos enables anyone with the Clearview app to match a person to their online photos and find links back to the sites where the images originated. People in New York and Vermont have also filed suits in against the company in recent months, and the state attorneys general of Vermont and New Jersey have ordered Clearview to stop collecting residents' photos. According to the A.C.L.U. suit, "Clearview has set out to do what many companies have intentionally avoided out of ethical concerns: create a mass database of billions of face prints of people, including millions of Illinoisans, entirely unbeknownst to those people, and offer paid access to that database to private and governmental actors worldwide." The company's business model, the complaint said, "appears to embody the nightmare scenario" of a "private company capturing untold quantities of biometric data for purposes of surveillance and tracking without notice to the individuals affected, much less their consent."

Chinese scientists in recent days said they had ruled out both a laboratory and an animal market in the city of Wuhan as possible origins of the coronavirus pandemic, in their most detailed pushback to date against allegations from U.S. officials and others over what might have sparked it. From a report: The director of the Wuhan Institute of Virology, at the center of allegations around a potential laboratory accident, Wang Yanyi, over the weekend told China Central Television that the coronavirus was significantly different from any live pathogen that has been studied at the institute and that there therefore was no chance it could have leaked from there. Separately, China's top epidemiologist said Tuesday that testing of samples from a Wuhan food market, initially suspected as a path for the virus's spread to humans, failed to show links between animals being sold there and the pathogen.

Gao Fu, director of the Chinese Center for Disease Control and Prevention, said in comments carried in Chinese state media, "It now turns out that the market is one of the victims." The comments, aimed at countering what Beijing perceives as efforts from top U.S. officials to focus solely on China, are unlikely to pacify critics. The Chinese officials didn't address fundamental issues, such as widespread evidence that China initially covered up the extent of the outbreak. In their calls for more global scientific collaboration to track the source of the virus, they also stopped short of endorsing widespread scientific belief that the coronavirus originated in China.

A global natural experiment examines the time warp of life under quarantine. From a report: In April Jenny Rappaport sat down to inspect her calendar because she could not tell how many days had passed since New Jersey's stay-at-home order took effect. Before COVID-19, her life had structure and a pace, and she knew the day of the week without giving it a second thought. The pandemic has changed all of that. Several research groups have taken advantage of this unplanned natural experiment to gauge the psychological impacts of time distortions and, in turn, their effects on mental health. Psychologists know that time sense links to well-being. Its perceived slower passage can represent signs of depression or post-traumatic stress disorder (PTSD).

Rappaport's feelings jibe with the findings of preliminary studies. Overall, people seem to be experiencing time more slowly, according to data that are beginning to be compiled. In a not yet peer-reviewed preprint paper, Sylvie Droit-Volet, a time perception researcher at the University of Clermont Auvergne in France, and her colleagues show that people there report the clock moving more slowly during the lockdown. The researchers also document feelings of sadness and boredom and tie them to the overall feeling of deceleration. "Their findings directly support the emotional connection with time perception," says Philip Gable of the University of Alabama. He is also using survey data to examine how people across the U.S. experience time during the pandemic. "It's a societal event that's going to have a profound psychological influence on us," Gable says, adding that the temporal shift is an integral part of our feelings about what is happening. He plans to collect data over the next nine months, but so far has found evidence that the everyday tempo now lags. Nearly 50 percent of people experienced time dragging during March, whereas about 24 percent perceived it to be speeding up.

Automated technology that Twitter began using this month to label tweets containing coronavirus misinformation is making mistakes, raising concerns about the company's reliance on artificial intelligence to review content. From a report: On May 11, Twitter started labeling tweets that spread a conspiracy theory about 5G causing the coronavirus. Authorities believe the false theory prompted some people to set fires to cell towers. Twitter will remove misleading tweets that encourage people to engage in behavior such as damaging cell towers. Other tweets that don't incite the same level of harm but include false or disputed claims should get a label that directs users to trusted information. The label reads "Get the facts about COVID-19" and takes users to a page with curated tweets that debunk the 5G coronavirus conspiracy theory. Twitter's technology, though, has made scores of mistakes, applying labels to tweets that refute the conspiracy theory and provide accurate information. Tweets that include links to news stories from Reuters, BBC, Wired and Voice of America about the 5G coronavirus conspiracy theory have been labeled. In one case, Twitter applied the label to tweets that shared a page the company itself had published titled "No, 5G isn't causing coronavirus." Tweets with words such as 5G, coronavirus, COVID-19 or hashtags #5Gcoronavirus have also been mistakenly labeled.

Researchers based out of Australia's Monash, Swinburne, and RMIT universities say they've set a new internet speed record of 44.2 Tbps, according to a paper published in the open-access journal Nature Communications. That's theoretically enough speed to download the contents of more than 50 100GB Ultra HD Blu-ray discs in a single second. The Verge reports: What's interesting about the research is that it was achieved over 75km of standard optical fiber using a single integrated chip source, meaning it has the potential to one day benefit existing fiber infrastructure. The test fiber connection ran between RMIT's Melbourne City campus and Monash University's Clayton campus, and the researchers say it mirrors infrastructure used by Australia's National Broadband Network (NBN). The findings represent a "world-record for bandwidth," according to Swinburne University Professor David Moss, one of the team members responsible.

Those speeds were achieved, thanks to a piece of technology called a micro-comb, which offers a more efficient and compact way to transmit data. This micro-comb was placed within the cable's fibers in what the researchers say is the first time the technology has been used in a field trial. Now, the researchers say the challenge is to turn the technology into something that can be used with existing infrastructure. "Long-term, we hope to create integrated photonic chips that could enable this sort of data rate to be achieved across existing optical fiber links with minimal cost," RMIT's Professor Arnan Mitchell says.

Infamous Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook's security team to entice targets to click on links that would install the company's powerful cell phone hacking technology, according to data analyzed by Motherboard. From the report: It is not uncommon for hackers working for governments to impersonate Facebook, perhaps with a phishing page that displays a Facebook login screen but which secretly steals a target's password. But NSO's approach complicates its ongoing conflict with the tech giant. NSO is currently embroiled in a lawsuit with Facebook, which is suing the surveillance firm for leveraging a vulnerability in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found more evidence that NSO used infrastructure based in the United States; a server used by NSO's system to deliver malware was owned by Amazon. A former NSO employee provided Motherboard with the IP address of a server setup to infect phones with NSO's Pegasus hacking tool.

New submitter xhonza writes: New OpenBSD version. String of good news. Some of the new changes, as highlighted by Phoronix, include:
- FFS2 file-system improvements including using 64-bit timestamps and block numbers by default for new installs.
- Support for the Raspberry Pi 4 on ARM64 while improving the Raspberry Pi 3 support too. Raspberry Pi 2/3 support has also improved for OpenBSD ARMv7.
- Better support for Rockchip systems like the Pinebook Pro.
- Various SMP improvements including better AMD SMT/Core/Package detection.
- A wide variety of different hardware driver improvements, including Intel AX200 WiFi device support.
- A FIDO driver introduced for FIDO/U2F security keys support.
- Fixed handling of USB 2.0 devices when in use on different USB 3.0 controllers.
- The PowerPC OpenBSD build switched over to Clang as its default code compiler.
- Various dhclient fixes.
- Various security improvements.

The changelog, announcement, and list of mirrors can be found at their respective links.

An anonymous reader quotes a report from 9to5Mac: A massive data breach dubbed db8151dd has exposed the records of 22M people -- including addresses, phone numbers, and social media links. But the source of the data is a mystery. I got an email alert this morning from the haveibeenpwned.com site telling me that my details were included. The exposed data appears extensive: "Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles." However, Troy Hunt, who runs the site, said that nobody has been able to identify where the information came from.

That 'interesting' data appears to come from customer relationship management (CRM) systems, including things like: "Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007." Best guess is it's some kind of aggregated data from a number of sources, but as neither Hunt nor other information security professionals have been able to identify any of them despite attempts lasting almost three months, it appears the details of the privacy breach may remain a mystery. Hunt says there's almost 90GB of personal information in the open database.

"Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total," writes Hunt. "The global unique identifier beginning with 'db8151dd' features heavily on these first lines hence the name I've given the breach. I've had to give it this name because frankly, I've absolutely no idea where it came from, nor does anyone else I've worked on with this."

An anonymous reader quotes a report from Bloomberg: The messages began arriving in World Health Organization employees' inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers. But a close examination revealed that they contained malicious links, and some security experts have traced the emails to a hacking group in Iran believed to be sponsored by the government. The hacking effort, which began on April 3, was an attempt to steal passwords and possibly install malware on WHO computers, according to three people familiar with the matter, who requested anonymity because they aren't authorized to talk to the news media. The incident was one of several suspected state-sponsored hacks targeting WHO officials in recent weeks, the people said.

Two of the messages sent to the WHO, which were reviewed by Bloomberg News, were designed to look like coronavirus newsletters from the British Broadcasting Corporation. A third message was tailored to look like an interview request from the American Foreign Policy Council, a conservative think tank based in Washington. It encouraged recipients to click on what looked to be a shortened Google link, which diverted to a malicious domain. Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, reviewed the messages for Bloomberg News, and said he believed they were sent by a group of state-sponsored Iranian hackers known as "Charming Kitten," which has been active since 2014 and previously targeted Iranian dissidents, academics, journalists and human rights activists. Flavio Aggio, the WHO's chief information security officer, confirmed the "very clever attacks" but said they'd so far been unsuccessful. "We are dealing with an information war and a cyberwar at the same time," he added.

Inkscape, the free and open-source vector graphics editor, has released version 1.0 for Linux, Windows, and macOS. It comes after three years in development and over 16 years after Inkscape's initial release. BetaNews reports: "Built with the power of a team of volunteers, this open source vector editor represents the work of many hearts and hands from around the world, ensuring that Inkscape remains available free for everyone to download and enjoy. In fact, translations for over 20 languages were updated for version 1.0, making the software more accessible to people from all over the world. A major milestone was achieved in enabling Inkscape to use a more recent version of the software used to build the editor's user interface (namely GTK+3). Users with HiDPI (high resolution) screens can thank teamwork that took place during the 2018 Boston Hackfest for setting the updated-GTK wheels in motion," explains the developers.

The devs further explain, "The extensions system has undergone some fundamental changes in version 1.0. Over the years, Inkscape users have become used to working with third-party extensions, such as various ones used for laser cutting and exporting to file formats which are not a native part of Inkscape. While outreach to extension developers was undertaken as Inkscape migrates towards Python 3 and a more logical and fully tested extensions API (now hosted in a separate repository), not all third-party extensions have been brought forward to be compatible yet. This will mean that 1.0 may not allow some users to continue with their normal extensions workflow." The blog post, official release notes, and download page are available at their respective links.

MicroProse, an American video game publisher and developer founded by Bill Stealey and Sid Meier in 1982, is being resurrected after an absence of almost 20 years. The publisher's last game was Grand Prix 4 released in 2002, but is most famous for the XCOM and Civilization franchises. MojoKid shares a report from HotHardware: The company is now being led by CEO David Lagettiu, while Bill Stealey, who originally founded MicroProse with Sid Meier, will be onboard as a consultant this time around. For those that would like to see some of their MicroProse classics "refreshed" for modern systems, you're in luck. It will be remastering a number of games, although those specific titles haven't been revealed at this time. What the reinvigorated company has announced, however, is that it has three new games on deck. The first is Task Force Admiral, which will have you in command of a U.S. Navy WWII (Pacifica Theater) carrier task force. This will be a full 3D simulation game with 90 ship classes and 40 different types of aircraft with realistic ballistics and full damage modeling. The game is being developed by Drydock Dreams.

Next up is Second front, which is another WWII-themed game developed by Hexdraw. "Second Front is an accessible WWII turn-based tactical game with more than 40 infantry units and 200 tanks, vehicles and guns," writes MicroProse. It has all the depth of a paper wargame and the ease of a computer simulation. Campaign, scenarios and a complete editor make it an infinite tactical sandbox experience." Finally, there's Sea Power, which was developed by Triassic Games. Sea Power shifts to "modern naval conflict campaigns." All three of the games will be launching soon via Steam, which you can check out using the follow links: Task Force Admiral, Second Front, Sea Power.

The Education Department has asked the University of Texas System to provide documentation of its dealings with the Chinese laboratory that U.S. officials are investigating as a potential source of the coronavirus pandemic. From a report: The request for records of gifts or contracts from the Wuhan Institute of Virology and its researcher Shi Zhengli, known for her work on bats, is part of a broader department investigation into possible faulty financial disclosures of foreign money by the Texas group of universities. The Education Department's letter, reviewed by The Wall Street Journal, also asks the UT System to share documents regarding potential ties to the ruling Chinese Communist Party and some two dozen Chinese universities and companies, including Huawei Technologies Co. and a unit of China National Petroleum Corp. The department is also seeking documents related to any university system contracts or gifts from Eric Yuan, a U.S. citizen who is the chief executive officer of Zoom Video Communications.

An anonymous reader quotes a report from The New York Times: Millions of people gave their email addresses to Quibi, JetBlue, Wish and other companies (Warning: source may be paywalled; alternative source) -- and those email addresses got away. They ended up in the hands of advertising and analytics companies like Google, Facebook and Twitter, leaving the people with those email addresses more easily targeted by advertisers and able to be tracked by companies that study shopping behavior, according toa reportpublished on Wednesday. The customers unwittingly exposed their email addresses when signing up for apps or clicking on links in marketing emails, said the researcher Zach Edwards, who runs the digital strategy firm Victory Medium. In the report, he described the giveaway of personal data as part of a "sloppy and dangerous growth hack."

Mr. Edwards, a contributor to a recent studythat examined potential privacy violations by dating services like Grindr and OkCupid, wrote in the new report that one of the "most egregious" leaks involvedQuibi, a short-form video platform based in Los Angeles that is run by the veteran executives Jeffrey Katzenberg and Meg Whitman. Quibi went live on April 6, long after new data privacy regulations went into effect in Europe and California. People who downloaded the Quibi app were asked to submit their email addresses. Then they received a confirmation link. Clicking on the link made their email addresses available to Google, Facebook, Twitter and Snapchat, according to the report. Quibi said in a statement on Wednesday that data security "is of the highest priority" and that "the moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately." "Mr. Edwards said customers were probably unaware of leaks at Wish, an e-commerce platform where hundreds of millions of email addresses were most likely exposed starting in 2018," the report adds. "When users clicked on links in marketing emails from the company, their email addresses were shared with Google, Facebook, Pinterest, PayPal and others, he wrote."

Other companies that suffered limited leaks included The Washington Post, JetBlue, and Mailchimp.