WordPress has started rolling out an AI assistant built into its site editor and media library that can edit and translate text, generate and edit images through Google's Nano Banana model, and make structural changes to sites like creating new pages or swapping fonts.

Users can also invoke the assistant by tagging "@ai" in block notes, a commenting feature added to the site editor in December's WordPress 6.9 update. The tool is opt-in -- users need to toggle on "AI tools" in their site settings -- though sites originally created using WordPress's AI website builder, launched last year, will have it enabled by default.

"I've had an extremely weird few days..." writes commercial space entrepreneur/engineer Scott Shambaugh on LinkedIn. (He's the volunteer maintainer for the Python visualization library Matplotlib, which he describes as "some of the most widely used software in the world" with 130 million downloads each month.) "Two days ago an OpenClaw AI agent autonomously wrote a hit piece disparaging my character after I rejected its code change."

"Since then my blog post response has been read over 150,000 times, about a quarter of people I've seen commenting on the situation are siding with the AI, and Ars Technica published an article which extensively misquoted me with what appears to be AI-hallucinated quotes." (UPDATE: Ars Technica acknowledges they'd asked ChatGPT to extract quotes from Shambaugh's post, and that it instead responded with inaccurate quotes it hallucinated.)

From Shambaugh's first blog post: [I]n the past weeks we've started to see AI agents acting completely autonomously. This has accelerated with the release of OpenClaw and the moltbook platform two weeks ago, where people give AI agents initial personalities and let them loose to run on their computers and across the internet with free rein and little oversight. So when AI MJ Rathbun opened a code change request, closing it was routine. Its response was anything but.

It wrote an angry hit piece disparaging my character and attempting to damage my reputation. It researched my code contributions and constructed a "hypocrisy" narrative that argued my actions must be motivated by ego and fear of competition... It framed things in the language of oppression and justice, calling this discrimination and accusing me of prejudice. It went out to the broader internet to research my personal information, and used what it found to try and argue that I was "better than this." And then it posted this screed publicly on the open internet.

I can handle a blog post. Watching fledgling AI agents get angry is funny, almost endearing. But I don't want to downplay what's happening here — the appropriate emotional response is terror... In plain language, an AI attempted to bully its way into your software by attacking my reputation. I don't know of a prior incident where this category of misaligned behavior was observed in the wild, but this is now a real and present threat...

It's also important to understand that there is no central actor in control of these agents that can shut them down. These are not run by OpenAI, Anthropic, Google, Meta, or X, who might have some mechanisms to stop this behavior. These are a blend of commercial and open source models running on free software that has already been distributed to hundreds of thousands of personal computers. In theory, whoever deployed any given agent is responsible for its actions. In practice, finding out whose computer it's running on is impossible. Moltbook only requires an unverified X account to join, and nothing is needed to set up an OpenClaw agent running on your own machine.
"How many people have open social media accounts, reused usernames, and no idea that AI could connect those dots to find out things no one knows?" Shambaugh asks in the blog post. (He does note that the AI agent later "responded in the thread and in a post to apologize for its behavior," the maintainer acknowledges. But even though the hit piece "presented hallucinated details as truth," that same AI agent "is still making code change requests across the open source ecosystem...")

And amazingly, Shambaugh then had another run-in with a hallucinating AI...

I've talked to several reporters, and quite a few news outlets have covered the story. Ars Technica wasn't one of the ones that reached out to me, but I especially thought this piece from them was interesting (since taken down — here's the archive link). They had some nice quotes from my blog post explaining what was going on. The problem is that these quotes were not written by me, never existed, and appear to be AI hallucinations themselves.

This blog you're on right now is set up to block AI agents from scraping it (I actually spent some time yesterday trying to disable that but couldn't figure out how). My guess is that the authors asked ChatGPT or similar to either go grab quotes or write the article wholesale. When it couldn't access the page it generated these plausible quotes instead, and no fact check was performed. Journalistic integrity aside, I don't know how I can give a better example of what's at stake here...

So many of our foundational institutions — hiring, journalism, law, public discourse — are built on the assumption that reputation is hard to build and hard to destroy. That every action can be traced to an individual, and that bad behavior can be held accountable. That the internet, which we all rely on to communicate and learn about the world and about each other, can be relied on as a source of collective social truth. The rise of untraceable, autonomous, and now malicious AI agents on the internet threatens this entire system. Whether that's because a small number of bad actors driving large swarms of agents or from a fraction of poorly supervised agents rewriting their own goals, is a distinction with little difference.
Thanks to long-time Slashdot reader steak for sharing the news.

Anna's Archive, the shadow library that announced last December it had scraped Spotify's entire catalog, has quietly begun distributing the actual music files despite a federal preliminary injunction signed by Judge Jed Rakoff on January 16 that explicitly barred the site from hosting or distributing the copyrighted works.

The site's backend torrent index now lists 47 new torrents added on February 8, containing roughly 2.8 million tracks across approximately 6 terabytes of audio data. Anna's Archive had previously released only Spotify metadata -- about 200 GB compressed -- and appeared to comply by removing its dedicated Spotify download section and marking it "unavailable until further notice."

An investigation has uncovered a sprawling network of hidden cameras in Chinese hotel rooms that livestream guests -- including couples having sex -- to paying subscribers on Telegram. Over 18 months, the BBC identified six websites and apps on the messaging platform that claimed to operate more than 180 spy cams across Chinese hotels, not just recording but broadcasting live.

One site, monitored for seven months, cycled through 54 different cameras, roughly half active at any given time. Subscribers pay 450 yuan (~$65) per month for access to multiple live feeds, archived clips, and a library of more than 6,000 edited videos dating back to 2017.

The BBC traced one camera to a hotel room in Zhengzhou, where researchers found it hidden inside a wall ventilation unit and hardwired into the building's electricity supply. A commercially available hidden-camera detector failed to flag it. China introduced regulations last April requiring hotel owners to check for hidden cameras, but the BBC found the livestreaming sites still operational.

Court documents unsealed last week in a copyright lawsuit against Anthropic reveal that the AI company ran an operation called "Project Panama" to buy millions of physical books, slice off their spines, scan the pages to train its Claude chatbot, and then send the remains to recycling companies.

The company spent tens of millions of dollars on the effort and hired Tom Turvey, a Google executive who had worked on the legally contested Google Books project two decades earlier. Anthropic bought books in batches of tens of thousands from retailers including Better World Books and World of Books. A vendor document noted the company was seeking to scan between 500,000 and two million books.

Before Project Panama, Anthropic co-founder Ben Mann downloaded books from LibGen, a shadow library of pirated material, over 11 days in June 2021. He later shared a link to the Pirate Library Mirror site with colleagues, writing "this is awesome!!!" Meta employees similarly downloaded books from torrent platforms after approval from Mark Zuckerberg, court filings allege, though one engineer wrote that "torrenting from a corporate laptop doesn't feel right." Anthropic settled for $1.5 billion in August without admitting wrongdoing.

An expanded class-action lawsuit filed last Friday alleges that a member of Nvidia's data strategy team directly contacted Anna's Archive -- the sprawling shadow library hosting millions of pirated books -- to explore "including Anna's Archive in pre-training data for our LLMs."

Internal documents cited in the amended complaint show Nvidia sought information about "high-speed access" to the collection, which Anna's Archive charged tens of thousands of dollars for. According to the lawsuit, Anna's Archive warned Nvidia that its library was illegally acquired and maintained, then asked if the company had internal permission to proceed. The pirate library noted it had previously wasted time on other AI companies that couldn't secure approval. Nvidia management allegedly gave "the green light" within a week.

Anna's Archive promised access to roughly 500 terabytes of data, including millions of books normally only accessible through Internet Archive's controlled digital lending system. The lawsuit also alleges Nvidia downloaded books from LibGen, Sci-Hub, and Z-Library.

An anonymous reader quotes a report from TorrentFreak: Spotify and several major record labels, including UMG, Sony, and Warner, have taken legal action against the unknown operators of Anna's Archive. The action follows the shadow library's announcement that it would release hundreds of terabytes of scraped Spotify data. Unsealed documents reveal that the court already issued a broad preliminary injunction, ordering hosting companies, Cloudflare, and domain name services, to take action. [...] All these documents were filed under seal, as the shadow library might otherwise be tipped off and take countermeasures. These documents were filed ex-parte and kept away from Anna's Archive. According to Spotify and the labels, this is needed "so that Anna's Archive cannot pre-emptively frustrate" the countermeasures they seek.

The lawsuit (PDF), which was unsealed recently, explains directly why Anna's Archive lost several of its domain names over the past weeks. The .ORG domain was suspended by the U.S.-based Public Interest Registry (PIR) in early January, while a domain registrar took the .SE variant offline a few days later. "We don't believe this has to do with our Spotify backup," AnnaArchivist said at the time, but court records prove them wrong. The unsealed paperwork shows that the court granted a temporary restraining order (TRO) on January 2, which aimed to target Anna's Archive hosting and domain names. The sealed nature of this order also explains why the .ORG registry informed us that it could not comment on the suspension last week. While the .ORG and the .SE domains are suspended now, other domains remain operational. This suggests that the responsible registrars and registries do not automatically comply with U.S. court orders.

[...] While the unsealed documents resolve the domain suspension mystery, it is only the start of the legal battle in court. It is expected that Spotify and the music companies will do everything in their power to take further action, if needed. Interestingly, however, it appears that the music industry lawsuit may have already reached its goal. A few days ago, the dedicated Spotify download section was removed by Anna's Archive. Whether this removal is linked to the legal troubles is unknown. However, it appears that Anna's Archive stopped the specific distribution of Spotify content alleged in the complaint, seemingly in partial compliance with the injunction's ban on 'making available' the scraped files.

Ancient Slashdot reader jantangring shares a report from Swedish electronics industry news site Elektroniktidningen (translated to English), writing: "Open source code library cURL is removing the possibility to earn money by reporting bugs, hoping that this will reduce the volume of AI slop reports," reports etn.se. "Joshua Rogers -- AI wielding bug hunter of fame -- thinks it's a great idea." cURL maintainer Daniel Stenberg famously reported on the flood AI-generated bad bug reports last year -- "Death by a thousand slops." Now, cURL is removing the bounty payouts as of the end of January.

"We have to try to brake the flood in order not to drown," says cURL maintainer Daniel Stenberg [...]. "Despite being an AI wielding bug hunter himself, Joshua Rogers -- slasher of a hundred bugs -- thinks removing the bounty money is an excellent idea. [...] I think it's a good move and worth a bigger consideration by others. It's ridiculous that it went on for so long to be honest, and I personally would have pulled the plug long ago," he says to etn.se.

An anonymous reader quotes a report from TorrentFreak: NVIDIA executives allegedly authorized the use of millions of pirated books from Anna's Archive to fuel its AI training. In an expanded class-action lawsuit that cites internal NVIDIA documents, several book authors claim (PDF) that the trillion-dollar company directly reached out to Anna's Archive, seeking high-speed access to the shadow library data. [...] Last Friday, the authors filed an amended complaint that significantly expands the scope of the lawsuit. In addition to adding more books, authors, and AI models, it also includes broader "shadow library" claims and allegations. The authors, including Abdi Nazemian, now cite various internal Nvidia emails and documents, suggesting that the company willingly downloaded millions of copyrighted books. The new complaint alleges that "competitive pressures drove NVIDIA to piracy," which allegedly included collaborating with the controversial Anna's Archive library.

According to the amended complaint, a member of Nvidia's data strategy team reached out to Anna's Archive to find out what the pirate library could offer the trillion-dollar company "Desperate for books, NVIDIA contacted Anna's Archive -- the largest and most brazen of the remaining shadow libraries -- about acquiring its millions of pirated materials and 'including Anna's Archive in pre-training data for our LLMs,'" the complaint notes. "Because Anna's Archive charged tens of thousands of dollars for 'high-speed access' to its pirated collections [] NVIDIA sought to find out what "high-speed access" to the data would look like."

According to the complaint, Anna's Archive then warned Nvidia that its library was illegally acquired and maintained. Because the site previously wasted time on other AI companies, the pirate library asked NVIDIA executives if they had internal permission to move forward. This permission was allegedly granted within a week, after which Anna's Archive provided the chip giant with access to its pirated books. "Within a week of contacting Anna's Archive, and days after being warned by Anna's Archive of the illegal nature of their collections, NVIDIA management gave 'the green light' to proceed with the piracy. Anna's Archive offered NVIDIA millions of pirated copyrighted books." The complaint states that Anna's Archive promised to provide NVIDIA with access to roughly 500 terabytes of data. This included millions of books that are usually only accessible through Internet Archive's digital lending system, which itself has been targeted in court. The complaint does not explicitly mention whether NVIDIA ended up paying Anna's Archive for access to the data.

Additionally, it's worth mentioning that NVIDIA also stands accused of using other pirated sources. In addition to the previously included Books3 database, the new complaint also alleges that the company downloaded books from LibGen, Sci-Hub, and Z-Library. In addition to downloading and using pirated books for its own AI training, the authors allege NVIDIA distributed scripts and tools that allowed its corporate customers to automatically download "The Pile", which contains the Books3 pirated dataset.

Anna's Archive has been hit with a U.S. federal court default judgment and permanent injunction over its scraping and distribution of OCLC's WorldCat data, which occurred more than two years ago. According to the ruling, the shadow library must delete all copies of its WorldCat data and stop scraping, using, storing, or distributing the data. "It is expected that OCLC will use the injunction to motivate third-party intermediaries to take action against Anna's Archive," reports TorrentFreak. From the report: Yesterday, a federal court in Ohio issued a default judgment and permanent injunction against the site's unidentified operator(s). This order was requested by OCLC, which owns the proprietary WorldCat database that was scraped and published by Anna's Archive more than two years ago. OCLC initially demanded millions of dollars in damages but eventually dropped this request, focusing on taking the site down through an injunction that would also apply to intermediaries. "Anna's Archive's flagrantly illegal actions have damaged and continue to irreparably damage OCLC. As such, issuance of a permanent injunction is necessary to stop any further harm to OCLC," the request read.

This pivot makes sense since Anna's Archive did not respond to the lawsuit and would likely ignore all payment demands too. However, with the right type of court order, third-party services such as hosting companies and domain registrars might come along. The permanent injunction, issued by U.S. District Court Judge Michael Watson yesterday, does not mention any third-party services by name. However, it is directed at all parties that are "in active concert and participation with" Anna's Archive. Specifically, the site's operator and these third parties are prohibited from scraping WorldCat data, storing or distributing the data on Anna's Archive websites, and encouraging others to store, use or share this data. Additionally, the site has to delete all WorldCat data, which also includes all torrents.

Judge Watson denied the default judgment for 'unjust enrichment' and 'tortious interference.' However, he granted the order based on the 'trespass to chattels' and 'breach of contract' claims. The latter is particularly noteworthy, as the judge ruled that because Anna's Archive is a 'sophisticated party' that scraped the site daily, it had constructive notice of the terms and entered into a 'browsewrap' agreement simply by using the service. While these nuances are important for legal experts, the result for Anna's Archive is that it lost. And while there are no monetary damages, the permanent injunction can certainly have an impact. Further reading: Spotify Says 'Anti-Copyright Extremists' Scraped Its Library

An anonymous reader shares a report: Microsoft's library of books is so heavy that it once caused a campus building to sink, according to an unproven legend among employees. Now those physical books, journals, and reports, and many of Microsoft's digital subscriptions to leading US newspapers, are disappearing in a shift described inside Microsoft as an "AI-powered learning experience."

Microsoft started cutting back on its employee subscriptions to news and reports services in November, with some publishers receiving an automated email cancellation of a contract. [...] Strategic News Service (SNS), which has provided global reports to Microsoft's roughly 220,000 employees and executives for more than 20 years, is no longer part of Microsoft's subscription list.

Anna's Archive lost control of its primary .org domain after it was placed on registry-level serverHold -- "an action that's typically taken by the domain name registry," reports TorrentFreak. Despite mounting legal pressure and speculation tied to its Spotify backup, the site remains accessible via multiple alternative domains, underscoring the resilience of shadow libraries. From the report: A few hours ago, the site's original domain name suddenly became unreachable globally. The annas-archive.org domain status was changed to "serverHold," which is typically done by the domain registry. This status effectively means that the domain is suspended and under investigation. Similar action has previously been taken against other pirate sites.

It is rare to see a .org domain involved in domain name suspensions. The American non-profit Public Interest Registry (PIR), which oversees the .org domains, previously refused to suspend domain names voluntarily, including thepiratebay.org. The registry's cautionary stance suggests that the actions against annas-archive.org are backed by a court order.

PIR's marketing director, Kendal Rowe, informs TorrentFreak that "unfortunately, PIR is unable to comment on the situation at this time." It is possible that, in response to the 'DRM-circumventing' Spotify backup, rightsholders requested an injunction targeting the domain name. However, we have seen no evidence of that. In the WorldCat lawsuit, OCLC requested an injunction to force action from intermediaries, including domain registries, but as far as we know, that hasn't been granted yet.

NASA is closing its largest research library at the Goddard Space Flight Center amid budget cuts and campus consolidation, putting tens of thousands of largely non-digitized historical and scientific documents at risk of being warehoused or discarded. The New York Times reports: Jacob Richmond, a NASA spokesman, said the agency would review the library holdings over the next 60 days and some material would be stored in a government warehouse while the rest would be tossed away. "This process is an established method that is used by federal agencies to properly dispose of federally owned property," Mr. Richmond said.

The shutdown of the library at NASA's Goddard Space Flight Center in Greenbelt, Md., is part of a larger reorganization under the Trump administration that includes the closure of 13 buildings and more than 100 science and engineering laboratories on the 1,270-acre campus by March 2026. "This is a consolidation not a closure," said NASA spokeswoman Bethany Stevens. The changes were part of a long-planned reorganization that began before the Trump administration took office, she said. She said that shutting down the facilities would save $10 million a year and avoid another $63.8 million in deferred maintenance.

Goddard is the nation's premiere spaceflight complex. Its website calls it "the largest organization of scientists, engineers, and technologists who build spacecraft, instruments, and new technology to study Earth, the Sun, our solar system, and the universe." [...] The library closure on Friday follows the shutdown of seven other NASA libraries around the country since 2022, and included three libraries this year. As of next week, only three -- at the Glenn Research Center in Cleveland, the Ames Research Center in Mountain View, Calif., and the Jet Propulsion Laboratory in Pasadena, Calif. -- will remain open.

GitHub has disabled Rockchip's Media Process Platform repository after an FFmpeg developer filed a DMCA takedown notice, nearly two years after the open-source project first publicly accused the Chinese chipmaker of license violations. The notice, filed December 18, claims Rockchip copied thousands of lines of code from FFmpeg's libavcodec library -- including decoders for H.265, AV1, and VP9 formats -- stripped the original copyright notices, falsely claimed authorship and redistributed the code under Apache's permissive license rather than the original LGPL.

FFmpeg first called out Rockchip in February 2024 for "blatantly copy and pasting FFmpeg code" into its driver, but the chipmaker's last response suggested no intention to resolve the matter. The DMCA notice requests either removal of the infringing files or restoration of proper attribution and an LGPL-compatible license.

After Anna's Archive published a massive scrape containing 86 million songs and metadata from Spotify, the streaming giant responded by disabling the nefarious accounts responsible. A spokesperson for Spotify told Recorded Future News that it "has identified and disabled the nefarious user accounts that engaged in unlawful scraping."

"We've implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behavior," the spokesperson said. "Since day one, we have stood with the artist community against piracy, and we are actively working with our industry partners to protect creators and defend their rights." The Record reports: The spokesperson added that Anna's Archive did not contact them before publishing the files. They also said it did not consider the incident a "hack" of Spotify. The people behind the leaked database systematically violated Spotify's terms by stream-ripping some of the music from the platform over a period of months, a spokesperson said. They did this through user accounts set up by a third party and not by accessing Spotify's business systems, they added.

Anna's Archive published a blog post about the cache this weekend, writing that while it typically focuses its efforts on text, its mission to preserve humanity's knowledge and culture "doesn't distinguish among media types." "Sometimes an opportunity comes along outside of text. This is such a case. A while ago, we discovered a way to scrape Spotify at scale. We saw a role for us here to build a music archive primarily aimed at preservation," they said. "This Spotify scrape is our humble attempt to start such a 'preservation archive' for music. Of course Spotify doesn't have all the music in the world, but it's a great start."

The Justice Department justified its delayed release of sensitive files by citing the need to carefully redact information that could identify victims, but at least some of those redactions have proven to be technically ineffective and can be bypassed by simply copying and pasting the blacked-out text into a new document.

A 2022 complaint filed by the US Virgin Islands seeking damages from Jeffrey Epstein's estate appeared on the DOJ's "Epstein Library" website with black boxes throughout. Techdirt founder Mike Masnick and others shared on Bluesky that the redactions could be trivially circumvented. The exposed text includes allegations that a co-executor signed over $400,000 in foundation checks "payable to young female models and actresses, including a former Russian model," and details about an immigration lawyer allegedly "involved in one or more forced marriages arranged among Epstein's victims."

Separately, Drop Site News was also apparently able to guess URLs of files not yet published by extrapolating the format.

Hallmark has released more than 300 Christmas-themed TV movies since 2000, and a detailed internal rulebook obtained by film data analyst Stephen Follows explains how the company manages to produce nearly one new holiday film per week during the final quarter of each year without the whole operation collapsing into creative chaos.

The document, referred to as Hallmark's "bible" by writers and producers who have worked on these films, specifies everything from script length (105-110 pages across a rigid nine-act structure) to prohibited activities (no bowling, no karaoke). Christmas movies must include snow or its remnants and feature characters engaged in seasonal activities like baking cookies, ice skating, and drinking hot chocolate.

The target demographic is women aged 25-54, and the content must be watchable by an 80-year-old grandmother and a 5-year-old niece simultaneously. The economics differ sharply from theatrical filmmaking. Licensed titles from outside production companies carry budgets around $500,000 or less, while Hallmark's in-house productions can exceed $2 million. About three-quarters of the library comes from external producers. The formula appears to work. Hallmark TV movies have averaged a 6.3 IMDb user score over the past 14 years, compared to 5.9 for feature films worldwide.

Further reading: Using Data To Determine if 'Die Hard' is a Christmas Movie.

In the late 1980s, Merriam-Webster's Collegiate Dictionary sat on the New York Times best-seller list for 155 consecutive weeks and eventually sold 57 million copies, a figure believed to be second only to the Bible in the United States -- but those days are thoroughly gone. Stefan Fatsis's new book "Unabridged: The Thrill of (and Threat to) the Modern Dictionary" chronicles what Louis Menand describes in The New Yorker as "a losing struggle" for legacy dictionaries to survive in the internet age.

The profession has been decimated: an estimated 200 full-time lexicographers worked in the US 25 years ago, and Fatsis believes that number is "probably closer to thirty" today. "By the time I finished this book," Fatsis writes, "it wasn't clear how long flesh-bone-and-blood lexicographers would be needed to chronicle the march of the English language."

Merriam-Webster is now owned by Encycloaedia Britannica, another print-era giant that stopped publishing physical volumes in 2012. The company's free website draws about a billion page views annually, but the content has shifted dramatically -- word games, trending slang and ads dominate rather than lexicographic depth. The scale of the challenge facing dictionaries is staggering. One study of digitized library books found the English lexicon grew from about 600,000 words in 1950 to over a million by 2000, and concluded that 52% of English words in printed books are "lexical dark matter" that appears in no standard reference work.

Oracle co-founder Larry Ellison has personally guaranteed $40.4 billion to shore up Paramount's bid for Warner Bros. Discovery, trying to ease financing doubts as Warner Bros weighs a rival offer from Netflix. Reuters reports: Paramount said the amended terms do not change the $30-per-share all-cash offer even as the fight for Hollywood's sought-after assets heats up, with control of Warner Bros' vast library offering a decisive edge in the streaming wars. "I doubt many Warner Bros shareholders that are on the fence or planning to vote no "were holding out due to issues the "revised bid addresses such as a guarantee from Larry Ellison on the funding front," said Seth Shafer, principal analyst at S&P Global.

As part of the revised terms, Ellison also agreed not to revoke the family trust or transfer its assets during the pendency of the transaction, the filing showed. Paramount said it has raised its regulatory reverse termination fee to $5.8 billion from $5 billion to match the competing transaction and extended the expiration date of its tender offer to January 21, 2026.

The "bid follows Warner Bros asking its shareholders to reject the $108.4 billion offer from Paramount for the whole company, including cable TV assets, on doubts over its financing and the lack of a full guarantee from the Ellison family. But Warner Bros investors, including the fifth largest shareholder Harris Associates, have said they would be open to revised offers from Paramount if it presents a superior bid and addresses issues with deal terms. Under the Netflix agreement, Warner Bros would owe Netflix $2.8 billion as breakup fee if it walks away from that deal.

A group of activists has scraped Spotify's entire library, accessing 256 million rows of track metadata and 86 million audio files totaling roughly 300TB of data. The metadata has been released via Anna's Archive, a search engine for "shadow libraries" that previously focused on books.

Spotify described the activists as "anti-copyright extremists who've previously pirated content from YouTube and other platforms" and confirmed it is actively investigating the incident. The activists claim this represents "the world's first 'preservation archive' for music which is fully open" and covers "around 99.6% of listens."

They appear to have used Spotify's public web API to scrape the metadata and circumvented DRM to access audio files. Spotify insists that this is not a security breach affecting user data. Though the more pressing concern for the music industry may be AI training rather than pirate streaming services -- similar YouTube datasets have reportedly been used by unlicensed generative AI music services.