"What if they ban TikTok and people keep using it anyway?" asks the New York Times, saying a pending ban in America "is vague on how it would be enforced" Some experts say that even if TikTok is actually banned this month or soon, there may be so many legal and technical loopholes that millions of Americans could find ways to keep TikTok'ing. The law is "Swiss cheese with lots of holes in it," said Glenn Gerstell, a former top lawyer at the National Security Agency and a senior adviser at the Center for Strategic and International Studies, a policy research organization. "There are obviously ways around it...." When other countries ban apps, the government typically orders internet providers and mobile carriers to block web traffic to and from the blocked website or app. That's probably not how a ban on TikTok in the United States would work. Two lawyers who reviewed the law said the text as written doesn't appear to order internet and mobile carriers to stop people from using TikTok.

There may not be unanimity on this point. Some lawyers who spoke to Bloomberg News said internet providers would be in legal hot water if they let their customers continue to use a banned TikTok. Alan Rozenshtein, a University of Minnesota associate law professor, said he suspected internet providers aren't obligated to stop TikTok use "because Congress wanted to allow the most dedicated TikTok users to be able to access the app, so as to limit the First Amendment infringement." The law also doesn't order Americans to stop using TikTok if it's banned or to delete the app from our phones....

Odds are that if the Supreme Court declares the TikTok law constitutional and if a ban goes into effect, blacklisting the app from the Apple and Google app stores will be enough to stop most people from using TikTok... If a ban goes into effect and Apple and Google block TikTok from pushing updates to the app on your phone, it may become buggy or broken over time. But no one is quite sure how long it would take for the TikTok app to become unusable or compromised in this situation.
Users could just sideload the app after downloading it outside a phone's official app store, the article points out. (More than 10 million people sideloaded Fortnite within six weeks of its removal from Apple and Google's app stores.) And there's also the option of just using a VPN — or watching TikTok's web site.

(I've never understood why all apps haven't already been replaced with phone-optimized web sites...)

Los Angeles authorities have vowed to prosecute illegal drone operators after a civilian drone collided with a Canadian CL-415 firefighting plane combating the Palisades Fire, causing damage that grounded the aircraft and temporarily halted all aerial firefighting operations. CNN reports: The specifically designed CL-415 firefighting planes are used to scoop up more than 1,500 gallons of ocean water to drop on active fires. The plane in question, Quebec 1, "sustained wing damage and remains grounded and out of service," Los Angeles Fire Department spokesperson Erik Scott said, adding that there were no reported injuries. The damaged plane will be prioritized for repair and should be back up flying by Monday, L.A. County Fire Chief Anthony C. Marrone said Friday. The collision caused the temporary grounding of all aircraft responding to the Palisades Fire, The War Zone reported, citing Cal Fire. It was one of the two such planes deployed to the site, The War Zone said. "You will be arrested, you will be prosecuted, and you will be punished to the full extent of the law," said Los Angeles County District Attorney Nathan Hochman in a statement.

Marrone added that, "Our federal partners behind the scenes are going to be implementing procedures to be able to follow drones in our two large fire areas, and they will be able to identify who the operator of that drone is. "The most important thing to know is that if you fly a drone at one of these brush fires, all aerial operations will be shut down, and we certainly don't want to have that happen."

The FAA underscored late Thursday that it "has not authorized anyone unaffiliated with the Los Angeles firefighting operations to fly drones" in restricted airspace put in place over the wildfires. "The FAA treats these violations seriously and immediately considers swift enforcement action for these offenses," the agency said.

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy. 404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.

An anonymous reader quotes a report from Ars Technica: A federal judge this week rejected Google's motion to throw out a class-action lawsuit alleging that it invaded the privacy of users who opted out of functionality that records a users' web and app activities. A jury trial is scheduled for August 2025 in US District Court in San Francisco. The lawsuit concerns Google's Web & App Activity (WAA) settings, with the lead plaintiff representing two subclasses of people with Android and non-Android phones who opted out of tracking. "The WAA button is a Google account setting that purports to give users privacy control of Google's data logging of the user's web app and activity, such as a user's searches and activity from other Google services, information associated with the user's activity, and information about the user's location and device," wrote (PDF) US District Judge Richard Seeborg, the chief judge in the Northern District Of California.

Google says that Web & App Activity "saves your activity on Google sites and apps, including associated info like location, to give you faster searches, better recommendations, and more personalized experiences in Maps, Search, and other Google services." Google also has a supplemental Web App and Activity setting that the judge's ruling refers to as "(s)WAA." "The (s)WAA button, which can only be switched on if WAA is also switched on, governs information regarding a user's '[Google] Chrome history and activity from sites, apps, and devices that use Google services.' Disabling WAA also disables the (s)WAA button," Seeborg wrote. But data is still sent to third-party app developers through the Google Analytics for Firebase (GA4F), "a free analytical tool that takes user data from the Firebase kit and provides app developers with insight on app usage and user engagement," the ruling said. GA4F "is integrated in 60 percent of the top apps" and "works by automatically sending to Google a user's ad interactions and certain identifiers regardless of a user's (s)WAA settings, and Google will, in turn, provide analysis of that data back to the app developer."

Plaintiffs have brought claims of privacy invasion under California law. Plaintiffs "present evidence that their data has economic value," and "a reasonable juror could find that Plaintiffs suffered damage or loss because Google profited from the misappropriation of their data," Seeborg wrote. The lawsuit was filed in July 2020. The judge notes that summary judgment can be granted when "there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Google hasn't met that standard, he ruled. In a statement provided to Ars, Google said that "privacy controls have long been built into our service and the allegations here are a deliberate attempt to mischaracterize the way our products work. We will continue to make our case in court against these patently false claims."

TikTok has been pushing the platform's sister app, Lemon8, encouraging users to migrate via sponsored posts amid a looming ban. Axios reports: In the last few weeks, Lemon8 has been promoting its app to TikTok users through sponsored TikTok videos. In one sponsored post, TikTok user @miller.dailylife shares a video with a creator saying, "TikTok actually has another backup app. It's called Lemon8 ... and it automatically signs you in with your TikTok so you can still keep the same TikTok name and things like that. And it's supposed to transfer your followers over. ... Once you add Lemon8, it automatically pops up on your TikTok bio, so that people can just click on it. So, just so you guys know, now that they're trying to do this ban, if you want to have somewhere else to go where the government is not 100% controlling what we see, what we consume ... Just go ahead and go on to Lemon8."

In November, TikTok began informing users of its sister app, Lemon8, that beginning late that month Lemon8 would be powered by TikTok, and their TikTok usernames would also be used on Lemon8. "Some of your data on TikTok will be used to power services on lemon8," the notice says. "Your Lemon8 profile link will be shown to your TikTok profile publicly by default," it continues. "You can choose not to show it by editing your TikTok profile." Last March, Lemon8 jumped into the U.S. App Store's Top 10 list shortly after it launched in the U.S. It currently ranks as one of the top-ranking free apps on Apple's app store.

The report notes that the TikTok ban law also applies to other apps owned by TikTok's Chinese parent ByteDance, like Lemon8. "ByteDance could be betting that regulators and app store companies are so focused on TikTok that they won't pay attention to its other apps," says Axios.

Telegram's Transparency Report reveals a sharp increase in U.S. government data requests, with 900 fulfilled requests affecting 2,253 users. "The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company's unwillingness to provide user data in a child abuse investigation," notes 404 Media. From the report: Between January 1 and September 30, 2024, Telegram fulfilled 14 requests "for IP addresses and/or phone numbers" from the United States, which affected a total of 108 users, according to Telegram's Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data. "Fulfilled requests from the United States of America for IP address and/or phone number: 900," Telegram's Transparency Reports bot said when prompted for the latest report by 404 Media. "Affected users: 2253," it added.

A month after Durov's arrest in August, Telegram updated its privacy policy to say that the company will provide user data, including IP addresses and phone numbers, to law enforcement agencies in response to valid legal orders. Up until then, the privacy policy only mentioned it would do so when concerning terror cases, and said that such a disclosure had never happened anyway. Even though the data technically covers the entire of 2024, the jump from a total of 108 affected users in October to 2253 as of now, indicates that the vast majority of fulfilled data requests were in the last quarter of 2024, showing a huge increase in the number of law enforcement requests that Telegram completed. You can access the platform's transparency reports here.

Nvidia's AI chips are advancing faster than Moore's Law, the semiconductor industry's historical performance benchmark, according to chief executive Jensen Huang. "Our systems are progressing way faster than Moore's Law," Huang told TechCrunch. Nvidia's chips have improved thousand-fold over the past decade, outpacing Moore's Law's prediction of doubled transistor density every year, Huang said. He adds: We can build the architecture, the chip, the system, the libraries, and the algorithms all at the same time. If you do that, then you can move faster than Moore's Law, because you can innovate across the entire stack.

[...] Moore's Law was so important in the history of computing because it drove down computing costs. The same thing is going to happen with inference where we drive up the performance, and as a result, the cost of inference is going to be less.

Thailand has banned plastic waste imports over concerns about toxic pollution, as experts warn that failure to agree a global treaty to cut plastic waste will harm human health. From a report: A law banning imports of plastic waste came into force this month in Thailand, after years of campaigning by activists. Thailand is one of several south-east Asian countries that has historically been paid to receive plastic waste from developed nations. The country became a leading destination for exports of plastic waste from Europe, the US, the UK and Japan in 2018 after China, the world's biggest market for household waste, imposed a ban.

Japan is one of the biggest exporters of waste plastic to Thailand, with about 50m kg exported in 2023. Thai customs officials said more than 1.1m tonnes of plastic scraps were imported between 2018 and 2021. Imports of plastic were often mismanaged in Thailand, with many factories burning the waste rather than recycling it, leading to damage to human health and the environment.

An anonymous reader shares a report: Chinese venture capitalists are hounding failed founders [non-paywalled source], pursuing personal assets and adding the individuals to a national debtor blacklist when they fail to pay up, in moves that are throwing the country's startup funding ecosystem into crisis. The hard-nosed tactics by risk capital providers have been facilitated by clauses known as redemption rights, included in nearly all the financing deals struck during China's boom times.

"My investors verbally promised they wouldn't enforce them, that they had never enforced them before -- and in '17 and '18 that was true -- no one was enforcing them," said Neuroo Education founder Wang Ronghui, who now owes investors millions of dollars after her childcare chain stumbled during the pandemic.

While they are relatively rare in US venture investing, more than 80% of venture and private equity deals in China contain redemption provisions, according to Shanghai-based law firm Lifeng Partners estimates. They typically require companies, and often their founders as well, to buy back investors' shares plus interest if certain targets such as an initial public offering timeline, valuation goals or revenue metrics are not met.

An anonymous reader quotes a report from Reuters: The U.S. Defense Department said on Monday it has added Chinese tech giants including gaming and social media leader Tencent Holdings and battery maker CATL to a list of firms it says work with China's military. The list also included chip maker Changxin Memory Technologies, Quectel Wireless and drone maker Autel Robotics, according to a document published on Monday. The annually updated list (PDF) of Chinese military companies, formally mandated under U.S. law as the "Section 1260H list," designated 134 companies, according to a notice posted to the Federal Register.

U.S.-traded shares of Tencent, which is also the parent of Chinese instant messaging app WeChat, fell 8% in over-the-counter trading. Tencent said in a statement that its inclusion on the list was "clearly a mistake." It added: "We are not a military company or supplier. Unlike sanctions or export controls, this listing has no impact on our business." CATL called the designation a mistake, saying it "is not engaged in any military related activities." A Quectel spokesperson said the company "does not work with the military in any country and will ask the Pentagon to reconsider its designation, which clearly has been made in error."

While the designation does not involve immediate bans, it can be a blow to the reputations of affected companies and represents a stark warning to U.S. entities and firms about the risks of conducting business with them. It could also add pressure on the Treasury Department to sanction the companies. Two previously listed companies, drone maker DJI and Lidar-maker Hesai Technologies, both sued the Pentagon last year over their previous designations, but remain on the updated list. The Pentagon also removed six companies it said no longer met the requirements for the designation, including AI firm Beijing Megvii Technology, China Railway Construction Corporation Limited, China State Construction Group Co and China Telecommunications Corporation.

More than 1.6 million Americans have been jobless for at least six months, up 50% since late 2022, despite the economy adding over two million jobs last year, Labor Department data shows.

The average job search now takes six months, primarily affecting high-paying sectors like tech, law, and media. While the 4.2% unemployment rate remains below pre-pandemic averages, job postings have dropped to one per unemployed worker from two in early 2022.

Software development, data science, and marketing roles are 20% below pre-pandemic levels, while healthcare and government sectors account for half of recent job creation. The number of Americans receiving unemployment benefits reached 1.8 million in late December, approaching post-pandemic highs, as wage growth declined to 4% from 6% during the early 2020s hiring peak.

A U.S. Appeals Court ruled this week that net neutrality couldn't be reinstated by America's Federal Communications Commission. But "Despite the dismantling of the FCC's efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact," notes the Los Angeles Times: This week's decision by the 6th U.S. Circuit Court of Appeals, striking down the FCC's open internet rules, has little bearing on state laws enacted during the years-long tug-of-war over the government's power to regulate internet service providers, telecommunications experts said. In fact, some suggested that the Cincinnati-based 6th Circuit's decision — along with other rulings and the U.S. Supreme Court's posture on a separate New York case — has effectively fortified state regulators' efforts to fill the gap. "Absent an act of Congress, the FCC has virtually no role in broadband any more," Ernesto Falcon, a program manager for the California Public Utilities Commission, said in an interview. "The result of this decision is that states like California, New York and others will have to govern and regulate broadband carriers on our own."

California has one of the nation's strongest laws on net neutrality, the principle that internet traffic must be treated equally to ensure a free and open network. Former Gov. Jerry Brown signed the measure into law in 2018, months after federal regulators in President elect-Donald Trump's first administration repealed the net neutrality rules put in place under President Obama. Colorado, Oregon and other states also adopted their own standards.

The Golden State's law has already survived legal challenges. It also prompted changes in the way internet service providers offered plans and services. "California's net neutrality law, which is seen as the gold standard by consumer advocates, carries national impact," Falcon said.... "The state's authority and role in broadband access has grown dramatically now," Falcon said.
California's net neutrality rules prohibit "throttling" data speeds, according to the article.

"My feet are already in the crosswalk," says Geoffrey A. Fowler, a San Francisco-based tech columnist for the Washington Post. In a video he takes one step from the curb, then stops to see if Waymo robotaxis will stop for him. And they often didn't.

Waymo's position? Their cars consider "signals of pedestrian intent" including forward motion when deciding whether to stop — as well as other vehicles' speed and proximity. ("Do they seem like they're about to cross or are they just sort of milling around waiting for someone?") And Waymo "also said its car might decide not to stop if adjacent cars don't yield."

Fowler counters that California law says cars must always stop for pedestrians in a crosswalk. ("It's classic Silicon Valley hubris to assume Waymo's ability to predict my behavior supersedes a law designed to protect me.") And Phil Koopman, a Carnegie Mellon University professor who conducts research on autonomous-vehicle safety, agrees that the Waymos should be stopping. "Instead of arguing that they shouldn't stop if human drivers are not going to stop, they could conspicuously stop for pedestrians who are standing on road pavement on a marked crosswalk. That might improve things for everyone by encouraging other drivers to do the same."

From Fowler's video: I tried crossing in front of Waymos here more than 20 times. About three in ten times the Waymo would stop for me, but I couldn't figure out what made it change its mind. Heavy traffic vs light, crossing with two people, sticking one foot out — all would cause it to stop only sometimes. I could make it stop by darting out into the street — but that's not how my mama taught me to use a crosswalk...

Look, I know many human drivers don't stop for pedestrians either. But isn't the whole point of having artificial intelligence robot drivers that they're safer because they actually follow the laws?
Waymo would not admit breaking any laws, but acknowledged "opportunity for continued improvement in how it interacts with pedestrians."

In an article accompanying the video, Fowler calls it "a cautionary tale about how AI, intended to make us more safe, also needs to learn how to coexist with us." Waymo cars don't behave this way at all intersections. Some friends report that the cars are too careful on quiet streets, while others say the vehicles are too aggressive around schools... No Waymo car has hit me, or any other person walking in a San Francisco crosswalk — at least so far. (It did strike a cyclist earlier this year.) The company touts that, as of October, its cars have 57 percent fewer police-reported crashes compared with a human driving the same distance in the cities where it operates.
Other interesting details from the article:

• Fowler suggests a way his crosswalk could be made safer: "a flashing light beacon there could let me flag my intent to both humans and robots."

• The article points out that Waymo is also under investigation by the National Highway Traffic Safety Administration "for driving in an unexpected and disruptive manner, including around traffic control devices (which includes road markings)."

At the same time, Fowler also acknowledges that "I generally find riding in a Waymo to be smooth and relaxing, and I have long assumed its self-driving technology is a net benefit for the city." His conclusion? "The experience has taught my family that the safest place around an autonomous vehicle is inside it, not walking around it."

And he says living in San Francisco lately puts him "in a game of chicken with cars driven by nothing but artificial intelligence."

Politico asked an "array of thinkers — futurists, scientists, foreign policy analysts and others — to lay out some of the possible 'Black Swan' events that could await us in the new year: What are the unpredictable, unlikely episodes that aren't yet on the radar but would completely upend American life as we know it?"

Here's one from Gary Marcus, a cognitive scientist and author of the book Taming Silicon Valley: How We Can Ensure That AI Works For Us: 2025 could easily see the largest cyberattack in history, taking down, at least for a little while, some sizeable piece of the world's infrastructure, whether for deliberate ransom or to manipulate people to make money off a short on global markets. Cybercrime is already a huge, multi-trillion dollar problem, and one that most victims don't like to talk about. It is said to be bigger than the entire global drug trade. Four things could make it much worse in 2025.

First, generative AI, rising in popularity and declining in price, is a perfect tool for cyberattackers. Although it is unreliable and prone to hallucinations, it is terrific at making plausible sounding text (e.g., phishing attacks to trick people into revealing credentials) and deepfaked videos at virtually zero cost, allowing attackers to broaden their attacks. Already, a cybercrew bilked a Hong Kong bank out of $25 million. Second, large language models are notoriously susceptible to jailbreaking and things like "prompt-injection attacks," for which no known solution exists. Third, generative AI tools are increasingly being used to create code; in some cases those coders don't fully understand the code written, and the autogenerated code has already been shown in some cases to introduce new security holes.
And finally 2025 may see a U.S. government "determined to deregulate as much as possible, slashing costs," Marus speculates, a scenario where "enforcement and investigations will almost certainly decline in both quality and quantity, leaving the world quite vulnerable to ever more audacious attacks."

Elsewhere in Politico's article there's other even less-cheery predictions for 2025. The executive director of an advocacy group for public health professionals describes the possibility of an epidemic "that we had the tools to control" which "winds up killing thousands" (while also "sending the economy back into a Covid-like downward spiral.")

And a law professor predicts 2025 will see a decisive breakthrough in quantum computing. "Those little padlocks you see beside URLs? They would, overnight, become a fiction."

An anonymous reader quotes a report from the Hollywood Reporter: A trio of major music publishers suing Anthropic over the use of lyrics to train its AI system have reached a deal with the Amazon-backed company to resolve some parts of a pending preliminary injunction. U.S. District Judge Eumi Lee on Thursday signed off on an agreement between the two sides mandating Anthropic to maintain existing guardrails that prevent its Claude AI chatbot from providing lyrics to songs owned by the publishers or create new song lyrics based on the copyrighted material.

In a statement, Anthropic said Claude "isn't designed to be used for copyright infringement, and we have numerous processes in place designed to prevent such infringement." It added, "Our decision to enter into this stipulation is consistent with those priorities. We continue to look forward to showing that, consistent with existing copyright law, using potentially copyrighted material in the training of generative AI models is a quintessential fair use." [...] Under the agreement, Anthropic will apply already-implemented guardrails in the training of new AI systems. The deal also provides an avenue for music publishers to intervene if the guardrails aren't working as intended.

"Publishers may notify Anthropic in writing that its Guardrails are not effectively preventing output that reproduces, distributes, or displays, in whole or in part, the lyrics to compositions owned or controlled by Publishers, or creates derivative works based on those compositions," the filing states. "Anthropic will respond to Publishers expeditiously and undertake an investigation into those allegations, with which Publishers will cooperate in good faith." Anthropic has maintained in court filings that existing guardrails make it unlikely that any future user could prompt Claude to produce any material portion of the works-in-suit. They consist of a "range of technical and other measures -- at all levels in the development lifecycle -- that aim to prevent users from simply prompting Claude to regurgitate training data," said a company spokesperson. The court is expected to issue a ruling in the coming months on whether to issue preliminary injunction that would bar Anthropic from training future models on lyrics owned by the publishers.

Xiaomi has further restricted bootloader unlocking to just one device per user per year, significantly hindering custom ROM development and reinforcing user dependence on its proprietary HyperOS ecosystem. Android Police reports: Roughly a year ago, Xiaomi introduced a policy limiting users to three unlocked devices per account, providing only a limited time window for unlocking, and demanding waiting periods before doing so. It's now gone even further, limiting users to unlocking the bootloader of just a single device throughout the year. Unlocking the bootloader changes the way a phone works by preventing automated software updates, among other things, and isn't a good idea for most users. Power users love it for complete customization of their devices, and unlocked bootloaders are critical to the creation and installation of privately developed operating systems, or custom ROMs.

Custom ROMs usually (but not always) derive from pre-existing OSs like Android or Xiaomi's HyperOS. To write operating software that works on a certain device, you need to develop it on that specific device. Consequently, individuals and teams throughout the enthusiast phone sphere constantly add to their collections of bootloader-unlocked phones. The new unlocking restrictions could place undue hardship on resource-limited development teams, reducing the number of custom ROMs produced moving forward. Xiaomi first tightened restrictions roughly a year ago, following the enforcement of a Chinese law requiring certain pre-installed software behaviors. But Xiaomi's business plan and sales models indicate a couple of other motivations for insisting users stick with its first-party HyperOS. Some of the motives include preventing scalping, avoiding accidental bricking, and preserving advertising-driven revenue. However, these measures come at the cost of user freedom and may stifle innovation within the enthusiast developer community.

An anonymous reader quotes a report from Ars Technica: Apple has agreed (PDF) to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then sold to third parties for targeted ads. In the proposed class-action settlement (PDF) -- which comes after five years of litigation -- Apple admitted to no wrongdoing. Instead, the settlement refers to "unintentional" Siri activations that occurred after the "Hey, Siri" feature was introduced in 2014, where recordings were apparently prompted without users ever saying the trigger words, "Hey, Siri." Sometimes Siri would be inadvertently activated, a whistleblower told The Guardian, when an Apple Watch was raised and speech was detected. The only clue that users seemingly had of Siri's alleged spying was eerily accurate targeted ads that appeared after they had just been talking about specific items like Air Jordans or brands like Olive Garden, Reuters noted. It's currently unknown how many customers were affected, but if the settlement is approved, the tech giant has offered up to $20 per Siri-enabled device for any customers who made purchases between September 17, 2014, and December 31, 2024. That includes iPhones, iPads, Apple Watches, MacBooks, HomePods, iPod touches, and Apple TVs, the settlement agreement noted. Each customer can submit claims for up to five devices.

A hearing when the settlement could be approved is currently scheduled for February 14. If the settlement is certified, Apple will send notices to all affected customers. Through the settlement, customers can not only get monetary relief but also ensure that their private phone calls are permanently deleted. While the settlement appears to be a victory for Apple users after months of mediation, it potentially lets Apple off the hook pretty cheaply. If the court had certified the class action and Apple users had won, Apple could've been fined more than $1.5 billion under the Wiretap Act alone, court filings showed. But lawyers representing Apple users decided to settle, partly because data privacy law is still a "developing area of law imposing inherent risks that a new decision could shift the legal landscape as to the certifiability of a class, liability, and damages," the motion to approve the settlement agreement said. It was also possible that the class size could be significantly narrowed through ongoing litigation, if the court determined that Apple users had to prove their calls had been recorded through an incidental Siri activation -- potentially reducing recoverable damages for everyone.

Thousands of copyrighted works from 1929, including Mickey Mouse's first speaking appearance and original versions of comic characters Popeye and Tintin, entered the U.S. public domain on January 1, 2025, as their 95-year copyright terms expired.

Popeye debuted in E.C. Segar's "Thimble Theatre" comic strip, while Tintin first appeared in Georges Remi's "Les Aventures de Tintin." These original character versions can now be freely used without permission or fees. Literary classics joining the public domain include William Faulkner's "The Sound and the Fury," Ernest Hemingway's "A Farewell to Arms," and Virginia Woolf's "A Room of One's Own."

Musical compositions entering the public domain include George Gershwin's "An American in Paris," Maurice Ravel's "Bolero," and Fats Waller's "Ain't Misbehavin'." The original 1929 recordings remain protected until 2030 under separate copyright rules.

Notable films becoming public domain include the Marx Brothers' first feature "The Cocoanuts," Alfred Hitchcock's first sound film "Blackmail," and several Mickey Mouse animations where the character debuts his white gloves and speaks his first words. Sound recordings from 1924, including performances by Marian Anderson and George Gershwin, also entered the public domain under the Music Modernization Act's 100-year term for historical recordings.

A filing in an antitrust lawsuit against some of the nation's top universities alleges the schools overcharged students by $685 million in a "price-fixing" scheme, raising serious questions about their past admission and financial aid policies. From a report: Documents and testimony from officials at Georgetown University, the University of Notre Dame, the University of Pennsylvania, MIT and other elite schools suggest they appeared to favor wealthy applicants despite their stated policy of accepting students without regard for their financial circumstances. That "need-blind" policy allowed the schools to collaborate on financial aid under federal law, but plaintiffs in the case say the colleges violated the statute by considering students' family income.

Every year, according to a motion filed in federal court Monday night, Georgetown's then-president would draw up a list of about 80 applicants based on a tracking list that often included information about their parents' wealth and past donations, but not the applicants' transcripts, teacher recommendations or personal essays. "Please Admit," was often written at the top of the list, the lawsuit contends -- and almost all of the applicants were. Former students accuse 17 elite schools, including most of the Ivy League, of colluding to limit the financial aid packages of working- and middle-class students. The claimed damages of $685 million, which were detailed in the court filing Monday night, would automatically triple to more than $2 billion under U.S. antitrust laws.

An anonymous reader quotes a report from Fast Company: Insurance companies that stopped providing home coverage to hundreds of thousands of Californians in recent years as wildfires became more destructive will have to again provide policies in fire-prone areas if they want to keep doing business in California under a state regulation announced Monday. The rule will require home insurers to offer coverage in high-risk areas, something the state has never done, Insurance Commissioner Ricardo Lara's office said in a statement. Insurers will have to start increasing their coverage by 5% every two years until they hit the equivalent of 85% of their market share. That means if an insurer writes 20 out of every 100 state policies, they'd need to write 17 in a high-risk area, Lara's office said.

Major insurers like State Farm and Allstate have stopped writing new policies in California due to fears of massive losses from wildfires and other natural disasters. In exchange for increasing coverage, the state will let insurance companies pass on the costs of reinsurance to California consumers. Insurance companies typically buy reinsurance to avoid huge payouts in case of natural disasters or catastrophic loss. California is the only state that doesn't already allow the cost of reinsurance to be borne by policy holders, according to Lara's office. [...] The requirement is under review by the Office of Administrative Law before it takes effect within 30 days. "Californians deserve a reliable insurance market that doesn't retreat from communities most vulnerable to wildfires and climate change," Lara said in a statement. "This is a historic moment for California."

Opponents of the rule say that could hike premiums by 40% and doesn't require new policies to be written at a fast enough pace. The state did not provide a cost analysis for potential impact on consumers. "This plan is of the insurance industry, by the insurance industry, and for the industry," Jamie Court, president of Consumer Watchdog, said in a statement.