Newsweek points out that a Chinese government post arguing the bill is "on the wrong side of fair competition" was flagged by users on X. "TikTok is banned in the People's Republic of China," the X community note read. (The BBC reports that "Instead, Chinese users use a similar app, Douyin, which is only available in China and subject to monitoring and censorship by the government.")

Newsweek adds that China "has also blocked access to YouTube, Facebook, Instagram, and Google services. X itself is also banned — though Chinese diplomats use the microblogging app to deliver Beijing's messaging to the wider world."

From the Wall Street Journal: Among the top concerns for [U.S.] intelligence leaders is that they wouldn't even necessarily be able to detect a Chinese influence operation if one were taking place [on TikTok] due to the opacity of the platform and how its algorithm surfaces content to users. Such operations, FBI director Christopher Wray said this week in congressional testimony, "are extraordinarily difficult to detect, which is part of what makes the national-security concerns represented by TikTok so significant...."

Critics of the bill include libertarian-leaning lawmakers, such as Sen. Rand Paul (R., Ky.), who have decried it as a form of government censorship. "The Constitution says that you have a First Amendment right to express yourself," Paul told reporters Thursday. TikTok's users "express themselves through dancing or whatever else they do on TikTok. You can't just tell them they can't do that." In the House, a bloc of 50 Democrats voted against the bill, citing concerns about curtailing free speech and the impact on people who earn income on the app. Some Senate Democrats have raised similar worries, as well as an interest in looking at a range of social-media issues at rival companies such as Meta Platforms.

"The basic idea should be to put curbs on all social media, not just one," Sen. Elizabeth Warren (D., Mass.) said Thursday. "If there's a problem with privacy, with how our children are treated, then we need to curb that behavior wherever it occurs."
Some context from the Columbia Journalism Review: Roughly one-third of Americans aged 18-29 regularly get their news from TikTok, the Pew Research Center found in a late 2023 survey. Nearly half of all TikTok users say they regularly get news from the app, a higher percentage than for any other social media platform aside from Twitter.

Almost 40 percent of young adults were using TikTok and Instagram for their primary Web search instead of the traditional search engines, a Google senior vice president said in mid-2022 — a number that's almost certainly grown since then. Overall, TikTok claims 150 million American users, almost half the US population; two-thirds of Americans aged 18-29 use the app.
Some U.S. politicians believe TikTok "radicalized" some of their supporters "with disinformation or biased reporting," according to the article.

Meanwhile in the Guardian, a Duke University law professor argues "this saga demands a broader conversation about safeguarding democracy in the digital age." The European Union's newly enacted AI act provides a blueprint for a more holistic approach, using an evidence- and risk-based system that could be used to classify platforms like TikTok as high-risk AI systems subject to more stringent regulatory oversight, with measures that demand transparency, accountability and defensive measures against misuse.
Open source advocate Evan Prodromou argues that the TikTok controversy raises a larger issue: If algorithmic curation is so powerful, "who's making the decisions on how they're used?" And he also proposes a solution.

"If there is concern about algorithms being manipulated by foreign governments, using Fediverse-enabled domestic software prevents the problem."

"Workers at an Amazon air hub in Kentucky celebrated a victory Thursday," reports the Washington Post, "after federal labor regulators found that Amazon violated labor law by trying to prevent workers there from unionizing." The employees have been demanding higher pay, more flexible schedules and safer working conditions since 2022. After a months-long investigation, the National Labor Relations Board issued a complaint against Amazon last week, alleging the e-commerce behemoth illegally attempted to curtail those efforts by interrogating workers, threatening to call the police on them and demoting workers involved in union organizing.

The complaint is a victory for union organizers at a crucial air cargo hub in Kentucky who have been alleging that Amazon has been unfairly interfering with their unionization efforts there for months.... Amazon workers at various sites around the country have been trying to unionize for years, with little to show for it. Many have accused Amazon of using illegal tactics to discourage workers from supporting unions — more than 240 such charges have been filed with the labor board, workers said... Amazon employee Marcio Rodriguez said he was threatened with termination for his union-organizing activity along with 10 co-workers. For two weeks, Rodriguez said, Amazon management would "show up to where I was working out on the ramp in front of my co-workers in a truck and take me to the HR office," where they would interrogate him...

Amazon workers in Kentucky are seeking to form Amazon Labor Union, an independent but associated branch of the group that won a historic victory at an Amazon warehouse on Staten Island in 2021. Lawyers for the union there are still battling Amazon, which has yet to come to the bargaining table and continues to argue that the NLRB unfairly sided with workers during that election. More recently, the company has argued in another New York case that the National Labor Relations Board itself is structured unconstitutionally, following legal arguments set forth by lawyers for SpaceX and Trader Joe's...

Amazon is scheduled to appear at a hearing before labor regulators regarding its alleged anti-union activities in Kentucky on April 22.

When it comes to TikTok, "The Chinese government is signaling that it won't allow a forced sale..." reported the Wall Street Journal Friday, "limiting options for the app's owners as buyers begin lining up to bid for its U.S. operations..."

"They have also sent signals to TikTok's owner, Beijing-based ByteDance, that company executives have interpreted as meaning the government would rather the app be banned in the U.S. than be sold, according to people familiar with the matter."

But that's not always how it plays out. McClatchy notes that in 2019 the Committee on Foreign Investment in the U.S. ordered Grindr's Chinese owners to relinquish control of Grindr. "A year later, the Chinese owners voluntarily complied and sold the company to San Vicente Acquisition, incorporated in Delaware, for around $608 million, according to Forbes."

And CNN reminds us that the world's most-populous country already banned TikTok more than three years ago: In June 2020, after a violent clash on the India-China border that left at least 20 Indian soldiers dead, the government in New Delhi suddenly banned TikTok and several other well-known Chinese apps. "It's important to remember that when India banned TikTok and multiple Chinese apps, the US was the first to praise the decision," said Nikhil Pahwa, the Delhi-based founder of tech website MediaNama. "[Former] US Secretary of State Mike Pompeo had welcomed the ban, saying it 'will boost India's sovereignty.'"

While India's abrupt decision shocked the country's 200 million TikTok users, in the four years since, many have found other suitable alternatives. "The ban on Tiktok led to the creation of a multibillion dollar opportunity ... A 200 million user base needed somewhere to go," said Pahwa, adding that it was ultimately American tech companies that seized the moment with their new offerings... Within a week of the ban, Meta-owned Instagram cashed in by launching its TikTok copycat, Instagram Reels, in India. Google introduced its own short video offering, YouTube Shorts. Homegrown alternatives such as MX Taka Tak and Moj also began seeing a rise in popularity and an infux in funding. Those local startups soon fizzled out, however, unable to match the reach and financial firepower of the American firms, which are flourishing.
In fact, at the time India "announced a ban on more than 50 Chinese apps," remembers the Washington Post, adding that Nepal also announced a ban on TikTok late last year.

Their article points out that TikTok has also been banned by top EU policymaking bodies, while "Government staff in some of the bloc's 27 member states, including Belgium, Denmark and the Netherlands, have also been told not to use TikTok on their work phones." Canada banned TikTok from all government-issued phones in February 2023, after similar steps in the United States and the European Union.... Britain announced a TikTok ban on government ministers' and civil servants' devices last year, with officials citing the security of state information. Australia banned TikTok from all federal government-owned devices last year after seeking advice from intelligence and security agencies.
A new EFF web page warns that America's new proposed ban on TikTok could also apply to apps like WeChat...

Google announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list -- all without sharing your browsing habits with Google. From a report: Previously, Chrome downloaded a list of known sites that harbor malware, unwanted software and phishing scams once or twice per hour. Now, Chrome will move to a system that will send the URLs you are visiting to its servers and check against a rapidly updated list there. The advantage of this is that it doesn't take up to an hour to get an updated list because, as Google notes, the average malicious site doesn't exist for more than 10 minutes.

The company claims that this new server-side system can catch up to 25 percent more phishing attacks than using local lists. These local lists have also grown in size, putting more of a strain on low-end machines and low-bandwidth connections. Google is rolling out this new system to desktop and iOS users now, with Android support coming later this month.

An anonymous reader quotes a report from The Guardian: Underwater speakers that broadcast the hustle and bustle of thriving coral could bring life back to more damaged and degraded reefs that are in danger of becoming ocean graveyards, researchers say. Scientists working off the US Virgin Islands in the Caribbean found that coral larvae were up to seven times more likely to settle at a struggling reef where they played recordings of the snaps, groans, grunts and scratches that form the symphony of a healthy ecosystem. "We're hoping this may be something we can combine with other efforts to put the good stuff back on the reef," said Nadeege Aoki at the Woods Hole Oceanographic Institution in Massachusetts. "You could leave a speaker out for a certain amount of time and it could be attracting not just coral larvae but fish back to the reef."

The world has lost half its coral reefs since the 1950s through the devastating impact of global heating, overfishing, pollution, habitat loss and outbreaks of disease. The hefty declines have fueled efforts to protect remaining reefs through approaches that range from replanting with nursery-raised corals to developing resilient strains that can withstand warming waters. Aoki and her colleagues took another tack, building on previous research which showed that coral larvae swim towards reef sounds. They set up underwater speakers at three reefs off St John, the smallest of the US Virgin Islands, and measured how many coral larvae, held in sealed containers of filtered sea water, settled on to pieces of rock-like ceramic in the containers up to 30 meters from the speakers.

While the researchers installed speakers at all three sites, they only played sounds from a thriving reef at one: the degraded Salt Pond reef, which was bathed in the marine soundscape for three nights. The other two sites, the degraded Cocoloba and the healthier Tektite reefs were included for comparison. When coral larvae are released into the water column they are carried on the currents, and swim freely, before finding a spot to settle. Once they drop to the ocean floor, they become fixed to the spot and -- if they survive -- mature into adults. Writing in the Royal Society Open Science journal, the researchers describe how, on average, 1.7 times more coral larvae settled at the Salt Pond reef than at the other sites where no reef sounds were played. The settlement rates at Salt Pond dropped with distance from the speaker, suggesting the broadcasts were responsible. While the results are promising, Aoki said more work is afoot to understand whether other coral species respond to reef sounds in the same way, and whether the corals thrive after settling. "You have to be very thoughtful about the application of this technology," Aoki added. "You don't want to encourage them to settle where they will die. It really has to be a multi-pronged effort with steps in place to ensure the survival of these corals and their growth over time."

Contributors from Apple, Google, Microsoft, and Mozilla, writing for BrowserBench: Since the initial version of the Speedometer benchmark was released in 2014 by the WebKit team, it has become a key tool for browser engines to drive performance optimizations as users and developers continue to demand richer and smoother experiences online.

We're proud to release Speedometer 3.0 today as a collaborative effort between the three major browser engines: Blink, Gecko, and WebKit. Like previous releases (Speedometer 2 in 2018 and Speedometer 1 in 2014), it's designed to measure web application responsiveness by simulating user interactions on real web pages. Today's release of Speedometer 3.0 marks a major step forward in web browser performance testing: it introduces a better way of measuring performance and a more representative set of tests that reflect the modern Web.

This is the first time the Speedometer benchmark, or any major browser benchmark, has been developed through a cross-industry collaboration supported by each major browser engine: Blink/V8, Gecko/SpiderMonkey, and WebKit/JavaScriptCore. It's been developed under a new governance model, driven by consensus, and is hosted in a shared repository that's open to contribution. This new structure involves a lot of collective effort: discussions, research, debates, decisions, and hundreds of PRs since we announced the project in December 2022.

Speedometer 3 adds many new tests. We started designing this new benchmark by identifying some key scenarios and user interactions that we felt were important for browsers to optimize. In particular, we added new tests that simulate rendering canvas and SVG charts (React Stockcharts, Chart.js, Perf Dashboard, and Observable Plot), code editing (CodeMirror), WYSIWYG editing (TipTap), and reading news sites (Next.js and Nuxt.js).

Over 15,000 Roku customers were hacked and used to make fraudulent purchases of hardware and streaming subscriptions. According to BleepingComputer, the threat actors were "selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases." From the report: On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack. A credential stuffing attack is when threat actors collect credentials exposed in data breaches and then attempt to use them to log in to other sites, in this case, Roku.com. The company says that once an account was breached, it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses. This effectively locked a user out of the account, allowing the threat actors to make purchases using stored credit card information without the legitimate account holder receiving order confirmation emails.

"It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts," reads the data breach notice. "As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. "After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions." Roku says that it secured the impacted accounts and forced a password reset upon detecting the incident. Additionally, the platform's security team investigated for any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.

A researcher told BleepingComputer last week that the threat actors have been using a Roku config to perform credential stuffing attacks for months, bypassing brute force attack protections and captchas by using specific URLs and rotating through lists of proxy servers. Successfully hacked accounts are then sold on stolen account marketplaces for as little as 50 cents, as seen below where 439 accounts are being sold. The seller of these accounts provides information on how to change information on the account to make fraudulent purchases. Those who purchase the stolen accounts hijack them with their own information and use stored credit cards to purchase cameras, remotes, soundbars, light strips, and streaming boxes. After making their purchases, it is common for them to share screenshots of redacted order confirmation emails on Telegram channels associated with the stolen account marketplaces.

An anonymous reader shared this story from the New York Times: Into the depleted field of journalism in America, a handful of websites have appeared in recent weeks with names suggesting a focus on news close to home: D.C. Weekly, the New York News Daily, the Chicago Chronicle and a newer sister publication, the Miami Chronicle. In fact, they are not local news organizations at all. They are Russian creations, researchers and government officials say, meant to mimic actual news organizations to push Kremlin propaganda by interspersing it among an at-times odd mix of stories about crime, politics and culture.

While Russia has long sought ways to influence public discourse in the United States, the fake news organizations — at least five, so far — represent a technological leap in its efforts to find new platforms to dupe unsuspecting American readers. The sites, the researchers and officials said, could well be the foundations of an online network primed to surface disinformation ahead of the American presidential election in November...

The Miami Chronicle's website first appeared on Feb. 26. Its tagline falsely claims to have delivered "the Florida News since 1937."

Amid some true reports, the site published a story last week about a "leaked audio recording" of Victoria Nuland, the U.S. under secretary of state for political affairs, discussing a shift in American support for Russia's beleaguered opposition after the death of the Russian dissident Aleksei A. Navalny. The recording is a crude fake, according to administration officials who would speak only anonymously to discuss intelligence matters.
From the Raw Story: The network was discovered by Clemson University's Media Forensics Hub by researchers Patrick Warren and Darren Linvill, who tell the Times that its websites are designed to lend journalistic credibility to slickly produced propaganda. "The page is just there to look realistic enough to fool a casual reader into thinking they're reading a genuine, U.S.-branded article," Linvill told the Times.

An article in Inc notes a "wild projection" in Reddit's SEC filing that Reddit's global market opportunity by 2027 is $1.4 trillion." Some of the numbers lead back to a single individual: Sam Altman. The co-founder and chief executive of ChatGPT-maker OpenAI owns an 8.7 percent stake in Reddit, more than its co-founder and CEO, Steve Huffman, who owns 3.3 percent... Altman, through various funds and holding companies he owns or manages, controls more than a million shares of Reddit at $60 million in aggregate purchase price — and holds more than 9 percent of voting rights...

Discussing Reddit's future, financial analyst and journalist Herb Greenberg recently told CNBC, "This is an AI play."
But the senior investing editor for Kiplinger.com argues that retail investors "may want to hold tight before rushing out to buy the Reddit IPO." While IPO stocks tend to have strong first-day showings, returns for the first year are generally weak, says the team of analysts at Trivariate Research, a market research firm based in New York. And since 2020, "the average IPO has lagged its industry average by 30% over the subsequent three years following its first closing price..."

Other commenters have noted that Reddit's allotment of shares to select Redditors could lower demand on the first day of trading, which would work against any IPO pop.
"Over the past few years, there have been a bunch of IPOs in the U.S. in which overhyped names enjoyed flashy stock-market debuts only to drop sharply soon after," notes the Street. Notable examples include Coinbase, which plummeted by almost 90% after its debut, Robinhood, still down 53% since its IPO, and Rivian, down over 91% since its debut. However, it's crucial to note that all of these IPOs occurred in 2021 amid market euphoria fueled by low interest rates, significant economic stimulus, and the lingering effects of the Covid-19 pandemic. Although the current macroeconomic landscape differs from three years ago, valuations of tech and growth stocks remain stretched.
Kiplingers.com concludes it "boils down to your own personal investing goals and risk tolerance. If you do decide to buy Reddit stock when it first begins trading, do so in a small amount that you can afford to lose."

But they also cite analysis from David Trainer, CEO of New Constructs, a research firm powered by artificial intelligence. "Reddit's IPO marks the return of the junk IPO," Trainer wrote in Forbes. "[The valuation] implies that Reddit will grow its user base to 26 times current levels, which would be nearly five times the size of [Snapchat-maker] Snap, and a highly unlikely feat. Reddit looks overvalued, and we think investors should pass on this IPO."

Trainer writes: [T]he company has never been profitable and should not be a publicly traded company... I think the company may never monetize its platform without angering its users and the entire premise of Reddit is user-generated content. This business model is inescapably built on a catch-22: make money or please users... Reddit looks overvalued, and I think investors should pass on this IPO.
Buyers and analysts told the site Marketing Brew "that they see the platform as nice-to-have, but that it is not an essential part of their media plans, like Meta or Google are." "They've always been solidly in the second or third tier of social networks," alongside Snap, Pinterest, and X, Brian Wieser, a former GroupM exec who's now author of the industry newsletter Madison and Wall, told Marketing Brew.
Yet Trainer notes that "98% of Reddit's revenue in 2023 came from third-party advertising on the site and 28% of all revenue came from ten customers," and "Reddit's cost of revenue, sales & marketing, general & administrative, and research & development costs were 117% of revenue in 2023."

Trainer concludes "Reddit is nowhere near breakeven. Reddit is an unprofitable social media company fighting for users."

Bloomberg adds that the subreddit r/WallStreetBets "has threatened to bet against the stock, with many people noting that the company still loses money two decades into its existence. (Reddit lost $90.8 million last year, down from $158.6 million the year before.)" Some have complained that the invitation to invest fails to make up for the unpaid labor they've invested making the site work... In 2021 the platform's WallStreetBets forum ignited a meme-stock frenzy, propelling skyward the stocks of nostalgic but struggling companies like GameStop Corp. and AMC Entertainment Holdings Inc. and sending shockwaves through the financial industry... When it goes public, the platform that invented meme stocks runs the risk of becoming one itself.

Reddit noted the possibility as a risk in its IPO filing. "Given the broad awareness and brand recognition of Reddit, including as a result of the popularity of r/wallstreetbets among retail investors," the company warned that its stock could "experience extreme volatility ... which could cause you to lose all or part of your investment if you are unable to sell your shares at or above the initial offering price."

Users on WallStreetBets got a kick out of the fact that the company listed the forum as a risk factor, posting about it with a sly smiling emoji...
Meanwhile, reports that marketers are infiltrating subreddits have been confirmed. Over 200 businesses have "integrated Reddit Pro into their digital strategies," reports Search Engine Land, including "well-known names such as Taco Bell, the NFL, and The Wall Street Journal...

"During the initial alpha testing phase with approximately 20 businesses, Reddit reported its Pro partners, on average, generated 11 additional posts and comments per month."

An anonymous reader quotes a report from Android Police: Seven years ago, Google announced that it would phase out all Chrome apps on Windows, Mac, and Linux by 2018 (it would actually take until 2023). In its place would be what the company called Progressive Web Apps (PWAs), web apps that can be installed on a user's desktop that act as if they are practically natural apps and programs. The idea grew quickly, with Chrome users having installed PWAs in record numbers by the beginning of 2022. Soon, every website will be installable on desktops through PWAs.

In Chrome Canary (the daily build version of Google Chrome and typically a couple of versions ahead of the stable build), websites can now be installed on desktops. As part of the latest daily build, Google has added an "Install page as app" option to the "Save and share" submenu on the desktop version (via @Leopeva64 on X). This makes clicking the app -- which is just the website made to look and feel like a native app -- always open in its own window. Sites that already have their own PWAs, like YouTube or Reddit, have been prompting users to install them for a while now and will have their "Install page as app" function actually showing the name of the site. For example, YouTube's entry will show as "Install YouTube." In February, it became possible to enable the flags necessary to make any website into a PWA, but it seems to have just now become fully implemented.

In a first-of-its-kind prosecution, a California man was arrested and charged Monday with allegedly smuggling potent, greenhouse gases from Mexico. From a report: Michael Hart, a 58-year-old man from San Diego, pleaded not guilty to smuggling hydrofluorocarbons, or HFCs -- commonly used in air conditioning and refrigeration -- and selling them for profit, in a federal court hearing Monday. According to the indictment, Hart allegedly purchased the HFCs in Mexico and smuggled them into the US in the back of his truck, concealed under a tarp and tools. He is then alleged to have sold them for a profit on sites including Facebook Marketplace and OfferUp. [...] Hart has pleaded not guilty to 13 charges including conspiracy, importation contrary to law and sale of merchandise imported contrary to law. The charges carry potential prison sentences ranging from five to 20 years.

HFCs, which are also used in building insulation, fire extinguishing systems and aerosols, are banned from import into the US without permission from the Environmental Protection Agency. These greenhouse gases are short-lived in the atmosphere," but powerful -- some are thousands of times more potent than carbon dioxide in the near-term. "The illegal smuggling of hydrofluorocarbons, a highly potent greenhouse gas, undermines international efforts to combat climate change," said David M. Uhlmann, the assistant administrator for the EPA's Office of Enforcement and Compliance Assurance. "Anyone who seeks to profit from illegal actions that worsen climate change must be held accountable," he added. "Today is a significant milestone for our country," said US Attorney Tara McGrath in a statement. "This is the first time the Department of Justice is prosecuting someone for illegally importing greenhouse gases, and it will not be the last."

Piracy was traditionally seen as something that predominantly young males were interested in. This is a largely outdated representation of reality, as girls and women began to catch up a long time ago. In some countries, including Indonesia, more women pirate music, movies, and TV-shows than their male counterparts. TorrentFreak reports: [N]ew findings published by researchers from Northumbria University Newcastle, which include gender, are worth highlighting. The survey data, looking at piracy trends in Thailand and Indonesia, was released by Marketing professor Dr. Xuemei Bian and Ms. Humaira Farid. The results were presented to WIPO's Advisory Committee on Enforcement recently and the associated presentation (PDF) was published online. Through an online survey and in-person interviews, the research aims to map consumer attitudes and behaviors in Indonesia and Thailand, particularly in connection with online copyright infringement.

One of the overall conclusions is that piracy remains a common activity in both Asian countries. Pirates are present in all age groups but and music, movies en TV-shows tend to be in highest demand and younger people. Those under 40, are more likely to pirate than their older counterparts. These findings are not out of the ordinary and the same trends are visible in other countries too. Interestingly, however, some notable differences between the two countries appear when gender is added to the mix. The tables below show that women are more likely to pirate than men in Indonesia. This is true for all content categories, except for software, where men are slightly in the lead. In Thailand, however, men are more likely to pirate across all categories. The researchers do not attempt to explain these differences. However, they show once again that 'dated' gender stereotypes don't always match with reality. And when they have little explanatory value, one can question whether gender is even relevant in a piracy context.

Looking at other differences between Thai and Indonesian consumers there are some other notable findings. For example, in Indonesia, 64% of the respondents say they're aware of the availability of pirated movies and TV-shows on YouTube, compared to 'just' 32% in Thailand. Indonesian consumers are also more familiar with music piracy sites and pirate much more frequently than Thai consumers, as the table below shows. Finally, the researchers also looked at various attitudes toward piracy. This shows that Thai pirates would be most likely to stop if legal services were more convenient, while Indonesian pirates see cheaper legal services as the largest discouraging factor.

Long-time Slashdot reader Greymane shared this article from Wired: [I]n a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers has created one of what they claim are the first generative AI worms — which can spread from one system to another, potentially stealing data or deploying malware in the process. "It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn't been seen before," says Ben Nassi, a Cornell Tech researcher behind the research. Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the Internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages — breaking some security protections in ChatGPT and Gemini in the process...in test environments [and not against a publicly available email assistant]...

To create the generative AI worm, the researchers turned to a so-called "adversarial self-replicating prompt." This is a prompt that triggers the generative AI model to output, in its response, another prompt, the researchers say. In short, the AI system is told to produce a set of further instructions in its replies... To show how the worm can work, the researchers created an email system that could send and receive messages using generative AI, plugging into ChatGPT, Gemini, and open source LLM, LLaVA. They then found two ways to exploit the system — by using a text-based self-replicating prompt and by embedding a self-replicating prompt within an image file.

In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which "poisons" the database of an email assistant using retrieval-augmented generation (RAG), a way for LLMs to pull in extra data from outside its system. When the email is retrieved by the RAG, in response to a user query, and is sent to GPT-4 or Gemini Pro to create an answer, it "jailbreaks the GenAI service" and ultimately steals data from the emails, Nassi says. "The generated response containing the sensitive user data later infects new hosts when it is used to reply to an email sent to a new client and then stored in the database of the new client," Nassi says. In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others. "By encoding the self-replicating prompt into the image, any kind of image containing spam, abuse material, or even propaganda can be forwarded further to new clients after the initial email has been sent," Nassi says.

In a video demonstrating the research, the email system can be seen forwarding a message multiple times. The researchers also say they could extract data from emails. "It can be names, it can be telephone numbers, credit card numbers, SSN, anything that is considered confidential," Nassi says.
The researchers reported their findings to Google and OpenAI, according to the article, with OpenAI confirming "They appear to have found a way to exploit prompt-injection type vulnerabilities by relying on user input that hasn't been checked or filtered." OpenAI says they're now working to make their systems "more resilient."

Google declined to comment on the research.

Americans filing their taxes could face privacy threats, reports the Washington Post: "We just need your OK on a couple of things," TurboTax says as you prepare your tax return.

Alarm bells should be ringing in your head at the innocuous tone.

This is where America's most popular tax-prep website asks you to sign away the ironclad privacy protections of your tax return, including the details of your income, home mortgage and student loan payments. With your permission to blab your money secrets, the company earns extra income from showing you advertisements for the next three years for things like credit cards and mortgage offers targeted to your financial situation.

You have the legal right to say no when TurboTax asks for your permission to "share your data" or use your tax information to "improve your experience...."
The article complains that granting permission allows TurboTax to share details with "sibling" companies "such as your salary, the amount of your tax refund, whether you received a tax break for student loans and the day you printed your tax return..."

"You'll see that permission request once near the beginning of the tax prep process. If you skip it then, you'll see the same screen again near the end. You'll have to say yes or no..." This is part of the corporate arms race for your personal data. Everyone including the grocery store, your apps and the manufacturer of your car are gobbling information to profit from details of your life. With TurboTax, though, you have the power to refuse to participate...

TurboTax and the online tax prep service from H&R Block have been asking every year to blab your tax return. We've cautioned you about it for each of the past two tax filing seasons. (I focused only on TurboTax this year.)

In 2005 Gabe Rivera was a compiler software engineer at Intel — before starting the tech-news aggregator Techmeme. And last year his Threads profile added the words "This is a little self-serving, but I want all social networks to be as open as possible."

Friday Threads engineer Jesse Chen posted that it was Rivera's post when Threads launched asking for an API that "convinced us to go for it." And Techmeme just made its first post using the API, according to Chen. The Verge reports : Threads plans to release its API by the end of June after testing it with a limited set of partners, including Hootsuite, Sprinklr, Sprout Social, Social News Desk, and Techmeme. The API will let developers build third-party apps for Threads and allow sites to publish directly to the platform.
More from TechCrunch: Engineer Jesse Chen posted that the company has been building the API for the past few months. The API currently allows users to authenticate, publish threads and fetch the content they post through these tools. "Over the past few months, we've been building the Threads API to enable creators, developers, and brands to manage their Threads presence at scale and easily share fresh, new ideas with their communities from their favorite third-party applications," he said...

The engineer added that Threads is looking to add more capabilities to APIs for moderation and insights gathering.

Wikipedia has downgraded tech website CNET's reliability rating following extensive discussions among its editors regarding the impact of AI-generated content on the site's trustworthiness. "The decision reflects concerns over the reliability of articles found on the tech news outlet after it began publishing AI-generated stories in 2022," adds Ars Technica. Futurism first reported the news. From the report: Wikipedia maintains a page called "Reliable sources/Perennial sources" that includes a chart featuring news publications and their reliability ratings as viewed from Wikipedia's perspective. Shortly after the CNET news broke in January 2023, Wikipedia editors began a discussion thread on the Reliable Sources project page about the publication. "CNET, usually regarded as an ordinary tech RS [reliable source], has started experimentally running AI-generated articles, which are riddled with errors," wrote a Wikipedia editor named David Gerard. "So far the experiment is not going down well, as it shouldn't. I haven't found any yet, but any of these articles that make it into a Wikipedia article need to be removed." After other editors agreed in the discussion, they began the process of downgrading CNET's reliability rating.

As of this writing, Wikipedia's Perennial Sources list currently features three entries for CNET broken into three time periods: (1) before October 2020, when Wikipedia considered CNET a "generally reliable" source; (2) between October 2020 and present, when Wikipedia notes that the site was acquired by Red Ventures in October 2020, "leading to a deterioration in editorial standards" and saying there is no consensus about reliability; and (3) between November 2022 and January 2023, when Wikipedia considers CNET "generally unreliable" because the site began using an AI tool "to rapidly generate articles riddled with factual inaccuracies and affiliate links."

Futurism reports that the issue with CNET's AI-generated content also sparked a broader debate within the Wikipedia community about the reliability of sources owned by Red Ventures, such as Bankrate and CreditCards.com. Those sites published AI-generated content around the same period of time as CNET. The editors also criticized Red Ventures for not being forthcoming about where and how AI was being implemented, further eroding trust in the company's publications. This lack of transparency was a key factor in the decision to downgrade CNET's reliability rating. A CNET spokesperson said in a statement: "CNET is the world's largest provider of unbiased tech-focused news and advice. We have been trusted for nearly 30 years because of our rigorous editorial and product review standards. It is important to clarify that CNET is not actively using AI to create new content. While we have no specific plans to restart, any future initiatives would follow our public AI policy."

Nintendo has filed a 41-page lawsuit against the makers of Yuzu, an open-source Nintendo Switch emulator, accusing them of "facilitating piracy at a colossal scale." Polygon reports: Yuzu is a free emulator that was released in 2018 months after the Nintendo Switch originally launched. The same folks who made Citra, a Nintendo 3DS emulator, made this one. Basically, it's a piece of software that lets people play Nintendo Switch games on Windows PC, Linux, and Android devices. (It also runs on Steam Deck, which Valve showed -- then wiped -- in a Steam Deck video clip.) Emulators aren't necessarily illegal, but pirating games to play on them is. But Nintendo said in its lawsuit that there's no way to legal way to use Yuzu.

Nintendo argued that Yuzu executes codes that "defeat" Nintendo's security measures, including decryption using "an illegally-obtained copy of prod.keys." "In other words, without Yuzu's decryption of Nintendo's encryption, unauthorized copies of games could not be played on PCs or Android devices," Nintendo wrote in the lawsuit. As to the alleged damages created by Yuzu, Nintendo pointed to the release of The Legend of Zelda: Tears of the Kingdom. Tears of the Kingdom leaked almost two weeks earlier than the game's May 12 release date. The pirated version of the game spread quickly; Nintendo said it was downloaded more than 1 million times before Tears of the Kingdom's release date. People used Yuzu to play the game; Nintendo said more than 20% of download links pointed people to Yuzu.

Though Yuzu doesn't give out pirated copies of games, Nintendo repeatedly said that most ROM sites point people toward Yuzu to play whatever games they've downloaded. Nintendo said its "expended significant resources to stop the illegal copying, marketing, sale, and distribution" of its Nintendo Switch games. It says that Yuzu earns the team $30,000 per month on its Patreon from more than 7,000 patrons. Nintendo said the company has earned at least $50,000 in paid Yuzu downloads. Nintendo said that Yuzu's Patreon doubled its paid members in the period between May 1 and May 12, when Tears of the Kingdom was released. Nintendo is asking the court to shut down the emulator, and for damages.

Fast food chain Wendy's announced it's adopting a similar approach to Uber's Surge Pricing policy by dynamically adjusting the prices of its menu items during peak demand periods at certain locations. The controversial strategy seeks to leverage real-time data to align pricing and demand, enhancing efficiency and potentially improving customer satisfaction. From a report: During a conference call earlier this month, Wendy's CEO Kirk Tanner said the fast-food chain would experiment with dynamic pricing as early as next year. "Beginning as early as 2025, we will begin testing more enhanced features like dynamic pricing and daypart offerings, along with AI-enabled menu changes and suggestive selling," he said. "As we continue to show the benefit of this technology in our company-operated restaurants, franchisee interest in digital menu boards should increase, further supporting sales and profit growth across the system."

Prices seesaw all the time on the sites of online retailers like Amazon that use algorithms and artificial intelligence to monitor competitors and glean insights into individual shoppers, adjusting prices depending on interest in the product or in the brand, said Timothy Webb, an assistant professor at the University of Delaware's hospitality and sport business management program. Coupons and other offers are also routinely dangled in mobile apps to encourage people to make purchases. "A lot of this stuff is already happening even if you don't realize that it is happening. If you have the Starbucks app and I have the Starbucks app, we probably have different offers," Webb said. "We might not be in the drive-through and they just increased the prices, but we are already paying different prices for the same products."

But, he says, Wendy's fans will likely see moderate, not massive, price swings during periods of peak demand. "It's not like $200 or $300 on a flight. This is a hypercompetitive industry. If Wendy's goes up $2 to $3 on a burger at dinner time, I would be shocked. People have too many options. They will just walk down the street and eat at Burger King instead," Webb said. "There will just be little price changes here."