An anonymous reader quotes a report from TechCrunch: Facebook and Instagram are under formal investigation in the European Union over child protection concerns, the Commission announced Thursday. The proceedings follow a raft of requests for information to parent entity Meta since the bloc's online governance regime, the Digital Services Act (DSA), started applying last August. The development could be significant as the formal proceedings unlock additional investigatory powers for EU enforcers, such as the ability to conduct office inspections or apply interim measures. Penalties for any confirmed breaches of the DSA could reach up to 6% of Meta's global annual turnover.

Meta's two social networks are designated as very large online platforms (VLOPs) under the DSA. This means the company faces an extra set of rules -- overseen by the EU directly -- requiring it to assess and mitigate systemic risks on Facebook and Instagram, including in areas like minors' mental health. In a briefing with journalists, senior Commission officials said they suspect Meta of failing to properly assess and mitigate risks affecting children. They particularly highlighted concerns about addictive design on its social networks, and what they referred to as a "rabbit hole effect," where a minor watching one video may be pushed to view more similar content as a result of the platforms' algorithmic content recommendation engines.

Commission officials gave examples of depression content, or content that promotes an unhealthy body image, as types of content that could have negative impacts on minors' mental health. They are also concerned that the age assurance methods Meta uses may be too easy for kids to circumvent. "One of the underlying questions of all of these grievances is how can we be sure who accesses the service and how effective are the age gates -- particularly for avoiding that underage users access the service," said a senior Commission official briefing press today on background. "This is part of our investigation now to check the effectiveness of the measures that Meta has put in place in this regard as well." In all, the EU suspects Meta of infringing DSA Articles 28, 34, and 35. The Commission will now carry out an in-depth investigation of the two platforms' approach to child protection.

schwit1 shares a report: Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday announced that it was closing 19 journals, some of which were infected by large-scale research fraud. In the past two years, Wiley has retracted more than 11,300 papers that appeared compromised, according to a spokesperson, and closed four journals. It isn't alone: At least two other publishers have retracted hundreds of suspect papers each. Several others have pulled smaller clusters of bad papers.

Although this large-scale fraud represents a small percentage of submissions to journals, it threatens the legitimacy of the nearly $30 billion academic publishing industry and the credibility of science as a whole. The discovery of nearly 900 fraudulent papers in 2022 at IOP Publishing, a physical sciences publisher, was a turning point for the nonprofit. "That really crystallized for us, everybody internally, everybody involved with the business," said Kim Eggleton, head of peer review and research integrity at the publisher. "This is a real threat." The sources of the fake science are "paper mills" -- businesses or individuals that, for a price, will list a scientist as an author of a wholly or partially fabricated paper. The mill then submits the work, generally avoiding the most prestigious journals in favor of publications such as one-off special editions that might not undergo as thorough a review and where they have a better chance of getting bogus work published.

The Russia-linked ransomware group Black Basta is responsible for Wednesday's cyberattack on St. Louis-based Ascension health system, according to sources reported by CNN. The attack disrupted access to electronic health records, some phone systems and "various systems utilized to order certain tests, procedures and medications," the company said in a statement. From a report: On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Black Basta has "recently accelerated attacks against the healthcare sector." HHS said that Black Basta was initially spotted in early 2022, known for its double extortion attack. The group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it should a victim fail to pay a ransom.

"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups," the alert from HHS said. According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.

An anonymous reader quotes a report from MSN: The US has revoked licenses allowing Huawei to buy semiconductors from Qualcomm and Intel, according to people familiar with the matter, further tightening export restrictions against the Chinese telecom equipment maker. Withdrawal of the licenses affects US sales of chips for use in Huawei phones and laptops, according to the people, who discussed the move on condition of anonymity. House Foreign Affairs Committee Chairman Michael McCaul confirmed the administration's decision in an interview Tuesday. He said the move is key to preventing China from developing advanced AI. "It's blocking any chips sold to Huawei," said McCaul, a Texas Republican who was briefed about the license decisions for Intel and Qualcomm. "Those are two companies we've always worried about being a little too close to China."

While the decision may not affect a significant volume of chips, it underscores the US government's determination to curtail China's access to a broad swathe of semiconductor technology. Officials are also considering sanctions against six Chinese firms that they suspect could supply chips to Huawei, which has been on a US trade restrictions list since 2019. [...] Qualcomm recently said that its business with Huawei is already limited and will soon shrink to nothing. It has been allowed to supply the Chinese company with chips that provide older 4G network connections. It's prohibited from selling ones that allow more advanced 5G access.

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.

New submitter berghem shares a report from The Guardian: For the first time, researchers have formally shown that exposure to toxic PFAS increases the likelihood of death by cardiovascular disease, adding a new level of concern to the controversial chemicals' wide use. The findings are especially significant because proving an association with death by chemical exposure is difficult, but researchers were able to establish it by reviewing death records from northern Italy's Veneto region, where many residents for decades drank water highly contaminated with PFAS, also called "forever chemicals." Records further showed an increased likelihood of death from several cancers, but stopped short of establishing a formal association because of other factors. [...]

Veneto's drinking water was widely contaminated by a PFAS-production plant between 1985 and 2018. Researchers first found an excess of about 4,000 deaths during this period, or about one every three days. Part of the region was supplied with water from a different source, giving researchers the opportunity to compare records for tens of thousands of people who drank contaminated water and lived near those who did not. Though PFAS can affect the cardiovascular system in different ways, it is largely a problem because it produces stubbornly high and dangerous levels of cholesterol. The levels are difficult to control because they aren't caused by dietary or lifestyle choices that can be addressed with adjustments, but hormonal changes that affect the metabolism and the body's ability to control plaque in arteries. The study's authors suspect that post-traumatic stress disorder caused by the environmental disaster, which upended lives across the region, may also be contributing to circulatory disease. The evidence of a jump in kidney cancer was also "very clear," [said Annibale Biggeri, the peer-reviewed study's lead author, and a researcher with the University of Padua]. In the study's first five years, 16 cases were recorded, while 65 were recorded in the last five years. It also found elevated levels of testicular cancer during some time periods.

The records "showed clearly" that earlier life exposures led to higher levels of mortality, except for women who have multiple children. Previous research has found levels were higher in women with only one child. The chemicals accumulate in placentas and are passed on to children during pregnancy, which reduces levels in the body. Mortality levels among women who were of child-bearing age were generally lower, but increased in older women. The chemicals will be passed down to children for generations, said Laura Facciolo, a Veneto resident who drank contaminated water. She said the findings underscore the need to ban PFAS, and the disaster's injustice. The findings have been published in the journal Environmental Health.

"A former high school athletic director was arrested Thursday morning," reports CBS News, "after allegedly using artificial intelligence to impersonate the school principal in a recording..." One-time Pikesville High School employee Dazhon Darien is facing charges that include theft, stalking, disruption of school operations and retaliation against a witness. Investigators determined he faked principal Eric Eiswert's voice and circulated the audio on social media in January. Darien's nickname, DJ, was among the names mentioned in the audio clips he allegedly faked, according to the Baltimore County State's Attorney's Office.

Baltimore County detectives say Darien created the recording as retaliation against Eiswert, who had launched an investigation into the potential mishandling of school funds, Baltimore County Police Chief Robert McCullough said on Thursday. Eiswert's voice, which police and AI experts believe was simulated, made disparaging comments toward Black students and the surrounding Jewish community. The audio was widely circulated on social media.
The article notes that after the faked recording circulated on social media the principal "was temporarily removed from the school, and waves of hate-filled messages circulated on social media, while the school received numerous phone calls."

The suspect had actually used the school's network multiple times to perform online searches for OpenAI tools, "which police linked to paid OpenAI accounts."

An anonymous reader quotes a report from Ars Technica: The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law. The US Court of Appeals for the 9th Circuit had to grapple with the question of "whether the compelled use of Payne's thumb to unlock his phone was testimonial," the ruling (PDF) in United States v. Jeremy Travis Payne said. "To date, neither the Supreme Court nor any of our sister circuits have addressed whether the compelled use of a biometric to unlock an electronic device is testimonial."

A three-judge panel at the 9th Circuit ruled unanimously against Payne, affirming a US District Court's denial of Payne's motion to suppress evidence. Payne was a California parolee who was arrested by California Highway Patrol (CHP) after a 2021 traffic stop and charged with possession with intent to distribute fentanyl, fluorofentanyl, and cocaine. There was a dispute in District Court over whether a CHP officer "forcibly used Payne's thumb to unlock the phone." But for the purposes of Payne's appeal, the government "accepted the defendant's version of the facts, i.e., 'that defendant's thumbprint was compelled.'" Payne's Fifth Amendment claim "rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination," the ruling said. Judges rejected his claim, holding "that the compelled use of Payne's thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking." "When Officer Coddington used Payne's thumb to unlock his phone -- which he could have accomplished even if Payne had been unconscious -- he did not intrude on the contents of Payne's mind," the court also said.

According to Bloomberg, Adobe used images from its competitor Midjourney to train its own artificial intelligence image generator, Firefly -- contradicting the "commercially safe" ethical standards the company promotes. Tom's Guide reports: The startup has never declared the source of its training data but many suspect it is from images it scraped from the internet without licensing. Adobe says only about 5% of the millions of images used to train Firefly fell into this category and all of them were part of the Adobe Stock library, which meant they'd been through a "rigorous moderation process."

When Adobe first launched Firefly it offered an indemnity against copyright theft claims for its enterprise customers as a way to convince them it was safe. Adobe also sold Firefly as the safe alternative to the likes of Midjourney and DALL-E as all the data had been licensed and cleared for use in training the model. Not all artists were that keen at the time and felt they were coerced into agreeing to let their work be used by the creative tech giant -- but the sense was any image made with Firefly was safe to use without risk of being sued for copyright theft.

Despite the revelation some of the images came from potentially less reputable sources, Adobe says all of the non-human pictures are still safe. A spokesperson told Bloomberg: "Every image submitted to Adobe Stock, including a very small subset of images generated with AI, goes through a rigorous moderation process to ensure it does not include IP, trademarks, recognizable characters or logos, or reference artists' names." The company seems to be taking a slightly more rigorous step with its plans to build an AI video generator. Rumors suggest it is paying artists per minute for video clips.

For decades, work has revolved around documents, spreadsheets, and slide decks. Word, Excel, PowerPoint; Pages, Numbers, Keynote; Docs, Sheets, Slides. Now Google is proposing to add another to that triumvirate: an app called Vids that aims to help companies and consumers make collaborative, shareable video more easily than ever. From a report: Google Vids is very much not an app for making beautiful movies... or even not-that-beautiful movies. It's meant more for the sorts of things people do at work: make a pitch, update the team, explain a complicated concept. The main goal is to make everything as easy as possible, says Kristina Behr, Google's VP of product management for the Workspace collaboration apps. "The ethos that we have is, if you can make a slide, you can make a video in Vids," she says. "No video production is required."

Based on what I've seen of Vids so far, it appears to be roughly what you'd get if you transformed Google Slides into a video app. You collect assets from Drive and elsewhere and assemble them in order -- but unlike the column of slides in the Slides sidebar, you're putting together a left-to-right timeline for a video. Then, you can add voiceover or film yourself and edit it all into a finished video. A lot of those finished videos, I suspect, will look like recorded PowerPoint presentations or Meet calls or those now-ubiquitous training videos where a person talks to you from a small circle in the bottom corner while graphics play on the screen. There will be lots of clip art-heavy product promos, I'm sure. But in theory, you can make almost anything in Vids. ou can either do all this by yourself or prompt Google's Gemini AI to make a first draft of the video for you. Gemini can build a storyboard; it can write a script; it can read your script aloud with text-to-speech; it can create images for you to use in the video. The app has a library of stock video and audio that users can add to their own Vids, too.

Thawing ice in the Arctic may open up new routes for internet cables that lie at the bottom of the ocean and carry most international data traffic. And more routes matter when underwater infrastructure is at risk of attack. From a report: Baltic Sea gas and telecoms cables were damaged last year, with a Chinese vessel a potential suspect. Red Sea data cables were cut last month after a Yemeni government warning of attacks by Iran-backed Houthi rebels. Over 90 percent of all Europe-Asia traffic flows through the Red Sea route. The problem of critical data relying on only one path is clear. "It's clearly a kind of concentration of several cables, which means that there is a risk that areas will bottleneck," Taneli Vuorinen, the executive vice president at Cinia, a Finland-based company working on an innovative pan-Arctic cable, said.

"In order to meet the increasing demand, there's an increasing pressure to find diversity" of routes, he said. The Far North Fiber project is seeking to offer just that. The 14,500 kilometer long cable will directly link Europe to Japan, via the Northwest Passage in the Arctic, with landing sites in Japan, the United States (Alaska), Canada, Norway, Finland and Ireland. It would have been unthinkable until just a few years ago, when a thick, multiyear layer of ice made navigation impossible. But the Arctic is warming up at a worrying pace with climate change, nearly four times faster than the rest of the world. Sea ice is shrinking by almost 13 percent every decade.

Tobias Mann reports via The Register: The land surrounding a nuclear power plant might not sound like prime real estate, but as more bit barns seek to trim costs, it's poised to become a rather hot commodity. All datacenters are energy-hungry but with more watt-greedy AI workloads on the horizon, nuclear power has fresh appeal, especially for hyperscalers. Such a shift in power also does wonders for greenwashing narratives around net-zero operations. While not technically renewable, nuclear power does have the benefit of being carbon-free, not to mention historically reliable -- with a few notable exceptions of course. All of these are purported benefits cited by startup NE Edge, which has been fighting for more than a year to be able to build a pair of AI datacenters adjacent to a 2GW Millstone nuclear power plant in Waterford, Connecticut.

According to the Hartford Courant, NE Energy has secured $1.6 billion to construct the switching station and bit barns, which will span 1.2 million square feet in total. NE Energy will reportedly spend an equivalent sum on between 25,000 and 35,000 servers. Considering the price of GPU systems from Nvidia, AMD, and Intel, we suspect that those figures probably refer to the number of GPUs. We've asked NE Edge for more information. NE Energy has faced local challenges getting the project approved because residents are concerned the project would end up increasing the cost of electricity. The facilities will reportedly consume as much as 13 percent of the plant's output. The project's president Thomas Quinn attempted to quell concerns, arguing that by connecting directly to the plants, NE Energy will be able to negotiate prices that make building such a power hungry facility viable in Connecticut. NE Energy has also committed to paying a 12.08 percent premium to the town on top of what it pays Dominion for power, along with other payments said to total more than $1 billion over the next 30 years. But after initially denying the sale of land to NE Edge back in January over a lack of information regarding the datacenter project, it's reported that the town council has yet to tell the company what information it is after.

A top executive from the crypto exchange Binance has escaped custody in Nigeria after being arrested for allegedly destabilizing the country's national currency. The Associated Press reports: Nadeem Anjarwalla, the regional manager for Binance in Africa, "fled Nigeria using a smuggled passport," the office of Nigeria's National Security Adviser said in a statement, calling for "whatever information that can assist law enforcement agencies to apprehend the suspect." Anjarwalla, who holds dual British and Kenyan citizenship, had been detained in Nigeria along with another colleague since Feb. 26 when they arrived in the country following a crackdown on the crypto platform. Tigran Gambaryan, the colleague who is an American citizen, remains in captivity.

Nigeria is Africa's largest crypto economy in terms of trade volume with many citizens using crypto to hedge their finances against surging inflation and the declining local currency. Binance stopped all trading with the Nigerian naira currency on its platform in early March after authorities accused it of being used for money laundering and terrorism financing -- without providing evidence publicly. It was not clear how Anjarwalla fled custody. The Abuja-based Premium Times newspaper, which broke the news of his escape, reported that he fled from a guest house in the capital city after guards led him to a nearby mosque for prayers. "The personnel responsible for the custody of the suspect have been arrested, and a thorough investigation is ongoing to unravel the circumstances that led to his escape from lawful detention," Zakari Mijinyawa, spokesman for the office of Nigeria's National Security Adviser said in a statement.

mrspoonsi shares a report from the BBC: A former takeaway worker found with Bitcoin worth more than $2.5 billion has been convicted at Southwark Crown Court of a crime linked to money laundering. Jian Wen, 42, from Hendon in north London, was involved in converting the currency into assets including multi-million-pound houses and jewelry. On Monday she was convicted of entering into or becoming concerned in a money laundering arrangement. The Met said the seizure is the largest of its kind in the UK.

Although Wen was living in a flat above a Chinese restaurant in Leeds when she became involved in the criminal activity, her new lifestyle saw her move into a six-bedroom house in north London in 2017 which was rented for more than $21,000 per month. She posed as an employee of an international jewelry business and moved her son to the UK to attend private school, the Crown Prosecution Service (CPS) said. That same year, Wen tried to buy a string of expensive houses in London, but struggled to pass money-laundering checks and her claims she had earned millions legitimately mining Bitcoin were not believed. She later travelled abroad, buying jewelry worth tens of thousands of pounds in Zurich, and purchasing properties in Dubai in 2019.

Another suspect is thought to be behind the fraud but they remain at large. The Met said it carried out a large scale investigation as part of the case - searching several addresses, reviewing 48 electronic devices, and examining thousands of digital files including many which were translated from Mandarin. The CPS has obtained a freezing order from the High Court, while it carries out a civil recovery investigation that could lead to the forfeiture of the Bitcoin. The value of the Bitcoin was worth around $2.5 billion at the time of initial estimates -- but due to the fluctuation in the currency's value, it has since increased to around $4.3 billion.

"2004 was already an eventful year for Linux," writes ZDNet's Jack Wallen. "As I reported at the time, SCO was trying to drive Linux out of business. Red Hat was abandoning Linux end-user fans for enterprise customers by closing down Red Hat Linux 9 and launching the business-friendly Red Hat Enterprise Linux (RHEL). Oh, and South African tech millionaire and astronaut Mark Shuttleworth [also a Debian Linux developer] launched Canonical, Ubuntu Linux's parent company.

"Little did I — or anyone else — suspect that Canonical would become one of the world's major Linux companies."

Mark Shuttleworth answered questions from Slashdot reader in 2005 and again in 2012. And this year, Canonical celebrates its 20th anniversary. ZDNet reports: Canonical's purpose, from the beginning, was to support and share free software and open-source software... Then, as now, Ubuntu was based on Debian Linux. Unlike Debian, which never met a delivery deadline it couldn't miss, Ubuntu was set to be updated to the latest desktop, kernel, and infrastructure with a new release every six months. Canonical has kept to that cadence — except for the Ubuntu 6.06 release — for 20 years now...

Released in October 2004, Ubuntu Linux quickly became synonymous with ease of use, stability, and security, bridging the gap between the power of Linux and the usability demanded by end users. The early years of Canonical were marked by rapid innovation and community building. The Ubuntu community, a vibrant and passionate group of developers and users, became the heart and soul of the project. Forums, wikis, and IRC channels buzzed with activity as people from all over the world came together to contribute code, report bugs, write documentation, and support each other....

Canonical's influence extends beyond the desktop. Ubuntu Linux, for example, is the number one cloud operating system. Ubuntu started as a community desktop distribution, but it's become a major enterprise Linux power [also widely use as a server and Internet of Things operating system.]
The article notes Canonical's 2011 creation of the Unity desktop. ("While Ubuntu Unity still lives on — open-source projects have nine lives — it's now a sideline. Ubuntu renewed its commitment to the GNOME desktop...")

But the article also argues that "2016, on the other hand, saw the emergence of Ubuntu Snap, a containerized way to install software, which --along with its rival Red Hat's Flatpak — is helping Linux gain some desktop popularity."

Longtime Slashdot reader SonicSpike shares a report from The Intercept: With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won't be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won't be able to discover your phone number since the service will never tell it to them.

You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don't want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user's password is valid without storing a copy of the actual password itself. "As far as we're aware, we're the only messaging platform that now has support for usernames that doesn't know everyone's usernames by default," said Josh Lund, a senior technologist at Signal. The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, "We don't want to be forced to enumerate a directory of usernames." [...]

If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user's phone number, along with the account creation date and the last connection date. Whittaker stressed that this is "a pretty narrow pipeline that is guarded viciously by ACLU lawyers," just to obtain a phone number based on a username. Signal, though, can't confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn't even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.

In short, if you're worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username. Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with. If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account's username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it's real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.

According to the latest data from StatCounter, Linux's market share has reached 4.03% -- surging by an additional 1% in the last eight months. What's the reason behind this recent growth? "That's a good question," writes ZDNet's Steven Vaughan-Nichols. "While Windows is the king of the hill with 72.13% and MacOS comes in a distant second at 15.46%, it's clear that Linux is making progress." An anonymous Slashdot reader shares the five reasons why Vaughan-Nichols thinks it's growing: 1. Microsoft isn't that interested in Windows
If you think Microsoft is all about the desktop and Windows, think again. Microsoft's profits these days come from its Azure cloud and Software-as-a-Service (SaaS), Microsoft 365 in particular. Microsoft doesn't want you to buy Windows; the Redmond powerhouse wants you to subscribe to Windows 365 Cloud PC. And, by the way, you can run Windows 365 Cloud PC on Macs, Chromebooks, Android tablets, iPads, and, oh yes, Linux desktops.

2. Linux gaming, thanks to Steam, is also growing
Gaming has never been a strong suit for Linux, but Linux gamers are also a slowly growing group. I suspect that's because Steam, the most popular Linux gaming platform, also has the lion's share of the gaming distribution market

3. Users are finally figuring out that some Linux distros are easy to use
Even now, you'll find people who insist that Linux is hard to master. True, if you want to be a Linux power user, Linux will challenge you. But, if all you want to do is work and play, many Linux distributions are suitable for beginners. For example, Linux Mint is simple to use, and it's a great end-user operating system for everyone and anyone.

4. Finding and installing Linux desktop software is easier than ever
While some Linux purists dislike containerized application installation programs such as Flatpak, Snap, and AppImage, developers love them. Why? They make it simple to write applications for Linux that don't need to be tuned just right for all the numerous Linux distributions. For users, that means they get more programs to choose from, and they don't need to worry about finicky installation details.

5. The Linux desktop is growing in popularity in India
India is now the world's fifth-largest economy, and it's still growing. Do you know what else is growing in India? Desktop Linux. In India, Windows is still the number one operating system with 70.37%, but number two is Linux, with 15.23%. MacOS is way back in fourth place with 3.11%. I suspect this is the case because India's economy is largely based on technology. Where you find serious programmers, you find Linux users.

Richard Speed reports via The Register: Copilot in Windows is set to get even more assertive after Microsoft added a function that makes the AI assistant's window pop up after a user's cursor hovers over the icon in the task bar. [...] Windows Insiders on the Beta Channel â" with the option to get the latest updates turned on â" will soon find themselves on the receiving end of what Microsoft calls "a new hover experience for Copilot in Windows" from build 22635.3276.

If your mouse cursor happens to drift over to the Copilot icon on the taskbar, the Copilot pane will open to make users aware of the delights on offer. The result, we suspect, will be to educate users in the art of switching off the function. Much like Widgets, which will also make its unwanted presence felt should a user move a mouse over its icon. A swift hop into taskbar settings is all it takes to make the icons disappear, for now at least. The new feature is being piloted but considering the proximity of the Beta Channel to Release Preview, there is every chance the pop-up will, er, pop up in a release version of Windows before long.

According to the San Francisco police department, police have made the first arrest in relation to several recent vehicle arsons, including the crowd attack of a Waymo robotaxi last month in Chinatown. The San Francisco Standard reports: Police say officers arrested a man meeting the description of a person suspected of lighting several vehicles on fire. That man was arrested on Feb. 27 near Union Square. The department did not share the suspect's name because it said the case is open and remains under investigation. Nor did the department comment on which other vehicle fires the suspect may have been suspected of starting. Several Teslas were set alight in the weeks after the Waymo arson. The suspect was also found to have had methamphetamine on them.

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.