A conspiracy theory known as "Dead Internet Theory" has gained traction in recent years, positing that most online social activity is artificial and designed to manipulate users. This theory has grown alongside the rise of large language models like ChatGPT. On Monday, software developer Michael Sayman launched SocialAI, an app that seems to embody aspects of this theory. ArsTechnica: SocialAI's 28-year-old creator, Michael Sayman, previously served as a product lead at Google, and he also bounced between Facebook, Roblox, and Twitter over the years. In an announcement post on X, Sayman wrote about how he had dreamed of creating the service for years, but the tech was not yet ready. He sees it as a tool that can help lonely or rejected people.

"SocialAI is designed to help people feel heard, and to give them a space for reflection, support, and feedback that acts like a close-knit community," wrote Sayman. "It's a response to all those times I've felt isolated, or like I needed a sounding board but didn't have one. I know this app won't solve all of life's problems, but I hope it can be a small tool for others to reflect, to grow, and to feel seen." As The Verge reports in an excellent rundown of the example interactions, SocialAI lets users choose the types of AI followers they want, including categories like "supporters," "nerds," and "skeptics." These AI chatbots then respond to user posts with brief comments and reactions on almost any topic, including nonsensical "Lorem ipsum" text.

The Federal Trade Commission said on Thursday it found that several social media and streaming services engaged in a "vast surveillance" of consumers, including minors, collecting and sharing more personal information than most users realized. From a report: The findings come from a study of how nine companies -- including Meta, YouTube and TikTok -- collected and used consumer data. The sites, which mostly offer free services, profited off the data by feeding it into advertising that targets specific users by demographics, according to the report. The companies also failed to protect users, especially children and teens.

The F.T.C. said it began its study nearly four years ago to offer the first holistic look into the opaque business practices of some of the biggest online platforms that have created multibillion-dollar ad businesses using consumer data. The agency said the report showed the need for federal privacy legislation and restrictions on how companies collect and use data. "Surveillance practices can endanger people's privacy, threaten their freedoms, and expose them to a host of harms, from identify theft to stalking," said Lina Kahn, the F.T.C.'s chair, in a statement.

Mozilla is exiting the fediverse by shutting down its Mozilla.social Mastodon server on December 17. Moving forward, the company will focus on Firefox and AI, aligning with its strategy under interim CEO Laura Chambers to scale back investments in non-core products. TechCrunch reports: Mozilla.social was a small instance, having only 270 active users at the time of Tuesday's announcement. By comparison, the most popular Mastodon instance, Mastodon.social, has over 247,500 monthly active users. Mozilla had telegraphed its plans to scale back on its fediverse investments earlier this year after the CEO stepped down. At the time, Mozilla board member Laura Chambers took over the job as the interim CEO of Mozilla Corporation through the end of 2024. Shortly after the change in leadership, Mozilla said it would refocus its product strategy around Firefox and AI and significantly scale back or even shutter other efforts. Among those products affected by the pullback were its VPN, Relay, and Online Footprint Scrubber, in addition to its Mastodon instance, the company said at the time. Meanwhile, its virtual world Hubs was shut down.

The redirection of Mozilla's efforts came after its flagship product, the Firefox web browser, spent years losing market share. That left room for other competitors, like the startup Arc, to take hold in the alternative browser market. Months prior to this change in strategy, Mozilla had been touting the fediverse's potential, but under Chambers, the company said that a more "modest approach" to the fediverse would have allowed it to participate with "greater agility." In an internal memo, Mozilla signaled that going forward, a "much smaller team" would participate in the Mastodon ecosystem. However, it didn't say at the time that the Mozilla.social instance would shut down, adding that it would continue to bring small experiments to those who participated on its instance. Mozilla said it was a "hard decision."

"Thank you for being part of the Mozilla.social community and providing feedback during our closed beta. You can continue to use Mozilla.social until December 17," a post on Mastodon reads. Users can download their data or migrate their accounts at the respective links.

Television has ceased to be the main source of news in the UK for the first time since the 1960s as Britons turn increasingly to online news and social media apps, according to research by the media regulator. From a report: Ofcom said on Tuesday that viewing of TV news had continued to fall steeply, with online platforms such as Facebook, YouTube and TikTok and digital versions of broadcasters now slightly more widely used as a source of news.ÂIn its annual study of audience habits, the watchdog said 71 per cent of adults obtained news online, compared with 70 per cent via TV -- a finding it described as "marking a generational shift in the balance of news media."

The reach of TV news has fallen from 75 per cent last year. More than four-fifths of people between the ages of 16 and 24 obtained their news from social media, Ofcom found. The report underlines the pressure on more traditional linear broadcasters such as the BBC, Sky and Channel 4 to accelerate moves to digital platforms, which include their own streaming sites as well as social media apps such as TikTok.Â

An anonymous reader quotes a report from Agence France-Presse: Australia will ban children from using social media with a minimum age limit as high as 16, the prime minister said Tuesday, vowing to get kids off their devices and "onto the footy fields." Federal legislation to keep children off social media will be introduced this year, Anthony Albanese said, describing the impact of the sites on young people as a "scourge." The minimum age for children to log into sites such as Facebook, Instagram, and TikTok has not been decided but is expected to be between 14 and 16 years, Albanese said. The prime minister said his own preference would be a block on users aged below 16. An age verification trial to test various approaches is being conducted over the coming months, the centre-left leader said. [...]

It is not even clear that the technology exists to reliably enforce such bans, said the University of Melbourne's associate professor in computing and information technology, Toby Murray. "The government is currently trialling age assurance technology. But we already know that present age verification methods are unreliable, too easy to circumvent, or risk user privacy," he said. But the prime minister said parents expected a response to online bullying and the access social media gave to harmful material. "These social media companies think they're above everyone," he told a radio interviewer. "Well, they have a social responsibility and at the moment, they're not exercising it. And we're determined to make sure that they do," he said.

The Wall Street Journal writes that Telegram "has become the premier internet platform to buy everything from hacked data and weapons to illicit drugs and child sexual abuse material, according to current and former law-enforcement officials and cybercrime researchers..."

And it's also being used by identity thieves: There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto... There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto.

In Russia, where Durov launched Telegram in 2013, it is also the go-to platform where middlemen arrange deals that get around U.S. sanctions, such as smuggling in weapons parts, the Journal previously reported. Several groups advertise the sale of drones and Starlinks — small antennas to access the satellite internet network run by Elon Musk's SpaceX — to Russian combat units in Ukraine. In February, Musk tweeted that no Starlinks had been directly or indirectly sold to Russia, to the best of the company's knowledge. "It's ground zero for every illicit activity you can think of," said Evan Kohlmann, founder of Cloudburst Technologies, which monitors cybercrime on Telegram and elsewhere, and a frequent adviser to U.S. agencies.

"If you're plugged into KDE social media, you probably see a lot of requests for donations..." writes KDE developer Nate Graham on his personal blog. But "We know that the fraction of people who subscribe to these channels is small, so there's a huge number of people who may not even know they can donate to KDE, let alone that donations are critically important to its continued existence..." From 6.2 onwards, Plasma itself will show a system notification asking for a donation once per year, in December. The idea here is to get the message that KDE really does need your financial help in front of more eyeballs — especially eyeballs not currently looking at KDE's public-facing promotion efforts... [W]e tried our best to minimize the annoying-ness factor: It's small and unobtrusive, and no matter what you do with it (click any button, close it, etc) it'll go away until next year. It's implemented as a KDE Daemon (KDED) module, which allows users and distributors to permanently disable it if they like. You can also disable just the popup on System Settings' Notifications page, accessible from the configure button in the notification's header.

Ultimately the decision to do this came down to the following factors:

— We looked at FOSS peers like Thunderbird and Wikipedia which have similar things (and in Wikipedia's case, the message is vastly more intrusive and naggy). In both cases, it didn't drive everyone away and instead instead resulted in a massive increase in donations that the projects have been able to use to employ lots of people.

- KDE really needs something like this to help our finances grow sustainably in line with our userbase and adoption by vendors and distributors.
The blog post also answers the question: what are you going to do with all that money? This is a question the KDE e.V. board of directors as a whole would need to answer, and any decision on it will be made collectively. But as one of the five members on that board, I can tell you my personal answer and the one that as your representative, I'd advocate for. It's basically the platform I ran on two years ago: extend an offer of full-time employment to our current people, and hire even more! I want us to end up with paid QA people and distro developers, and even more software engineers. I want us to fund the creation of a next-generation KDE OS we can offer directly to institutions looking to switch to Linux, and a hardware certification program to go along with it. I want us to to extend our promotional activities and outreach to other major distros and vendors and pitch our software to them directly. I want to see Ubuntu, Red Hat Enterprise Linux, and SUSE Linux Enterprise Desktop ship Plasma by default. I want us to use this money to take over the world — with freedom, empowerment, and kindness.

These have been dreams for a long time, and throughout KDE we've been slowly moving towards them over the years. With a lot more money, we can turbocharge the pace! If that stuff sounds good, you can start with a donation today.
A reaction from GamingOnLinux: I think it is fair for KDE to expose that they need funding and asking that from inside the UI would not hurt for a software that delivered so much for free (as in freedom and as in "gratis").
Linux magazine points out that other new features for 6.2 "include the ability to block apps from inhibiting sleep mode, a new 'fill' mode for wallpaper, an overhauled System Settings Accessibility page, and the usual slew of bug fixes."

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram "offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities" — and that Telegram "has looked the other way as illegal and extremist activities have flourished openly on the app."

Or, more succinctly: "Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation." Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site... The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is "the most popular place for ill-intentioned, violent actors to congregate," said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. "If you're a bad guy, that's where you will land...." [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said...
"It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards..." according to the article. The Times "found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards." In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel... Espinosa's gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.
"Operating like a stateless organization, Telegram has long behaved as if it were above the law," the article concludes — though it adds that "In many democratic countries, patience with the app is wearing thin.

"The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said."

An anonymous reader quotes a report from Ars Technica: Since its introduction in the 1970s, Dungeons & Dragons has become one of the most influential tabletop role-playing games (TRPGs) in popular culture, featuring heavily in Stranger Things, for example, and spawning a blockbuster movie released last year. Over the last decade or so, researchers have turned their focus more heavily to the ways in which D&D and other TRPGs can help people with autism form healthy social connections, in part because the gaming environment offers clear rules around social interactions. According to the authors of a new paper published in the journal Autism, D&D helped boost players' confidence with autism, giving them a strong sense of kinship or belonging, among other benefits.

"There are many myths and misconceptions about autism, with some of the biggest suggesting that those with it aren't socially motivated, or don't have any imagination," said co-author Gray Atherton, a psychologist at the University of Plymouth. "Dungeons & Dragons goes against all that, centering around working together in a team, all of which takes place in a completely imaginary environment. Those taking part in our study saw the game as a breath of fresh air, a chance to take on a different persona and share experiences outside of an often challenging reality. That sense of escapism made them feel incredibly comfortable, and many of them said they were now trying to apply aspects of it in their daily lives." [...] For this latest study. Atherton et al. wanted to specifically investigate how autistic players experience D&D when playing in groups with other autistic players. It's essentially a case study with a small sample size -- just eight participants -- and qualitative in nature, since the post-play analysis focused on semistructured interviews with each player after the conclusion of the online campaign, the better to highlight their individual voices.

The players were recruited through social media advertisements within the D&D, Reddit and Discord online communities; all had received an autism diagnosis by a medical professional. They were split into two groups of four players, with one of the researchers (who's been playing D&D for years) acting as the dungeon master. The online sessions featured in the study was the Waterdeep: Dragonheist campaign. The campaign ran for six weeks, with sessions lasting between two and four hours (including breaks). Participants spoke repeatedly about the positive benefits they received from playing D&D, providing a friendly environment that helped them relax about social pressures. "When you're interacting with people over D&D, you're more likely to understand what's going on," one participant said in their study interview. "That's because the method you'll use to interact is written out. You can see what you're meant to do. There's an actual sort of reference sheet for some social interactions." That, in turn, helped foster a sense of belonging and kinship with their fellow players.

Participants also reported feeling emotionally invested and close to their characters, with some preferring to separate themselves from their character in order to explore other aspects of their personality or even an entirely new persona, thus broadening their perspectives. "I can make a character quite different from how I interact with people in real-life interactions," one participant said. "It helps you put yourself in the other person's perspective because you are technically entering a persona that is your character. You can then try to see how it feels to be in that interaction or in that scenario through another lens." And some participants said they were able to "rewrite" their own personal stories outside the game by adopting some of their characters' traits -- a psychological phenomenon known as "bleed."

An anonymous reader quotes a report from TechCrunch: Meta on Friday published an update on how it plans to comply with the Digital Markets Act (DMA), the European law that aims to promote competition in digital marketplaces, where the law concerns the company's messaging apps, Messenger and WhatsApp. As Meta notes in a blog post, the DMA requires that it provide an option in WhatsApp and Messenger to connect with interoperable third-party messaging services and apps. Meta says it's building notifications into WhatsApp and Messenger to inform users about these third-party integrations and alert them when a newly compatible third-party messaging app comes online. The company also says it's introducing an onboarding flow in WhatsApp and Messenger where users can learn more about third-party chats and switch them on. From the flow, users will be able to set up a designated folder for third-party messages or, alternatively, opt for a combined inbox.

In 2025, Meta will roll out group functionality for third-party chats, and, in 2027, it'll launch voice and video calling in accordance with the DMA. And at some unspecified point in the future, Meta will bring "rich messaging" features for third-party chats to WhatsApp and Messenger, like reactions, direct replies, typing indicators and read receipts, the company says. "We will keep collaborating with third-party messaging services in order to provide the safest and best experience," Meta wrote in the post. "Users will start to see the third-party chat option when a third-party messaging service has built, tested and launched the necessary technology to make the feature a positive and secure user experience."

An anonymous reader quotes a report from Wired: Jazmin Jones knowswhat she did. "If you're online, there's this idea of trolling," Jones, the director behindSeeking Mavis Beacon, said during a recent panel for her new documentary. "For this project, some things we're taking incredibly seriously ... and other things we're trolling. We're trolling this idea of a detective because we're also, like,ACAB." Her trolling, though, was for a good reason. Jones and fellow filmmaker Olivia Mckayla Ross did it in hopes of finding the woman behind Mavis Beacon Teaches Typing. The popular teaching tool was released in 1987 by The Software Toolworks, a video game and software company based in California that produced educational chess, reading, and math games. Mavis, essentially the "mascot" of the game, is a Black woman donned in professional clothes and a slicked-back bun. Though Mavis Beacon was not an actual person, Jones and Ross say that she is one of the first examples of Black representation they witnessed in tech. Seeking Mavis Beacon, which opened in New York City on August 30 and is rolling out to other cities in September, is their attempt to uncover the story behind the face, which appeared on the tool's packaging and later as part of its interface.

The film shows the duo setting up a detective room, conversing over FaceTime, running up to people on the street, and even tracking down a relative connected to the ever-elusive Mavis. But the journey of their search turned up a different question they didn't initially expect: What are the impacts of sexism, racism, privacy, and exploitation in a world where you can present yourself any way you want to? Using shots from computer screens, deep dives through archival footage, and sit-down interviews, the noir-style documentary reveals that Mavis Beacon is actually Renee L'Esperance, a Black model from Haiti who was paid $500 for her likeness with no royalties, despite the program selling millions of copies. [...]

In a world where anyone can create images of folks of any race, gender, or sexual orientation without having to fully compensate the real people who inspired them, Jones and Ross are working to preserve not only the data behind Mavis Beacon but also the humanity behind the software. On the panel, hosted by Black Girls in Media, Ross stated that the film's social media has a form where users of Mavis Beacon can share what the game has meant to them, for archival purposes. "On some level, Olivia and I are trolling ideas of worlds that we never felt safe in or protected by," Jones said during the panel. "And in other ways, we are honoring this legacy of cyber feminism, historians, and care workers that we are very seriously indebted to." You can watch the trailer for "Seeking Mavis Beacon" on YouTube.

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.
The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.
The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

The Washington Post writes that Telegram's "anything-goes approach" to its 950 million users "has also made it one of the internet's largest havens for child predators, experts say...."

"Durov's critics say his public idealism masks an opportunistic business model that allows Telegram to profit from the worst the internet has to offer, including child sexual abuse material, or CSAM... " [Telegram is] an app of choice for political organizing, including by dissidents under repressive regimes. But it is equally appealing for terrorist groups, criminal organizations and sexual predators, who use it as a hub to share and consume nonconsensual pornography, AI "deepfake" nudes, and illegal sexual images and videos of exploited minors, said Alex Stamos, chief information security officer at the cybersecurity firm SentinelOne. "Due to their advertised policy of not cooperating with law enforcement, and the fact that they are known not to scan for CSAM, Telegram has attracted large groups of pedophiles trading and selling child abuse materials," Stamos said.

That reach comes even though many Telegram exchanges don't actually use the strong forms of encryption available on true private messaging apps, he added. Telegram is used for private messaging, public posts and group chats. Only one-to-one conversations can be encrypted in a way that even Telegram can't access them. And that occurs only if users choose the option, meaning the company could turn over everything else to governments if it wanted to... French prosecutors argue that Durov is in fact responsible for Telegram's emergence as a global haven for illegal content, including CSAM, because of his reluctance to moderate it and his refusal to help authorities police it, among other allegations...

David Kaye, a professor at University of California, Irvine School of Law and former U.N. special rapporteur on freedom of expression... said that while Telegram has at times banned groups and taken down [CSAM] content in response to law enforcement, its refusal to share data with investigators sets it apart from most other major tech companies. Unlike U.S.-based platforms, Telegram is not required by U.S. law to report instances of CSAM to the National Center for Missing and Exploited Children, or NCMEC. Many online platforms based overseas do so anyway — but not Telegram. "NCMEC has tried to get them to report, but they have no interest and are known for not wanting to work with [law enforcement agencies] or anyone in this space," a NCMEC spokesperson said.
The Post also writes that Telegram "has repeatedly been revealed to serve as a tool to store, distribute and share child sexual imagery." (They cite several examples, including two different men convicted to minimum sentences of at least 10 years for using the service to purchase CSAM and solicit explicit photos from minors.)

The Verge's Ash Parrish reports: Last week, as a part of the updates to Dungeons & Dragons Fifth Edition -- collectively known as the 2024 revision -- the publisher announced that it would update D&D Beyond, the tabletop RPG's official digital toolkit that players use to reference content and create characters using a host of official and third-party sources. The update would add the new 2024 rulebooks to the toolkit, mark outdated content with a "legacy" badge, and change players' character sheets to reflect all the new rules and features.

That last part is critical to understanding why some D&D players (including my own dungeon master) spent the last 72 hours in a state of panic. Though some of the 2024 revisions are essentially cosmetic in nature -- for example, "races" will be updated to "species" -- other updates like the ones to weapons, spells, and magic items fundamentally alter the game. Wizards of the Coast would have essentially overwritten every user's character sheet with the new information whether they wanted it or not. "All entries for mundane and magical items, weapons, armor, and spells will also be updated to their 2024 version," Wizards said in its initial announcement. The publisher did say that players would have the option to continue to use the 2014 version of spells and magic items. But doing so requires using the game's homebrew rules. which aren't known for being user-friendly.

Thankfully, Wizards of the Coast isn't in the car business, and after a weekend of backlash on social media, the company will no longer force the new changes on players. "We misjudged the impact of this change, and we agree that you should be free to choose your own way to play," Wizard's said in its latest announcement. Current character sheets will only be updated with new terminology while the older versions of spells, magic items, and weapons will be preserved. Also, players who have access to both the 2014 and 2024 digital versions will have the option to use both when creating new characters.

An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were hearing fireworks. The noise turned out to be someone shooting a rifle at a power substation next door to Campbell's home. The substation, operated by the utility Duke Energy Corp., consists of equipment that converts electricity into different voltages as it's transported to the area and then steered into individual houses. The shots hit the radiator of an electrical transformer, a sensitive piece of technology whose importance would likely be understood only by utility company employees. It began dumping a "vast amount" of oil, according to police reports. A subsequent investigation has pointed to a local right-wing group, one of a wave of attacks or planned attacks on power infrastructure.

By 8:10 the lights in Carthage went out. Minutes later, a security alarm went off at a Duke Energy substation 10 miles away, this one protected from view by large pine trees. When company personnel responded, they found that someone had shot its transformer radiator, too. Police found shell casings on the ground at the site and noticed someone had slashed the tires on nearby service trucks. The substations were designed to support each other, with one capable of maintaining service if the other went down. Knocking out both facilities prevented the company from rerouting power. Police described the two incidents as a coordinated attack. About 45,000 families and businesses remained dark for four days. This was a burden for area grocery stores and local emergency services. One woman, 87-year-old Karin Zoanelli, died in the hours after the shooting when the blackout caused her oxygen machine to stop operating. The North Carolina Medical Examiner's office classified the death as a homicide.

The attack on Duke's facilities in Moore County remains unsolved, but law enforcement officials and other experts suspect it's part of a rising trend of far-right extremists targeting power infrastructure in an attempt to sow chaos. The most ambitious of these saboteurs hope to usher in societal collapse, paving the way for the violent overthrow of the US government, according to researchers who monitor far-right communities. Damaging the power grid has long been a fixation of right-wing extremists, who have plotted such attacks for many years. They've been getting a boost recently from online venues such as "Terrorgram," a loose network of channels on the social media platform Telegram where users across the globe advocate violent white supremacism. In part, people use Terrorgram to egg one another on -- a viral meme shows a stick figure throwing a Molotov cocktail at electrical equipment. People on the forum have also seized on recent anti-immigration riots in the UK, inciting people there to clash with police. In June 2022, months before the Moore County shootings, users on the forum began offering more practical support in the form of a 261-page document titled "Hard Reset," which includes specific directions on how to use automatic weapons, explosives and mylar balloons to disrupt electricity. One of the document's suggestions is to shoot high-powered firearms at substation transformers.

The Verge's Adi Robertson reports: An appeals court revived a lawsuit against the anonymous messaging service Yolo, which allegedly broke a promise to unmask bullies on the app. In a ruling (PDF) issued Thursday, the Ninth Circuit Court of Appeals said Section 230 of the Communications Decency Act shouldn't block a claim that Yolo misrepresented its terms of service, overruling a lower court decision. But it determined the app can't be held liable for alleged design defects that allowed harassment, letting a different part of that earlier ruling stand.

Yolo was a Snapchat-integrated app that let users send anonymous messages, but in 2021, it was hit with a lawsuit after a teenage user died by suicide. The boy, Carson Bride, had received harassing and sexually explicit messages from anonymized users that -- he believed -- he likely knew. Bride and his family attempted to contact Yolo for help, but Yolo allegedly never answered, and in some cases, emails to the company simply bounced. Snap banned Yolo and another app targeted in the lawsuit, and a year later, it banned all anonymous messaging integration. Bride's family and a collection of other aggrieved parents argued that Yolo broke a legally binding promise to its users. They pointed to a notification where Yolo claimed people would be banned for inappropriate use and deanonymized if they sent "harassing messages" to others. But as the ruling summarizes, the plaintiffs argued that "with a staff of no more than ten people, there was no way Yolo could monitor the traffic of ten million active daily users to make good on its promise, and it in fact never did." Additionally, they claimed Yolo should have known its anonymous design facilitated harassment, making it defective and dangerous.

A lower court threw out both of these claims, saying that under Section 230, Yolo couldn't be held responsible for its users' posts. The appeals court was more sympathetic. It accepted the argument that families were instead holding Yolo responsible for promising users something it couldn't deliver. "Yolo repeatedly informed users that it would unmask and ban users who violated the terms of service. Yet it never did so, and may have never intended to," writes Judge Eugene Siler, Jr. "While yes, online content is involved in these facts, and content moderation is one possible solution for Yolo to fulfill its promise, the underlying duty ... is the promise itself." The Yolo suit built on a previous Ninth Circuit ruling that let another Snap-related lawsuit circumvent Section 230's shield. In 2021, it found Snap could be sued for a "speed filter" that could implicitly encourage users to drive recklessly, even if users were responsible for making posts with that filter. (The overall case is still ongoing.) On top of their misrepresentation claim, the plaintiffs argued Yolo's anonymous messaging capability was similarly risky, an argument the Ninth Circuit didn't buy -- "we refuse to endorse a theory that would classify anonymity as a per se inherently unreasonable risk," Siler wrote.

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company's database, which they claimed has been floating around the underground since December 2023.

Following last week's story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property -- the background search service recordscheck.net -- was hosting an archive that included the usernames and password for the site's administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named "members.zip," indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD's founder, an actor and retired sheriff's deputy from Florida named Salvatore "Sal" Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company's website, and that the site is slated to cease operations "in the next week or so." "Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords," Verini told KrebsOnSecurity. "Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative." The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com's homepage features a positive testimonial from Sal Verini.

Indian influencers It's the largest country on earth — home to 1.4 billion people. But "The Indian government has plans to classify social media creators as 'digital news broadcasters,'" according to the nonprofit site RestofWorld.org.

While there's "no clarity" on the government's next move, the proposed legislation would require social media creators "to register with the government, set up a content evaluation committee that checks all content before it is published, and appoint complaint handlers — all at their own expense. Any failures in compliance could lead to criminal charges, including jail term." On July 26, the Hindustan Times reported that the government plans to tweak the proposed Broadcasting Services (Regulation) Bill, which aims to combine all regulations for broadcasters under one law. As per a new version of the bill, which has been reviewed by Rest of World, the government defines "digital news broadcaster" as "any person who broadcasts news and current affairs programs through an online paper, news portal, website, social media intermediary, or other similar medium as part of a systematic business, professional or commercial activity."

Creators and digital rights activists believe the potential legislation will tighten the government's grip over online content and threaten the last bastion of press freedom for independent journalists in the country. Over 785 Indian creators have sent a letter to the government seeking more transparency in the process of drafting the bill. Creators have also stormed social media with hashtags like #KillTheBill, and made videos to educate their followers about the proposal.
One YouTube creator told the site that if the government requires them to appoint a "grievance redressal officer," they might simply film themselves, responding to grievances — to "make content out of it".

An anonymous reader quotes a report from Ars Technica: Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing -- and how the capability to deceive others remotely is getting dramatically easier over time. The Deep-Live-Cam software project has been in the works since late last year, but example videos that show a person imitating Elon Musk and Republican Vice Presidential candidate J.D. Vance (among others) in real time have been making the rounds online. The avalanche of attention briefly made the open source project leap to No. 1 on GitHub's trending repositories list (it's currently at No. 4 as of this writing), where it is available for download for free. [...]

Like many open source GitHub projects, Deep-Live-Cam wraps together several existing software packages under a new interface (and is itself a fork of an earlier project called "roop"). It first detects faces in both the source and target images (such as a frame of live video). It then uses a pre-trained AI model called "inswapper" to perform the actual face swap and another model called GFPGAN to improve the quality of the swapped faces by enhancing details and correcting artifacts that occur during the face-swapping process. The inswapper model, developed by a project called InsightFace, can guess what a person (in a provided photo) might look like using different expressions and from different angles because it was trained on a vast dataset containing millions of facial images of thousands of individuals captured from various angles, under different lighting conditions, and with diverse expressions.

During training, the neural network underlying the inswapper model developed an "understanding" of facial structures and their dynamics under various conditions, including learning the ability to infer the three-dimensional structure of a face from a two-dimensional image. It also became capable of separating identity-specific features, which remain constant across different images of the same person, from pose-specific features that change with angle and expression. This separation allows the model to generate new face images that combine the identity of one face with the pose, expression, and lighting of another.