"2004 was already an eventful year for Linux," writes ZDNet's Jack Wallen. "As I reported at the time, SCO was trying to drive Linux out of business. Red Hat was abandoning Linux end-user fans for enterprise customers by closing down Red Hat Linux 9 and launching the business-friendly Red Hat Enterprise Linux (RHEL). Oh, and South African tech millionaire and astronaut Mark Shuttleworth [also a Debian Linux developer] launched Canonical, Ubuntu Linux's parent company.

"Little did I — or anyone else — suspect that Canonical would become one of the world's major Linux companies."

Mark Shuttleworth answered questions from Slashdot reader in 2005 and again in 2012. And this year, Canonical celebrates its 20th anniversary. ZDNet reports: Canonical's purpose, from the beginning, was to support and share free software and open-source software... Then, as now, Ubuntu was based on Debian Linux. Unlike Debian, which never met a delivery deadline it couldn't miss, Ubuntu was set to be updated to the latest desktop, kernel, and infrastructure with a new release every six months. Canonical has kept to that cadence — except for the Ubuntu 6.06 release — for 20 years now...

Released in October 2004, Ubuntu Linux quickly became synonymous with ease of use, stability, and security, bridging the gap between the power of Linux and the usability demanded by end users. The early years of Canonical were marked by rapid innovation and community building. The Ubuntu community, a vibrant and passionate group of developers and users, became the heart and soul of the project. Forums, wikis, and IRC channels buzzed with activity as people from all over the world came together to contribute code, report bugs, write documentation, and support each other....

Canonical's influence extends beyond the desktop. Ubuntu Linux, for example, is the number one cloud operating system. Ubuntu started as a community desktop distribution, but it's become a major enterprise Linux power [also widely use as a server and Internet of Things operating system.]
The article notes Canonical's 2011 creation of the Unity desktop. ("While Ubuntu Unity still lives on — open-source projects have nine lives — it's now a sideline. Ubuntu renewed its commitment to the GNOME desktop...")

But the article also argues that "2016, on the other hand, saw the emergence of Ubuntu Snap, a containerized way to install software, which --along with its rival Red Hat's Flatpak — is helping Linux gain some desktop popularity."

An anonymous reader quotes a report from Android Police: Seven years ago, Google announced that it would phase out all Chrome apps on Windows, Mac, and Linux by 2018 (it would actually take until 2023). In its place would be what the company called Progressive Web Apps (PWAs), web apps that can be installed on a user's desktop that act as if they are practically natural apps and programs. The idea grew quickly, with Chrome users having installed PWAs in record numbers by the beginning of 2022. Soon, every website will be installable on desktops through PWAs.

In Chrome Canary (the daily build version of Google Chrome and typically a couple of versions ahead of the stable build), websites can now be installed on desktops. As part of the latest daily build, Google has added an "Install page as app" option to the "Save and share" submenu on the desktop version (via @Leopeva64 on X). This makes clicking the app -- which is just the website made to look and feel like a native app -- always open in its own window. Sites that already have their own PWAs, like YouTube or Reddit, have been prompting users to install them for a while now and will have their "Install page as app" function actually showing the name of the site. For example, YouTube's entry will show as "Install YouTube." In February, it became possible to enable the flags necessary to make any website into a PWA, but it seems to have just now become fully implemented.

Amazon's cloud services division is halting fees it has long charged customers that switch to a rival provider -- following in the steps of Google, which recently announced it was ending the practice. From a report: Amazon Web Services will no longer charge customers who want to extract all of their data from the company's servers and move them to another service, AWS Vice President Robert Kennedy said in a blog post on Tuesday. "Beginning today, customers globally are now entitled to free data transfers out to the internet if they want to move to another IT provider," Kennedy said.

An anonymous reader quotes a report from TechCrunch: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users' access to their Facebook, Google and TikTok accounts. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. YX International claims to send 5 million SMS text messages daily. But the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database's public IP address.

Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world's largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. The database had monthly logs dating back to July 2023 and was growing in size by the minute. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. The database went offline a short time later.

In the high-stakes world of AI, "The fundamental agreement behind robots.txt [files], and the web as a whole — which for so long amounted to 'everybody just be cool' — may not be able to keep up..." argues the Verge: For many publishers and platforms, having their data crawled for training data felt less like trading and more like stealing. "What we found pretty quickly with the AI companies," says Medium CEO Tony Stubblebin, "is not only was it not an exchange of value, we're getting nothing in return. Literally zero." When Stubblebine announced last fall that Medium would be blocking AI crawlers, he wrote that "AI companies have leached value from writers in order to spam Internet readers."

Over the last year, a large chunk of the media industry has echoed Stubblebine's sentiment. "We do not believe the current 'scraping' of BBC data without our permission in order to train Gen AI models is in the public interest," BBC director of nations Rhodri Talfan Davies wrote last fall, announcing that the BBC would also be blocking OpenAI's crawler. The New York Times blocked GPTBot as well, months before launching a suit against OpenAI alleging that OpenAI's models "were built by copying and using millions of The Times's copyrighted news articles, in-depth investigations, opinion pieces, reviews, how-to guides, and more." A study by Ben Welsh, the news applications editor at Reuters, found that 606 of 1,156 surveyed publishers had blocked GPTBot in their robots.txt file.

It's not just publishers, either. Amazon, Facebook, Pinterest, WikiHow, WebMD, and many other platforms explicitly block GPTBot from accessing some or all of their websites.

On most of these robots.txt pages, OpenAI's GPTBot is the only crawler explicitly and completely disallowed. But there are plenty of other AI-specific bots beginning to crawl the web, like Anthropic's anthropic-ai and Google's new Google-Extended. According to a study from last fall by Originality.AI, 306 of the top 1,000 sites on the web blocked GPTBot, but only 85 blocked Google-Extended and 28 blocked anthropic-ai. There are also crawlers used for both web search and AI. CCBot, which is run by the organization Common Crawl, scours the web for search engine purposes, but its data is also used by OpenAI, Google, and others to train their models. Microsoft's Bingbot is both a search crawler and an AI crawler. And those are just the crawlers that identify themselves — many others attempt to operate in relative secrecy, making it hard to stop or even find them in a sea of other web traffic.

For any sufficiently popular website, finding a sneaky crawler is needle-in-haystack stuff.
In addition, the article points out, a robots.txt file "is not a legal document — and 30 years after its creation, it still relies on the good will of all parties involved.

"Disallowing a bot on your robots.txt page is like putting up a 'No Girls Allowed' sign on your treehouse — it sends a message, but it's not going to stand up in court."

A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project... for the public good." From a report: His fork, freenginx, is "going to be run by developers, and not corporate entities," writes Maxim Dounin, and will be "free from arbitrary corporate actions." Dounin is one of the earliest and still most active coders on the open source Nginx project and one of the first employees of Nginx, Inc., a company created in 2011 to commercially support the steadily growing web server. Nginx is now used on roughly one-third of the world's web servers, ahead of Apache.

Nginx Inc. was acquired by Seattle-based networking firm F5 in 2019. Later that year, two of Nginx's leaders, Maxim Konovalov and Igor Sysoev, were detained and interrogated in their homes by armed Russian state agents. Sysoev's former employer, Internet firm Rambler, claimed that it owned the rights to Nginx's source code, as it was developed during Sysoev's tenure at Rambler (where Dounin also worked). While the criminal charges and rights do not appear to have materialized, the implications of a Russian company's intrusion into a popular open source piece of the web's infrastructure caused some alarm. Sysoev left F5 and the Nginx project in early 2022. Later that year, due to the Russian invasion of Ukraine, F5 discontinued all operations in Russia. Some Nginx developers still in Russia formed Angie, developed in large part to support Nginx users in Russia. Dounin technically stopped working for F5 at that point, too, but maintained his role in Nginx "as a volunteer," according to Dounin's mailing list post.

Dounin writes in his announcement that "new non-technical management" at F5 "recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers' position." While it was "quite understandable," given their ownership, Dounin wrote that it means he was "no longer able to control which changes are made in nginx," hence his departure and fork.

An anonymous reader shares a report: The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers' private information to the open web. Oklahoma-based WinStar bills itself as the "world's biggest casino" by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga. The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser. Dexiga took the database offline after TechCrunch alerted the company to the security lapse. Anurag Sen, a good-faith security researcher who has a knack for discovering inadvertently exposed sensitive data on the internet, found the database containing personal information, but it was initially unclear who the database belonged to. Sen said the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

Long-time Slashdot reader v3rgEz shared this report from MuckRock: Founded in 2003, Appin has been described as a cybersecurity company and an educational consulting firm. Appin was also, according to Reuters reporting and extensive marketing materials, a prolific "hacking for hire" service, stealing information from politicians and militaries as well as businesses and even unfaithful spouses.

Legal letters, being sent to newsrooms and organizations around the world, are trying to remove that story from the internet — and are often succeeding.

Reuters investigation, published in November, was based in part on corroborated marketing materials, detailing a range of "hacking for hire" services Appin provided. After publication, Reuters was targeted by a legal campaign to shut down critical reporting, an effort which expanded to target news organizations around the world, including MuckRock. With the help of the Electronic Frontier Foundation, MuckRock is now sharing more details on this effort while continuing to host materials the Association of Appin Training Centers has gone to great lengths to remove from the web.

The original story, by Reuters' staff writers Raphael Satter, Zeba Siddiqui and Chris Bing, is no longer available on the Reuters website. Following a preliminary court ruling issued in New Delhi, the story has been replaced with an editor's note, stating that Reuters "stands by its reporting and plans to appeal the decision." The story has since been reposted on Distributed Denial of Secrets, while the primary source materials that Reuters reporters and editors used in their reporting are available on MuckRock's DocumentCloud service.

Representatives of the company's founders denied the assertions in the Reuters story, insisting instead that rogue actors "were misusing the Appin name."
TechDirt titled their article "Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters."

And Thursday the EFF wrote its own take on "a campaign of bullying and censorship seeking to wipe out stories about the mercenary hacking campaigns of a less well-known company, Appin Technology, in general, and the company's cofounder, Rajat Khare, in particular." These efforts follow a familiar pattern: obtain a court order in a friendly international jurisdiction and then misrepresent the force and substance of that order to bully publishers around the world to remove their stories. We are helping to push back on that effort, which seeks to transform a very limited and preliminary Indian court ruling into a global takedown order. We are representing Techdirt and MuckRock Foundation, two of the news entities asked to remove Appin-related content from their sites... On their behalf, we challenged the assertions that the Indian court either found the Reuters reporting to be inaccurate or that the order requires any entities other than Reuters and Google to do anything. We requested a response — so far, we have received nothing...

At the time of this writing, more than 20 of those stories have been taken down by their respective publications, many at the request of an entity called "Association of Appin Training Centers (AOATC)...." It is not clear who is behind The Association of Appin Training Centers, but according to documents surfaced by Reuters, the organization didn't exist until after the lawsuit was filed against Reuters in Indian court....

If a relatively obscure company like AOATC or an oligarch like Rajat Khare can succeed in keeping their name out of the public discourse with strategic lawsuits, it sets a dangerous precedent for other larger, better-resourced, and more well-known companies such as Dark Matter or NSO Group to do the same. This would be a disaster for civil society, a disaster for security research, and a disaster for freedom of expression.

Molly White of Web3 is Going Great fame reviews Read Write Own, a book by VC firm Andreessen Horowitz lead crypto partner Chris Dixon. According to its own description, the book seeks to offer an exploration of "the power of blockchains to reshape the future of the internet." Writes White: After three chapters in which Dixon provides a (rather revisionist) history of the web to date, explains the mechanics of blockchains, and goes over the types of things one might theoretically be able to do with a blockchain, we are left with "Part Four: Here and Now", then the final "Part Five: What's Next". The name of Part Four suggests that he will perhaps lay out a list of blockchain projects that are currently successfully solving real problems.

Dixon speaks of how in the early days of "web1", or the "read era" (a period he defines as 1990-2005), "anyone could type a few words into a web browser and read about almost any topic through websites". This completely ignores that few people -- hardly just "anyone" -- had access to a computer, much less a computer with internet access, in that time. By 2005, around 16% of people globally were online. This may be why Part Four is precisely four and a half pages long. And rather than name any successful projects, Dixon instead spends his few pages excoriating the "casino" projects that he says have given crypto a bad rap prompting regulatory scrutiny that is making "ethical entrepreneurs ... afraid to build products" in the United States.

In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how "for decades, technologists have dreamed of building a grassroots internet access provider". He describes one project that "got further than anyone else": Helium. He's right, as long as you ignore the fact that Helium was providing LoRaWAN, not Internet, that by the time he was writing his book Helium hotspots had long since passed the phase where they might generate even enough tokens for their operators to merely break even, and that the network was pulling in somewhere around $1,150 in usage fees a month despite the company being valued at $1.2 billion. Oh, and that the company had widely lied to the public about its supposed big-name clients, and that its executives have been accused of hoarding the project's token to enrich themselves. But hey, a16z sunk millions into Helium (a fact Dixon never mentions), so might as well try to drum up some new interest! Further reading: How Tech Firms Made a Crypto-Boosting Book an NYT Best Seller by Gaming the System.

An anonymous reader quotes a report from Ars Technica: While the world awaits closing arguments later this year in the US government's antitrust case over Google's search dominance, a California judge has dismissed a lawsuit from 26 Google users who claimed that Google's default search agreement with Apple violates antitrust law and has ruined everyone's search results. Users had argued (PDF) that Google struck a deal making its search engine the default on Apple's Safari web browser specifically to keep Apple from competing in the general search market. These payments to Apple, users alleged, have "stunted innovation" and "deprived" users of "quality, service, and privacy that they otherwise would have enjoyed but for Google's anticompetitive conduct." They also allege that it created a world where users have fewer choices, enabling Google to prefer its own advertisers, which users said caused an "annoying and damaging distortion" of search results.

In an order (PDF) granting the tech companies' motion to dismiss, US District Judge Rita Lin said that users did not present enough evidence to support claims for relief. Lin dismissed some claims with prejudice but gave leave to amend others, allowing users another chance to keep their case -- now twice-dismissed -- at least partially alive. Under Lin's order, users will not be able to amend claims that Google and Apple executives allegedly sealed the default search deal on the condition that Apple would not create its own general search engine through "private, secret, and clandestine personal meetings." Because plaintiffs showed no evidence pinpointing exactly when Apple allegedly agreed to stay out of the general search market, these meetings, Lin reasoned, could just as easily indicate "rational, legal business behavior," rather than an "illegal conspiracy."

Users attempted to argue that Google and Apple intentionally hid these facts from the public, but Lin wrote that their "conclusory and vague allegations that defendants 'secretly conducted meetings' and 'engaged in conduct to obfuscate internal communications' are plainly insufficient." Sharing bystander photos documenting Google's Sundar Pichai and Apple's Tim Cook meeting at a restaurant with a manila folder tucked under Pichai's elbow did not help users' case. Lin was also not moved by users demonstrating that Google has a history of destroying evidence, because "they put forth no specific factual allegations that defendants did so in this case." However, users will have 30 days to amend currently "inadequately" alleged claims that "Google's exclusive default agreement, under which Apple set Google as the default search engine for its Safari web browser, foreclosed competition in the general search services market in the United States," Lin wrote. If users miss that deadline, the case will be tossed with no opportunities to further amend claims.

An anonymous reader quotes a report from Wired: Stretching thousands upon thousands of miles under your feet, a web of fibrous ears is listening. Whether you walk over buried fiber optics or drive a car across them, above-ground activity creates a characteristic vibration that ever-so-slightly disturbs the way light travels through the cables. With the right equipment, scientists can parse that disturbance to identify what the source was and when exactly it was roaming there. This quickly proliferating technique is known as distributed acoustic sensing, or DAS, and it's so sensitive that researchers recently used it to monitor the cacophony of a mass cicada emergence. Others are using the cables as an ultra-sensitive instrument for detecting volcanic eruptions and earthquakes: Unlike a traditional seismometer stuck in one place, a web of fiber optic cables can cover a whole landscape, providing unprecedented detail of Earth's rumblings at different locations. Now scientists are experimenting with bringing DAS to a railroad near you.

When a train runs along a section of track, it creates vibrations that analysts can monitor over time -- if that signal suddenly changes, it might indicate a problem with the rail, like a crack, or a snapped tie. Or if on a mountain pass a rockslide blasts across the track, DAS might "hear" that too, warning railroad operators of a problem that human eyes hadn't yet glimpsed. More gradual changes in the signal might betray the development of faults in track alignment. It just so happens that fiber optic cables already run along many railways to connect all the signaling equipment or for telecommunications. "You're utilizing the already available facilities and infrastructure for that, which can reduce the cost," says engineer Hossein Taheri, who is studying DAS for railroads at Georgia Southern University. "There could be some railroads where they don't have the fiber, and you need to lay down. But yes, most of them, usually they do already have it."

To tap into that fiber, you need a device called an interrogator, which fires laser pulses down the cables and analyzes the tiny bits of light that bounce back. So, say a rock hits the track 20 miles away from the interrogator. That creates a characteristic ground vibration that disturbs the fiber optics near the track, which shows up in the light signal. Because scientists know the speed of light, they can precisely measure the time it took for that signal to travel back to their interrogator, pinpointing the distance to the disturbance to within 10 meters, or about 30 feet. For a given stretch of track, you'd have already analyzed the DAS signals for a length of time, building a vibration profile for a normal, healthy railway. When the DAS data suddenly starts showing something different, you might have an issue, which shows up like an EKG picking up a problem with a human heartbeat. "What we're doing is profiling the track, looking for changes in the acoustic signature," says Daniel Pyke, a rail expert and spokesperson for Sensonic, which develops DAS technology for railroads. "We know what track should sound like, we know what a train should sound like. And we know that if it's changing -- so let's say this joint is coming loose -- that needs someone to go and fix it before it becomes a problem."

The Internet Corporation for Assigned Names and Numbers (ICANN) has proposed creating a new top-level domain (TLD) and never allowing it to be delegated in the global domain name system (DNS) root. From a report: The proposed TLD is .INTERNAL and, as the name implies, it's intended for internal use only. The idea is that .INTERNAL could take on the same role as the 192.168.x.x IPv4 bloc -- available for internal use but never plumbed into DNS or other infrastructure that would enable it to be accessed from the open internet.

ICANN's Security and Stability Advisory Committee (SSAC) advised the development of such a TLD in 2020. It noted at the time that "many enterprises and device vendors make ad hoc use of TLDs that are not present in the root zone when they intend the name for private use only. This usage is uncoordinated and can cause harm to Internet users" -- in part by forcing DNS servers to handle, and reject, queries for domains only used internally. DNS, however, can't prevent internal use of ad hoc TLDs. So the SSAC recommended creation of a TLD that would be explicitly reserved for internal use.

David Pierce reports via The Verge: A few minutes ago, I opened the new Arc Search app and typed, "What happened in the Chiefs game?" That game, the AFC Championship, had just wrapped up. Normally, I'd Google it, click on a few links, and read about the game that way. But in Arc Search, I typed the query and tapped the "Browse for me" button instead. Arc Search, the new iOS app from The Browser Company, which has been working on a browser called Arc for the last few years, went to work. It scoured the web -- reading six pages, it told me, from Twitter to The Guardian to USA Today -- and returned a bunch of information a few seconds later. I got the headline: Chiefs win. I got the final score, the key play, a "notable event" that also just said the Chiefs won, a note about Travis Kelce and Taylor Swift, a bunch of related links, and some more bullet points about the game.

Basically, instead of returning a bunch of search queries about the Chiefs game, Arc Search built me a webpage about it. And somewhere in there is The Browser Company's big idea about the future of web browsers -- that a browser, a search engine, an AI chatbot, and a website aren't different things. They're all just parts of an internet information finder, and they might as well exist inside the same app. [...] But from a pure product perspective, this feels closer to the way AI search should work than anything I've tried. Products like Copilot and Perplexity AI are cool, but they're fundamentally just chatbots with web access. Arc Search imagines something else entirely: AI that explores websites by building you a new one every time you ask.

An anonymous reader quotes a report from TechCrunch: Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave "unrestricted access" to the company's source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of RedHunt Labs, alerted TechCrunch to the exposure and asked for help in disclosing to the car maker. The London-based cybersecurity company said it discovered a Mercedes employee's authentication token in a public GitHub repository during a routine internet scan in January. According to Mittal, this token -- an alternative to using a password for authenticating to GitHub -- could grant anyone full access to Mercedes's GitHub Enterprise Server, thus allowing the download of the company's private source code repositories.

"The GitHub token gave 'unrestricted' and 'unmonitored' access to the entire source code hosted at the internal GitHub Enterprise Server," Mittal explained in a report shared by TechCrunch. "The repositories include a large amount of intellectual property connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information." Mittal provided TechCrunch with evidence that the exposed repositories contained Microsoft Azure and Amazon Web Services (AWS) keys, a Postgres database, and Mercedes source code. It's not known if any customer data was contained within the repositories. It's not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023. A Mercedes spokesperson confirmed that the company "revoked the respective API token and removed the public repository immediately."

"We can confirm that internal source code was published on a public GitHub repository by human error. The security of our organization, products, and services is one of our top priorities. We will continue to analyze this case according to our normal processes. Depending on this, we implement remedial measures."

Thomas Claburn reports via The Register: A security researcher in Germany has been fined $3,300 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor's clients stored on that database server. That info is said to have included personal details of those customers' own customers. And we're told that Modern Solution's program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor's findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] -- translated from German -- summarizing the incident [...]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data -- names and addresses -- about shoppers who made purchases from these retail clients was exposed. Steier contends that's incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution's clients.

In September 2021 police in Germany seized the IT consultant's computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge â" he worked previously for a related firm -- and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany's Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation's cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.

An anonymous reader shares an essay: No one clicks a webpage hoping to learn which cat can haz cheeseburger. Weirdos, maybe. Sickos. No, we get our content from a For You Page now -- algorithmically selected videos and images made by our favorite creators, produced explicitly for our preferred platform. Which platform doesn't matter much. So long as it's one of the big five. Creators churn out content for all of them. It's a technical marvel, that internet. Something so mindblowingly impressive that if you showed it to someone even thirty years ago, their face would melt the fuck off. So why does it feel like something's missing? Why are we all so collectively unhappy with the state of the web?

A tweet went viral this Thanksgiving when a Twitter user posed a question to their followers. (The tweet said: "It feels like there are no websites anymore. There used to be so many websites you could go on. Where did all the websites go?") A peek at the comments, and I could only assume the tweet struck a nerve. Everyone had their own answer. Some comments blamed the app-ification of the web. "Everything is an app now!," one user replied. Others point to the death of Adobe Flash and how so many sites and games died along with it. Everyone agrees that websites have indeed vanished, and we all miss the days we were free to visit them.

An anonymous reader quotes a report from 404 Media: Google search really has been taken over by low-quality SEO spam, according to a new, year-long study by German researchers (PDF). The researchers, from Leipzig University, Bauhaus-University Weimar, and the Center for Scalable Data Analytics and Artificial Intelligence, set out to answer the question "Is Google Getting Worse?" by studying search results for 7,392 product-review terms across Google, Bing, and DuckDuckGo over the course of a year. They found that, overall, "higher-ranked pages are on average more optimized, more monetized with affiliate marketing, and they show signs of lower text quality ... we find that only a small portion of product reviews on the web uses affiliate marketing, but the majority of all search results do."

They also found that spam sites are in a constant war with Google over the rankings, and that spam sites will regularly find ways to game the system, rise to the top of Google's rankings, and then will be knocked down. "SEO is a constant battle and we see repeated patterns of review spam entering and leaving the results as search engines and SEO engineers take turns adjusting their parameters," they wrote. They note that Google, Bing, and DuckDuckGo are regularly tweaking their algorithms and taking down content that is outright spam, but that, overall, this leads only to "a temporary positive effect."

"Search engines seem to lose the cat-and-mouse game that is SEO spam," they write. Notably, Google, Bing, and DuckDuckGo all have the same problems, and in many cases, Google performed better than Bing and DuckDuckGo by the researchers' measures. The researchers warn that this rankings war is likely to get much worse with the advent of AI-generated spam, and that it genuinely threatens the future utility of search engines: "the line between benign content and spam in the form of content and link farms becomes increasingly blurry -- a situation that will surely worsen in the wake of generative AI. We conclude that dynamic adversarial spam in the form of low-quality, mass-produced commercial content deserves more attention."

An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode.

Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser.

Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.

Emilia David reports via The Verge: OpenAI has publicly responded to a copyright lawsuit by The New York Times, calling the case "without merit" and saying it still hoped for a partnership with the media outlet. In a blog post, OpenAI said the Times "is not telling the full story." It took particular issue with claims that its ChatGPT AI tool reproduced Times stories verbatim, arguing that the Times had manipulated prompts to include regurgitated excerpts of articles. "Even when using such prompts, our models don't typically behave the way The New York Times insinuates, which suggests they either instructed the model to regurgitate or cherry-picked their examples from many attempts," OpenAI said.

OpenAI claims it's attempted to reduce regurgitation from its large language models and that the Times refused to share examples of this reproduction before filing the lawsuit. It said the verbatim examples "appear to be from year-old articles that have proliferated on multiple third-party websites." The company did admit that it took down a ChatGPT feature, called Browse, that unintentionally reproduced content. However, the company maintained its long-standing position that in order for AI models to learn and solve new problems, they need access to "the enormous aggregate of human knowledge." It reiterated that while it respects the legal right to own copyrighted works -- and has offered opt-outs to training data inclusion -- it believes training AI models with data from the internet falls under fair use rules that allow for repurposing copyrighted works. The company announced website owners could start blocking its web crawlers from accessing their data on August 2023, nearly a year after it launched ChatGPT. OpenAI stills hopes to form a "constructive partnership with The New York Times and respect its long history," the company said.

Last month, OpenAI struck an unprecedented deal with Politico parent company Axel Springer, allowing ChatGPT to summarize news stories from Politico and Business Insider.

The chief content officer for New York's public radio station WNYC predicts an "AI-fueled shift to niche community and authored excellence."

And ironically, it will be fueled by "Greedy publishers and malicious propagandists... flooding the web with fake or just mediocre AI-generated 'content'" which will "spotlight and boost the value of authored creativity." And it may help give birth to a new generation of independent media. Robots will make the internet more human.

First, it will speed up our migration off of big social platforms to niche communities where we can be better versions of ourselves. We're already exhausted by feeds that amplify our anxiety and algorithms that incentivize cruelty. AI will take the arms race of digital publishing shaped by algorithmic curation to its natural conclusion: big feed-based social platforms will become unending streams of noise. When we've left those sites for good, we'll miss the (mostly inaccurate) sense that we were seeing or participating in a grand, democratic town hall. But as we find places to convene where good faith participation is expected, abuse and harassment aren't, and quality is valued over quantity, we'll be happy to have traded a perception of scale influence for the experience of real connection.

Second, this flood of authorless "content" will help truly authored creativity shine in contrast... "Could a robot have done this?" will be a question we ask to push ourselves to be funnier, weirder, more vulnerable, and more creative. And for the funniest, the weirdest, the most vulnerable, and most creative: the gap between what they do and everything else will be huge. Finally, these AI-accelerated shifts will combine with the current moment in media economics to fuel a new era of independent media.
For a few years he's seen the rise of independent community-funded journalists, and "the list of thriving small enterprises is getting longer." He sees more growth in community-funding platforms (with subscription/membership features like on Substack and Patreon) which "continue to tilt the risk/reward math for audience-facing talent....

"And the amount of audience-facing, world-class talent that left institutional media in 2023 (by choice or otherwise) is unlike anything I've seen in more than 15 years in journalism... [I]f we're lucky, we'll see the creation of a new generation of independent media businesses whose work is as funny, weird, vulnerable and creative as its creators want it to be. And those businesses will be built on truly stable ground: a direct financial relationship with people who care.

"Thank the robots."