"Facebook and Instagram owner Meta is launching paid subscriptions for users who do not want to see adverts in the UK," reports the BBC: The company said it would start notifying users in the coming weeks to let them choose whether to subscribe to its platforms if they wish to use them without seeing ads. EU users of its platforms can already pay a fee starting from €5.99 (£5) a month to see no ads — but subscriptions will start from £2.99 a month for UK users.

"It will give people in the UK a clear choice about whether their data is used for personalised advertising, while preserving the free access and value that the ads-supported internet creates for people, businesses and platforms," Meta said. But UK users will not have an option to not pay and see "less personalised" adverts — a feature Meta added for EU users after regulators raised concerns...

Meta said its own model would see its subscription for no ads cost £2.99 a month on the web or £3.99 a month on iOS and Android apps — with the higher fee to offset cuts taken from transactions by Apple and Google... [Meta] reiterated its critical stance on the EU on Friday, saying its regulations were creating a worse experience for users and businesses unlike the UK's "more pro-growth and pro-innovation regulatory environment".
"Meta said its own model would see its subscription for no ads cost £2.99 a month on the web or £3.99 a month on iOS and Android apps," according to the BBC, "with the higher fee to offset cuts taken from transactions by Apple and Google."

Even users not paying for an ad-free experience have "tools and settings that empower people to control their ads experience," according to Meta's announcement. The include Ad Preferences which influences data used to inform ads including Activity Information from Ad Partners. "We also have tools in our products that explain 'Why am I seeing this ad?' and how people can manage their ad experience. We do not sell personal data to advertisers."

BrianFagioli shares a report from NERDS.xyz: Cloudflare has unveiled the Content Signals Policy, a free addition to its managed robots.txt service that aims to give website owners and publishers more control over how their content is accessed and reused by AI companies. The idea is pretty simple: robots.txt already lets site operators specify which crawlers can enter and where. Cloudflare's new policy adds a layer that signals how the data may be used once accessed, with plain-language terms for search, AI input, and AI training. "Yes" means allowed, "no" means not allowed, and no signal means no preference.

Matthew Prince, Cloudflare's co-founder and CEO, said: "The Internet cannot wait for a solution, while in the meantime, creators' original content is used for profit by other companies. To ensure the web remains open and thriving, we're giving website owners a better way to express how companies are allowed to use their content." Cloudflare says more than 3.8 million domains already use its robots.txt tools to signal they don't want their content used for AI training. Now, the Content Signals Policy makes those preferences clearer and potentially enforceable. Further reading: Cloudflare Flips AI Scraping Model With Pay-Per-Crawl System For Publishers

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting "promising approaches that should be more widely used" and "areas where more work is needed." There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities are found. More development should be shifted to safer languages that make vulnerabilities and attacks less likely. We also need to find ways to fund open source development to make it less susceptible to takeover by the mere offer of free help. Relatively small investments in OpenSSL and XZ development could have prevented both the Heartbleed vulnerability and the XZ attack.
Some highlights from the 5,000-word article:

• Make Builds Reproducible. "The Reproducible Builds project aims to raise awareness of reproducible builds generally, as well as building tools to help progress toward complete reproducibility for all Linux software. The Go project recently arranged for Go itself to be completely reproducible given only the source code... A build for a given target produces the same distribution bits whether you build on Linux or Windows or Mac, whether the build host is X86 or ARM, and so on. Strong reproducibility makes it possible for others to easily verify that the binaries posted for download match the source code..."

• Prevent Vulnerabilities. "The most secure software dependencies are the ones not used in the first place: Every dependency adds risk... Another good way to prevent vulnerabilities is to use safer programming languages that remove error-prone language features or make them needed less often..."

• Authenticate Software. ("Cryptographic signatures make it impossible to nefariously alter code between signing and verifying. The only problem left is key distribution...") "The Go checksum database is a real-world example of this approach that protects millions of Go developers. The database holds the SHA256 checksum of every version of every public Go module..."

• Fund Open Source. [Cox first cites the XKCD cartoon "Dependencies," calling it "a disturbingly accurate assessment of the situation..."] "The XZ attack is the clearest possible demonstration that the problem is not fixed. It was enabled as much by underfunding of open source as by any technical detail."

The article also emphasized the importance of finding and fixing vulnerabilities quickly, arguing that software attacks must be made more difficult and expensive.

"We use source code downloaded from strangers on the Internet in our most critical applications; almost no one is checking the code.... We all have more work to do."

An anonymous reader quotes a report from Ars Technica: Verizon agreed to offer $20-per-month broadband service to people with low incomes in California in exchange for a merger approval. In a bid to complete its $9.6 billion purchase of Frontier Communications, Verizon committed to offering $20 fiber-to-the-home service with symmetrical speeds of 300Mbps. Verizon also committed to offering a $20 fixed wireless service with download speeds of 100Mbps and upload speeds of 20Mbps. Verizon would be required to offer the plans for at least 10 years, according to a joint motion (PDF) to approve the settlement agreement. After three years, Verizon would need to "make commercially reasonable efforts" to increase the speeds "while retaining the $20 price point."

The joint motion filed by Verizon and the California Public Advocates Office seeks approval from the California Public Utilities Commission (CPUC). The $20 plans would be available to people who meet income eligibility guidelines and can be paired with Lifeline discounts. "My team required those options to be California Lifeline eligible, which effectively makes it free for low-income Californians throughout the state," wrote Ernesto Falcon, a program manager at the Public Advocates Office. California's Lifeline program provides $19 discounts. Falcon also wrote that the settlement would expand fiber deployment beyond what Frontier would have offered on its own. "If the merger is approved, Verizon will deliver 75,000 new fiber-to-the-home connections in California beyond Frontier's entire buildout plan with a priority for low-income households," he wrote. The deal also requires 250 new cell sites for Verizon's 5G network.

The Internet Archive has reached a confidential settlement with Universal Music Group and other major labels, "ending a closely watched copyright battle over the nonprofit's effort to digitize and stream historic recordings," reports the San Francisco Chronicle. From the report: The case (PDF), UMG Recordings, Inc. v. Internet Archive, targeted the Archive's Great 78 Project, an initiative to digitize more than 400,000 fragile shellac records from the early 20th century. The collection includes music by artists such as Frank Sinatra, Ella Fitzgerald and Billie Holiday, and has been made available online for free public access. Record labels including Universal, Sony Music Entertainment and Capitol Records had sought $621 million in damages, arguing the Archive's streaming of these recordings constituted copyright infringement.

The Internet Archive, based in San Francisco's Richmond District, describes itself as a digital library dedicated to providing "universal access to all knowledge." Its director of library services, Chris Freeland, acknowledged the settlement in a brief statement. "The parties have reached a confidential resolution of all claims and will have no further public comment on this matter," he wrote.

In 2015 Kim Dotcom answered questions from Slashdot's readers.

Now CBS News reports on "the latest chapter in a protracted 13-year battle by the U.S. government" to extradite Finnish-German millionaire Kim Dotcom from New Zealand: A New Zealand court has rejected the latest bid by internet entrepreneur Kim Dotcom to halt his deportation to the U.S. on charges related to his file-sharing website Megaupload. Dotcom had asked the High Court to review the legality of an official's August 2024 decision that he should be surrendered to the U.S. to face trial on charges of copyright infringement, money laundering and racketeering... The Megaupload founder had applied for what in New Zealand is called a judicial review, in which a judge is asked to evaluate whether an official's decision was lawful. A judge on Wednesday dismissed Dotcom's arguments that the decision to deport him was politically motivated and that he would face grossly disproportionate treatment in the U.S...

New Zealand's government hasn't disclosed what will happen next in the extradition process or divulged an expected timeline for Dotcom to be surrendered to the United States
Dotcom "has been free on bail in New Zealand since February 2012," the article points out — and "One of his lawyers, Ron Mansfield, told Radio New Zealand that Dotcom's team had 'much fight left in us as we seek to secure a fair outcome,' but he didn't elaborate..."

The article notes that the latest decision "could be challenged in the Court of Appeal, where a deadline for filing is October 8."

Warner Bros. Discovery has filed a major copyright lawsuit against Midjourney, accusing the AI image generator of exploiting its movies and TV shows to train models and generate near-identical reproductions of iconic characters like Batman, Bugs Bunny, and Rick and Morty. From The Hollywood Reporter: The company "brazenly dispenses Warner Bros. Discovery's intellectual property" by letting subscribers produce images and videos of iconic copyrighted characters, alleges the complaint, filed on Thursday in California federal court. "The heart of what we do is develop stories and characters to entertain our audiences, bringing to life the vision and passion of our creative partners," said a Warner Bros. Discovery spokesperson in a statement. "Midjourney is blatantly and purposefully infringing copyrighted works, and we filed this suit to protect our content, our partners, and our investments."

For years, AI companies have been training their technology on data scraped across the internet without compensating creators. It's led to lawsuits from authors, record labels, news organizations, artists and studios, which contend that some AI tools erode demand for their content. Warner Bros. Discovery joins Disney and Universal, which earlier this year teamed up to sue Midjourney. By their thinking, the AI company is a free-rider plagiarizing their movies and TV shows. In the lawsuit, Warner Bros. Discovery points to Midjourney generating images of iconic copyrighted characters. At the forefront are heroes who're at the center of DC Studios' movies and TV shows, like Superman, Wonder Woman and The Joker; others are Looney Tunes, Tom and Jerry and Scooby-Doo characters who've become ubiquitous household names; more are Cartoon Network characters, including those from Rick and Morty, who've emerged as something of cultural touchstones in recent years. [...]

The lawsuit argues Midjourney's ability to return copyrighted characters is a "clear draw for subscribers," diverting consumers away from purchasing Warner Bros. Discovery-approved posters, wall art and prints, among other products that must now compete against the service. [...] Warner Bros. Discovery seeks Midjourney's profits attributable to the alleged infringement or, alternatively, $150,000 per infringed work, which could leave the AI company on the hook for massive damages. The thrust of the studios' lawsuits will likely be decided by one question: Are AI companies covered by fair use, the legal doctrine in intellectual property law that allows creators to build upon copyrighted works without a license? The lawsuit can be found here.

samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.

App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."

The women-only dating-advice app Tea "has been hit with 10 potential class action lawsuits in federal and state court," NBC News reported last week, "after a data breach led to the leak of thousands of selfies, ID photos and private conversations online." The suits could result in Tea having to pay tens of millions of dollars in damages to the plaintiffs, which could be catastrophic for the company, an expert told NBC News... One of the suits lists the right-wing online discussion board 4chan and the social platform X as defendants, alleging that they allowed bad actors to spread users' personal information.
But meanwhile, a new competing app for men called "TeaOnHer" has already been launched. And it was also found to have enormous security flaws, reports TechCrunch, that "exposed its users' personal information, including photos of their driver's licenses and other government-issued identity documents..." [W]hen we looked at the TeaOnHer's public internet records, it had no meaningful information other than a single subdomain, appserver.teaonher.com. When we opened this page in our browser, what loaded was the landing page for TeaOnHer's API (for the curious, we uploaded a copy here)... It was on this landing page that we found the exposed email address and plaintext password (which wasn't that far off from "password") for [TeaOnHer developer Xavier] Lampkin's account to access the TeaOnHer "admin panel"... This API landing page included an endpoint called /docs, which contained the API's auto-generated documentation (powered by a product called Swagger UI) that contained the full list of commands that can be performed on the API [including administrator commands to return user data]...

While it's not uncommon for developers to publish their API documentation, the problem here was that some API requests could be made without any authentication — no passwords or credentials were needed...

The records returned from TeaOnHer's server contained users' unique identifiers within the app (essentially a string of random letters and numbers), their public profile screen name, and self-reported age and location, along with their private email address. The records also included web address links containing photos of the users' driver's licenses and corresponding selfies. Worse, these photos of driver's licenses, government-issued IDs, and selfies were stored in an Amazon-hosted S3 cloud server set as publicly accessible to anyone with their web addresses. This public setting lets anyone with a link to someone's identity documents open the files from anywhere with no restrictions...

The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did. We asked, but Lampkin would not say if he has the technical ability, such as logs, to determine if anyone had used (or misused) the API at any time to gain access to users' verification documents, such as by scraping web addresses from the API. In the days since our report to Lampkin, the API landing page has been taken down, along with its documentation page, and it now displays only the state of the server that the TeaOnHer API is running on as "healthy."
The flaws were discovered while TeaOnHer was the #2 free app in the Apple App Store, the article points out. And while these flaws "appear to be resolved," the article notes a larger issue. "Shoddy coding and security flaws highlight the ongoing privacy risks inherent in requiring users to submit sensitive information to use apps and websites,"

And TeaOnHer also had another authentication issue. A female reporter at Cosmopolitan also noted Friday that TeaOnHer "lets you browse through profiles before your verifications are complete. So literally anyone (like myself) can read reviews..."

AOL (now a Yahoo subsidiary) just announced its dial-up internet service will be discontinued at the end of September.

"The change also means the retirement of the AOL Dialer software and the AOL Shield browser, both designed for older operating systems and slow connections that relied on the familiar screech of a modem handshake," remembers Slashdot reader BrianFagioli (noting that dial-up Internet "was once the gateway to the web for millions of households, back when speeds were measured in kilobits and waiting for a picture to load could feel like an eternity.")

AOL's dial-up service "has been publicly available for 34 years," writes Tom's Hardware. But AppleInsider notes the move comes more than 40 years after AOL started "as a very early Apple service." AOL itself started back in 1983 under the name Control Video Corporation, offering online services for the Atari 2600 console. After failing, it became Quantum Computer Services in 1985, eventually launching AppleLink in 1988 to connect Macintosh computers together... With the launch of PC Link for IBM-compatible PCs in 1988 and parting from Apple in October 1989, the company rebranded itself as America Online, or AOL... Even at its height, dial-up connections could get up to 56 kilobits per second under ideal conditions, while modern connections are measured in megabits and gigabits. Most of the service was also what's considered a "walled garden," with features that were only available through AOL itself and that it wasn't the actual, untamed Internet.
In the 1990s AOL "was how millions of people were introduced to the Internet," the article remembers, adding that "Even after the AOL Time Warner acquisition and the 2015 acquisition by Verizon, AOL was still a popular service. Astoundingly, it counted about two million dial-up subscribers at the time." In the 2021 acquisition of assets from Verizon by Apollo Global Management, AOL was said to have 1.5 million people paying for services. However, this was more for technical support and software, rather than for actual Internet access. A CNBC report at the time reports that the dial-up user count was "in the low thousands".... While it dies off, not with a bang but a whimper, AOL's dial-up is still remembered as one of the most transformative services in the Internet age.
"This change does not impact the numerous other valued products and services that these subscribers are able to access and enjoy as part of their plans," a Yahoo spokesperson told PC Magazine this week. "There is also no impact to our users' free AOL email accounts." AOL's disastrous 2001 merger with Time Warner and ongoing inability to deliver broadband to its customers... left it on a path to decline that acquiring such widely read sites as Engadget [2005] and TechCrunch [2010] did not stem. By 2014, the number of dial-up AOL customers had collapsed to 2.34 million. A year later, Verizon bought the company for $4.4 billion in an internet-content play that turned out to be as doomed as the Time Warner transaction. In 2021, Verizon unloaded both AOL and Yahoo, which it had separately purchased in 2017, to the private-equity firm Apollo Global Management....

The demise of AOL's dial-up service does not mean the extinction of the oldest form of consumer online access. Estimates from the Census Bureau's 2023 American Community Survey show 163,401 Americans connected to the internet via dial-up that year.

That was by far the smallest segment of the internet-using population, dwarfed by 100,166,949 subscribing to such forms of broadband as "cable, fiber optic, or DSL"; 8,628,648 using satellite; 3,318,901 using "Internet access without a subscription" (which suggests Wi-Fi from coffee shops or public libraries); and 1,445,135 via "other service."

The remaining AOL dial-up subscribers will need to find some sort of replacement, which in rural areas may be limited to fixed wireless or SpaceX's considerably more expensive Starlink. Or they may wind up joining the ranks of Americans with no internet access: 6,866,059, in those 2023 estimates.

Advocacy groups have decided not to appeal a federal court ruling striking down Biden-era net neutrality rules, citing the FCC's current Republican majority and a Supreme Court they view as hostile to the issue. Instead, they plan to push for open internet protections through Congress, state laws, and future court cases, while noting California's net neutrality law remains in effect. Ars Technica reports: "Trump's election flipped the FCC majority back to ideologues who've always taken the broadband industry's side on this crucial issue. And the justices making up the current Supreme Court majority have shown hostility toward sound legal reasoning on this precise question and a host of other topics too," said Matt Wood, VP of policy and general counsel at Free Press. [...] "The 6th Circuit's decision earlier this year was spectacularly wrong, and the protections it struck down are extremely important. But rather than attempting to overcome an agency that changed hands -- and a Supreme Court majority that cares very little about the rule of law -- we'll keep fighting for Internet affordability and openness in Congress, state legislatures and other court proceedings nationwide," Wood said.

Besides Free Press, groups announcing that they won't appeal are the Benton Institute for Broadband & Society, New America's Open Technology Institute, and Public Knowledge. "Though the 6th Circuit erred egregiously in its decision to overturn the FCC's 2024 Open Internet order, there are other ways we can advance our fight for consumer protections and ISP accountability than petitioning the Supreme Court to review this case -- and, given the current legal landscape, we believe our efforts will be more effective if focused on those alternatives," said Raza Panjwani, senior policy counsel at the Open Technology Institute. Net neutrality could still reach the Supreme Court in another case. Andrew Jay Schwartzman, senior counselor of the Benton Institute for Broadband & Society, said that "the 6th Circuit decision makes bad policy as well as bad law. Because it is at odds with the holdings of two other circuits, we expect to take the issue to the Supreme Court in a future case."

An anonymous reader quotes a report from NPR: Patrick Schlott often finds himself in a cellular dead zone during his drive to work. "You go down the road, you turn the corner and you're behind a mountain and you'll lose cell coverage pretty fast," he says. The 31-year-old electrical engineer says poor reception is a common frustration for residents of Vermont's Orange County. To address this issue, he's providing his community with a new way to stay connected.

Schlott has taken old pay phones, modified them to make free calls, and set them up in three different towns across the county. He buys the phones secondhand from sites like eBay and Craigslist and restores them in his home workshop. With just an internet connection, these phones can make calls anywhere in the U.S. or Canada -- no coins required. And Schlott covers all the operating costs himself. "It's cheap enough where I'm happy just footing the bill," he says. "You know, if I'm spending $20 a month on, say, Netflix, I could do that and provide phone service for the community. And to me, that's way more fun." Hundreds of calls have been made since the first phone was installed back in March last year. "I knew there would be some fringe cases where it would be really helpful," says Schlott. "But I never expected it to get daily use and for people to be this excited about it."

"One of the cornerstones that I want to stick to is, no matter what happens on the backend, the calls will always be free," he says. "And I will figure out a way to make that happen."

An anonymous reader quotes a report from Reuters: Australia said on Wednesday it will add YouTube to sites covered by its world-first ban on social media for teenagers, reversing an earlier decision to exempt the Alphabet-owned video-sharing site and potentially setting up a legal challenge. The decision came after the internet regulator urged the government last month to overturn the YouTube carve-out, citing a survey that found 37% of minors reported harmful content on the site, the worst showing for a social media platform.

"I'm calling time on it," Prime Minister Anthony Albanese said in a statement highlighting that Australian children were being negatively affected by online platforms, and reminding social media of their social responsibility. "I want Australian parents to know that we have their backs." The decision broadens the ban set to take effect in December. YouTube says it is used by nearly three-quarters of Australians aged 13 to 15, and should not be classified as social media because its main activity is hosting videos. "Our position remains clear: YouTube is a video sharing platform with a library of free, high-quality content, increasingly viewed on TV screens. It's not social media," a YouTube spokesperson said by email.

Brian Krebs writes via KrebsOnSecurity: Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied "promo code," interested players can claim a $2,500 credit on the advertised gaming website.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action. At the scam website gamblerbeast[.]com, for example, visitors can pick from dozens of games like B-Ball Blitz, in which you play a basketball pro who is taking shots from the free throw line against a single opponent, and you bet on your ability to sink each shot. The financial part of this scam begins when users try to cash out any "winnings." At that point, the gaming site will reject the request and prompt the user to make a "verification deposit" of cryptocurrency -- typically around $100 -- before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments. However, any "winnings" displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again. Compounding the problem, victims likely will soon be peppered with come-ons from "recovery experts" who peddle dubious claims on social media networks about being able to retrieve funds lost to such scams. [...]

[T]hreat hunting platform Silent Push reveals at least 1,270 recently-registered and active domains whose names all invoke some type of gaming or wagering theme. Here is a list of all domains that Silent Push found were using the scambling network's chat API.

Proton VPN reported a 1,400 percent hourly increase in signups over its baseline Friday — the day the UK's age verification law went into effect. For UK users, "apps with explicit content must now verify visitors' ages via methods such as facial recognition and banking info," notes Mashable: Proton VPN previously documented a 1,000 percent surge in new subscribers in June after Pornhub left France, its second-biggest market, amid the enactment of an age verification law there... A Proton VPN spokesperson told Mashable that it saw an increase in new subscribers right away at midnight Friday, then again at 9 a.m. BST. The company anticipates further surges over the weekend, they added. "This clearly shows that adults are concerned about the impact universal age verification laws will have on their privacy," the spokesperson said... Search interest for the term "Proton VPN" also saw a seven-day spike in the UK around 2 a.m. BST Friday, according to a Google Trends chart.
The Financial Times notes that VPN apps "made up half of the top 10 most popular free apps on the UK's App Store for iOS this weekend, according to Apple's rankings." Proton VPN leapfrogged ChatGPT to become the top free app in the UK, according to Apple's daily App Store charts, with similar services from developers Super Unlimited and Nord Security also rising over the weekend... Data from Google Trends also shows a significant increase in search queries for VPNs in the UK this weekend, with up to 10 times more people looking for VPNs at peak times...

"This is what happens when people who haven't got a clue about technology pass legislation," Anthony Rose, a UK-based tech entrepreneur who helped to create BBC iPlayer, the corporation's streaming service, said in a social media post. Rose said it took "less than five minutes to install a VPN" and that British people had become familiar with using them to access the iPlayer outside the UK. "That's the beauty of VPNs. You can be anywhere you like, and anytime a government comes up with stupid legislation like this, you just turn on your VPN and outwit them," he added...

Online platforms found in breach of the new UK rules face penalties of up to £18mn or 10 percent of global turnover, whichever is greater... However, opposition to the new rules has grown in recent days. A petition submitted through the UK parliament website demanding that the Online Safety Act be repealed has attracted more than 270,000 signatures, with the vast majority submitted in the past week. Ministers must respond to a petition, and parliament has to consider its topic for a debate, if signatures surpass 100,000.
X, Reddit and TikTok have also "introduced new 'age assurance' systems and controls for UK users," according to the article. But Mashable summarizes the situation succinctly.

"Initial research shows that VPNs make age verification laws in the U.S. and abroad tricky to enforce in practice."

In 1995's online world, AOL existed mostly beside the internet as a "walled, manicured garden," remembers Fast Company.

Then along came AOHell "the first of what would become thousands of programs designed by young hackers to turn the system upside down" — built by a high school dropout calling himself "Da Chronic" who says he used "a computer that I couldn't even afford" using "a pirated copy of Microsoft Visual Basic." [D]istributed throughout the teen chatrooms, the program combined a pile of tricks and pranks into a slick little control panel that sat above AOL's windows and gave even newbies an arsenal of teenage superpowers. There was a punter to kick people out of chatrooms, scrollers to flood chats with ASCII art, a chat impersonator, an email and instant message bomber, a mass mailer for sharing warez (and later mp3s), and even an "Artificial Intelligence Bot" [which performed automated if-then responses]. Crucially, AOHell could also help users gain "free" access to AOL. The program came with a program for generating fake credit card numbers (which could fool AOL's sign up process), and, by January 1995, a feature for stealing other users' passwords or credit cards. With messages masquerading as alerts from AOL customer service reps, the tool could convince unsuspecting users to hand over their secrets...

Of course, Da Chronic — actually a 17-year-old high school dropout from North Carolina named Koceilah Rekouche — had other reasons, too. Rekouche wanted to hack AOL because he loved being online with his friends, who were a refuge from a difficult life at home, and he couldn't afford the hourly fee. Plus, it was a thrill to cause havoc and break AOL's weak systems and use them exactly how they weren't meant to be, and he didn't want to keep that to himself. Other hackers "hated the fact that I was distributing this thing, putting it into the team chat room, and bringing in all these noobs and lamers and destroying the community," Rekouche told me recently by phone...

Rekouche also couldn't have imagined what else his program would mean: a free, freewheeling creative outlet for thousands of lonely, disaffected kids like him, and an inspiration for a generation of programmers and technologists. By the time he left AOL in late 1995, his program had spawned a whole cottage industry of teenage script kiddies and hackers, and fueled a subculture where legions of young programmers and artists got their start breaking and making things, using pirated software that otherwise would have been out of reach... In 2014, [AOL CEO Steve] Case himself acknowledged on Reddit that "the hacking of AOL was a real challenge for us," but that "some of the hackers have gone on to do more productive things."

When he first met Mark Zuckerberg, he said, the Facebook founder confessed to Case that "he learned how to program by hacking [AOL]."
"I can't imagine somebody doing that on Facebook today," Da Chronic says in a new interview with Fast Company. "They'll kick you off if you create a Google extension that helps you in the slightest bit on Facebook, or an extension that keeps your privacy or does a little cool thing here and there. That's totally not allowed."

AOHell's creators had called their password-stealing techniques "phishing" — and the name stuck. (AOL was working with federal law enforcement to find him, according to a leaked internal email, but "I didn't even see that until years later.") Enrolled in college, he decided to write a technical academic paper about his program. "I do believe it caught the attention of Homeland Security, but I think they realized pretty quickly that I was not a threat."

He's got an interesting perspective today, noting with today's AI tool's it's theoretically possible to "craft dynamic phishing emails... when I see these AI coding tools I think, this might be like today's Visual Basic. They take out a lot of the grunt work."

What's the moral of the story? "I didn't have any qualifications or anything like that," Da Chronic says. "So you don't know who your adversary is going to be, who's going to understand psychology in some nuanced way, who's going to understand how to put some technological pieces together, using AI, and build some really wild shit."

The Internet Archive has received federal depository library status from California Sen. Alex Padilla, joining a network of over 1,100 libraries that archive government documents and make them accessible to the public. Padilla made the designation in a letter to the Government Publishing Office, which oversees the program.

The San Francisco-based nonprofit organization already operates Democracy's Library, a free online compendium of government research and publications launched in 2022. Founder Brewster Kahle said the new designation makes it easier to work with other federal depository libraries and provides more reliable access to government materials for digitization and distribution.

Under federal law, members of Congress can designate up to two qualified libraries for federal depository status.

Thingiverse, a popular 3D printing file repository, has agreed to remove downloadable gun designs following pressure from Manhattan DA Alvin Bragg, who is pushing for stricter moderation and voluntary cooperation across the 3D printing industry. "However, it's unlikely to slow the proliferation of 3D printed weapons, as many other sites offer downloadable gun designs and parts," reports The Register. From the report: Earlier this year, Bragg wrote to 3D printing companies, asking them to ensure their services can't be used to create firearms. On Saturday, Bragg announced that one such company, Thingiverse, would remove working gun models from its site. The company operates a popular free library of 3D design files and had already banned weapons in its terms of use, but is now promising to improve its moderation procedures and technology. "Following discussions with the Manhattan District Attorney's Office about concerns around untraceable firearms, we are taking additional steps to improve our content moderation efforts," Thingiverse said in a statement. "As always, we encourage our users to report any content that may be harmful." [...]

At any rate, while Thingiverse may be popular among 3D printing mavens, people who like to build their own guns look to other options. [...] Bragg's approach to 3D printing sites and 3D printer manufacturers is to seek voluntary cooperation. Only Thingiverse and YouTube have taken up his call, others may or may not follow. "While law enforcement has a primary role to play in stopping the rise of 3D-printed weapons, this technology is rapidly changing and evolving, and we need the help and expertise of the private sector to aid our efforts," Bragg said. "We will continue to proactively reach out to and collaborate with others in the industry to reduce gun violence throughout Manhattan and keep everyone safe." But it seems doubtful that the sites where Aranda and other 3D gun makers get their files will be rushing to help Bragg voluntarily.

An anonymous reader quotes a report from Ars Technica: A California lawmaker halted an effort to pass a law that would force Internet service providers to offer $15 monthly plans to people with low incomes. Assemblymember Tasha Boerner proposed the state law a few months ago, modeling the bill on a law enforced by New York. It seemed that other states were free to impose cheap-broadband mandates because the Supreme Court rejected broadband industry challenges to the New York law twice.

Boerner, a Democrat who is chair of the Communications and Conveyance Committee, faced pressure from Internet service providers to change or drop the bill. She made some changes, for example lowering the $15 plan's required download speeds from 100Mbps to 50Mbps and the required upload speeds from 20Mbps to 10Mbps. But the bill was still working its way through the legislature when, according to Boerner, Trump administration officials told her office that California could lose access to $1.86 billion in Broadband Equity, Access, and Deployment (BEAD) funds if it forces ISPs to offer low-cost service to people with low incomes.

That amount is California's share of a $42.45 billion fund created by Congress to expand access to broadband service. The Trump administration has overhauled program rules, delaying the grants. One change is that states can't tell ISPs what to charge for a low-cost plan. The US law that created BEAD requires Internet providers receiving federal funds to offer at least one "low-cost broadband service option for eligible subscribers." But in new guidance from the National Telecommunications and Information Administration (NTIA), the agency said it prohibits states "from explicitly or implicitly setting the LCSO [low-cost service option] rate a subgrantee must offer." "All they would have to do to get exempted from AB 353 [the $15 broadband bill] would be to apply to the BEAD program," said Boerner. "Doesn't matter if their application was valid, appropriate, granted, or they got public money at the end of the day and built the projects -- the mere application for the BEAD program would exempt them from 353, if it didn't jeopardize from $1.86 billion to begin with. And that was a tradeoff I was unwilling to make."

Another California bill in the Senate would encourage, not require, ISPs to offer cheap broadband by making them eligible for Lifeline subsidies if they sell 100/20Mbps service for $30 or less.

Dictionary.com abruptly deleted all user accounts and saved word lists from its premium apps without notice or refunds, leaving long-time logophiles "devastated." "The company deleted all accounts, as well as the only ways to use Dictionary.com without seeing ads -- even if you previously paid for an ad-free experience," reports Ars Technica. From the report: Dictionary.com offers a free dictionary through its website and free Android and iOS apps. It used to offer paid-for mobile apps, called Dictionary.com Pro, that let users set up accounts, use the app without ads, and enabled other features (like grammar tips and science and rhyming dictionaries) that are gone now. Dictionary.com's premium apps also let people download an offline dictionary (its free apps used to let you buy a downloadable dictionary as a one-time purchase), but offline the dictionaries aren't available anymore.

About a year ago, claims of Dictionary.com's apps being buggy surfaced online. We also found at least one person claiming that they were unable to buy an ad-free upgrade at that time. Reports of Dictionary.com accounts being deleted and the apps not working as expected, and with much of its content removed, started appearing online about two months ago. Users reported being unable to log in and access premium features, like saved words. Soon after, Dictionary.com's premium apps were removed from Google Play and Apple's App Store. The premium version was available for download for $6 as recently as March 23, per the Internet Archive's Wayback Machine.