"The internet is being increasingly polluted by AI generated text, images and video," argues the site for a new browser extension called Slop Evader. It promises to use Google's search API "to only return content published before Nov 30th, 2022" — the day ChatGPT launched — "so you can be sure that it was written or produced by the human hand."

404 Media calls it "a scorched earth approach that virtually guarantees your searches will be slop-free." Slop Evader was created by artist and researcher Tega Brain, who says she was motivated by the growing dismay over the tech industry's unrelenting, aggressive rollout of so-called "generative AI" — despite widespread criticism and the wider public's distaste for it. "This sowing of mistrust in our relationship with media is a huge thing, a huge effect of this synthetic media moment we're in," Brain told 404 Media, describing how tools like Sora 2 have short-circuited our ability to determine reality within a sea of artificial online junk. "I've been thinking about ways to refuse it, and the simplest, dumbest way to do that is to only search before 2022...."

Currently, Slop Evader can be used to search pre-GPT archives of seven different sites where slop has become commonplace, including YouTube, Reddit, Stack Exchange, and the parenting site MumsNet. The obvious downside to this, from a user perspective, is that you won't be able to find anything time-sensitive or current — including this very website, which did not exist in 2022. The experience is simultaneously refreshing and harrowing, allowing you to browse freely without having to constantly question reality, but always knowing that this freedom will be forever locked in time — nostalgia for a human-centric world wide web that no longer exists.

Of course, the tool's limitations are part of its provocation. Brain says she has plans to add support for more sites, and release a new version that uses DuckDuckGo's search indexing instead of Google's. But the real goal, she says, is prompting people to question how they can collectively refuse the dystopian, inhuman version of the internet that Silicon Valley's AI-pushers have forced on us... With enough cultural pushback, Brain suggests, we could start to see alternative search engines like DuckDuckGo adding options to filter out search results suspected of having synthetic content (DuckDuckGo added the ability to filter out AI images in search earlier this year)... But no matter what form AI slop-refusal takes, it will need to be a group effort.

Hyperloop One ceased operations in December 2023, notes CNN. "Yet nearly two years on, in other parts of the world, hyperloop projects are ongoing." For example, Rotterdam-based Hardt Hyperloop has a cool web site — and the company's managing director tells CNN that hyperloops are the only "actionable, sustainable solution to replace short-haul air travel" over distances greater than 300 miles. "It's 90% more efficient than air travel, operational expenses and maintenance costs are much lower than conventional high-speed railways and, as an enclosed, autonomous system, it's not affected by external factors such as bad weather or strikes." Rail-friendly Europe appears to be the new hyperloop hub, with four companies dedicated to it... Europe's Hyperloop Development Program (HDP) is a public-private partnership backed by EU funding and the private sector. HDP's vision is to have the first set of commercially viable hyperloop lines open by 2035-40, followed by a route network by 2050. It estimates that a 15,000-mile network linking 130 of Europe's major cities could shift 66% of short-haul flight passengers to hyperloop by 2050, saving between 113 million and 242 million tons of carbon dioxide emissions. Core network hubs would be scattered across the continent from London to Berlin, Madrid to Belgrade, and Sofia to Athens, while loops would serve the Iberian Peninsula, the Baltic States and Scandinavia, the Balkans and Central and Eastern Europe. The cost? A cool 981 billion euros, or $1.1 trillion, according to HDP estimates...

[T]hose behind the EU-backed HDP project are hoping to have a full-scale test track of up to 3 miles operational by the end of 2029, followed by a 20-30 mile twin-tube "Living Lab" which would replicate all aspects of day-to-day operation and public service, slated to be up and running by 2034. Elsewhere, Hyperloop Italia is investing in a demonstration line between Venice and Padua costing up to €800 million ($929 million) which could be ready by 2029, while Germany, Spain, India and China are also investigating trial routes to establish the viability of the technology.
And meanwhile China and Japan are also building "maglev" (magnetic levitation) train lines, the article points out — though it also includes this quote from rail expert and author Christian Wolmar. "Hyperloop is unworkable. The infrastructure it needs would be amazingly expensive to build and it can't deliver the capacity to compete with high-speed railways or airlines.

"It doesn't integrate with existing transport modes, the infrastructure required to reach city centers would cause intolerable noise and disruption. And there are doubts over energy costs, capacity and passenger safety if something goes wrong at such high speeds....

"[T]he economics of it just don't work."

quonset writes: Australia last updated their weather site a decade ago. In October, during one of the hottest days of the year, the Bureau of Meteorology (BOM) revealed its new web site and was immediately castigated for doing so. Complaints ranged from a confusing layout to not being able to find information. Farmers were particularly incensed when they found out they could no longer input GPS coordinates to find forecasts for a specific location. When it was revealed the cost of this update was A$96.5 million ($62.3 million), 20 times the original cost estimate, the temperature got even hotter.

With more than 2.6 billion views a year, Bom tried to explain that the site's refresh -- prompted by a major cybersecurity breach in 2015 -- was aimed at improving stability, security and accessibility. It did little to satisfy the public. Some frustrated users turned to humour: "As much as I love a good game of hide and seek, can you tell us where you're hiding synoptic charts or drop some clues?"

Malcolm Taylor, an agronomist in Victoria, told the Australian Broadcasting Corporation (ABC) that the redesign was a complete disaster. "I'm the person who needs it and it's not giving me the information I need," the plant and soil scientist said. As psychologist and neuroscientist Joel Pearson put it, "First you violate expectations by making something worse, then you compound the injury by revealing the violation was both expensive and avoidable. It's the government IT project equivalent of ordering a renovation, discovering the contractor has made your house less functional, and then learning they charged you for a mansion."

"For months, extremely personal and sensitive ChatGPT conversations have been leaking into an unexpected destination," reports Ars Technica: the search-traffic tool for webmasters , Google Search Console.

Though it normally shows the short phrases or keywords typed into Google which led someone to their site, "starting this September, odd queries, sometimes more than 300 characters long, could also be found" in Google Search Console. And the chats "appeared to be from unwitting people prompting a chatbot to help solve relationship or business problems, who likely expected those conversations would remain private." Jason Packer, owner of analytics consulting firm Quantable, flagged the issue in a detailed blog post last month, telling Ars Technica he'd seen 200 odd queries — including "some pretty crazy ones." (Web optimization consultant Slobodan ManiÄ helped Packer investigate...) Packer points out "nobody clicked share" or were given an option to prevent their chats from being exposed. Packer suspected that these queries were connected to reporting from The Information in August that cited sources claiming OpenAI was scraping Google search results to power ChatGPT responses. Sources claimed that OpenAI was leaning on Google to answer prompts to ChatGPT seeking information about current events, like news or sports... "Did OpenAI go so fast that they didn't consider the privacy implications of this, or did they just not care?" Packer posited in his blog... Clearly some of those searches relied on Google, Packer's blog said, mistakenly sending to GSC "whatever" the user says in the prompt box... This means "that OpenAI is sharing any prompt that requires a Google Search with both Google and whoever is doing their scraping," Packer alleged. "And then also with whoever's site shows up in the search results! Yikes."

To Packer, it appeared that "ALL ChatGPT prompts" that used Google Search risked being leaked during the past two months. OpenAI claimed only a small number of queries were leaked but declined to provide a more precise estimate. So, it remains unclear how many of the 700 million people who use ChatGPT each week had prompts routed to Google Search Console.
"Perhaps most troubling to some users — whose identities are not linked in chats unless their prompts perhaps share identifying information — there does not seem to be any way to remove the leaked chats from Google Search Console.."

Amazon has sent a cease-and-desist letter to Perplexity AI demanding that the AI search startup stop allowing its AI browser agent, Comet, to make purchases online for users. From a report: The e-commerce giant is accusing Perplexity of committing computer fraud by failing to disclose when its AI agent is shopping on a user's behalf, in violation of Amazon's terms of service, according to people familiar with the letter sent on Friday. The document also said Perplexity's tool degraded the Amazon shopping experience and introduced privacy vulnerabilities, said the people, who spoke on condition of anonymity to discuss internal matters.

In response, Perplexity said Amazon is bullying a smaller competitor with a rival AI agent shopping product. The clash between Amazon and Perplexity offers an early glimpse into a looming debate over how to handle the proliferation of so-called AI agents that field more complex tasks online for users, including shopping. Like OpenAI and Alphabet's Google, Perplexity has pushed to rethink the traditional web browser around AI, with the goal of having it streamline more actions for users, such as drafting emails and conducting research.

Captchas have largely vanished from the web in 2025, replaced by invisible tracking systems that analyze user behavior rather than asking people to decipher distorted text or identify traffic lights in image grids. Google launched reCaptcha v3 in 2018 to generate risk scores based on behavioral signals during site interactions, making bot-blocking technology "completely invisible" for most users, according to Tim Knudsen, a director of product management at Google Cloud.

Cloudflare followed in 2022 by releasing Turnstile, another invisible alternative that sometimes appears as a simple checkbox but actually gathers data from devices and software to determine if users are human. Both companies distribute their security tools for free to collect training data, and Cloudflare now sees 20% of all HTTP requests across the internet.

The rare challenges that do surface have become increasingly bizarre, ranging from requests to identify dogs and ducks wearing various hats to sliding a jockstrap across a screen to find matching underwear on hookup sites.

"People are creating 'dumb homes,'" the VP of research at the Global Wellness Institute, tells the web site Axios.

Some are swapping NASA-style setups for old-fashioned buttons, switches and knobs. Others are designing digital detox corners — all part of a bigger "analog wellness" movement...

The return to analog hobbies and spacesis about more than nostalgia for pre-internet times, researchers say. A home where "technology is always in the background, working and listening, feels anxiety-producing" instead of restorative, architect Yan M. Wang tells Axios... Design media brand Dwell named the decline of smart homes a top trend for 2025 and beyond.

Wealthy Los Angeles house hunters have started shunning WiFi-enabled, voice-activated appliances "to escape the $100 billion home-automation industry," according to the Hollywood Reporter. Meanwhile, landlines have found new fans — many of them parents who want to keep their kids off screens, the Washington Post reports.

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.

An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.
Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas.

But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes....

"What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...."

LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.
From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.
Thanks to Slashdot reader spatwei for suggesting the topic.

25 years ago today on Slashdot...

Hemos linked to a site called Joystick101 describing the crowd camping out to buy the limited number of just-released PlayStation 2 consoles (and games). "500,000 lucky members of the American gaming public are sneaking a few minutes of playing Madden 2001, Tekken, or Ridge Racer V before school or work..." wrote Joystick101. That same day CmdrTaco posted reports PS2s were selling for over $1,000 on eBay. And then Timothy updated that post to note someone saw one selling for $5,000.

But there was a third PS2 link posted on October 26, 2000... Hemos wrote a post titled "The PS2 — A Betamax In the Making?" — linking to an article by Mark Pesce (co-inventor of VRML and, in 1993, an Apple consulting engineer). "Microsoft promises Xbox will deliver ten times the performance of the PS2," Pesce wrote, noting Microsoft had partnered with Intel and "upstart video-chip developer Nvidia": The strangest thing about this battle of giants is that Microsoft has become a champion of open standards, encouraging developers to write Xbox titles without requiring them to pay any licensing fees. In comparison, Sony charges a minimum of $25,000 for access to the documentation and technology of the PlayStation2, plus a hefty license fee on every game sold. In the video-game industry, the Big Three — Sony, Nintendo, and Sega — sell the hardware at a loss (the PS2 costs nearly the $300 it will retail for) and recover their investment in the stiff licensing fees paid by game developers for the "key" that allows their software to work on Sony's platform...

Having committed an astounding $500 million to market the Xbox next Christmas, it's clear that Microsoft doesn't mind taking a short-term loss to ensure an eventual win. If Sony's not careful, this could turn into "Betamax, the Sequel." Twenty years ago, Sony tightly controlled the titles made available for its technically superior videocassette player — specifically, no adult content — and found themselves quickly locked out of an incredibly lucrative market for adult and family content. If Sony keeps a tight grip on the PS2, they may actually help Microsoft create the new VHS. But even if Sony loses this round (and no one wants to wager which way this battle will turn), they've already set their sights on the PlayStation3, to be released five years from now. Sony promises it will be a thousand times faster than the PS2.
Ironically, Pesce's warning about possible threats to the PS2's longevity was published by online magazine Feed-- which seven months later went out of business.

And this week it was announced that even Microsoft's Halo Campaign Evolved will now be coming to PlayStation 5, with Slashdot publishing six PlayStation-related stories in just the last three months in 2025.

Thanks to long-time Slashdot reader crunchy_one for suggesting a "25 Years Ago" Slashdot post.

An anonymous reader quotes a report from Ars Technica: On Monday afternoon, Amazon confirmed that an outage affecting Amazon Web Services' cloud hosting, which had impacted millions across the Internet, had been resolved. Considered the worst outage since last year's CrowdStrike chaos, Amazon's outage caused "global turmoil," Reuters reported. AWS is the world's largest cloud provider and, therefore, the "backbone of much of the Internet," ZDNet noted. Ultimately, more than 28 AWS services were disrupted, causing perhaps billions in damages, one analyst estimated for CNN.

[...] Amazon's problems originated at a US site that is its "oldest and largest for web services" and often "the default region for many AWS services," Reuters noted. The same site has experienced two outages before in 2020 and 2021, but while the tech giant had confirmed that those prior issues had been "fully mitigated," apparently the fixes did not ensure stability into 2025. ZDNet noted that Amazon's first sign of the outage was "increased error rates and latency across numerous key services" tied to its cloud database technology. Although "engineers later identified a Domain Name System (DNS) resolution problem" as the root of these issues and quickly fixed it, "other AWS services began to fail in its wake, leaving the platform still impaired" as more than two dozen AWS services shut down. At the peak of the outage on Monday, Down Detector tracked more than 8 million reports globally from users panicked by the outage, ZDNet reported. Ken Birman, a computer science professor at Cornell University, told Reuters that "software developers need to build better fault tolerance."

"When people cut costs and cut corners to try to get an application up, and then forget that they skipped that last step and didn't really protect against an outage, those companies are the ones who really ought to be scrutinized later."

On Cloudflare's blog, a senior research engineer shares a plan for "improving the trustworthiness of JavaScript on the web."

"It is as true today as it was in 2011 that Javascript cryptography is Considered Harmful." The main problem is code distribution. Consider an end-to-end-encrypted messaging web application. The application generates cryptographic keys in the client's browser that lets users view and send end-to-end encrypted messages to each other. If the application is compromised, what would stop the malicious actor from simply modifying their Javascript to exfiltrate messages? It is interesting to note that smartphone apps don't have this issue. This is because app stores do a lot of heavy lifting to provide security for the app ecosystem. Specifically, they provide integrity, ensuring that apps being delivered are not tampered with, consistency, ensuring all users get the same app, and transparency, ensuring that the record of versions of an app is truthful and publicly visible.

It would be nice if we could get these properties for our end-to-end encrypted web application, and the web as a whole, without requiring a single central authority like an app store. Further, such a system would benefit all in-browser uses of cryptography, not just end-to-end-encrypted apps. For example, many web-based confidential LLMs, cryptocurrency wallets, and voting systems use in-browser Javascript cryptography for the last step of their verification chains. In this post, we will provide an early look at such a system, called Web Application Integrity, Consistency, and Transparency (WAICT) that we have helped author. WAICT is a W3C-backed effort among browser vendors, cloud providers, and encrypted communication developers to bring stronger security guarantees to the entire web... We hope to build even wider consensus on the solution design in the near future....

We would like to have a way of enforcing integrity on an entire site, i.e., every asset under a domain. For this, WAICT defines an integrity manifest, a configuration file that websites can provide to clients. One important item in the manifest is the asset hashes dictionary, mapping a hash belonging to an asset that the browser might load from that domain, to the path of that asset.
The blog post points out that the WEBCAT protocol (created by the Freedom of Press Foundation) "allows site owners to announce the identities of the developers that have signed the site's integrity manifest, i.e., have signed all the code and other assets that the site is serving to the user... We've made WAICT extensible enough to fit WEBCAT inside and benefit from the transparency components." The proposal also envisions a service storing metadata for transparency-enabled sites on the web (along with "witnesses" who verify the prefix tree holding the hashes for domain manifests).

"We are still very early in the standardization process," with hopes to soon "begin standardizing the integrity manifest format. And then after that we can start standardizing all the other features. We intend to work on this specification hand-in-hand with browsers and the IETF, and we hope to have some exciting betas soon. In the meantime, you can follow along with our transparency specification draft,/A>, check out the open problems, and share your ideas."

Amazon is investing hundreds of millions into the Cascade Advanced Energy Facility, a next-generation small modular reactor project in Richland, Washington, developed with X-energy and Energy Northwest. "The question now is will it be enough to kick off a new wave of U.S. nuclear energy innovation -- a field that America largely soured on by the 1980s?" writes GeekWire. From the report: The facility will be located near Richland, Wash., near Energy Northwest's Columbia Generating Station nuclear plant. The initial goal is to install a cluster of four small modular reactors (SMRs) that can produce up to 320 megawatts of power, but the overall vision is to construct 12 reactors total, with a capacity of nearly one gigawatt. If all the funding, permitting and public support come together, construction should start within the next five years, with the plant coming online in the 2030s. [...] For Amazon, its support of the Cascade Advanced Energy Facility is part of a much bigger initiative. The company has set a goal of deploying 5 gigawatts of nuclear power in the U.S. by 2039.

"One thing that Amazon does well is scale technology," said Brandon Oyer, Amazon Web Services' head of power and water for North and South America. "We've done this over and over again ... We'll go and make an investment and then learn how to scale that up, drive out cost, make it more readily available." Targeting SMRs for amplification was a "natural fit," Oyer added. The company believes nuclear aligns with its climate ambitions. Amazon matches all of its electricity use with clean power and is the largest corporate purchaser of wind, solar and other renewable sources. That said, it is struggling to cut its carbon footprint to reach a goal of net-zero emissions by 2040 as the AI-boom stokes energy use.

Amazon reported that its carbon footprint grew by 6% last year. Amazon has dibs on half of the 320 megawatts of electricity that will be generated by the first four reactors at the Washington site, but will take all of it if the power prices are too high for local utilities to afford. Cullen said that if everything goes well with the initial phase, it would be straightforward to build the other eight reactors as the permits will encompass the complete build out. The added reactors would produce enough electricity for about one million homes and should come at a lower cost. "Amazon recognizes the role they can -- and are willing -- to play," Cullen said. The company can take some of the early risk and bring that catalytic capital, he said, which is "every, very difficult for utilities to do."

California's Privacy Protection Agency "issued a record fine earlier this month to Tractor Supply," according to an EFF Deeplinks blog post — for "apparently ducking its responsibilities under the California Consumer Privacy Act." Under that law, companies are required to respect California customers' and job applicants' rights to know, delete, and correct information that businesses collect about them, and to opt-out of some types of sharing and use. The law also requires companies to give notice of these rights, along with other information, to customers, job applicants, and others. The CPPA said that Tractor Supply failed several of these requirements. This is the first time the agency has enforced this data privacy law to protect job applicants...

Tractor Supply, which has 2,500 stores in 49 states, will pay for their actions to the tune of $1,350,000 — the largest fine the agency has issued to date. Specifically, the agency said, Tractor Supply violated the law by:

- Failing to maintain a privacy policy that notified consumers of their rights;

- Failing to notify California job applicants of their privacy rights and how to exercise them;

- Failing to provide consumers with an effective mechanism to opt-out of the selling and sharing of their personal information, including through opt-out preference signals such as Global Privacy Control; and

- Disclosing personal information to other companies without entering into contracts that contain privacy protections.


In addition to the fine, the company also must take an inventory of its digital properties and tracking technologies and will have to certify its compliance with the California privacy law for the next four years.
The agency's web site says it "continues to actively enforce California's cutting-edge privacy laws." It's recently issued decisions (and fines) against American Honda Motor Company and clothing retailer Todd Snyder. Other recent actions include:

• Securing a settlement agreement requiring data broker Background Alert — which promoted its ability to dig up "scary" amounts of information about people — to shut down or pay a steep fine.

• Launching the bipartisan Consortium of Privacy Regulators to collaborate with states across the country to implement and enforce privacy laws nationwide.

• Partnering with the data protection authorities in Korea, France, and the United Kingdom to share information and advance privacy protections for Californians.

• The agency has secured more than half a dozen successful enforcement actions against unregistered data brokers following an investigative sweep launched late last year to assess compliance with the Delete Act.

An anonymous reader quotes a report from The Register: London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools. London's Metropolitan Police said the two men, both aged 17, were taken into custody during an operation at residential properties in Bishop's Stortford, Hertfordshire. The arrests followed a September 25 referral from the UK's Action Fraud reporting center detailing a ransomware attack on the preschools. While the Met police didn't name the schools, the timing of the referral coincides with a digital break-in at Kido International, a preschool and daycare organization that operates in the UK, US, and India.

In a very aggressive -- and disgusting -- attempt to extort a ransom payment from Kido, the criminals published profiles of 10 children, including photos, names, and home addresses, along with their parents' contact details and in some cases places of work, threatening to expose more if the ransom demand wasn't met. A new crime crew calling itself the Radiant Group claimed responsibility for the attack, and posted the preschool's name, along with its pupils' profiles, as the first leak on its dark web site. The ransomware gang later deleted the kids' and parents' data, apparently under pressure from other criminals -- but not before some of the parents reported receiving threatening calls.

An anonymous reader quotes a report from 404 Media: Sora 2, Open AI's new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes. A simple search for "sora watermark" on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds.

Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he's not shocked at how fast people were able to remove watermarks from Sora 2 videos. "It was predictable," he said. "Sora isn't the first AI model to add visible watermarks and this isn't the first time that within hours of these models being released, someone released code or a service to remove these watermarks." [...] According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn't matter. "It is just a matter of time before someone else releases a model without these safeguards," he said.

Both [Rachel Tobac, CEO of SocialProof Security] and Farid said that the ease at which people can remove watermarks from AI-generated content wasn't a reason to stop using watermarks. "Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create," Tobac said, but she thinks the companies need to go further. "We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content." "I'd like to know what OpenAI is doing to respond to how people are finding ways around their safeguards," Farid said. "Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all."

"A group of researchers from the University of California, Irvine, have developed a way to use the sensors in high-quality optical mice to capture subtle vibrations and convert them into audible data," reports Tom's Hardware: [T]he high polling rate and sensitivity of high-performance optical mice pick up acoustic vibrations from the surface where they sit. By running the raw data through signal processing and machine learning techniques, the team could hear what the user was saying through their desk. Mouse sensors with a 20,000 DPI or higher are vulnerable to this attack. And with the best gaming mice becoming more affordable annually, even relatively affordable peripherals are at risk....

[T]his compromise does not necessarily mean a complicated virus installed through a backdoor — it can be as simple as an infected FOSS that requires high-frequency mouse data, like creative apps or video games. This means it's not unusual for the software to gather this data. From there, the collected raw data can be extracted from the target computer and processed off-site. "With only a vulnerable mouse, and a victim's computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and extract audio waveforms," the researchers state.
The researchers created a video with raw audio samples from various stages in their pipeline on an accompanying web site where they calculate that "the majority of human speech" falls in a frequency range detectable by their pipeline. While the collected signal "is low-quality and suffers from non-uniform sampling, a non-linear frequency response, and extreme quantization," the researchers augment it with "successive signal processing and machine learning techniques to overcome these challenges and achieve intelligible reconstruction of user speech."

They've titled their paper Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors. The paper's conclusion? "The increasing precision of optical mouse sensors has enhanced user interface performance but also made them vulnerable to side-channel attacks exploiting their sensitivity."

Thanks to Slashdot reader jjslash for sharing the article.

An anonymous reader quotes a report from TorrentFreak: The operator of a popular pirate sports streaming site in Argentina has gone from spending time in jail with murderers to landing a new high-profile job a month later. Alejo "Shishi" Warles, the 25-year-old operator of Al Angulo TV, was arrested on August 20 in a LaLiga-backed crackdown. After his release on bail, he was hired by professional esports team 9z Globant, a partnership involving Argentine tech unicorn Globant. [...] The team is the result of a partnership between 9z Team and Argentinian tech unicorn Globant. Somewhat ironically, Globant previously worked with LaLiga to monitor the live-streaming user experience. Warles welcomed himself to 9z Globant via the team's social media account, referring to himself as an idol, genius, and GOAT.

Lucia Quinteros, the main social media manager at the esports team, informed Entre Rios that after considering their new hire's history, they believe that he can add value to the team. "We hired Alejo, not the person who set up that project (Al Angulo TV). Of course, we evaluated what happened, but we believe that, from now on, Alejo can pursue a different career path," Quinteros said. According to Warles himself, he was hired because he's the best. Like many of his comments, this bravado should not be taken too seriously, but nevertheless sits in stark contrast to the typical pirate site operator facing criminal charges.

Independent UK bookshops will now be able to sell ebooks via a new platform (Bookshop.org's expansion), keeping 100% of profits and offering a non-Amazon way to reach digital readers. "Bookshops now have an additional tool in their fight against Amazon," said Nicole Vanderbilt, managing director of Bookshop.org UK. "Digital readers don't depend on Amazon's monopoly any more, now that they can find ebooks at the same price on Bookshop.org." The Guardian reports: Bookshop.org launched in the UK in November 2020 as a platform for independent bookshops to sell physical books. Bookshops receive 30% of the cover price from each sale they generate; so far, the UK site has generated 4.5 million pounds for independent bookshops. Customers will also now be able to buy ebooks through a bookshop of their choice. Profits from orders without a specified bookshop will be added to a shared pool, which will be distributed among all participating bookshops on the platform. [...]

The platform will launch with a catalogue of more than a million ebooks from all major publishers. It will be available online via a web browser and through the Bookshop.org apps on Apple and Android. "Due to Amazon's proprietary digital rights management [DRM] software and publishers' DRM requirements, it's not currently possible to buy DRM-protected ebooks from Bookshop.org or local bookshops and read them on your Kindle," said Bookshop.org. However, the site is working with the e-reader company Kobo to support Kobo devices "later this year," and longer term would "love to offer our own eInk device."

BrianFagioli shares a report from NERDS.xyz: Cloudflare has unveiled the Content Signals Policy, a free addition to its managed robots.txt service that aims to give website owners and publishers more control over how their content is accessed and reused by AI companies. The idea is pretty simple: robots.txt already lets site operators specify which crawlers can enter and where. Cloudflare's new policy adds a layer that signals how the data may be used once accessed, with plain-language terms for search, AI input, and AI training. "Yes" means allowed, "no" means not allowed, and no signal means no preference.

Matthew Prince, Cloudflare's co-founder and CEO, said: "The Internet cannot wait for a solution, while in the meantime, creators' original content is used for profit by other companies. To ensure the web remains open and thriving, we're giving website owners a better way to express how companies are allowed to use their content." Cloudflare says more than 3.8 million domains already use its robots.txt tools to signal they don't want their content used for AI training. Now, the Content Signals Policy makes those preferences clearer and potentially enforceable. Further reading: Cloudflare Flips AI Scraping Model With Pay-Per-Crawl System For Publishers

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills.
Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date.
They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life."

Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...