BrianFagioli shares a report from NERDS.xyz: Mozilla is testing a new Firefox feature that delivers direct results inside the address bar instead of forcing users through a search results page. The company says the feature will use a privacy framework called Oblivious HTTP, encrypting queries so that no single party can see both what you type and who you are. Some results could be sponsored, but Mozilla insists neither it nor advertisers will know user identities. The system is starting in the U.S. and may expand later if performance and privacy benchmarks are met. Further reading: Mozilla to Require Data-Collection Disclosure in All New Firefox Extensions

The U.S. has formed a $1 billion partnership with AMD to construct two supercomputers that will tackle large scientific problems ranging from nuclear power to cancer treatments to national security, said Energy Secretary Chris Wright and AMD CEO Lisa Su. From a report: The U.S. is building the two machines to ensure the country has enough supercomputers to run increasingly complex experiments that require harnessing enormous amounts of data-crunching capability. The machines can accelerate the process of making scientific discoveries in areas the U.S. is focused on.

Energy Secretary Wright said the systems would "supercharge" advances in nuclear power and fusion energy, technologies for defense and national security, and the development of drugs. Scientists and companies are trying to replicate fusion, the reaction that fuels the sun, by jamming light atoms in a plasma gas under intense heat and pressure to release massive amounts of energy. "We've made great progress, but plasmas are unstable, and we need to recreate the center of the sun on Earth," Wright told Reuters.

"Mozilla is introducing a new privacy framework for Firefox extensions that will require developers to disclose whether their add-ons collect or transmit user data..." reports the blog Linuxiac: The policy takes effect on November 3, 2025, and applies to all new Firefox extensions submitted to addons.mozilla.org. According to Mozilla's announcement, extension developers must now include a new key in their manifest.json files. This key specifies whether an extension gathers any personal data. Even extensions that collect nothing must explicitly state "none" in this field to confirm that no data is being collected or shared.

This information will be visible to users at multiple points: during the installation prompt, on the extension's listing page on addons.mozilla.org, and in the Permissions and Data section of Firefox's about:addons page. In practice, this means users will be able to see at a glance whether a new extension collects any data before they install it.

Slashdot reader joshuark writes: Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, according to a report from BleepingComputer. This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.

For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.

"This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," Microsoft says in a support document published Wednesday.

It is important to note that this may not take effect immediately and could require signing out and signing back in.

"Exxon Mobil sued California on Friday," reports Reuters, "challenging two state laws that require large companies to publicly disclose their greenhouse gas emissions and climate-related financial risks." In a complaint filed in the U.S. District Court for the Eastern District of California, Exxon argued that Senate Bills 253 and 261 violate its First Amendment rights by compelling Exxon to "serve as a mouthpiece for ideas with which it disagrees," and asked the court to block the state of California from enforcing the laws. Exxon said the laws force it to adopt California's preferred frameworks for climate reporting, which it views as misleading and counterproductive...

The California laws were supported by several big companies including Apple, Ikea and Microsoft, but opposed by several major groups such as the American Farm Bureau Federation and the U.S. Chamber of Commerce, which called them "onerous." SB 253 requires public and private companies that are active in the state and generate revenue of more than $1 billion annually to publish an extensive account of their carbon emissions starting in 2026. The law requires the disclosure of both the companies' own emissions and indirect emissions by their suppliers and customers. SB 261 requires companies that operate in the state with over $500 million in revenue to disclose climate-related financial risks and strategies to mitigate risk. Exxon also argued that SB 261 conflicts with existing federal securities laws, which already regul

"The First Amendment bars California from pursuing a policy of stigmatization by forcing Exxon Mobil to describe its non-California business activities using the State's preferred framing," Exxon said in the lawsuit.
Exxon Mobil "asks the court to prevent the laws from going into effect next year," reports the Associated Press: In its complaint, ExxonMobil says it has for years publicly disclosed its greenhouse gas emissions and climate-related business risks, but it fundamentally disagrees with the state's new reporting requirements. The company would have to use "frameworks that place disproportionate blame on large companies like ExxonMobil" for the purpose of shaming such companies, the complaint states...

A spokesperson for the office of California Gov. Gavin Newsom said in an email that it was "truly shocking that one of the biggest polluters on the planet would be opposed to transparency."

An anonymous reader quotes a report from Tom's Guide: Microsoft Teams is about to deal a heavy blow to those who like to work from home for peace and quiet. In a new feature update rolling out December 2025, the platform will track a worker's location using the office Wi-Fi, to see whether you're actually there or not. From a boss' perspective, this would eliminate any of that confusion as to where your team actually is. But for those people who have found their own sanctuary of peaceful productivity by working from home, consider this a warning that Teams is about to tattle on you. According to the Microsoft 365 roadmap: "When users connect to their organization's Wi-Fi, Teams will automatically set their work location to reflect the building they are working in." The location of that worker will apparently update automatically upon connecting.

It's set to launch on Windows and macOS, with rollout starting at the end of this year. "This feature will be off by default," notes Microsoft. But "tenant admins will decide whether to enable it and require end-users to opt-in."

The U.S. will expand the use of facial recognition technology to track non-citizens entering and leaving the country in order to combat visa overstays and passport fraud, according to a government document published on Friday. Reuters: A new regulation will allow U.S. border authorities to require non-citizens to be photographed at airports, seaports, land crossings and any other point of departure, expanding on an earlier pilot program.

Under the regulation, set to take effect on December 26, U.S. authorities could require the submission of other biometrics, such as fingerprints or DNA, it said. It also allows border authorities to use facial recognition for children under age 14 and elderly people over age 79, groups that are currently exempted. The tighter border rules reflect a broader effort by U.S. President Donald Trump to crack down on illegal immigration. While the Republican president has surged resources to secure the U.S.-Mexico border, he has also taken steps to reduce the number of people overstaying their visas.

Google and Apple face enforced changes to how they operate their mobile phone platforms, after the UK's competition watchdog ruled the companies require tougher regulatory oversight. From a report: The Competition and Markets Authority has conferred "strategic market status" (SMS) on the tech firms after investigating their mobile operating systems, app stores and browsers. It means Apple and Google will be subjected to tailormade guidelines to regulate their behaviour in the mobile market.

The CMA said the two companies have "substantial, entrenched" market power, with UK mobile phone owners using either Google or Apple's platforms and unlikely to switch between them. The regulator flagged the importance of their platforms to the UK economy and said they could be a bottleneck for businesses.

[...] Changes under consideration by the CMA include allowing users to be "steered" out of app stores to make purchases elsewhere, like on a company's own website. App developers have long taken issue with Apple and Google taking a cut from purchases made via apps. The CMA also wants both companies to ensure users have a "genuine choice" over the services they use on their devices, like digital wallets on Apple.

"Microsoft does everything in its power to keep Windows users under its control," warns the Free Software Foundation in a new blog post this week.

They argue that the lack of freedom that comes with proprietary code "forces users to surrender to decisions made by Microsoft to maximize its profits and further lock users into its product ecosystem" — describing both the problem and one possible solution: [IT management company Lansweeper] found that of the 30 million enterprise systems they manage, over 40% are incompatible with Windows 11. This is due to the hardware requirements like Treacherous Platform Module version 2.0 — a proprietary chip that uses cryptography that users can't influence or audit to restrict their control over the system.

The end of Windows 10 support is the perfect opportunity to break free from this cycle and switch to GNU/Linux operating system (GNU/Linux OS), a system that respects your freedom...

The endless, freedom-restricting cycle of planned obsolescence is not inevitable. Instead of paying Microsoft for continued updates or buying new hardware, Windows users left behind by Microsoft should install GNU/Linux. Free Software Foundation certified GNU/Linux distributions respect the user's freedom to run their computer as they wish, to study and modify its source code, and to redistribute copies. They don't require update contracts, often run faster on older hardware, and, most importantly, put you in control.
"If you're already a GNU/Linux user, you have an important role to play. Help your friends and family make the switch by sharing your knowledge, help them install a free-as-in-freedom OS. Show them what it means to have real control over their computing!"

Long-time Slashdot reader fjo3 shares an announcement from the U.S.-based nonprofit Consumer Reports: Protein powders still carry troubling levels of toxic heavy metals, according to a new Consumer Reports (CR) investigation. Our latest tests of 23 protein powders and ready-to-drink shakes from popular brands found that heavy metal contamination has become even more common among protein products, raising concerns that the risks are growing right alongside the industry itself. For more than two-thirds of the products we analyzed, a single serving contained more lead than CR's food safety experts say is safe to consume in a day — some by more than 10 times...

[I]n addition to the average level of lead being higher than what we found 15 years ago, there were also fewer products with undetectable amounts of it. The outliers also packed a heavier punch. Naked Nutrition's Vegan Mass Gainer powder, the product with the highest lead levels, had nearly twice as much lead per serving as the worst product we analyzed in 2010. Nearly all the plant-based products CR tested had elevated lead levels, but some were particularly concerning. Two had so much lead that CR's experts caution against using them at all... Dairy-based protein powders and shakes generally had the lowest amounts of lead, but half of the products we tested still had high enough levels of contamination that CR's experts advise against daily use...

Unlike prescription and over-the-counter drugs, the Food and Drug Administration doesn't review, approve, or test supplements like protein powders before they are sold. Federal regulations also don't generally require supplement makers to prove their products are safe, and there are no federal limits for the amount of heavy metals they can contain.
The article acknowledges that "Many of these powders are fine to have occasionally, and even those with the highest lead levels are far below the concentration needed to cause immediate harm. That said, because most people don't actually need protein supplements — nutrition experts say the average American already gets plenty — it makes sense to ask whether these products are worth the added exposure."

An anonymous reader quotes a report from The Register: Hyperscale datacenters stateside will consume 22 percent more grid power by the end of 2025 than a year ago, and are forecast to need nearly three times as much electricity by the end of the decade. Warnings about datacenters' rising energy draw are coming thick and fast of late, and this latest one from 451 Research (now a part of S&P Global) comes with figures and cautions about how fast this change may occur and what grid resources will be required to meet it.

The bit barn building boom is largely fueled by estimated demand for new machine learning models, which require highly configured servers packed with power-hungry GPUs to develop and train. The power and cooling infrastructure required also mean it is easier to build a new facility rather than attempt to retrofit an existing one. As a consequence, utility power to datacenters in America is estimated to jump 11.3 GW to 61.8 GW by the end of this year. 451 calculates this will rise again to 75.8 GW in 2026, then 108 GW in 2028, before hitting 134.4 GW by 2030. These figures also exclude enterprise-owned facilities, only considering those of the hyperscale tech giants such as Amazon, Apple, Google, Meta, and Microsoft, alongside leased and crypto-mining sites.

The research identifies Virginia and Texas as the two states with by far the highest requirement for bit barn energy supplies in the US this year. 451 forecasts that Virginia's datacenter load, made up of leased and hyperscale facilities, will reach 12.1 GW in 2025, up from 9.3 GW last year. In Texas, demand is driven by cryptomining and leased capacity, and is slated to hit 9.7 GW this year, from less than 8 GW previously. However, the search for an optimum location is seeing datacenter operators explore emerging markets such as Idaho, Louisiana, Oklahoma and smaller cities in West Texas, looking for "stranded power" and alternative energy generation opportunities, the report says.

An anonymous reader quotes a report from Ars Technica: Texas is being sued by a Big Tech lobby group over the state's new law that will require app stores to verify users' ages and impose restrictions on users under 18. "The Texas App Store Accountability Act imposes a broad censorship regime on the entire universe of mobile apps," the Computer & Communications Industry Association (CCIA) said yesterday in a lawsuit (PDF). "In a misguided attempt to protect minors, Texas has decided to require proof of age before anyone with a smartphone or tablet can download an app. Anyone under 18 must obtain parental consent for every app and in-app purchase they try to download -- from ebooks to email to entertainment."

The CCIA said in a press release that the law violates the First Amendment by imposing "a sweeping age-verification, parental consent, and compelled speech regime on both app stores and app developers." When app stores determine that a user is under 18, "the law prohibits them from downloading virtually all apps and software programs and from making any in-app purchases unless their parent consents and is given control over the minor's account," the CCIA said. "Minors who are unable to link their accounts with a parent's or guardian's, or who do not receive permission, would be prohibited from accessing app store content."

The law requires app developers "to 'age-rate' their content into several subcategories and explain their decision in detail," and "notify app stores in writing every time they improve or modify the functions, features, or user experience of their apps," the group said. The lawsuit says the age-rating system relies on a "vague and unworkable set of age categories." "Our Constitution forbids this," the lawsuit said. "None of our laws require businesses to 'card' people before they can enter bookstores and shopping malls. The First Amendment prohibits such oppressive laws as much in cyberspace as it does in the physical world." The lawsuit was filed in US District Court for the Western District of Texas. CCIA members include Apple and Google, which have both said the law would reduce privacy for app users. The companies recently described their plans to comply, saying they would take steps to minimize the privacy risks.

Longtime Slashdot reader Gadi Evron writes: Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their IEEE Security & Privacy essay, they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start. "Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption."

"Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."

Generative AI models trained on internet data lack exposure to vast domains of human knowledge that remain undigitized or underrepresented online. English dominates Common Crawl with 44% of content. Hindi accounts for 0.2% of the data despite being spoken by 7.5% of the global population. Tamil represents 0.04% despite 86 million speakers worldwide. Approximately 97% of the world's languages are classified as "low-resource" in computing.

A 2020 study found 88% of languages face such severe neglect in AI technologies that bringing them up to speed would require herculean efforts. Research on medicinal plants in North America, northwest Amazonia and New Guinea found more than 75% of 12,495 distinct uses of plant species were unique to just one local language. Large language models amplify dominant patterns through what researchers call "mode amplification." The phenomenon narrows the scope of accessible knowledge as AI-generated content increasingly fills the internet and becomes training data for subsequent models.

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator.

"First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content."

The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say. The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."

"California Governor Gavin Newsom signed the 'California Opt Me Out Act', which will require web browsers to include an easy, universal way for users to opt out of data collection and sales," reports the blog 9to5Mac: [The law] requires browsers to provide a clear, one-click mechanism for Californians to opt out of data sharing across websites. The bill reads: "A business shall not develop or maintain a browser that does not include functionality configurable by a consumer that enables the browser to send an opt-out preference signal to businesses with which the consumer interacts through the browser...." Californians will need patience, though, as the law doesn't take effect until January 1, 2027.
Americans in some states — including California, Texas, Colorado, New Jersey and Maryland — "have the option to make those opt-out demands automatic whenever they surf the web," reports the Washington Post. "But they can only do so if they use small browsers that voluntarily offer that option, such as DuckDuckGo, Firefox and Brave. What's new in California's law is that all browsers must give people the same option." That means soon in California, just using Google's Chrome, Apple's Safari and Microsoft's Edge can command companies not to sell your data or pass it along for ad targeting... It's an imperfect but potent and simple way to flex privacy rights — and becomes even more powerful with another simple privacy measure in California. Starting on January 1, California residents can fill out an online form once to completely and repeatedly wipe their data from hundreds of data brokers that package your personal information for sale.
But their article also suggests other ways readers can "try a one-click privacy option now."

• "[S]ome national companies respect one-click privacy opt-out requests from everyone... This happens automatically if you use DuckDuckGo and Brave. You need to change a setting with Firefox."

• "Download Privacy Badger: The software from the Electronic Frontier Foundation, a consumer privacy advocacy group, works in the background to order websites not to sell information they're collecting about you."

• "Use Permission Slip from Consumer Reports. Give the app basic information, and it will help you do much of the legwork to tell companies not to sell your information or to delete it, if you have the right to do so."

An anonymous reader shares a report: Control of NSO Group is set to leave Israeli hands. A group of American investors led by Hollywood producer Robert Simonds has agreed to acquire the controversial spyware developer in a deal valued at several tens of millions of dollars. The transaction is expected to be signed in the coming days, though its completion will require approval from Israel's Defense Export Control Agency (DECA) at the Ministry of Defense.

Since March 2023, NSO's shares have been held by a Luxembourg-based holding company wholly owned by founder Omri Lavie. The company's lender syndicate, which had extended roughly $500 million in loans to finance a share buyback from the private equity fund Francisco Partners, transferred ownership to Lavie following the restructuring.

Verizon is acquiring Starry, the struggling wireless ISP that beams high-speed internet via millimeter-wave antennas. The company said the acquisition "advances" its ability to offer high-speed internet in apartments, condominiums, and other multi-dwelling units. The Verge reports: Starry made its debut in Boston in 2016, offering gigabit speeds via its unconventional approach to internet connectivity. Instead of carrying connectivity across a web of wires -- which are expensive and time-consuming to deploy -- Starry beams its internet service from a larger antenna into homes via high-speed, short-range mmWave broadcasts. The challenge with those broadcasts is that Starry connections generally require an uninterrupted line of sight between the transmitter and the receiver, as mmWave signals can be easily blocked.

In recent years, Starry has run into trouble, with the company laying off half of its workers in 2022 and filing for bankruptcy in 2023. It also pulled out of one of its markets, Columbus, Ohio, leaving Starry with nearly 100,000 customers across Boston, Denver, Los Angeles, New York City, and Washington, DC. It sounds like Starry's tech will end up getting used by Verizon. Through the acquisition, Verizon plans on expanding its ability to deliver internet connectivity in urban locations, building on its 5G home internet and growing fiber footprint. Verizon expects the deal to close in 2026, subject to regulatory approval. "Verizon is uniquely positioned to accelerate this expansion because of its significant fiber backbone and extensive holdings of mmWave spectrum," the company said in its press release.

XXongo writes: A New York times article suggests that merging the diagnosis of Asperger's syndrome into the Autism diagnosis in 2013, thus creating the "autism spectrum disorder," was not helpful (paywalled; alternative source). That broadening of the diagnosis, along with the increasing awareness of the disorder, is largely responsible for the steep rise in autism cases that Health Secretary Robert F. Kennedy Jr. has called "an epidemic" and has attributed to theories of causality that mainstream scientists reject, like vaccines and, more recently, Tylenol. But the same diagnosis now applies to both people who are non-verbal, frequently engage in self-destructive behavior such as pounding their heads against the floor, and may require full-time care, but also to people who are merely somewhat socially awkward, possibly engage in repetitive behaviors, and have a narrow range of interests. "Everything changed when we included Asperger's [in the diagnosis of autism]," said Dr. Eric Fombonne, a psychiatrist and researcher at Oregon Health & Science University. He noted that in the earliest studies of autism rates, 75% of people with the diagnosis had intellectual disabilities. Now, only about a third do.

An anonymous reader shares a report: YouTube megastar Jimmy Donaldson, the creator behind the platform's biggest channel MrBeast, is worried there are "scary times" ahead for the creator economy as AI video tools make it increasingly difficult to tell what is real.

"When AI videos are just as good as normal videos, I wonder what that will do to YouTube and how it will impact the millions of creators currently making content for a living.. scary times," Donaldson said on X on Sunday. Donaldson's concerns come on the heels of OpenAI's release of a Sora social media platform able to AI generated short-form videos, including of individuals who "upload" themselves onto the app. Meta launched its similar video-generating Vibes platform last month.