An anonymous reader quotes a report from Wired: A controversial US wiretap program days from expiration cleared a major hurdle on its way to being reauthorized. After months of delays, false starts, and interventions by lawmakers working to preserve and expand the US intelligence community's spy powers, the House of Representatives voted on Friday to extend Section 702 (PDF) of the Foreign Intelligence Surveillance Act (FISA) for two years. Legislation extending the program -- controversial for being abused by the government -- passed in the House in a 273-147 vote. The Senate has yet to pass its own bill.

Section 702 permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the "compelled assistance" of US communications providers. The government may strictly target foreigners believed to possess "foreign intelligence information," but it also eavesdrops on the conversations of an untold number of Americans each year. (The government claims it is impossible to determine how many Americans get swept up by the program.) The government argues that Americans are not themselves being targeted and thus the wiretaps are legal. Nevertheless, their calls, texts, and emails may be stored by the government for years, and can later be accessed by law enforcement without a judge's permission. The House bill also dramatically expands the statutory definition for communication service providers, something FISA experts, including Marc Zwillinger -- one of the few people to advise the Foreign Intelligence Surveillance Court (FISC) -- have publicly warned against.

The FBI's track record of abusing the program kicked off a rare detente last fall between progressive Democrats and pro-Trump Republicans -- both bothered equally by the FBI's targeting of activists, journalists, anda sitting member of Congress. But in a major victory for the Biden administration, House members voted down an amendment earlier in the day that would've imposed new warrant requirements on federal agencies accessing Americans' 702 data. The warrant amendment was passed earlier this year by the House Judiciary Committee, whose long-held jurisdiction over FISA has been challenged by friends of the intelligence community. Analysis by the Brennan Center this week found that 80 percent of the base text of the FISA reauthorization bill had been authored by intelligence committee members.

Liam Proven reports via The Register: Bad news for those who want to play with OpenVMS in non-production use. Older versions are disappearing, and the terms are getting much more restrictive. The corporation behind the continued development of OpenVMS, VMS Software, Inc. -- or VSI to its friends, if it has any left after this -- has announced the latest Updates to the Community Program. The news does not look good: you can't get the Alpha and Itanium versions any more, only a limited x86-64 edition.

OpenVMS is one of the granddaddies of big serious OSes. A direct descendant of the OSes that inspired DOS, CP/M, OS/2, and Windows, as well as the native OS of the hardware on which Unix first went 32-bit, VMS has been around for nearly half a century. For decades, its various owners have offered various flavors of "hobbyist program" under which you could get licenses to install and run it for free, as long as it wasn't in production use. Since Compaq acquired DEC, then HP acquired Compaq, its prospects looked checkered. HP officially killed it off in 2013, then in 2014 granted it a reprieve and sold it off instead. New owner VSI ported it to x86-64, releasing that new version 9.2 in 2022. Around this time last year, we covered VSI adding AMD support and opening a hobbyist program of its own. It seems from the latest announcement that it has been disappointed by the reception: "Despite our initial aspirations for robust community engagement, the reality has fallen short of our expectations. The level of participation in activities such as contributing open source software, creating wiki articles, and providing assistance on forums has not matched the scale of the program. As a result, we find ourselves at a crossroads, compelled to reassess and recalibrate our approach."

Although HPE stopped offering hobbyist licenses for the original VAX versions of OpenVMS in 2020, VSI continued to maintain OpenVMS 8 (in other words, the Alpha and Itanium editions) while it worked on version 9 for x86-64. VSI even offered a Student Edition, which included a freeware Alpha emulator and a copy of OpenVMS 8.4 to run inside it. Those licenses run out in 2025, and they won't be renewed. If you have vintage DEC Alpha or HP Integrity boxes with Itanic chips, you won't be able to get a legal licensed copy of OpenVMS for them, or renew the license of any existing installations -- unless you pay, of course. There will still be a Community license edition, but from now on it's x86-64 only. Although OpenVMS 9 mainly targets hypervisors anyway, it does support bare-metal operations on a single model of HPE server, the ProLiant DL380 Gen10. If you have one of them to play with -- well, tough. Now Community users only get a VM image, supplied as a VMWare .vmdk file. It contains a ready-to-go "OpenVMS system disk with OpenVMS, compilers and development tools installed." Its license runs for a year, after which you will get a fresh copy. This means you won't be able to configure your own system and keep it alive -- you'll have to recreate it, from scratch, annually. The only alternative for those with older systems is to apply to be an OpenVMS Ambassador.

We're seeing a boom in journaling apps as safer, easier ways to ease us back into posting everything online. From a report: Last year, Apple released a journal app with iOS 17. Former Yahoo CEO Marissa Mayer just unveiled a photo app called Shine, which is made to share photos and memories with a select group of people. Today, Retro -- a startup that we called "the new Instagram" -- is launching a feature called Journals within the app, which lets you record both photos and notes for a select group of people.

As a lifelong journaler, it's hard to forget that I already have an intimate, safe space to record my life and share memories. It is a notebook. I don't have to worry about marketers selling my information, because it's not accessible. What if creating a safe space all of your own means just getting off the internet altogether? Most of these apps are based on the central premise that most of us would rather talk to family or close friends than with a pretty stranger shilling snack boxes. As we reported previously, Retro has a few standout features. Once you join the app, you're prompted to select a few pictures to post per week. In order to see your friends' and family's photos, you have to share photos of your own. That keeps people actively participating instead of lurking.

England could produce 13 times more renewable energy than it does now, while using less than 3% of its land, analysis has found. The Guardian: Onshore wind and solar projects could provide enough electricity to power all the households in England two and a half times over, the research by Exeter University, commissioned by Friends of the Earth (FoE), suggested. Currently, about 17 terawatt hours of electricity a year comes from homegrown renewables on land. But there is potential for 130TWh to come from solar panels, and 96TWh from onshore wind. These figures are reached by only taking into account the most suitable sites, excluding national parks, areas of outstanding natural beauty, higher grade agricultural land and heritage sites.

Some commentators have argued that solar farms will reduce the UK's ability to grow its own food, but the new analysis suggests there is plenty of land that can be used without impairing agricultural production. More land is now taken up by golf courses than solar farms, and developers can be required to enhance biodiversity through simple measures such as maintaining hedgerows and ponds. Onshore windfarms were in effect banned in 2015 by the then prime minister, David Cameron. Rishi Sunak last year claimed to make moves towards lifting the ban, through small changes to the planning regulations, but campaigners say they were ineffectual and real planning reform is needed. No plans were submitted for new windfarms in England last year, and few new developments are coming forward, despite high gas prices, rising bills and onshore wind being the cheapest form of electricity generation.

TechCrunch reports this week that Meta "is denying that it gave Netflix access to users' private messages..." The claim references a court filing that emerged as part of the discovery process in a class-action lawsuit over data privacy practices between a group of consumers and Facebook's parent, Meta. The document alleges that Netflix and Facebook had a "special relationship" and that Facebook even cut spending on original programming for its Facebook Watch video service so as not to compete with Netflix, a large Facebook advertiser. It also says that Netflix had access to Meta's "Inbox API" that offered the streamer "programmatic access to Facebook's user's private message inboxes...."

Meta's communications director, Andy Stone, reposted the original X post on Tuesday with a statement disputing that Netflix had been given access to users' private messages. "Shockingly untrue," Stone wrote on X. "Meta didn't share people's private messages with Netflix. The agreement allowed people to message their friends on Facebook about what they were watching on Netflix, directly from the Netflix app. Such agreements are commonplace in the industry...."

Beyond Stone's X post, Meta has not provided further comment. However, The New York Times had previously reported in 2018 that Netflix and Spotify could read users' private messages, according to documents it had obtained. Meta denied those claims at the time via a blog post titled "Facts About Facebook's Messaging Partnerships," where it explained that Netflix and Spotify had access to APIs that allowed consumers to message friends about what they were listening to on Spotify or watching on Netflix directly from those companies' respective apps. This required the companies to have "write access" to compose messages to friends, "read access" to allow users to read messages back from friends, and "delete access," which meant if you deleted a message from the third-party app, it would also delete the message from Facebook.

"No third party was reading your private messages, or writing messages to your friends without your permission. Many news stories imply we were shipping over private messages to partners, which is not correct," the blog post stated. In any event, Messenger didn't implement default end-to-end encryption until December 2023, a practice that would have made these sorts of claims a non-starter, as it wouldn't have left room for doubt.

Plex is a multi-functional streaming platform that allows users to watch, organize, and curate their favorite media entertainment. Sharing Plex libraries is also an option; one that comes with piracy concerns. In an effort to "avoid the growth of piracy," Plex asked GitHub to remove a repository that allows people to reshare libraries that were not originally theirs. TorrentFreak reports: The Swiss company, which is headquartered in the U.S., asked GitHub to remove a "Plex Reshare" repository, alleging that it may contribute to its piracy problem. "Plex Reshare" doesn't host any copyright-infringing material and, as far as we've seen, it doesn't reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to "reshare" them without being the original owner. "The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library," Plex Reshare developer Peter explains.

While the repository doesn't host or link to copyright-infringing material, Plex argues that it can be used to 'grow' piracy. "We have found infringing material in your website which indeed is OTHER 'Plex Server'. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy," the takedown notice reads. The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use "OTHER Plex Server" as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It's not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice. Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference. This likely wasn't a straightforward decision as GitHub is known to put developers first with these types of issues. In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered. The report notes that the Plex-reshare code is listed on Docker Hub as well, which means it may face a similar fate.

The Record reports: Ross Anderson, a professor of security engineering at the University of Cambridge who is widely recognized for his contributions to computing, passed away at home on Thursday according to friends and colleagues who have been in touch with his family and the University.

Anderson, who also taught at Edinburgh University, was one of the most respected academic engineers and computer scientists of his generation. His research included machine learning, cryptographic protocols, hardware reverse engineering and breaking ciphers, among other topics. His public achievements include, but are by no means limited to, being awarded the British Computer Society's Lovelace Medal in 2015, and publishing several editions of the Security Engineering textbook.
Anderson's security research made headlines throughout his career, with his name appearing in over a dozen Slashdot stories...

• 2023: Researchers Warn of 'Model Collapse' As AI Trains On AI-Generated Content

• 2021: 'Trojan Source' Bug Threatens the Security of All Code

• 2015: Factory Reset On Millions of Android Devices Doesn't Wipe Storage

• 2012: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

• 2010: Why "Verified By Visa" System Is Insecure

• 2008: Researchers Expose New Credit Card Fraud Risk

• 2006: "Security Engineering" Is Now Online. [The link from that 2006 post still works. Slashdot called Anderson's book "arguably the best information security book ever written" in one of two reviews, published in 2002 and 2010.]

• 2002:Security of Open vs. Closed Source Software.

• 2002: Analyzing Palladium

My favorite story? UK Banks Attempt To Censor Academic Publication.

"Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online..."

Chris Plante reports via Polygon: Phil Spencer doesn't just want Xbox games on other consoles. He wants other video game retailers on Xbox, too. In an interview with Microsoft's CEO of Gaming during the annual Game Developers Conference, Spencer told Polygon about the ways he'd like to break down the walled gardens that have historically limited players to making purchases through the first-party stores tied to each console. Or, in layperson terms, why you should be able to buy games from other stores on Xbox -- not just the official storefront. Spencer mentioned his frustrations with closed ecosystems, so we asked for clarity. Could he really see a future where stores like Itch.io and Epic Games Store existed on Xbox? Was it just a matter of figuring out mountains of paperwork to get there? "Yes," said Spencer. "[Consider] our history as the Windows company. Nobody would blink twice if I said, 'Hey, when you're using a PC, you get to decide the type of experience you have [by picking where to buy games]. There's real value in that." Spencer believes console players would benefit from that freedom too -- and so would console makers like Microsoft.

Spencer explained how, in the past, console makers would typically subsidize the cost of expensive hardware, knowing that a portion of every dollar spent on games for the platform over the years would eventually make it back to the console maker. Then, in time, the console maker would recoup the subsidy -- and hopefully more. But, Spencer said, "Moore's Law has slowed down. The price of the components of a console aren't coming down as fast as they have in previous generations." Worse, he explained, the console market isn't growing, with more gamers moving to PC and handheld options. Now, the notion of subsidizing a console -- and forcing players to purchase games through the official storefront to help recoup costs -- might not make sense. The walls meant to lock people into consoles might be motivating them to stay out.

"[Subsidizing hardware] becomes more challenging in today's world," Spencer said. "And I will say, and this may seem too altruistic, I don't know that it's growing the industry. So I think, what are the barriers? What are the things that create friction in today's world for creators and players? And how can we be part of opening up that model?" The answer, in part, is scrapping exclusivity on more and more Xbox games. Spencer explained that the game experience is hindered when it matters what consoles we play on or what shops sell us our games. As an example, he pointed to Sea of Thieves. A player, he explained, shouldn't have to worry about what hardware they or their friends own. They should just know if their friends have and want to play Sea of Thieves. Now, Spencer said, "if I want to play on a gaming PC, then I feel like I'm more a continuous part of a gaming ecosystem as a whole. As opposed to [on console], my gaming is kind of sharded -- to use a gaming term -- based on these different closed ecosystems that I have to play across."

FrankOVD shares a report: Here's a paragraph from the DOJ's antitrust lawsuit against Apple in full: "In addition to degrading the quality of third-party messaging apps, Apple affirmatively undermines the quality of rival smartphones. For example, if an iPhone user messages a non-iPhone user in Apple Messages -- the default messaging app on an iPhone -- then the text appears to the iPhone user as a green bubble and incorporates limited functionality: the conversation is not encrypted, videos are pixelated and grainy, and users cannot edit messages or see typing indicators.

"This signals to users that rival smartphones are lower quality because the experience of messaging friends and family who do not own iPhones is worse -- even though Apple, not the rival smartphone, is the cause of that degraded user experience. Many non-iPhone users also experience social stigma, exclusion, and blame for 'breaking' chats where other participants own iPhones. This effect is particularly powerful for certain demographics, like teenagers -- where the iPhone's share is 85 percent, according to one survey. This social pressure reinforces switching costs and drives users to continue buying iPhones -- solidifying Apple's smartphone dominance not because Apple has made its smartphone better, but because it has made communicating with other smartphones worse."

Soon you might be able to compete in games against friends and colleagues and even the office next door on LinkedIn. From a report: The Microsoft-owned company is reportedly planning to add a new game experience to the platform. According to TechCrunch, the experience is designed to tap into the same popularity of games like Wordle. Players' scores will be sorted by their workplace and ranked, allowing you to take on another office or even across the country. App researcher Nima Owji posted photos of the gaming experience on Twitter/X on Saturday. A representative from LinkedIn confirmed to TechCrunch that the company is working on adding puzzle-based games to the LinkedIn experience as a way to "unlock a bit of fun, deepen relationships, and hopefully spark the opportunity for conversations."

A Boeing quality manager for more than 30 years "learned of and exposed very serious safety problems with the Boeing 787 Dreamliner," according to his lawyers, "and was retaliated against and subjected to a hostile work environment."

After retiring in 2017 he'd filed a whistleblower retaliation case, and "was in the middle of giving deposition testimony... when he died, his lawyers, Robert Turkewitz and Brian Knowles, told NPR." "He was in very good spirits and really looking forward to putting this phase of his life behind him and moving on," the South Carolina-based attorneys said in a joint statement. "We didn't see any indication he would take his own life. No one can believe it."

Police said officers were sent to the hotel to conduct a welfare check after people were unable to contact Barnett, who had traveled to Charleston to testify in his lawsuit against Boeing. "Upon their arrival, officers discovered a male inside a vehicle suffering from a gunshot wound to the head," police said in a statement sent to NPR. "He was pronounced deceased at the scene...."

Barnett, who spent decades working for Boeing at its plants in Everett, Washington, and North Charleston, South Carolina, had repeatedly alleged that Boeing's manufacturing practices had declined — and that rather than improve them, he added, managers had pressured workers not to document potential defects and problems.

"We are saddened by Mr. Barnett's passing, and our thoughts are with his family and friends," Boeing said in a statement sent to NPR....

Barnett filed a whistleblower complaint against Boeing in early 2017; his case against the company was heading toward a trial this June, his family said. "He was looking forward to having his day in court and hoped that it would force Boeing to change its culture," the family said in a statement shared with NPR by his brother, Rodney Barnett. The family says Barnett's health declined because of the stresses of taking a stand against his longtime employer.

"He was suffering from PTSD and anxiety attacks as a result of being subjected to the hostile work environment at Boeing," they said, "which we believe led to his death."
"Two of his attorneys called on police to fully investigate how he had died," reports the BBC.

And for what it's worth, the New York Post says Barnett "made a grim prediction that he could potentially end up dead after raising safety concerns about the jetliner giant, allegedly telling a family friend: 'If anything happens, it's not suicide.'"

UPDATE: Fortune just published an article called "The last days of the Boeing whistleblower."

Thanks to Slashdot readers wgoodman and sinij for sharing the article.

Long-time Slashdot reader garote writes: It's the year 1991. You're a teenage computer geek.

You've just upgraded to an Apple IIgs, your first "16-bit" computer. To relieve the crushing boredom of your High School coursework, you and your friends embark on the computer geek equivalent of forming a heavy metal band: Making your own video game.

You meet at the benches during lunch hour, and pass around crude plans scribbled on graph paper. You assign each other impressive titles like "Master Programmer", "Sound Designer", and "Area Data Input". You swap 3.5" disks like furtive secret agents, and stay up coding untl 3am. Your parents look at your owlish eyes — and your slipping grades — and ask if you're "on drugs".

If that sounds familiar, this essay may prove interesting. It uses the game my friends and I started — but didn't finish — in High School over 30 years ago, to explore the absurd programming contortions we did to make it playable on the Apple IIgs: The red-headed stepchild of the Apple II line; a machine that languished for six years without a hardware upgrade to avoid competing with the Macintosh.

Thanks to the recent release of the first cycle-accurate emulator for this machine, you can actually play the game in all its screen-tearing glory. You can also explore the source code which has survived for 30 years, and been adapted to build on modern hardware thanks to Merlin32 and CiderPress II. "Nowadays, the content of the game itself is only good for an embarrassing laugh," according to the web page, "but I feel that the code we hammered out shows the unique challenges of a bygone era, which should be remembered..."

An anonymous reader quotes a report from Ars Technica: Jack Teixeira, the National Guard airman who leaked confidential military documents on Discord, agreed Monday to plead guilty, promising to cooperate with officials attempting to trace the full extent of government secrets leaked. Under the plea deal, Teixeira will serve a much-reduced sentence, The Boston Globe reported, recommended between 11 years and 16 years and eight months. Previously, Teixeira had pleaded not guilty to six counts of "willful retention and transmission of national defense information," potentially facing up to 10 years per count. During a pretrial hearing, prosecutors suggested he could face up to 25 years, The Globe reported.

By taking the deal, Teixeira will also avoid being charged with violations of the Espionage Act, The New York Times reported, including allegations of unlawful gathering and unauthorized removal of top-secret military documents. According to prosecutors, it was clear that Teixeira, 22, was leaking sensitive documents -- including national security secrets tied to US foreign adversaries and allies, including Russia, China, Ukraine, and South Korea -- just to impress his friends on Discord -- some of them teenage boys. Investigators found no evidence of espionage. US District Judge Indira Talwani will decide whether or not to sign off on the deal at a hearing scheduled for September 27.

Emma Roth reports via The Verge: If you still haven't migrated your Oculus account to a Meta one, you might want to do that soon. In an email sent to users, the company says it will delete Oculus accounts on March 29th, 2024, preventing you from reactivating or retrieving your apps, in-app purchases, store credits, and more. You'll lose your achievements, friends list, and any content created with your Oculus account if you don't migrate to a Meta account before then.

Oculus accounts have been on the way out since 2020, when the company then known as Facebook started requiring new users to sign up with Facebook accounts instead. However, it added the ability to create a Meta account in 2022, offering an alternative to users who didn't want to link their Facebook account to their Quest headset. Meta stopped letting users log in to their Oculus accounts in January 2023. If you've got a Quest gathering dust in a drawer somewhere, now's your last chance to migrate your Oculus account to a Meta one.

You can migrate your account by heading to this page and signing up for a Meta account with the same email you've used for Oculus. From there, you'll be able to access all of the same games, data, and other purchases saved to your Oculus account.

Landscaping tech company Husqvarna has partnered with Bethesda to bring the original 1993 Doom to its $2,000+ robotic lawnmowers. Kotaku reports: This new way to play Doom arrives in April on all Nera robotic lawnmower models. You don't have to pay for the game, either, just a $2,000+ lawnmower. Instead, just download it and play the shooter via the robo-mower's built-in screen. To rotate your view, you turn the knob and to shoot demons, you press it down. You hold the start button to move forward.

A few caveats to mention. First, this isn't available in the United States. Why? I don't know. Perhaps we can't be trusted with video games on lawnmowers? Secondly, this isn't all of Doom. Instead, it's just the first episode -- Knee Deep In The Dead -- which is arguably its most famous one, sure, but just keep in mind you won't be able to play the rest of the beloved shooter in the middle of your backyard on a tiny LCD screen. Sorry.

Sadly, this won't be a permanent feature that you can show off to family and friends for years to come. Instead, Doom and all its demons and guns will be removed from lawnmowers on September 9. So enjoy it while you can.

Dr. Ruth Gottesman, a longtime professor at the Albert Einstein College of Medicine, is making free tuition available to all students going forward. From a report: The 93-year-old widow of a Wall Street financier has donated $1 billion to a Bronx medical school, the Albert Einstein College of Medicine, with instructions that the gift be used to cover tuition for all students going forward. The donor, Dr. Ruth Gottesman, is a former professor at Einstein, where she studied learning disabilities, developed a screening test and ran literacy programs. It is one of the largest charitable donations to an educational institution in the United States and most likely the largest to a medical school.

The fortune came from her late husband, David Gottesman, known as Sandy, who was a protege of Warren Buffett and had made an early investment in Berkshire Hathaway, the conglomerate Mr. Buffett built. The donation is notable not only for its staggering size, but also because it is going to a medical institution in the Bronx, the city's poorest borough. The Bronx has a high rate of premature deaths and ranks as the unhealthiest county in New York. Over the past generation, a number of billionaires have given hundreds of millions of dollars to better-known medical schools and hospitals in Manhattan, the city's wealthiest borough.

While her husband ran an investment firm, First Manhattan, Dr. Gottesman had a long career at Einstein, a well-regarded medical school, starting in 1968, when she took a job as director of psychoeducational services. She has long been on Einstein's board of trustees and is currently the chair. In recent years, she has become close friends with Dr. Philip Ozuah, the pediatrician who oversees the medical college and its affiliated hospital, Montefiore Medical Center, as the chief executive officer of the health system. That friendship and trust loomed large as she contemplated what to do with the money her husband had left her.

"A lot of that AI chatbots that you spend days talking to push hard on getting more and more private information from you," writes longtime Slashdot reader michelcultivo, sharing a report from Gizmodo.

"To be perfectly blunt, AI girlfriends and boyfriends are not your friends," says Misha Rykov, a Mozilla Researcher from the company's *Privacy Not Included project. "Although they are marketed as something that will enhance your mental health and well-being, they specialize in delivering dependency, loneliness, and toxicity, all while prying as much data as possible from you." Gizmodo reports: Mozilla dug into 11 different AI romance chatbots, including popular apps such as Replika, Chai, Romantic AI, EVA AI Chat Bot & Soulmate, and CrushOn.AI. Every single one earned the Privacy Not Included label, putting these chatbots among the worst categories of products Mozilla has ever reviewed. You've heard stories about data problems before, but according to Mozilla, AI girlfriends violate your privacy in "disturbing new ways." For example, CrushOn.AI collects details including information about sexual health, use of medication, and gender-affirming care. 90% of the apps may sell or share user data for targeted ads and other purposes, and more than half won't let you delete the data they collect. Security was also a problem. Only one app, Genesia AI Friend & Partner, met Mozilla's minimum security standards.

One of the more striking findings came when Mozilla counted the trackers in these apps, little bits of code that collect data and share them with other companies for advertising and other purposes. Mozilla found the AI girlfriend apps used an average of 2,663 trackers per minute, though that number was driven up by Romantic AI, which called a whopping 24,354 trackers in just one minute of using the app. The privacy mess is even more troubling because the apps actively encourage you to share details that are far more personal than the kind of thing you might enter into a typical app. EVA AI Chat Bot & Soulmate pushes users to "share all your secrets and desires," and specifically asks for photos and voice recordings. It's worth noting that EVA was the only chatbot that didn't get dinged for how it uses that data, though the app did have security issues. [...]

Many websites are using AI tools to generate fake obituaries about average people for profit. These articles lack substantiating details but are optimized for SEO, frequently outranking legitimate obituaries, The Verge reports. The fake obituaries, as one can imagine, are causing distress for grieving families and friends. In response, Google told The Verge that it aims to surface high-quality information but struggles with "data voids." The company terminated some YouTube channels sharing fake notices but declined to say if the flagged websites violate policies.

An anonymous reader quotes a report from TechCrunch: The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet's in-built speaker and microphone, and share their real-time location in a friend's group using Livall's smartphone apps. Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, said Livall's smartphone apps had a simple flaw allowing easy access to any group's audio chats and location data. Munro says the two apps, one for skiers and one for bike riders, collectively have about a million users.

At the heart of the bug, Munro found that anyone using Livall's apps for group audio chat and sharing their location must be part of the same friends group, which could be accessed using only that group's six-digit numeric code. "That 6-digit group code simply isn't random enough," Munro said in a blog post describing the flaw. "We could brute force all group IDs in a matter of minutes." In doing so, anyone could access any of the 1 million possible permutations of group chat codes.

"As soon as one entered a valid group code, one joined the group automatically," said Munro, adding that this happened without alerting other group members. "It was therefore trivial to silently join any group, giving us access to any users' location and the ability to listen in to any group audio communications," said Munro. "The only way a rogue group user could be detected was if the legitimate user went to check on the members of that group." [...] In an email, Livall's R&D director Richard Yi explained that the company improved the randomness of group codes by also adding letters, and including alerts for new members joining groups. Yi also said the app now allows the shared location to be turned off at the user level.

An anonymous reader quotes a report from the Boston Globe: William Straus, like many others, saw the videos in recent days of people behind the wheel of a Tesla in Autopilot mode, sporting their new Apple Vision Pro headsets and typing on an invisible keyboard. "They're all over the Internet, these idiots driving Teslas with their hands up in the air," the state representative said. Some claimed their video was staged. No matter: Straus wants to make it illegal. The Legislature's transportation committee on Wednesday approved language that would ban the use of the new virtual reality headset, or other similar technologies, while behind the wheel in Massachusetts.

Straus, the committee's House chair, said he crafted language with his staff over Monday night and Tuesday morning, and added it to an existing proposal that would, among other things, bar drivers from recording or broadcasting themselves while behind the wheel. That it advanced out of committee less than 48 hours later qualifies as light speed by Beacon Hill standards. (The bill must still pass the full House and Senate.) [...]

"This is absolutely the correct time to wall this off," said Straus, a Mattapoisett Democrat. "People who operate motor vehicles already have too many distractions." Straus' proposal would explicitly not allow drivers to wear, hold, or "otherwise utilize or interact with a spatial computer," or an augmented reality or mixed reality device. It also would ban drivers from viewing any video, images or text unrelated to operating or navigating the car, be it displayed on a screen or "otherwise worn as a headset or elsewhere on the operator's body." Motorists would face the same fines they do now for using their phone to text while driving: $100 for a first violation, $250 for a second violation and $500 for every violation after that. The driver in the viral video posted on YouTube and linked above said that it was a "skit" that he had made with friends and that he wasn't arrested. "[I] was in the right place at the right time," he told Gizmodo. "That's why we filmed the police."