When asked directly whether people actually like Experian, Alex Lintner, the credit bureau's CEO of Software and Technology, offered an unusual defense in an interview: "First of all, we're not Palantir, so we don't do reputation scores." Speaking on The Verge's podcast, Lintner conceded that consumers who have poor credit scores through "life's circumstances" sometimes direct their frustration at Experian, though he argued the company enables vital access to credit for 247 million Americans.

The 10-year company veteran said Experian has built its own large language model and about 200 AI agents for internal use, but consumer data remains entirely walled off from public AI systems. On security, Lintner said Experian hasn't experienced a data breach in a decade -- the last occurred two weeks into his tenure. When competitor Equifax suffered its massive breach, Equifax actually paid Experian to help protect affected consumers' identities.

An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account.

"As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes.

The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."

Apple has launched a new AirTag 2 that features improved range, a speaker that's 50% louder, and expanded Apple Watch-based tracking. Pricing stays the same at $29 (or $99 for four). 9to5Mac reports: The new AirTag comes with an upgraded second-generation Ultra Wideband chip for improved range, including when using Precision Finding. From Apple Newsroom: "Apple's second-generation Ultra Wideband chip -- the same chip found in the iPhone 17 lineup, iPhone Air, Apple Watch Ultra 3, and Apple Watch Series 11 -- powers the new AirTag, making it easier to locate than ever before. Using haptic, visual, and audio feedback, Precision Finding guides users to their lost items from up to 50 percent farther away than the previous generation. And an upgraded Bluetooth chip expands the range at which items can be located. For the first time, users can use Precision Finding on Apple Watch Series 9 or later, or Apple Watch Ultra 2 or later, to find their AirTag, bringing a powerful experience to the wrist."

Another key upgrade with the new AirTag is an improved speaker, which should also make the accessory easier to find. Apple says: "With its updated internal design, the new AirTag is 50 percent louder than the previous generation, enabling users to hear their AirTag from up to 2x farther than before." Apple also touts privacy and security improvements with the new AirTag: "Designed exclusively for tracking objects, and not people or pets, the new AirTag incorporates a suite of industry-first protections against unwanted tracking, including cross-platform alerts and unique Bluetooth identifiers that change frequently."

Skylight, an open-source, TikTok-style video app built on the AT Protocol, surged past 380,000 users after last week's shake-up around TikTok's U.S. ownership and privacy concerns. TechCrunch reports: Launched last year and backed by Mark Cuban and other investors, Skylight's mobile app is built on the AT Protocol, the technology that also powers the decentralized X rival Bluesky, which now has north of 42 million users. Skylight, co-founded by CEO Tori White and CTO Reed Harmeyer, offers a built-in video editor; user profiles; support for likes, commenting, and sharing; and the ability for community curators to create custom feeds for others to follow. The app now has over 150,000 videos uploaded directly to the platform. It can also stream videos from Bluesky because of its AT Protocol integration.

Harmeyer said Saturday that 1.4 million videos were played on the app the day before, up 3x over the past 24 hours. The app had also seen sign-ups increase more than 150%. Other noteworthy stats include over a 50% increase in returning users, over 40% rise in video played on average, and over 100% increase in posts created. This surge was likely triggered by concerns over TikTok's change in ownership and its unfortunately timed technical glitches. [...] Over the weekend, Skylight's CEO, Tori White, said the app added around 20,000 new users and is continuing to grow. So far this January, the app has seen around 95,000 monthly active users. "We've seen what happens when one person dictates what's pushed into people's feeds," White told TechCrunch. "Not only does it harm a creator's connection with their followers, but the entire health of the platform. That's why we built Skylight Social on open standards. We wanted creator and user power to be guaranteed by the technology. Not an empty promise, but an irrevocable right."

Nike says it is investigating a potential data breach, after a group known for cyber attacks reportedly claimed to have leaked a trove of data related to its business operations. From a report: "We always take consumer privacy and data security very seriously," Nike said in a statement. "We are investigating a potential cyber security incident and are actively assessing the situation."

The ransomware group World Leaks said on its website that it had published 1.4 terabytes of data from Nike.

Brax Technologies just announced "a privacy-focused alternative to locked-down tablets" called open_slate that can double as a consumer tablet and a Linux-capable workstation on ARM.

Earlier Brax Technologies built the privacy-focused smartphone BraX3, which co-founder Plamen Todorov says proved "a privacy-focused mobile device could be designed, crowdfunded, manufactured, and delivered outside the traditional Big Tech ecosystem." Just as importantly, BraX3 showed us the value of building with the community. The feedback we received — what worked, what didn't, and what people wanted next — played a major role in shaping our direction going forward. Today, we're ready to share the next step in that journey...
They're promising their "2-in-1" open_slate tablet will be built with these guiding principles:

• Modularity beyond repairability". ("In addition to a user-replaceable battery, it supports an M.2 expansion slot, allowing users to customize storage and configurations to better fit their needs.")

• Hardware-level privacy and control, with physical switches allowing users to disable key components like wireless radios, sensors, microphones, and cameras.

• Multi-OS compatibility, supporting "multiple" Android-based operating systems as well as native Linux distributions. ("We're working with partners and the community to ensure proper, long-term OS support rather than one-off ports.")

• Longevity by design — a tablet that's "supported over time"

Brax has already created an open thread with preliminary design specs. "The planned retail price is 599$ for the base version and 799$ for the Pro version," they write. "We will be offering open_slate (both versions) at a discount during our pre-order campaign, starting as low as 399$ for the base version and 529$ for the Pro version for limited quantities only which may sell out in a day or two from launching pre-orders...

"Pre-orders will open in February, via IndieGoGo. Make sure to subscribe for notifications if you don't want to miss the launch date."

Thanks to long-time Slashdot reader walterbyrd for sharing the news.

An anonymous reader quotes a report from Wired: When TikTok users in the U.S. opened the app today, they were greeted with a pop-up asking them to agree to the social media platform's new terms of service and privacy policy before they could resume scrolling. These changes are part of TikTok's transition to new ownership. In order to continue operating in the U.S., TikTok was compelled by the U.S. government to transition from Chinese control to a new, American-majority corporate entity. Called TikTok USDS Joint Venture LLC, the new entity is made up of a group of investors that includes the software company Oracle. It's easy to tap "agree" and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this pop-up.

Now that it's under U.S.-based ownership, TikTok potentially collects more detailed information about its users, including precise location data. Here are the three biggest changes to TikTok's privacy policy that users should know about. TikTok's change in location tracking is one of the most notable updates in this new privacy policy. Before this update, the app did not collect the precise, GPS-derived location data of U.S. users. Now, if you give TikTok permission to use your phone's location services, then the app may collect granular information about your exact whereabouts. Similar kinds of precise location data is also tracked by other social media apps, like Instagram and X.

[...] Rather than an adjustment, TikTok's policy on AI interactions adds a new topic to the privacy policy document. Now, users' interactions with any of TikTok's AI tools explicitly fall under data that the service may collect and store. This includes any prompts as well as the AI-generated outputs. The metadata attached to your interactions with AI tools may also be automatically logged. [...] This change to TikTok's privacy policy may not be as immediately noticeable to users, but it will likely have an impact on the types of ads you see outside of TikTok. So, rather than just using your collected data to target you while using the app, TikTok may now further leverage that info to serve you more relevant ads wherever you go online. As part of this advertising change, TikTok also now explicitly mentions publishers as one kind of partner the platform works with to get new data.

Marcel Bucher, a professor of plant sciences at the University of Cologne in Germany, lost two years of carefully structured academic work in an instant when he temporarily disabled ChatGPT's "data consent" option in August to test whether the AI tool's functions would still work without providing OpenAI his data. All his chats were permanently deleted and his project folders emptied without any warning or undo option, he wrote in a post on Nature.

Bucher, a ChatGPT Plus subscriber paying $20 per month, had used the platform daily to draft grant applications, prepare teaching materials, revise publication drafts and create exams. He contacted OpenAI support, first receiving responses from an AI agent before a human employee confirmed the data was permanently lost and unrecoverable. OpenAI cited "privacy by design" as the reason, telling Nature it does provide a confirmation prompt before users permanently delete a chat but maintains no backups.

Bucher said he had saved partial copies of some materials, but the underlying prompts, iterations, and project folders -- what he describes as the intellectual scaffolding behind his finished work -- are gone forever.

The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use. From a report: The Communications (Interception and Lawful Access) Bill is being framed as a replacement for the current legislation that governs digital communication interception. The Department of Justice, Home Affairs, and Migration said in an announcement this week the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 "predates the telecoms revolution of the last 20 years."

As well as updating laws passed more than two decades ago, the government was keen to emphasize that a key ambition for the bill is to empower law enforcement to intercept of all forms of communications. The Bill will bring communications from IoT devices, email services, and electronic messaging platforms into scope, "whether encrypted or not."

In a similar way to how certain other governments want to compel encrypted messaging services to unscramble packets of interest, Ireland's announcement also failed to explain exactly how it plans to do this. However, it promised to implement a robust legal framework, alongside all necessary privacy and security safeguards, if these proposals do ultimately become law. It also vowed to establish structures to ensure "the maximum possible degree of technical cooperation between state agencies and communication service providers."/i

The powerful data privacy watchdog in Italy long known for aggressively policing U.S. and Chinese AI giants is under investigation for possible corruption and embezzlement. Reuters reports: Rome prosecutors are investigating the agency's president, Pasquale Stanzione, and three other board members over alleged excessive spending and possible corruption behind its decisions, Italian news agencies including ANSA as well as the judicial source, who did not wish to be named, said. Stanzione, when asked by reporters to comment on the investigation, said he was "absolutely serene."

The opposition 5-Star Movement said the agency's credibility had been undermined and called for Stanzione to resign. Stanzione declined to answer when asked repeatedly by reporters whether he would step down. The data privacy authority, known in Italy as the Garante, is one of the European Union's most proactive regulators in assessing AI platform compliance with the bloc's data privacy regime. It frequently takes initiatives -- such as requesting information or imposing fines or bans -- on matters affecting high-tech multinationals operating in the country.

Scifi author/tech activist Cory Doctorow has decried the "enshittification" of our technologies to extract more profit. But Saturday he also described what could be "the beginning of the end for enshittification" in a new article for the Guardian — "our chance to make tech good again". There is only one reason the world isn't bursting with wildly profitable products and projects that disenshittify the US's defective products: its (former) trading partners were bullied into passing an "anti-circumvention" law that bans the kind of reverse-engineering that is the necessary prelude to modifying an existing product to make it work better for its users (at the expense of its manufacturer)...

Post-Brexit, the UK is uniquely able to seize this moment. Unlike our European cousins, we needn't wait for the copyright directive to be repealed before we can strike article 6 off our own law books and thereby salvage something good out of Brexit... Until we repeal the anti-circumvention law, we can't reverse-engineer the US's cloud software, whether it's a database, a word processor or a tractor, in order to swap out proprietary, American code for robust, open, auditable alternatives that will safeguard our digital sovereignty. The same goes for any technology tethered to servers operated by any government that might have interests adverse to ours — say, the solar inverters and batteries we buy from China.

This is the state of play at the dawn of 2026. The digital rights movement has two powerful potential coalition partners in the fight to reclaim the right of people to change how their devices work, to claw back privacy and a fair deal from tech: investors and national security hawks. Admittedly, the door is only open a crack, but it's been locked tight since the turn of the century. When it comes to a better technology future, "open a crack" is the most exciting proposition I've heard in decades.
Thanks to Slashdot reader Bruce66423 for sharing the article.

It will be the first medical evacuation from the International space station in its 25-year history. The Guardian reports: An astronaut in the orbital laboratory reportedly fell ill with a "serious" but undisclosed issue. Nasa also had to cancel its first spacewalk of the year... The agency did not identify the astronaut or the medical problem, citing patient privacy. "Because the astronaut is absolutely stable, this is not an emergent evacuation," [chief health and medical officer Dr. James] Polk said. "We're not immediately disembarking and getting the astronaut down, but it leaves that lingering risk and lingering question as to what that diagnosis is, and that means there is some lingering risk for that astronaut onboard."
"SpaceX says it's Dragon spacecraft at the International Space Station is ready to return its four Crew-11 astronauts home in an unprecedented medical evacuation on Jan. 14 and 15," reports Space.com: The SpaceX statement came on the heels of NASA's announcement that the Crew-11 astronauts were scheduled to undock from the space station on Jan. 14 and splashdown off the coast of California early on Jan. 15. The Crew-11 Dragon spacecraft will return NASA astronauts Zena Cardman and Mike Fincke to Earth alongside Japanese astronaut Kimiya Yui and Russian cosmonaut Oleg Platanov... NASA officials opted for a "controlled medical evacuation" in order to provide the astronaut better treatment on the ground, NASA chief Jared Isaacman has said...

Dr. James Polk, NASA's chief medical officer, has said the medical issue is not an injury to the astronaut afflicted, but rather something related to the prolonged exposure to weighlessness by astronauts living and working on the International Space Station. "It's mostly having a medical issue in the difficult areas of microgravity and the suite of hardware that we operate in," Polk said.

Longtime Slashdot reader chicksdaddy writes: CES, the Consumer Electronics Show, isn't just about shiny new gadgets. As AP reports, this year brought back the fifth annual Worst in Show anti-awards, calling out the most harmful, wasteful, invasive, and unfixable tech at the Las Vegas show. The coalition behind the awards -- including Repair.org, iFixit, EFF, PIRG, Secure Repairs, and others -- put the spotlight on products that miss the point of innovation and make life worse for users.

2026 Worst in Show winners include:

Overall (and Repairability): Samsung's AI-packed Family Hub Fridge -- over-engineered, hard to fix, and trying to do everything but keep food cold.
Privacy: Amazon Ring AI -- expanding surveillance with features like facial recognition and mobile towers.
Security: Merach UltraTread treadmill -- an AI fitness coach that also hoovers up sensitive data with weak security guarantees, including a privacy policy that declares the company "cannot guarantee the security of your personal information" (!!).
Environmental Impact: Lollipop Star -- a single-use, music-playing electronic lollipop that epitomizes needless e-waste.
Enshittification: Bosch eBike Flow App -- pushing lock-in and digital restrictions that make gear worse over time.
"Who Asked For This?": Bosch Personal AI Barista -- a voice-assistant coffee maker that nobody really wanted.
People's Choice: Lepro Ami AI Companion -- an overhyped "soulmate" cam that creeps more than it comforts.

The message? Not all tech is progress. Some products add needless complexity, threaten privacy, or throw sustainability out the window -- and the industry's watchdogs are calling them out.

An anonymous reader quotes a report from Wired: Google is putting even more generative AI tools into Gmail as part of its goal to further personalize user inboxes and streamline searches. On Thursday, the company announced a new "AI Inbox" tab, currently in a beta testing phase, that reads every message in a user's Gmail and suggests a list of to-dos and key topics, based on what it summarizes. In Google's example of what this AI Inbox could look like in Gmail, the new tab takes context from a user's messages and suggests they reschedule their dentist appointment, reply to a request from their child's sports coach, and pay an upcoming fee before the deadline. Also under the AI Inbox tab is a list of important topics worth browsing, nestled beneath the action items at the top. Each suggested to-do and topic links back to the original email for more context and for verification.

[...] For users who are concerned about their privacy, the information Google gleans by skimming through inboxes will not be used to improve the company's foundational AI models. "We didn't just bolt AI onto Gmail," says Blake Barnes, who leads the project for Google. "We built a secure privacy architecture, specifically for this moment." He emphasizes that users can turn off Gmail's new AI tools if they don't want them. At the same time Google announced its AI Inbox, the company made free for all Gmail users multiple Gemini features that were previously available only to paying subscribers. This includes the Help Me Write tool, which generates emails from a user prompt, as well as AI Overviews for email threads, which essentially posts a TL;DR summary at the top of long message threads. Subscribers to Google's Ultra and Pro plans, which start at $20 a month, get two additional new features in their Gmail inbox. First, an AI proofreading tool that suggests more polished grammar and sentence structures. And second, an AI Overviews tool that can search your whole inbox and create relevant summaries on a topic, rather than just summarizing a single email thread.

Samsung Electronics has once again sidelined Ballie, a long-anticipated robot that was first announced six years ago but never released. Bloomberg News: The device -- designed to roll and roam throughout the home -- is completely absent from this week's CES, the biggest electronics trade show. And though Samsung said last year that Ballie was nearly ready for a retail release, the product is now unlikely to resurface soon.

In an emailed statement, Samsung referred to Ballie as an "active innovation platform" within the company, rather than a forthcoming consumer device. "After multiple years of real-world testing, it continues to inform how Samsung designs spatially aware, context-driven experiences, particularly in areas like smart home intelligence, ambient AI and privacy-by-design," a Samsung spokesperson said in the statement.

Razer today unveiled Project Motoko, a concept pair of over-ear headphones equipped with dual cameras that the gaming peripherals company believes could serve as an alternative to the smart glasses that have proliferated across the wearable AI market. The headphones feature two 4K cameras positioned on the earcups along with near and far field microphones, all powered by a Qualcomm Snapdragon chip. Users can point the cameras at objects and ask questions to AI assistants including those from OpenAI, Anthropic, xAI and Microsoft.

Basic queries run locally on the device while more complex requests require a phone or PC connection. Razer's pitch centers on battery life: the wireless headset has achieved up to 36 hours on a charge during testing, according to the company, compared to the eight hours rated for Meta's second-generation Ray-Ban AI glasses. The company also argues that over-ear headphones offer more privacy since audio responses aren't audible to bystanders.

The concept remains unfinished, Bloomberg News cautioned. During a product demonstration, the headset's dual cameras failed occasionally to recognize objects even in a moderately lit room. Razer has not committed to final pricing but indicated the headphones would command a "slight premium" over other high-end headphones and would be available later this year. The company's most expensive current headset costs $400.

An anonymous reader quotes a report from Ars Technica: Californians are getting a new, supercharged way to stop data brokers from hoarding and selling their personal information, as a recently enacted law that's among the strictest in the nation took effect at the beginning of the year. [...] Two years ago, California's Delete Act took effect. It required data brokers to provide residents with a means to obtain a copy of all data pertaining to them and to demand that such information be deleted. Unfortunately, Consumer Watchdog found that only 1 percent of Californians exercised these rights in the first 12 months after the law went into effect. A chief reason: Residents were required to file a separate demand with each broker. With hundreds of companies selling data, the burden was too onerous for most residents to take on.

On January 1, a new law known as DROP (Delete Request and Opt-out Platform) took effect. DROP allows California residents to register a single demand for their data to be deleted and no longer collected in the future. CalPrivacy then forwards it to all brokers. Starting in August, brokers will have 45 days after receiving the notice to report the status of each deletion request. If any of the brokers' records match the information in the demand, all associated data -- including inferences -- must be deleted unless legal exemptions such as information provided during one-to-one interactions between the individual and the broker apply. To use DROP, individuals must first prove they're a California resident.

While California's residents have had the right to demand companies stop collecting/selling their data since 2020, doing so used to require a laborious opting out with each individual company," reports TechCrunch. But now Californians can make "a single request that more than 500 registered data brokers delete their information" — using the Delete Requests and Opt-Out Platform (or DROP): Once DROP users verify that they are California residents, they can submit a deletion request that will go to all current and future data brokers registered with the state...

Brokers are supposed to start processing requests in August 2026, then they have 90 days to actually process requests and report back. If they don't delete your data, you'll have the option to submit additional information that may help them locate your records. Companies will also be able to keep first-party data that they've collected from users. It's only brokers who seek to buy or sell that data — which can include your social security number, browsing history, email address, phone number, and more — who will be required to delete it...

The California Privacy Protection Agency says that in addition to giving residents more control over their data, the tool could result in fewer "unwanted texts, calls, or emails" and also decrease the "risk of identity theft, fraud, AI impersonations, or that your data is leaked or hacked."

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.