"The Chinese government has built up the world's largest known online disinformation operation," reports CNN, "and is using it to harass US residents, politicians, and businesses."

CNN reports that disinformation operation is even "at times threatening its targets with violence, a CNN review of court documents and public disclosures by social media companies has found." The onslaught of attacks — often of a vile and deeply personal nature — is part of a well-organized, increasingly brazen Chinese government intimidation campaign targeting people in the United States, documents show. The U.S. State Department says the tactics are part of a broader multi-billion-dollar effort to shape the world's information environment and silence critics of Beijing that has expanded under President Xi Jinping... Victims face a barrage of tens of thousands of social media posts that call them traitors, dogs, and racist and homophobic slurs.

They say it's all part of an effort to drive them into a state of constant fear and paranoia. Often, these victims don't know where to turn. Some have spoken to law enforcement, including the FBI — but little has been done. While tech and social media companies have shut down thousands of accounts targeting these victims, they're outpaced by a slew of new accounts emerging virtually every day. Known as "Spamouflage" or "Dragonbridge," the network's hundreds of thousands of accounts spread across every major social media platform have not only harassed Americans who have criticized the Chinese Communist Party, but have also sought to discredit U.S. politicians, disparage American companies at odds with China's interests and hijack online conversations around the globe that could portray the CCP in a negative light.
Some numbers from the article:

• Meta "announced in August it had taken down a cluster of nearly 8,000 accounts attributed to this group in the second quarter of 2023 alone."

• YouTube owner Google "told CNN it had shut down more than 100,000 associated accounts in recent years."

• X "has blocked hundreds of thousands of China 'state-backed' or "state-linked" accounts, according to company blogs."

According to Reuters, Meta's head of augmented reality software is stepping down from his role. From the report: VP of Engineering Don Box announced the end of his tenure at Meta internally this week, without elaborating on what he would do next, according to a source familiar with the matter. A Meta spokesperson confirmed Box would be leaving the company at the end of this week and said he was doing so for personal reasons. There would be no change in product roadmap as a result of his decision, she added.

The departure of Box, a veteran engineer with experience building major technology systems from their infancy, could be a setback to progress on the operating system, a key component of Meta's AR glasses project, the source told Reuters. Meta has been planning to deliver a first generation of its AR glasses by next year, although those are meant to be used only internally and by a select group of developers, the source said. It aims to ship its first AR glasses to consumers in 2027. The Meta spokesperson declined to address the roadmap or whether the OS that Box's team was building would be in the first generation AR glasses. [...]

Meta initially hired Box in 2021 to chart a path forward after the failure of its XROS project, which aimed to create a unified custom operating system for its virtual reality headsets, Ray-Ban Stories smart glasses and planned augmented reality glasses, the source said. Box broke up the 300-person XROS unit into dedicated teams for each device line early last year and personally took over the team focused on AR software, according to both the source and Box's LinkedIn profile. Prior to joining Meta, Box had worked at Microsoft since 2002. In his final role at Microsoft, he ran engineering for mixed reality, which involved developing software for the HoloLens2 headset and related AR/VR services. Box is known for having led the creation of the Xbox One operating system and later heading Microsoft's core operating system group, which works across all Windows products.

The way we buy and sell homes in the U.S. isn't normal -- at least not compared with the rest of the world. From a report: The commission on a home sale here is typically around 5% to 6%, usually split between the seller's and buyer's agents. In most countries, the commissions are substantially smaller. The U.S. is home to as many as three million agents. By most estimates, no other country is even a close second.

Though it is unclear how much a court decision on commissions last month will upend American real estate, if at all, the ruling opens up the possibility of forever changing how agents are paid for their work. And looking at home sales around the world offers a window into what could be in store. One reason commissions here remain high is the use of buyer agents, said Ryan Tomasello, managing director at investment bank Keefe, Bruyette & Woods. Home sellers pay the commission -- typically between 5% and 6% of a home's selling price -- which is usually split between the seller's and buyer's agent. Buyer agents aren't nearly as common in other parts of the world, said Tomasello.

[...] In the pre-internet days, a buyer agent's main job was to screen and filter listings for hopeful home buyers. Today, much of that early house hunting can be done online. So the role of the buyer agent has shifted more to providing advice and support, as well as recommendations for home inspectors, lenders and lawyers. A good buyer agent will know how to make a strong offer and may push to lower the home price. In most countries, buyer agents are much less of a factor.

An anonymous reader quotes a report from Ars Technica: Prison phone company Global Tel*Link leaked the personal information of nearly 650,000 users and failed to notify most of the users that their personal data was exposed, the Federal Trade Commission said today. The company agreed to a settlement that requires it to change its security practices and offer free credit monitoring and identity protection to affected users, but the settlement doesn't include a fine. "Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing," the FTC said.

A security researcher notified Global Tel*Link of the breach on August 13, 2020, according to the FTC's complaint (PDF). This happened just after "the company and a third-party vendor copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services into the cloud but failed to take adequate steps to protect the data," the FTC said. The data was copied to an Amazon Web Services test environment to test a new version of a search software product. For about two days, the data was in the test environment and "accessible via the Internet without password protection or other access controls," the FTC said. After hearing from the security researcher, Global Tel*Link reconfigured the test environment to cut off public access. But a few weeks later, the firm was notified by an identity monitoring vendor that the data was available on the dark web. Global Tel*Link didn't notify any users until May 2021, and even then, it only notified a subset of them, according to the FTC. [...]

The complaint said that Global Tel*Link violated the Federal Trade Commission Act's section on unfair or deceptive acts or practices and charged the firm with unfair data security practices, unfair failure to notify affected consumers of the incident, misrepresentations regarding data security, misrepresentations to individual users regarding the incident, misrepresentations to individual users regarding notice, and deceptive representations to prison facilities regarding the incident. To settle the charges, the company agreed to new security protocols, including "'change management' measures to all of its systems to help reduce the risk of human error, use of multifactor authentication, and procedures to minimize the amount of data it collects and stores," the FTC said. Global Tel*Link also has to notify the affected users who were not previously notified of the breach and provide them with credit monitoring and identity protection products. The product must include $1,000,000 worth of identity theft insurance to cover costs related to identity theft or fraud. The company must also notify consumers and prison facilities within 30 days of future data breaches and notify the FTC of the incidents, the agency said. Violations of the settlement could result in fines of $50,120 for each violation, the FTC said.

Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems. From a report: In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was "recently alerted to a security incident" that "resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained." Samsung declined to answer further questions about the incident, such as how many customers were affected or how hackers accessed its internal systems.

In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.'s store between July 1, 2019 and June 30, 2020. The letter, which was shared on X (formerly Twitter), Samsung said it didn't discover the compromise until more than three years later, on November 13, 2023. Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses, and email addresses.

Microsoft has created a Windows App for iOS, iPadOS, macOS, Windows, and web browsers. From a report: The app essentially takes the previous Windows 365 app and turns it into a central hub for streaming a copy of Windows from a remote PC, Azure Virtual Desktop, Windows 365, Microsoft Dev Box, and Microsoft's Remote Desktop Services.

Microsoft supports multiple monitors through its Windows App, custom display resolutions and scaling, and device redirection for peripherals like webcams, storage devices, and printers. The preview version of the Windows App isn't currently available for Android, though. The Windows App is also limited to Microsoft's range of business accounts, but there are signs it will be available to consumers, too. The sign-in prompt on the Windows App on Windows (yes that's a mouthful) suggests you can access the app using a personal Microsoft Account, but this functionality doesn't work right now.

An anonymous reader quotes a report from TechCrunch: Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken.

McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.

An anonymous reader quotes a report from 404 Media: Civitai, an online marketplace for sharing AI models that enables the creation of nonconsensual sexual images of real people, has introduced a new feature that allows users to post "bounties." These bounties allow users to ask the Civitai community to create AI models that generate images of specific styles, compositions, or specific real people, and reward the best AI model that does so with a virtual currency users can buy with real money. As is common on the site, many of the bounties posted to Civitai since the feature was launched are focused on recreating the likeness of celebrities and social media influencers, almost exclusively women. But 404 Media has seen at least one bounty for a private person who has no significant public online presence.

"I am very afraid of what this can become, for years I have been facing problems with the misuse of my image and this has certainly never crossed my mind," Michele Alves, an Instagram influencer who has a bounty on Civitai, told 404 Media. "I don't know what measures I could take, since the internet seems like a place out of control. The only thing I think about is how it could affect me mentally because this is beyond hurtful." The news shows how increasingly easy to use text-to-image AI tools, the ability to easily create AI models of specific people, and a platform that monetizes the production of nonconsensual sexual images is making it possible to generate nonconsensual images of anyone, not just celebrities.

The bounty of a real person that 404 Media saw on Civitai did not include a name, and included a handful of images that were taken from her social media accounts. 404 Media was able to find this person's online accounts and confirm they were not a celebrity or social media influencer, but just a regular person with personal social media accounts with few followers. The person who posted the bounty claimed that the woman he wanted an AI model of was his wife, though her Facebook account said she was single. Other Civitai users also weren't buying that explanation. Despite suspicions from these users, someone did complete the bounty and created an AI model of the woman that now any Civiai user can download. Several non-sexual AI generated images of her have been posted to the site.

New York regulators Monday plan to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities. From a report: Under draft rules reviewed by The Wall Street Journal, New York will require general hospitals to develop and test incident response plans, assess their cybersecurity risks and install security technologies such as multifactor authentication. Hospitals must also develop secure software design practices for in-house applications, and processes for testing the security of software from vendors. Hacking "is a threat to every hospital, and my firm belief is if we protect the hospital, we're protecting the patients," said James McDonald, health commissioner for New York state.

Healthcare facilities are popular targets for cybercriminals, particularly ransomware operators hoping for quick ransom payments from administrators worried about risks to patients if technology goes down. Hospitals also hold large amounts of sensitive personal information on their staff and patients, including health and financial data. In August, the largest healthcare accreditation body in the U.S. issued cybersecurity guidelines calling for hospitals to prepare for cyberattacks that could take down critical systems for a month or longer -- measures that will require significant investment. Hospitals need to put in place tools and processes that anticipate technology critical for life and safety could be down, and find alternative ways to work without those systems, the nonprofit Joint Commission said.

Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people.

But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...

It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

This week the Council of the European Union made an announcement. "With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID)."

The proposed new framework would also require member states "to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification."

"With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity," said Nadia Calviao, acting Spanish first vice-president and minister for economy and digitalisation.

From the announcement: The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared...

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
"When finalised, the text will be submitted to the member states' representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU's Official Journal and enter into force."

An anonymous reader shared this report from security research Brian Krebs: In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account...

The homepage said I needed to provide a Social Security number and mobile phone number, and that I'd soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian's website would not balk.
One user said they recreated their account this week — even though the phone number they'd input was a random number. "The only difference: it asked me FIVE questions about my personal history (last time it only asked three) before proclaiming, 'Welcome back, Pete!,' and granting full access," @PeteMayo wrote. "I feel silly saving my password for Experian; may as well just make a new account every time."

And Krebs points out that "Regardless, users can simply skip this step by selecting the option to 'Continue another way.'" Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. After that, they require you to successfully answer between three to five multiple-choice security questions whose answers are very often based on public records. When I recreated my account this week, only two of the five questions pertained to my real information, and both of those questions concerned street addresses we've previously lived at — information that is just a Google search away...

Experian will send a message to the old email address tied to the account, saying certain aspects of the user profile have changed. But this message isn't a request seeking verification: It's just a notification from Experian that the account's user data has changed, and the original user is offered zero recourse here other than to a click a link to log in at Experian.com. And of course, a user who receives one of these notices will find that the credentials to their Experian account no longer work. Nor do their PIN or account recovery question, because those have been changed also. Your only option at this point is recreate your account at Experian and steal it back from the ID thieves!
Experian's security measures "are constantly evolving," insisted Experian spokesperson Scott Anderson — though Krebs remains unsatisfied. Anderson said all consumers have the option to activate a multi-factor authentication method that's requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

An anonymous reader quotes a report from The Record: One of the nation's largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients. In an agreement announced on Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021. US Radiology used the company's firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York.

The vulnerability highlighted by the attorney general -- CVE-2021-20016 -- was used by ransomware gangs in several attacks. US Radiology was unable to install the firmware patch for the zero-day because its SonicWall hardware was at an end-of-life stage and was no longer supported. The company planned to replace the hardware in July 2021, but the project was delayed "due to competing priorities and resource restraints." The vulnerability was never addressed, and the company was attacked by an unnamed ransomware gang on December 8, 2021.

An investigation determined that the hacker was able to gain access to files that included the names, dates of birth, patient IDs, dates of service, provider names, types of radiology exams, diagnoses and/or health insurance ID numbers of 198,260 patients. The data exposed during the incident also included driver's license numbers, passport numbers, and Social Security numbers for 82,478 New Yorkers. [...] In addition to the $450,000 penalty, the company will have to upgrade its IT network, hire someone to manage its data security program, encrypt all sensitive patient information and develop a penetration testing program. The company will have to delete patient data "when there is no reasonable business purpose to retain it" and submit compliance reports to the state for two years. "When patients visit a medical facility, they deserve confidence in knowing that their personal information will not be compromised when they are receiving care," said Attorney General James. "US Radiology failed to protect New Yorkers' data and was vulnerable to attack because of outdated equipment. In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems."

An anonymous reader quotes a report from TechCrunch: The government of Maine has confirmed over a million state residents had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability to access and download files belonging to certain state agencies between May 28 and May 29, the statement read. The Maine government said it was disclosing the incident and notifying affected residents as its assessment of the impacted files "was recently completed."

Maine said that the stolen information may include a person's name, date of birth, Social Security number, driver's license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken. The statement said the state holds information about residents "for various reasons, such as residency, employment, or interaction with a state agency," and that the data it holds varies by person. According to the state's breakdown of which agencies are affected, more than half of the stolen data relates to Maine's Department of Health and Human Services, with up to about a third of the data affecting the Maine's Department of Education. The remaining data affects various other agencies, including Maine's Bureau of Motor Vehicles and Maine's Department of Corrections, though the government notes that the breakdown of information is subject to change. More than 1.3 million people live in the state of Maine, according to the U.S. Census Bureau.

An anonymous reader quotes a report from TechCrunch: Earlier this year, Mozilla acquired Fakespot, a startup that leverages AI and machine learning to identify fake and deceptive product reviews. Now, Mozilla is launching its first LLM (large language model) with the arrival of Fakespot Chat, an AI agent that will help consumers as they shop online by answering questions about the product or even suggesting questions that could be useful in your product research. [...] Fakespot has been using AI, including generative AI technologies, to make the online shopping process more trustworthy, not less. For instance, it launched a generative AI feature called Pros and Cons last year, that could replace the need for reading reviews by writing up its own summaries of a product's positives and negatives. The feature was trained on billions of data points, with the model itself using five different models under its hood, the company said.

This week, Fakespot Chat launched into testing, allowing shoppers to ask an AI chatbot about a product they're considering, similar to how you could ask a salesperson for help if you were shopping in a physical store in the real world. The technology uses AI and machine learning to sort through the product reviews, sorting real from fake, to answer the user's questions. The information from your chat session is saved to improve the experience for others, Mozilla notes, but users don't have to create an account or divulge personal information for the experience to work. The feature is available via the Fakespot Analyzer or it can be used on an Amazon.com product from Fakespot's browser extension. For the former, you'd copy and paste the URL of the product into the analyzer to ask your questions, but if using the browser add-on, the analysis starts automatically. When the analysis is complete, Fakespot Chat appears on the right-hand side of the analysis page alongside other features, like Pros and Cons, as well as Fakespot's Review Grades and Highlights. You can then interrogate the AI agent about the product as you weigh your purchase decisions.

One of the world's largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent from hundreds of millions of people. ArsTechnica: US District Judge B. Lynn Winmill recently unsealed a court filing, an amended complaint that perhaps contains the most evidence yet gathered by the FTC in its long-standing mission to crack down on data brokers allegedly "substantially" harming consumers by invading their privacy. The FTC has accused Kochava of violating the FTC Act by amassing and disclosing "a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

According to the FTC, Kochava's customers, ostensibly advertisers, can access this data to trace individuals' movements -- including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters" -- over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

Beyond that, the FTC alleged that Kochava also makes it easy for advertisers to target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava's database," the FTC alleged, or "parents with different ages of children."

Jacob Knutson reports via Axios: Sensitive, highly detailed personal data for thousands of active-duty and veteran U.S. military members can be purchased for as little as one cent per name through data broker websites, according to a new study (PDF) published on Monday by Duke University researchers. [...] The data about military personnel purchased as part of the study included full names, physical and email addresses, health and financial information and details about their ethnicity, religious practices and political affiliation. In some cases, the information also included whether the person owned or rented a home, was married or had children. The children's ages and sexes were accessible, too.

The researchers bought data on up to around 45,000 military personnel for between $0.12 to $0.32 per record. They also bought data belonging to 5,000 friends and family members of military personnel. Larger data purchases of over 1.5 million service members were available for as little as $0.01 per record from at least one broker the researchers contacted. The researchers called on Congress to pass a comprehensive privacy law and for regulatory agencies like the Federal Trade Commission to develop rules to govern military personnel data purchases.

Long-time Slashdot reader smooth wombat writes: : A recent social media post by an Aussie received a deluge of replies and comments. His comment? "I'm so f***ing tired of 'tech' being used to solve an 'issue' but only making everything worse and more inconvenient for everybody," they wrote.

His comment was in response to going to a restaurant and having only a QR code to order from — literally a menu at the table with only the QR code on it. The app required to order from it "proceeded to charge a 6.5% venue surcharge, a 2% payment processing fee, and then had the audacity to ask for a tip (10%, 15%, 25%) as the cherry on top".
From Australia's News.com.au: Hundreds of others enthusiastically agreed and many added they also didn't like being asked to enter their personal details. "You're waiting your own table and paying an extra fee for the privilege. It's f***ed," one person responded. "It's also a big stinking FU to anyone old or not tech savvy. All just to hoover up your data," another added.

Some, however, shared they preferred using QR codes to order their food — they removed the need to move to order more and limited engagement with staff. "I actually like the QR ordering because I don't like people, but the surcharges and tipping can f*** off," one said. "I love the QR codes — don't need to leave the table to order another beer," someone else wrote...

Jonathan Holmes-Ross, owner of board game restaurant, The Lost Dice in Adelaide told news.com.au that the use of QR code ordering had let his eatery "reduce costs by around 25%... We no longer have to take orders, work out bills and manually take payments," he said. "This gives our wait staff more time to look after our customers, and the kitchen has excellent order information as the accuracy of the orders is great. We now have very few mistakes saving us time and waste. We can also mark items that have run out instantly on the app by using stock levels, again avoiding the disappointment of (the) customer."

Slashdot readers schwit1 and Another Random Kiwi share the breaking news that FTX founder Sam Bankman-Fried has been found guilty of fraud. From the Associated Press: FTX founder Sam Bankman-Fried's spectacular rise and fall in the cryptocurrency industry -- a journey that included his testimony before Congress, a Super Bowl advertisement and dreams of a future run for president -- hit a new bottom Thursday when a New York jury convicted him of fraud in a scheme that cheated customers and investors of at least $10 billion. After the monthlong trial, jurors rejected Bankman-Fried's claim during four days on the witness stand in Manhattan federal court that he never committed fraud or meant to cheat customers before FTX, once the world's second-largest crypto exchange, collapsed into bankruptcy a year ago.

"His crimes caught up to him. His crimes have been exposed," Assistant U.S. Attorney Danielle Sassoon told the jury of the onetime billionaire just before they were read the law by Judge Lewis A. Kaplan and began deliberations. Sassoon said Bankman-Fried turned his customers' accounts into his "personal piggy bank" as up to $14 billion disappeared. [...] U.S. Attorney Damian Williams told reporters after the verdict that Bankman-Fried "perpetrated one of the biggest financial frauds in American history, a multibillion dollar scheme designed to make him the king of crypto." "But here's the thing: The cryptocurrency industry might be new. The players like Sam Bankman-Fried might be new. This kind of fraud, this kind of corruption is as old as time and we have no patience for it," he said.

Emma Roth reports via The Verge: Mint, the budgeting app owned by Intuit, is shutting down. Intuit announced on Tuesday that Mint will get absorbed into Intuit's other service, Credit Karma, when it officially goes away on January 1st, 2024 (via Bloomberg). But it's still not clear whether Credit Karma will get the budgeting features that Mint is known for. [...] Mint had 3.6 million monthly active users as of 2021, Bloomberg reports, but the app's development has slowed down considerably in recent years, with the last major updates being new categorization features and the ability to connect the Apple Card to Mint. [...]

Intuit first acquired Mint in 2009, an app that has offered a free way for users to track their budgets, manage expenses, negotiate bills, and keep tabs on subscriptions. Now, Intuit is inviting users to Credit Karma, a service that the company acquired in 2020. While Credit Karma offers similar features, like the ability to view transactions, track spending, aggregate financial accounts, and credit monitoring, it still doesn't come with the same budget tracking tool that many people specifically use Mint for, and it's not clear whether Credit Karma will ever adopt it. On a support page on Credit Karma's website, Intuit says "the new experience in Credit Karma does not offer the ability to set monthly and category budgets," adding that the app instead "offers a simplified way for you to build awareness of your spending, and track your savings."