Texas Governor Greg Abbott has signed a bill prohibiting children under 18 from joining various social media platforms without parental consent. Similar legislation has been passed in Utah and Louisiana. The Verge reports: The bill, HB 18, requires social media companies to receive explicit consent from a minor's parent or guardian before they'd be allowed to create their own accounts starting in September of next year. It also forces these companies to prevent children from seeing "harmful" content -- like content related to eating disorders, substance abuse, or "grooming" -- by creating new filtering systems.

Texas' definition of a "digital service" is extremely broad. Under the law, parental consent would be necessary for kids trying to access nearly any site that collects identifying information, like an email address. There are some exceptions, including sites that primarily deliver educational or news content and email services. The Texas attorney general could sue companies found to have violated this law. The law's requirements to filter loosely defined "harmful material" and provide parents with control over their child's accounts mirror language in some federal legislation that has spooked civil and digital rights groups.

Like HB 18, the US Senate-led Kids Online Safety Act orders platforms to prevent minors from being exposed to content related to disordered eating and other destructive behaviors. But critics fear this language could encourage companies like Instagram or TikTok to overmoderate non-harmful content to avoid legal challenges. Overly strict parental controls could also harm kids in abusive households, allowing parents to spy on marginalized children searching for helpful resources online.

Reddit has been going through some issues for many on Monday, with the outage happening the same day as thousands of subreddits going dark to protest the site's new API pricing terms. From a report: According to Reddit, the blackout is responsible for the problems. "A significant number of subreddits shifting to private caused some expected stability issues, and we've been working on resolving the anticipated issue," spokesperson Tim Rathschmidt tells The Verge. Reddit's status page reported a "major outage" affecting Reddit's desktop and mobile sites and its native mobile apps. [...] More than 7,000 subreddits have gone private or read-only in response to the API pricing terms, which is forcing the developers of apps like Apollo for Reddit to shut down at the end of the month.

According to a joint investigation from The Wall Street Journal and researchers at Stanford University and the University of Massachusetts Amherst, Instagram's algorithms are actively promoting networks of pedophiles who commission and sell child sexual abuse content on the app. The Verge reports: Accounts found by the researchers are advertised using blatant and explicit hashtags like #pedowhore, #preteensex, and #pedobait. They offer "menus" of content for users to buy or commission, including videos and imagery of self-harm and bestiality. When researchers set up a test account and viewed content shared by these networks, they were immediately recommended more accounts to follow. As the WSJ reports: "Following just a handful of these recommendations was enough to flood a test account with content that sexualizes children."

In addition to problems with Instagram's recommendation algorithms, the investigation also found that the site's moderation practices frequently ignored or rejected reports of child abuse material. The WSJ recounts incidents where users reported posts and accounts containing suspect content (including one account that advertised underage abuse material with the caption "this teen is ready for you pervs") only for the content to be cleared by Instagram's review team or told in an automated message [...]. The report also looked at other platforms but found them less amenable to growing such networks. According to the WSJ, the Stanford investigators found "128 accounts offering to sell child-sex-abuse material on Twitter, less than a third the number they found on Instagram" despite Twitter having far fewer users, and that such content "does not appear to proliferate" on TikTok. The report noted that Snapchat did not actively promote such networks as it's mainly used for direct messaging.

In response to the report, Meta said it was setting up an internal task force to address the issues raised by the investigation. "Child exploitation is a horrific crime," the company said. "We're continuously investigating ways to actively defend against this behavior." Meta noted that in January alone it took down 490,000 accounts that violated its child safety policies and over the last two years has removed 27 pedophile networks. The company, which also owns Facebook and WhatsApp, said it's also blocked thousands of hashtags associated with the sexualization of children and restricted these terms from user searches.

Roughly 800,000 Maryland drivers with license plates designed to commemorate the War of 1812 are now inadvertently advertising a website for an online casino based in the Philippines. From a report: In 2012, to celebrate the 200th anniversary of the War of 1812, Maryland redesigned its standard license plate to read "MARYLAND WAR OF 1812." The license plates, which were the default between 2012 and 2016, have the URL www.starspangled200.org printed at the bottom. Sometime within the last year, www.starspangled200.org stopped telling people about how Marylander Francis Scott Key was inspired to write the national anthem "The Star Spangled Banner" after watching British ships bombard Fort McHenry in Baltimore during the War of 1812 and started instead redirecting to a site called globeinternational.info, in which a blinking, bikini-clad woman advertises "Philippines Best Betting Site, Deposit 100 Receive 250."

The issue was spotted by a Redditor who said "I was never a fan of having a plate celebrating the War of 1812, but I'm even more upset now that I (and tons of other Marylanders) are driving advertisements for international online gambling." Domain registration information shows that starspangled200.org has been re-registered and transferred a handful of times within the last few years. It is not exactly clear when it stopped being a website about American history. The Internet Archive shows that as recently as December 2022, the website explained that "the young United States was embroiled in the War of 1812 and the Chesapeake Bay region felt the brunt of it." A snapshot from today, however, explains that "Extremely lenient laws govern gaming," in the Philippines. "This is a result of the growing popularity of gambling among tourists and the enormous casino resorts that have recently been built."

Amazon.com will close its official app store in China in July, the latest retreat from the Chinese market by the US tech giant following last year's announcement that its Kindle e-book service would also shut. From a report: An Amazon representative said the Amazon Appstore, launched in 2011 as an alternative to Google for Android phone users to install apps and games, will be "discontinued." However, its official shopping site Amazon.cn will remain operational, as will other services such as Amazon Global Selling, Amazon Global Store and cloud unit Amazon Web Services (AWS). The app store service will shut down on July 17, according to Chinese media The Paper, citing a Tuesday email from Amazon Appstore sent to users, which did not elaborate on the reasons for quitting the market. The Amazon Appstore could not be downloaded from its official Chinese site as of Tuesday.

An anonymous reader quotes a report from Ars Technica: The US Justice Department has seized the domains of 13 DDoS-for hire services as part of an ongoing initiative for combatting the Internet menace. The providers of these illicit services platforms describe them as "booter" or "stressor" services that allow site admins to test the robustness and stability of their infrastructure. Almost, if not all, are patronized by people out to exact revenge on sites they don't like or to further extortion, bribes, or other forms of graft. The international law enforcement initiative is known as Operation PowerOFF. In December, federal authorities seized another 48 domains. Ten of them returned with new domains, many that closely resembled their previous names.

"Ten of the 13 domains seized today are reincarnations of services that were seized during a prior sweep in December, which targeted 48 top booter services," the Justice Department said. "For example, one of the domains seized this week -- cyberstress.org -- appears to be the same service operated under the domain cyberstress.us, which was seized in December. While many of the previously disrupted booter services have not returned, today's action reflects law enforcement's commitment to targeting those operators who have chosen to continue their criminal activities." According to a seizure warrant (PDF) filed in federal court, the FBI used live accounts available through the services to take down sites with high-capacity bandwidth that were under FBI control. "The FBI tested each of services associated with the SUBJECT DOMAINS, meaning that agents or other personnel visited each of the websites and either used previous login information or registered a new account on the service to conduct attacks," FBI Special Agent Elliott Peterson wrote in the affidavit. "I believe that each of the SUBJECT DOMAINS is being used to facilitate the commission of attacks against unwitting victims to prevent the victims from accessing the Internet, to disconnect the victim from or degrade communication with established Internet connections, or to cause other similar damage."

A vulnerability in the "Advanced Custom Fields" plugin for WordPress is putting more than two million users at risk of cyberattacks, warns Patchstack researcher Rafie Muhammad. The Register reports: A warning from Patchstack about the flaw claimed there are more than two million active installs of the Advanced Custom Fields and Advanced Custom Fields Pro versions of the plugins, which are used to give site operators greater control of their content and data, such as edit screens and custom field data. Patchstack researcher Rafie Muhammad uncovered the vulnerability on February 5, and reported it to Advanced Custom Fields' vendor Delicious Brains, which took over the software last year from developer Elliot Condon. On May 5, a month after a patched version of the plugins was released by Delicious Brains, Patchstack published details of the flaw. It's recommended users update their plugin to at least version 6.1.6.

The flaw, tracked as CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity, leaves sites vulnerable to reflected XSS attacks, which involve miscreants injecting malicious code into webpages. The code is then "reflected" back and executed within the browser of a visitor. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

"This vulnerability allows any unauthenticated user [to steal] sensitive information to, in this case, privilege escalation on the WordPress site by tricking the privileged user to visit the crafted URL path," Patchstack wrote in its report. The outfit added that "this vulnerability could be triggered on a default installation or configuration of Advanced Custom Fields plugin. The XSS also could only be triggered from logged-in users that have access to the Advanced Custom Fields plugin."

US authorities have seized another major Z-Library domain but still haven't been able to wipe the pirate book site off the Internet. From a report: Z-Library claims to offer over 13 million books, up from 11 million since US authorities launched their first major operation against Z-Library late last year. "Unfortunately, one of our primary login domains was seized today," Z-Library wrote in a Wednesday message on its Telegram account. "Therefore, we recommend using the domain singlelogin[dot]re to log in to your account, as well as to register. Please share this domain with others." In November, US authorities charged Russian nationals Anton Napolsky and Valeriia Ermakova with criminal copyright infringement, wire fraud, and money laundering for allegedly operating Z-Library. The US said at the time that it seized 250 "interrelated web domains" run by Z-Library and that Napolsky and Ermakova were arrested in Argentina at the request of the US government. Other people continue to operate Z-Library, which remained available on the Tor network and returned to the clearnet in February with a new strategy of assigning personal, secret URLs to each user. Z-Library directed users to singlelogin[dot]me, where they could sign in with their login credentials and receive a unique URL to access the entire pirate library.

Internet users are turning to VPN services as a means to circumvent Utah's new law requiring porn sites to verify users' ages. The spike in VPN searches appears to be directly related to Pornhub's decision on Tuesday to completely disable its websites for people living in the state. TechRadar reports: Google searches for virtual private networks (VPNs) have been skyrocketing since, with a peak registered on May 3, the day the new law came into force. By downloading a VPN service, pornography fans will be able to keep accessing Pornhub and similar sites with ease. That's because a virtual private network is security software able to spoof users' IP address (digital location and device identifier). Hence a surge of interest in VPNs across Utah as people will simply need to connect to a server located in a US state or foreign country where the restriction isn't yet enforced.

"Utah's age-verification law shows a worrying trend to further restrict digital freedoms and disregard data privacy across the US," said a spokesperson of secure VPN provider Private Internet Access (PIA). "Private Internet Access is a long-time advocate of greater digital privacy, and we urge lawmakers to consider other ways of protecting children online, including education, guidance from parents, and open conversations about safe internet usage, rather than relying on increasingly intrusive digital regulations which disregard people's privacy and online freedom." You can see the spike in "virtual private network" searches via Google Trends.

"Search queries for VPN were at peak popularity in Utah just before 4 a.m. EST Tuesday, according to the trends data," notes Newsweek. "Other related queries in the past week include searches for VPN extensions like Hola and Fox Speed."

An anonymous reader quotes a report from Motherboard: An anti-pornography group that claims all adult content is unhealthy is taking aim at Reddit, one of the biggest online platforms for sharing porn and sex worker resources. The National Center on Sexual Exploitation (NCOSE), formerly Morality in Media, celebrated changes to policy that resulted in adult performers losing their incomes, taken credit for pressuring Instagram to ban Pornhub from the platform, and encouraged its followers to help them shut down sites that host legal adult content, causing real-world harm to sex workers and pushing them toward the exploitation they claim to aim to prevent. The letter, signed by 320 "anti-sexual exploitation and violence experts," according to NCOSE, accuses Reddit of not doing enough to prevent image-based sexual abuse. The letter's co-signatories don't just push for better protection against non-consensual imagery, but demand that all adult content be banned from the site. This would result in a massive purge of hundreds of subreddits, many of them run by sex workers for posting consensual, legal content.

"Adopt strong policies against hardcore pornography and sexually explicit content, due to the inability for Reddit to ever sufficiently verify the age or consent of people depicted in such content," the letter urges Reddit. It also demands that the platform "ban users who upload sexually explicit material, especially if the material depicts child sexual abuse material or non-consensually shared intimate images, and prevent them from creating another account." "While these are steps forward, Reddit's failure to enact meaningful age and consent verirication[sic] practices and ineffective moderation strategy continues to allow such content to flourish on its platform," the letter states. "If they cause enough fuss in the media, over and over, eventually Reddit will decide it's not financially worthwhile to stand up for sanity, and they'll just nuke porn out of convenience," a moderator for r/cumsluts, a 3-million subscriber community for adult content, told Motherboard. "Eventually groups like NCOSE will get porn outlawed from the web in general. It's just a matter of time, and reintroducing the laws several times under different acronyms until people get tired of fighting. I'm very pessimistic about this. Unfortunately, mindlessly shrieking 'Won't somebody please think of the children?' over and over is a dangerously over-effective tactic."

A moderator for r/18_19 told Motherboard that they don't expect Reddit to ban adult content anytime soon, but if it did, that it could push people to decentralized platforms, or platforms that are more difficult to moderate or search. "I don't think Reddit should ban porn or adult communities. In the short term, banning adult content would suck," they said. "A huge number of people come here for that. But it wouldn't be a big deal in the long run. Porn will be available, it would just take a while for it to consolidate around new locations."

An anonymous reader quotes a report from KrebsOnSecurity: A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. KrebsOnSecurity was recently contacted by a security researcher who said he found a huge tranche of full credit card records exposed online, and that at first glance the domain names involved appeared to be affiliated with the USPS. Further investigation revealed a long-running international operation that has been emailing and text messaging people for years to sign up at a slew of websites that all promise they can help visitors secure employment at the USPS.

Sites like FederalJobsCenter[.]com also show up prominently in Google search results for USPS employment, and steer applicants toward making credit card "registration deposits" to ensure that one's application for employment is reviewed. These sites also sell training, supposedly to help ace an interview with USPS human resources. FederalJobsCenter's website is full of content that makes it appear the site is affiliated with the USPS, although its "terms and conditions" state that it is not. Rather, the terms state that FederalJobsCenter is affiliated with an entity called US Job Services, which says it is based in Lawrenceville, Ga. The site says applicants need to make a credit card deposit to register, and that this amount is refundable if the applicant is not offered a USPS job within 30 days after the interview process. But a review of the public feedback on US Job Services and dozens of similar names connected to this entity over the years shows a pattern of activity: Applicants pay between $39.99 and $100 for USPS job coaching services, and receive little if anything in return. Some reported being charged the same amount monthly. Michael Martel, spokesperson for the United States Postal Inspection Service, said in a written statement that the USPS has no affiliation with the websites or companies named in this story.

"To learn more about employment with USPS, visit USPS.com/careers," Martel wrote. "If you are the victim of a crime online report it to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov. To report fraud committed through or toward the USPS, its employees, or customers, report it to the United States Postal Inspection Service (USPIS) at www.uspis.gov/report."

A list of all the current sites selling this product can be found in Krebs' report.

The BBC looks at free websites like TimeRepublik, "which describes itself as 'a timebank for the internet era'." Time banking is in essence a more sophisticated form of bartering. You don't pay someone in money for a job that they do for you. Instead you give that person time credits that they can then use to get a service without financial payment from someone else... A "TimeCoin" credit... accounts to 15 minutes no matter what job you provide, be it cutting the lawn of a neighbour, or maths tuition via a video call. You simply advertise what you are offering and how long it would take in TimeCoins.

"We wanted to distance ourselves from financial transactions and find something that could create relationships between people," says co-founder Gabriele Donati. "Because we truly believe that only through our relationships, you can gain the trust of another person." TimeRepublik is today based in both Lugano, Switzerland and New York, and says it has more than 100,000 users around the world. It makes money by selling the service to companies who then offer it to their staff via their internal websites.

The concept of time banking has been around since the 19th Century. Mr Donati says that he wanted to bring it to a younger, and more digitally-savvy audience.
The first version of TimeRepublik launched in Switzerland in 2012, according to the BBC, though the site expanded internationally "in the past couple of years."

One user told the BBC that with monetary expectations out of the way, "you really get to the core of things and you discover something, I think, that's greater and sort of priceless."

Wikipedia will not comply with any age checks required under the Online Safety Bill, its foundation says. From a report: Rebecca MacKinnon, of the Wikimedia Foundation, which supports the website, says it would "violate our commitment to collect minimal data about readers and contributors." A senior figure in Wikimedia UK fears the site could be blocked as a result. But the government says only services posing the highest risk to children will need age verification. Wikipedia has millions of articles in hundreds of languages, written and edited entirely by thousands of volunteers around the world.

It is the eighth most-visited site in the UK, according to data from analytics company SimilarWeb. The Online Safety Bill, currently before Parliament, places duties on tech firms to protect users from harmful or illegal content and is expected to come fully into force some time in 2024. Neil Brown, a solicitor specialising in internet and telecoms law, says that under the bill, services likely to be accessed by children must have "proportionate systems and processes" designed to prevent them from encountering harmful content. That could include age verification.

An anonymous reader quotes a report from Motherboard: The creator of a tool that scrapes the internet for images in order to power artificial intelligence image generators like Stable Diffusion is telling website owners who want him to stop that they have to actively opt out, and that it's "sad" that they are fighting the inevitable rise of AI. "It is sad that several of you are not understanding the potential of AI and open AI and as a consequence have decided to fight it," Romain Beaumont, the creator of the image scraping tool img2dataset, said on its GitHub page. "You will have many opportunities in the years to come to benefit from AI. I hope you see that sooner rather than later. As creators you have even more opportunities to benefit from it."

Img2dataset is a free tool Beaumont shared on GitHub which allows users to automatically download, and resize a list of URLs. The result is an image dataset, the kind that trains image-generating AI models like Open AI's DALL-E, the open source Stable Diffusion model, and Google's Imagen. Beaumont is also an open source contributor to LAION-5B, one of the largest image datasets in the world that contains more than 5 billion images and is used by Imagen and Stable Diffusion. Img2dataset will attempt to scrape images from any site unless site owners add https headers like "X-Robots-Tag: noai," and "X-Robots-Tag: noindex." That means that the onus is on site owners, many of whom probably don't even know img2dataset exists, to opt out of img2dataset rather than opt in. Beaumont defended img2dataset by comparing it to the way Google indexes all websites online in order to power its search engine, which benefits anyone who wants to search the internet.

"I directly benefit from search engines as they drive useful traffic to me," Eden told Motherboard. "But, more importantly, Google's bot is respectful and doesn't hammer my site. And most bots respect the robots.txt directive. Romain's tool doesn't. It seems to be deliberately set up to ignore the directives website owners have in place. And, frankly, it doesn't bring any direct benefit to me."

Motherboard notes: "A 'robots.txt' file tells search engine crawlers like Google which part of a site the crawler can access in order to prevent it from overloading the site with requests."

An anonymous reader quotes a report from Wired: Stack Overflow, a popular internet forum for computer programming help, plans to begin charging large AI developers as soon as the middle of this year for access to the 50 million questions and answers on its service, CEO Prashanth Chandrasekar says. The site has more than 20 million registered users. Stack Overflow's decision to seek compensation from companies tapping its data, part of a broader generative AI strategy, has not been previously reported. It follows an announcement by Reddit this week that it will begin charging some AI developers to access its own content starting in June.

"Community platforms that fuel LLMs absolutely should be compensated for their contributions so that companies like us can reinvest back into our communities to continue to make them thrive," Stack Overflow's Chandrasekar says. "We're very supportive of Reddit's approach." Chandrasekar described the potential additional revenue as vital to ensuring Stack Overflow can keep attracting users and maintaining high-quality information. He argues that will also help future chatbots, which need "to be trained on something that's progressing knowledge forward. They need new knowledge to be created." But fencing off valuable data also could deter some AI training and slow improvement of LLMs, which are a threat to any service that people turn to for information and conversation. Chandrasekar says proper licensing will only help accelerate development of high-quality LLMs.

Chandrasekar says that LLM developers are violating Stack Overflow's terms of service. Users own the content they post on Stack Overflow, as outlined in its TOS, but it all falls under a Creative Commons license that requires anyone later using the data to mention where it came from. When AI companies sell their models to customers, they "are unable to attribute each and every one of the community members whose questions and answers were used to train the model, thereby breaching the Creative Commons license," Chandrasekar says. Neither Stack Overflow nor Reddit has released pricing information. "Both Stack Overflow and Reddit will continue to license data for free to some people and companies," notes Wired. "Chandrasekar says Stack Overflow only wants remuneration only from companies developing LLMs for big, commercial purposes."

"When people start charging for products that are built on community-built sites like ours, that's where it's not fair use," he says.

Reddit has long been a forum for discussion on a huge variety of topics, and companies like Google and OpenAI have been using it in their A.I. projects. From a report: Reddit has long been a hot spot for conversation on the internet. About 57 million people visit the site every day to chat about topics as varied as makeup, video games and pointers for power washing driveways. In recent years, Reddit's array of chats also have been a free teaching aid for companies like Google, OpenAI and Microsoft. Those companies are using Reddit's conversations in the development of giant artificial intelligence systems that many in Silicon Valley think are on their way to becoming the tech industry's next big thing. Now Reddit wants to be paid for it.

The company said on Tuesday that it planned to begin charging companies for access to its application programming interface, or A.P.I., the method through which outside entities can download and process the social network's vast selection of person-to-person conversations. "The Reddit corpus of data is really valuable," Steve Huffman, founder and chief executive of Reddit, said in an interview. "But we don't need to give all of that value to some of the largest companies in the world for free." The move marks one of the first significant examples of a social network's charging for access to the conversations it hosts for the purpose of developing A.I. systems like ChatGPT, OpenAI's popular program. Those new A.I. systems could one day lead to big businesses, but they aren't likely to help companies like Reddit very much. In fact, they could be used to create competitors -- automated duplicates to Reddit's conversations.

SharewareHeroes.com recreates all the fonts and cursor you'd see after dialing up a local bulletin-board system in the early 1990s. It's to promote a new book — successfully crowdfunded by 970 backers — to chronicle "a critical yet long overlooked chapter in video game history: the rise and eventual fall of the shareware model.

The book promises to explore "a hidden games publishing market" that for several years "had no powerful giants," with games instead distributed "across the nascent internet for anyone to enjoy (and, if they liked it enough, pay for)."

And the site features a free excerpt from the chapter about DOOM: It seemed there was no stopping id Software. Commander Keen had given them their freedom, and Wolfenstein 3D's mega-success had earned them the financial cushion to do anything. But all they wanted was to beat the last game — to outdo both themselves and everyone else. And at the centre of that drive was a push for ever-better technology. By the time Wolfenstein 3D's commercial prequel Spear of Destiny hit retail shelves, John Carmack had already built a new engine.

This one had texture-mapped floors and ceilings — not just walls. It supported diminished lighting, which meant things far away could recede into the shadows, disappearing into the distance. And it had variable-height rooms, allowing for elevated platforms where projectile-throwing enemies could hang out, and most exciting of all it allowed for non-orthogonal walls — which meant that rooms could be odd-shaped, with walls jutting out at any arbitrary angle from each other, rather than the traditional rectangular boxed design that had defined first-person-perspective games up until then.

It ran at half the speed of Wolfenstein 3D's engine, but they were thinking about doing a 3D Keen game next — so that wouldn't matter. At least not until they saw it in action. Everyone but Tom Hall suddenly got excited about doing another shooter, which meant Carmack would have to optimise the hell out of his engine to restore that sense of speed. Briefly they considered a proposal from 20th Century Fox to do a licensed Aliens shooter, but they didn't like the idea of giving up their creative independence, so they considered how they could follow up Wolfenstein 3D with something new. Fighting aliens in space is old hat. This time it could be about fighting demons in space. This time it could be called DOOM.
The book's title is Shareware Heroes: The Renegades Who Redefined Gaming at the Dawn of the Internet — here's a page listing the people interviewed, as well as the book's table of contents.

And this chapter culminates with what happened when the first version of DOOM was finally released. "BBSs and FTP servers around America crashed under the immense load of hundreds of thousands of people clamouring to download the game on day one.

"Worse for universities around the country, people were jumping straight into the multiplayer once they had the game — and they kept crashing the university networks..."

An anonymous reader quotes a report from Ars Technica: An Amsterdam court today ordered one of the largest adult entertainment websites, xHamster, to remove all amateur footage showing recognizable people in the Netherlands who did not consent to be featured on the site. The ruling followed complaints raised by the Expertise Bureau for Online Child Abuse, known as EOKM, which identified 10 videos where xHamster could not verify it had secured permission from amateur performers to post. The court found that this violated European privacy laws and conflicted with a prior judgment from the Amsterdam court requiring porn sites to receive permission from all performers recognizably featured before posting amateur videos.

According to EOKM director Arda Gerkens, this ruling will require xHamster to clean up its site and is part of EOKM's larger plan to stop all porn sites from distributing amateur footage without consent. The Amsterdam court has given xHamster three weeks to comply with the order and remove all footage posted without consent, or face maximum fines per video up to $32,000 daily. Lawyers assisting EOKM on the case said the verdict had "major consequences for the entire porn industry," including bigger sites like Pornhub, which already was required to remove 10 million videos, as Vice reported in 2020. "Now it's xHamster's turn," Otto Volgenant of Boekx Advocaten said in EOKM's press release, noting that 30 million people visit xHamster daily.

On xHamster, only professional producers and verified members can upload content. The website requires everyone who creates an account to upload an ID and share a selfie to become verified. Before any verified member's upload is made public, xHamster moderators -- a team of 28 who use software approved by EOKM to identify illegal content -- conduct a review to block any illegal content. The website's terms of service require that each uploader provides a consent form from each person recognizably featured in all amateur content. Hammy Media told the court that it had already removed all violating content that EOKM had flagged in the case and provided assurances that moderators check to ensure the uploader is the same person as the performer. However, in his order, judge RA Dudok van Heel wrote that "it is sufficiently plausible for the time being that a large amount of footage is being made public on xhamster.com, of which it cannot be demonstrated that permission has been obtained from the persons who appear recognizable in the picture."

An anonymous reader quotes a report from TorrentFreak: Z-Library appears to be shrugging off a criminal investigation as if nothing ever happened. The site continues to develop its shadow library and, following a successful fundraiser, now plans to expand its services to the physical book market. Z-Library envisions a book 'sharing' market, where its millions of users can pick up paperbacks at dedicated "Z-Points" around the globe. [...] With more than 12 million books in its archive, Z-Library advertised itself as the largest repository of pirated books on the Internet. This success was briefly interrupted late last year when the U.S. Government seized the site's main domain names. The enforcement action also led to the arrest of two alleged Russian operators of the site, who now find themselves at the center of a criminal investigation. A crackdown of this magnitude usually marks the end of a pirate site, but Z-Library appears to be going in the opposite direction. The site has made a full comeback with a more 'censorship-resistant' setup and recently collected tens of thousands of dollars in donations.

In a new message, posted this week, Z-Library thanks its userbase for their generous contributions, noting that it secured all the necessary funds to ensure continued development. Apparently, this includes support for offline sharing. In addition to offering millions of ebooks, Z-Library says that it's working on a new service that will help users to share physical copies with each other. "Books you have read should not gather dust on your shelf -- instead, they can get a second life in the hands of new readers! This helps to preserve the literary heritage and spread the knowledge and ideas contained in books to more people," they write. "[W]e want to organize 'Z-Points' -- collection and storage points for books that will be the link between those who share their books and those who need them. Book owners who are willing to share them with other users can send books to the nearest Z-Point in their region. And those who need books stored in these points will be able to receive them for their use."

This sounds like a P2P competitor for traditional libraries. Interestingly, however, Z-Library believes that existing libraries are ideally suited to become Z-Points. People can also volunteer to run a Z-Point from their own homes. Running a book lending point will require quite a bit of storage space and organizational effort so fulfillment centers and third-party logistics services are also welcome to join in. The Z-Point idea is still in the planning phase. According to Z-Library, users will be able to send books by mail. These can then be loaned by others and/or sent by mail when requested. This proposal is quite different from the traditional pirate ebook library Z-Library offers now. And loaning a book to someone is generally not seen as copyright infringement either unless it's a copied ebook.

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market's slogan has long been, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. [...]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. "While some infostealers are designed to remove themselves after execution, others create persistent access," reads a March 2023 report from cybersecurity firm SpyCloud. "That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems' fingerprints up to date. "According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year -- and there are many other marketplaces like this one," the SpyCloud report concludes.